Fraud Prevention, Detection & Control · Mobile collections –Paybill and Lipa na Mpesa till settlements. • Access to banking services • Access to Local Clearing • Access to

Fraud Prevention, Detection & Control

JULIUS KAMAU : DIRECTOR TECH AND OPS19th July, 2016

Introduction

• Financial crime is real and affects all business types, all of us are at risk.

• Trends in fraud types, perpetrator characteristics and anti-fraud controls

are similar regardless of where the fraud occurred.

• Small businesses are particularly vulnerable to fraud due to fewer

controls in place.

• We are as strong as our weakest link (People, Process and Systems). Use

technology and systems to reduce fraud risk. Organisations over-rely on

audits as a fraud control.

• Continuous awareness is important. Employee/ Staff/ Customer

education is the foundation of preventing and detecting fraud.

What is Fraud?

3

Fraud is any intentional act or omission designed to deceive others,

resulting in the victim suffering a loss and/or the perpetrator achieving

a gain, usually monetary.

“An act by one party, whether

successful or not, to deprive another

of something by deception”

“Deliberate deception or cheating

intended to gain an illegal advantage”

Some Dictionary Definitions……

Global Fraud Statistics – ACFE Survey 2016

4

ACFE (Association of Certified Fraud Examiners are an association that governs professional fraud examiners globally.

SOURCE : http://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf

% Fraud Prevalence By Industry (PWC)

• Organizations lose 5% of annual revenue to fraud – applied to 2014Gross World Product translates to potential fraud loss of $3.9 Trillion

• Period in which fraud was committed was an average of 18 months

• Asset misappropriation schemes (Fraudulent disbursements, theft ofcash receipts e.t.c.) were most common form of fraud – 83% of allcases

• Financial statement fraud was least common type of fraud – lessthan 10% of all cases reported

• Corruption schemes comprised 35% of cases reported

• Anti-Fraud Controls help reduce cost and duration of fraud

• Fraud most likely detected by Tips(40%) followed by Internal Audit(16%) and management reviews (13%).

Global Fraud Statistics – ACFE Survey 2016

• More than 75% of frauds were committed by individuals in

one of six departments:

• Accounting / Finance

• Operations

• Sales

• Executive / Senior Management

• Purchasing

• Fraud perpetrators often display warning signs –

behavioral red flags that can be used to detect imminent

fraud. These were living beyond means (45%) and

experiencing financial difficulty (30%)



The Threat is real



• Generation X…Y….Z

• Peer Pressure to get rich NOW

Align your PEOPLE

• Lack of adequate controls

Align Your Process• Viruses /

Malware etc.

• Online Banking / Mobile Banking

• ATM Skimming

• Hackers

Align your Technology

Monitor

Review

Asset Misappropriation

Three Common Types of Fraud

1

Corruption

Financial Statement Fraud

2

3

Asset Misappropriation

Asset misappropriation schemes are fraudsin which the perpetrator steals or misusesan organization’s resources. Assets areboth financial assets and non financial(Company Information).

Examples• Clerk stealing cash receipts• Employees “borrowing”

company equipment• Falsified expense reports.• Payroll staff creating ghost

workers• Procurement team create

fictitious vendor and process false invoice

Corruption

Employee’s use of influencein business transactions in away that violates duty to theemployer for the purpose ofobtaining benefit forthemselves or others.

Examples• Procurement

manager awardingcontract to vendorfor a kickback

• HR Manager hiringunqualified “friends”to fill vacancies

Financial Statement Fraud

Intentional mis-statement or omission of material information in theorganization’s financial reports.

Examples• Inflating revenues• Concealing liabilities

and expenses• Improperly valuing

assets

Who commits fraud?

