Principle
| |
Member Organisations should define, approve, implement and maintain a fraud investigation standard to direct a consistent approach to fraud investigation.
| |
Control Requirements
| |
| a. | Member Organisations should define, approve, implement and maintain a fraud investigation standard.
| |
| b. | The compliance with the fraud investigation standard should be monitored.
| |
| c. | The effectiveness of the Fraud Investigation standard and related controls should be measured and periodically evaluated.
| |
| d. | The fraud investigation standard should direct a consistent approach to fraud investigation, including but not limited to:
| |
| | 1. | Allocation of the case to an individual or team with the required skills and experience.
|
| | 2. | Assessing the time sensitivity of the fraud or potential fraud (e.g., will losses increase if the case is not resolved, has a customer been left without access to funds).
|
| | 3. | Assessing the materiality of the fraud or potential fraud (e.g., number of customers impacted, potential losses, systemic threat).
|
| | 4. | Gathering and analysing information to review the suspicion of fraud (e.g., transaction information, IP addresses used, phone recordings, CCTV footage).
|
| | 5. | Collaborating with relevant internal subject matter experts and stakeholders (e.g., Legal, Cyber, HR, Financial Crime) and where relevant forming a multi-disciplinary investigation team.
|
| | 6. | Assessing the skills required to conduct the investigation in more complex cases (e.g., forensic accounting, data analysis).
|
| | 7. | Contacting the customer or third parties to obtain further information.
|
| | 8. | Liaising with other Member Organisations to share information.
|
| | 9. | Documenting the investigative steps taken.
|
| | 10. | Managing and retaining information gathered.
|
| | 11. | Evaluating whether fraud has occurred and resolving or closing the investigation.
|
| | 12. | Recording an outcome of the investigation.
|
| | 13. | Producing a case report and internally reporting the outcome of the investigation where required.
|
| | 14. | Taking corrective action at the conclusion of the investigation.
|
| | 15. | Determining external notifications required (e.g., liaising with law enforcement, notifying credit reference agencies, reporting to SAMA, reporting to the General Directorate of Financial Intelligence (FIU) if the Member Organisation has any suspicion that rises to the level stated in article 15 of AML Law and article 17 of CTF law).
|
| | 16. | Identifying the root cause of fraud incidents and near misses.
|
| | 17. | Extracting lessons learnt and providing feedback to:
|
| | | a. | The Counter-Fraud Department.
| |
| | | b. | Team responsible for developing and maintaining Counter-Fraud systems.
| |
| | | c. | Business owners of standards, processes, and controls where a vulnerability is identified.
| |
| | | d. | Intelligence Monitoring.
| |
| e. | The fraud investigation standard should require corrective action to be taken where relevant at the resolution of a fraud investigation.
| |
