Risk Management Reconstructed
Implementing fraud risk intelligence practices
July 2011
KPMG FORENSICSM
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Risk aversion vs. Risk intelligence
Risk Aversion
Risk Intelligence
Risk aversion ignores the basic principle of risk vs. reward. Companies should be averse to unrewarded risks (e.g., ethical and non-compliance risks)
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Major considerations for financial institutions
Fraud risk
Anti-money laundering compliance
Anti-bribery and corruption/FCPA
Fraud risk management
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The design, implementation, and evaluation of
programs and controls that prevent, detect, and
respond appropriately to fraud and misconduct risks.
Fraud and risk management
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Sample fraud and misconduct conditions
Opportunity
Incentive/Pressure
Rationalization
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Sample categories of fraud and misconduct
Fraudulent financial reporting (e.g., improper revenue recognition, overstatement of assets, understatement of liabilities)
Misappropriation of assets (e.g., theft of cash, physical assets or intellectual property)
Revenue or assets gained by fraudulent or illegal acts (e.g., deceptive sales practices, market rigging, over-billing customers)
Expenses or liabilities avoided by fraudulent or illegal acts (e.g., improper avoidance of tax liabilities, wage and hour abuses, falsifying information provided to regulators)
Expenses or liabilities incurred for fraudulent or illegal acts (e.g., commercial kickbacks, bribery of domestic or foreign officials)
Other misconduct (e.g., other violations of legal, regulatory or ethical standards)
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Antifraud program objectives
Prevent
fraud and misconduct
Detect
occurrence
Respond
appropriately once
discovered
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Sample antifraud program elements
Prevention Detection Response
Board/audit committee oversightExecutive and line management functions
Internal audit, compliance, and monitoring functions
Fraud and misconduct risk assessment
Code of conduct and related standards
Employee and third-party due diligence
Communication and training
Process-specific fraud risk controls
Proactive forensic data analysis
Hotlines and whistleblower mechanisms
Auditing and monitoring
Retrospective forensic data analysis
Internal investigation protocols
Enforcement and accountability protocols
Disclosure protocols
Remedial action protocols
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Putting it all together
Anti-money launderingcompliance
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The U.S. regulatory environment
Bank Secrecy Act (BSA) (1970)
USA PATRIOT Act
Office of Foreign Assets Control (OFAC)
Foreign Corruption Practices Act (FCPA)
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Risk-based approach to AML compliance
The “Four Pillars” of AML Compliance
Policies, Procedures, and Internal
Controls
Designated BSA/AML
Compliance Officer*
* Should have Board-designated authority to carry out his/her role and responsibilities
Training and Communication
Independent Testing / Audit
Anti-bribery and corruption/FCPA
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Corruption risk for banks
More than 1 trillion dollars is paid in bribes each year*
* Source: World Bank Institute
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Interplay between FCPA and money laundering
The FCPA prohibits bribery of foreign government officials bribery by definition involves the transfer of money or property
The Money Laundering Control Act prohibits transfer of money or property derived from “specified unlawful activity”
transfer of money or property for an unlawful purpose
FCPA violation is an SUA
Therefore, payment of bribes in violation of the FCPA usually involves violations of the Money Laundering Control Act
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Corruption risk for banks
The Bank’s clients Potential AML reporting obligations
Bank’s client is engaged in corruption and the transactions are being facilitated by the bank
The Bank itself Engages through an employee or authorized agent in bribery to gain an
advantage
Acquired liability Through violations committed by entity acquired
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Putting it All Together
© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.
All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.
Recommended