Supplier 4% Client 5% Organised

Crime 6%

Employees

30%

Management

55%

Typical perpetrators

• Male

• 36 to 45 years old

• Commits fraud against his own employer

• Holds a senior management position

• Works in the finance function or

operations

• Employed in the company for more than

10 years

• Works in collusion with another

perpetrator

Fraud Detection Behavioral Red Flags

• Refusal to take vacation or sick leave

• Significant personal debt and credit problems

• Behavioral changes - These may be an indication of drugs, alcohol, gambling, or just

fear of losing the job

• High employee turnover, especially in those areas which are more vulnerable to

fraud

• Lack of segregation of duties in a vulnerable area

• Employee lifestyle changes: expensive cars, jewelry, homes, clothes

• Management decisions are dominated by an individual or small group

• Managers display significant disrespect for regulatory bodies

• Policies and procedures are not documented or enforced

The Fraud Triangle

• Access (physical & System Access)

• Likelihood of detection or penalty (lack of audit; lack of disciplinary action; poor controls

• Greed or need• High Personal

debts• Personal/ Family

financial loss

• The organisation owes me• I am borrowing it• I’ll pay back

Breaking the Fraud Triangle

Breaking the Fraud Triangle entails removing one of the elements in the fraud triangle in order to reduce the likelihood of fraudulent activities.

Of the three elements, removal of opportunity is most directly affected by the system of internal controls and generally provides the most actionable route to deterrence of fraud.

x

Manual Payments

• Easy to counterfeit

• Signatures easily forged

• Easy to intercept

• Delays in account reconciliation

• Does not enforce control processes

• Cannot be completed remotely

Electronic banking

• Secure, encrypted

• Swift to deliver, no risk of being intercepted

• Signatures cannot be forged

• Immediate and automated reconciliation

• Enforce internal processes systematically

• Allows remote access

Banking Today- Electronic Vs Manual

Electronic Banking best practice

• Tokens and PINS to be kept separate

• Under no circumstances should passwords be shared

• Employee should be entitled with appropriate authorization levels

• Transactions should be approved under dual control

• Timely proofing and reconciliation of accounts

• High value transactions should have multiple approvers

• Creation of profiles and issuance of access tokens should beseparated

Cheque Fraud Trends

• Altered cheques- alteration of value and/or payee details

• 1st Party fraud- False documentation used to open an account in the name of the payee

• Encashment- cheques cashed in money exchange bureaus

• Blank cheque theft- interception of an issue cheque where fraudster is subsequently free to enter payee details (value, beneficiary, etc.)

• Cheques intercepted via post or on client premises (Cheque conversion)

• Counterfeit Bankers Cheques

Cheque Fraud Trends

• Cheques should be stored internally under dual control

• Blank areas left on cheques should be crossed

• If possible images of high value chequesshould be retained for reference purposes

• Cheques could be delivered in non-company branded envelopes

• Cheques of higher value if possible could be sent by recorded delivery or courier

• Cheques should not be pre-signed

• Separate cheque writers from cheque signors

• Avoid keeping signed Cheques for long without depositing in the bank.

Card not present

Three Common Types of Fraud

Lost and Stolen

Counterfeit/ Skimming

What is the most common type of card fraud?

Phishing

Cardholder Hints and Tips• Look after your cards and PINs at all times

• Do not let your card out of your sight when making a transaction

• Ensure that you are the only person that knows your PIN

• Shield your PIN with your free hand when using it at the ATM

• Never leave your card unattended in a public place

• Check your receipts and statement and report any irregularities to your bank

• Make sure that you have your Card issuer’s number with you

• Make sure that your Card issuer has your up to date contact details so they can reach

you quickly if needed

• Only shop online on secure sites: “https”

• Never provide details of your PIN. The merchant does not need it for online or

telephone purchases

Life After Fraud

• Fraud is real and has many implications

• Loss of Customer Trust & reputation

• Loss of Funds

• Termination of Employment or Jail time

• Once a fraud Occurs The following are key tips to follow

• Stop further loss i.e. Contact your bank, deactivate system access to all.

• Review all systems, people, processes involved and identify culprits

• Conduct forensic investigation to establish extent of loss

• Involve relevant authorities to try recover funds

• Manage your customers, be honest.

• Invest in prevention for the future.

Prevention – Is Better Than CureAction Activities / Details

Set the tone at the top = Lead by example

• Responsibility of Directors and Officers• Behave Ethically and communicate expectations to staff• Treat all staff equally and have zero tolerance to integrity

related issues.

