Skip to main content

3.5. Counter-Fraud Department

No: 000044021528 Date(g): 11/10/2022 | Date(h): 16/3/1444 Status: In-Force
Principle 
 
 
Member Organisations should establish and maintain a Counter-Fraud Department that has responsibility for the day-to-day operation of the Counter-Fraud Programme
 
 
Control Requirements 
 
 
a.Member Organisations should establish and maintain a Counter-Fraud Department that has responsibility for the day-to-day operation of the Counter-Fraud Programme, including at a minimum:
 
 
 1.Monitoring and overseeing compliance with Counter-Fraud policies, standards, and procedures.
 
 2.Designing and implementing organisation wide required counter-fraud controls covering people, process and technology dimensions.
 
 3.Performing an in-depth organisation wide Fraud Risk Assessment.
 
 4.Analysis of Counter-Fraud data and intelligence to proactively identify fraud trends.
 
 5.Sharing Counter-Fraud Intelligence with SAMA and other organisations in the sector.
 
 6.Proactively and reactively tuning Counter-Fraud systems.
 
 7.Monitoring of Counter-Fraud Operations.
 
 8.Performing comprehensive fraud investigations, identifying root causes of fraud incidents and documenting corrective actions.
 
 9.Monitoring Fraud Risk Appetite measures and actively engaging a crisis management task force if the defined limit is breached with an impact on customers (see control requirement 4.1.3.d).
 
 10.Ensuring alignment of Counter-Fraud capabilities with Cyber Security and Financial Crime.
 
 11.Periodic reporting to senior management covering at minimum:
 
  a.Fraud Risk Assessment results.
 
 
  b.Fraud typologies identified.
 
 
  c.Fraud Risk Appetite measures and performance against thresholds and limits.
 
 
  d.Operational and customer fraud losses.
 
 
b.Member Organisations should assess the most appropriate reporting line for the CounterFraud Department based on organisational structure; decision making authority; visibility to the Executive Committee/Board; and Senior Management accountability and responsibilities.
 
 
c.Member Organisations should evaluate the staffing requirements of the Counter-Fraud Department on a periodic basis and in response to material changes to the business, operational and fraud landscape or the Member Organisation Fraud Risk Assessment.
 
 
d.Evaluation of staffing requirements should consider both the capacity (number of resources) and the capability (skills and experience) required.
 
 
e.The Head of Counter-Fraud should have skills and experience at a minimum consisting of:
 
 
 1.An in-depth understanding of fraud risks in the financial sector.
 
 2.Strong knowledge of digital fraud threats and common typologies, along with emerging trends impacting financial sector organisations and their customers.
 
 3.Designing and implementing technology and controls based on use-cases to mitigate fraud risks and threats.
 
 4.The use of data and analytics to proactively prevent fraud and protect customers.
 
f.The Counter-Fraud Department should at a minimum include employees with skills and experience in:
 
 
 1.Fraud risks and typologies related to the products offered by the organisation (e.g., experience in payment fraud; scams; and social engineering).
 
 2.Fraud risks and typologies related to the delivery channels offered by the organisation, in particular digital channels such as online and mobile.
 
 3.Counter-Fraud data analytics to enable the analysis of large volumes of transactions and proactive identification of fraud threats.
 
 4.Counter-Fraud technology to ensure systems are operating effectively with scenarios relevant to the risks faced by the Member Organisation.
 
 5.The analysis of intelligence and data to identify fraud trends and the root cause of fraud incidents.
 
 6.Fraud investigations, from initial notification of a potential incident to closure and corrective actions.
 
 7.Reporting and production of Management Information to monitor organisational fraud performance.
 
g.Member Organisations should consider fraud qualifications for roles in the Counter-Fraud Department.
 
 
h.Member Organisations should establish a training plan and provide periodic training to develop and maintain the competency of the employees in the Counter-Fraud Department.
 
 
i.Where third party services or resources (e.g., contractors or Managed Services) are used to fulfil responsibilities of the Counter-Fraud Department, Member Organisations should ensure the resource is appropriately vetted and monitored.