Create a positive workplace environment (Anti Fraud Culture)

• Focus on employee morale• Empower staff with fraud awareness training• Communication culture. Establish whistleblower process.• Enforce technology, processes and controls that mitigate

risks e.g. regular snap audits and reviews.• Establish an ethical code of conduct and ensure staff are

Hire and promote appropriate employees

• Conduct background checks before hiring or promoting• Continuous and objective evaluation of compliance with

entity values• Address violations immediately• Consequences of fraud should be clear

Prevention – Is Better Than CureAction Activities / Details

Establish an oversight process

• Audit & Risk committee• Establish anti fraud policies and management KPIs to

minimize fraud• Internal Audit Departments• Conduct annual fraud risk assessment.

Employstringent security measures

• Use Electronic payment – have audit trail• Ensure you have updated antivirus• Invest in IT Security and Governance (Firewalls, SIEM, )• Protect sensitive data• Ensure Data Loss prevention (Emails, USB, Server

controls)• Ensure proper data back ups are in place• Ensure systems have maker – checker• User profile reviews to ensure users have appropriate

access and rights

Thank You

CASH MANAGEMENT PRESENTATION

Sally Chege

Head, Transactional Banking 19th July, 2016

28

1 Payment & Collection Solutions

2 NIC Online Banking

3 Cash Delivery/Collection -CIT

4 Bankers Cheque

5 Bulk Mpesa Payments

6 Wagepoint

7 Utility Payments

8 Tax & Duty Payments

9 Summary

10 Q & A

11 Disclaimer

Agenda

Payments and Collections Solutions

7

Payments

Collections

Channels

Bank Branches

Agency Banking (Postbank)

ATMS – NIC ATMs, Pesa Connect and KenSwitch affiliated ATMs

NIC Online Banking

Mobile Banking

EFT, RTGS, KITs, Internal Transfers, Swift/TT, Bankers cheques

Mobile Payments -Mpesa

Tax payments

Bulk Payments ( Salaries, Supplier Payments)

Utility & Bill payments

Petty Cash requests

Credit card Payments( NIC Credit card holders only)

Branch Deposits

Electronic Collections (Direct debits, Telegraphic Transfers, EFT, RTGS)

Cash Collection /Cash in Transit services

Cheque collection – (Online & Courier)

Mobile collections –Paybill and Lipa na Mpesa till settlements.

• Access to banking services

• Access to Local Clearing

• Access to Online Banking & Swift

• Control over disbursements

• Standard Payment Templates

• Access to on-site cash

• Access to network bank branches

Provides Access To Products / Services

Availability 24hours

Internet/Web Based

Real-time information

Provides historical data

Provides reconciliation reports

Statements in CSV and PDF format

Integration with any operating system

Pay instantly or future date your payments

Maintain beneficiary information templates

Bulk payments for Salaries & Supplier payments

Access group account information in NIC through a single view

NIC Online Banking

Key Features

NIC Online Banking

o Two-factor Authentication User Access

o Firewall Protection & Intrusion Detection Systems

o Multiple authorization levels

o Email/SMS Alerts

o One Time Password (OTP)

o Unique Token

Secure Online Banking Platform

o Role Based

Cash

Cash Delivery/Collection Services (Cash-In-Transit)

32

Key Features

Benefits

• NIC Bank partners with various CIT service providers

• Cash in Transit services available for both cash delivery and collection

• Suitable for customers with the need for bulk payments and collections

• Petty cash requests can be placed through NIC Online banking

• Eliminates/minimizes cash handling risks

• Allows you to stay in control of your finances at all times

• Flexible and convenient

• Operational efficiency

Bankers Cheques

33

Key Features

Benefits

• Customers can request for bankers cheques through NIC Online Banking

• Authorized agents can then collect the bankers cheques at the preferred NIC

Branch

• Eliminates risk of fraud through secure transmission of instructions

• Guards against fraud – keeps account information confidential

• Efficiency – online requests for bankers cheques

• Control over your account operations

• Immediate reconciliation

Bulk Mpesa Payments

34

Key Features

Benefits

• Bulk Mpesa payment solution to facilitate low value disbursements

• Enables clients to make payments to their beneficiaries on their mobile phones

• Funds can be transferred in a quickly and conveniently to multiple beneficiaries

• This payment module can be accessed through our online banking platform

• Speedy Transfers

• Wider Reach

• Accessibility

• Convenient

• Reduced Risk

• Simplified payment process

Wagepoint

35

Key Features

Benefits

• Solution tailored for corporate clients with large no. of unbanked staff, receive

small wages on regular basis and/or are located in remote areas

• Enables corporates to pay salaries and wages to their workers through the use

of virtual cards and ATMs

• The client’s employees don’t need to have a bank account with the bank

• Provide more convenience to both employer and employee

• Reduce cash payroll security risk for the employer and the employee

• Provide un-banked workers with a secure cash payment and management

solution

• Create further payout efficiencies, including more worker productivity

Utility Payments

36

Key Features

Benefits

• NIC Bank has partnered with merchants and billers and avails billing services

• Allows clients to make utility payments conveniently from NIC Online or Mobile

Banking

• HELB Payments

• Power and water bills

• Cable TV and Internet access

• Mobile phone bills

• Nairobi County Payments

Tax & Duty Payments

37

Key Features

Benefits

• NIC Bank is a KRA collection agent and clients can pay for all types of duties and

taxes through NIC Online banking and any NIC Bank branch

• NIC Bank has integrated its systems with KRA iTAX system that allows for

exchange of data to facilitate duty and tax payments

• Automated reconciliation of duty and tax amounts through validation of the

KRA e-slip

• Allows for urgent and timely settlement of duties and taxes

• Eliminates the need for queuing at the bank to make payment

• Eliminates the need to procure bankers cheques for KRA duty and tax

payments

Summary

NIC Online Banking for viewing and transacting on your account conveniently and with ease

Ability to pay duties and taxes through NIC Online and at any NIC Branch

Secure cash payment and collections through cash in transit

Ease of paying salaries and wages through Wagepoint and mobile bulk Mpesa solutions

01

02

03

04

39

Thank you

Disclaimer

41

NIC Bank Limited and its subsidiaries (hereinafter referred to as “Bank”) presentations/exhibitions of their products and services are provided by the Bank for information purposes only. They are not be used or considered as an offer to sell or a solicitation of an offer to buy any financial product or service.

Although all reasonable care has been taken to ensure that the information herein is not misleading, the Bank makes no representation or warranty, expressed or implied as to its accuracy or completeness. The communication of this Presentation is restricted by law and it is not intended for distribution or use by any person in, any jurisdiction where such distribution or use would be contrary to local law or regulation.

Any opinions expressed are subject to change without prior notice. No representations or warranties, express or implied are given in, or in respect of, this presentation. To the fullest extent permitted by law, in no circumstances will the Bank, or any of its affiliates, representatives, employees or agents be responsible or liable for any direct, indirect or consequential loss or loss of profit arising from the use of this Presentation, its contents its omissions, or reliance on the information contained within it, or on opinions communicated in relation thereto, or otherwise arising in connection therewith.

Recipients of this Presentation are not to construe its contents, or any prior or subsequent communications from or with the Bank or its representatives as investment, legal or tax advice. In addition, this Presentation does not purport to be all-inclusive or to contain all of the information that may be required to make a full analysis of the Bank Recipients of this Presentationshould make their own evaluation of the Bank and of the relevance and adequacy of the information contained in this presentation and should make such other further investigations as they deem necessary.

This information may not be disclosed outside of, other than to professional advisers engaged specifically by to evaluate theproposal, and shall not be duplicated, used or disclosed in whole or in part for any purpose other than to evaluate this proposal. If any information is disclosed to such professional advisers it shall ensure that such persons maintain the confidential nature of this proposal.

Documents

Fraud Prevention, Detection & Control · Mobile collections –Paybill and Lipa na Mpesa till settlements. • Access to banking services • Access to Local Clearing • Access to