NAIROBI, Kenya, Jul 31 – Banks, insurance companies and other financial institutions are being urged to establish a structured framework where they can share fraud information amongst themselves to help reduce the rise of money laundering and fraud cases in East Africa.,
Deloitte Director of Forensic and Litigation Support Robert Nyamu said that various East African banks have lost approximately Sh4.06 billion since 2011 due to fraud but the figure could be significantly understated due to the high number of unreported fraud cases.
“They can have an integrated system where they share this information on fraudsters, blacklisted parties, employees and suppliers and upload it, because right now we have a situation where fraudulent employees are going from bank to bank or from banks to insurance companies,” he said.
“In our view, they should not necessarily share the information with the public because some of the people might have used that information in the first place and it may cause concern to their business, but they should look for a structured way to share information among themselves,” he added.
Nyamu revealed that in 2010, the insurance industry in East Africa reported a loss of approximately Sh14.8 billion as a result of fraudulent claims, with the most common type of fraud being false motor insurance claims which have contributed to the increasing cost of motor insurance.
“Opportunistic Retail Fraud has also been named as a costly form of insurance claims fraud. This is where individuals exaggerate or inflate genuine claims to increase the value of a payout,” he explained.
He noted that banks are hesitant to share fraud information due to competition and the fear of hurting their reputation, but Nyamu emphasised that there needs to be implementation of the Proceeds of Crime and Anti-Money Laundering Act of 2009, in addition to partnerships between financial institutions where the sharing of fraud information is facilitated in order to strengthen regulatory guidelines aimed at enhancing risk management in banks.
“Various steps have been taking shape in order to have this law operational and we’re happy to note that they have a board constituted by the Financial Report Centre consisting of officials from the Central Bank and the Capital Markets Authority and we expect them to be fully operational in the next few months,” he stated.
He added that many institutions prefer internal resolution of fraud cases than referral to the law enforcement agencies due to reputational risk.
“We’re encouraged by the tremendous steps taken with regard to the integrated system insurance companies are looking to implement across the entire insurance industry by the end of this year,” he added.
Methods used to defraud banks include: identity theft, electronic funds transfers (EFT), bad cheques, credit card fraud, loan fraud, forgery of documents and investment scandals and Nyamu noted that in 2010, electronic fund transfers were responsible for the highest amounts stolen, followed by embezzlement and card fraud.
He acknowledged that there are many factors that contribute to fraud in the industry.
“Abundant liquidity in the industry makes it attractive to fraudsters and although pervasive use of technology enhances efficiency, it also facilitates swift execution of fraud by technology savvy fraudsters,” he stated.
“There’s also problems with the manipulation of data and circumvention of IT controls by those with superior administrative rights or technology savvy employees and outsiders, while weak and inadequate internal controls provide a conducive environment for fraud and enable employees to work in collusion with third parties or internally,” he added.
Nyamu added that many financial institutions use anti-fraud units that do not have a direct reporting line to the Audit Committee, thus compromising their much needed independence and objectivity.
“Robust Fraud Risk Management (FRM) systems should be implemented in tandem with the growth and enhanced sophistication in the banking sector,” he said.
“Some institutions rush to implement technology based anti-fraud solutions that are not suitable for their nature or level of commercial activity or operations so the selection of a suitable FRM system should be preceded by a robust and detailed business and operational requirements mapping exercise,” he explained.
He advised financial institutions to adopt ongoing monitoring and evaluation of the FRM framework to ensure that the procedures in place are current and commensurate to the level of commercial activity and fraud trends in the industry and the business.
“Stringent Know Your Employee (KYE) procedures should be put in place to curb the ever increasing level of employee perpetrated fraud, which include stringent background checks prior to recruitment, ongoing monitoring of employees’ activities in high risk departments and proper segregation of duties and job rotation,” he said.
“There needs to be an implementation of robust IT control measures such as appropriate restriction and allocation of access rights, database access restriction, robust password management, and regular monitoring of inactive, dormant and suspended accounts,” he added.
He emphasised that no institution is immune to fraud, money laundering and related malfeasance so they all must put in place robust fraud risk management frameworks to mitigate their exposure accordingly.
“Investment in an appropriate technology-based control mechanism is recommended, but do not rush to implement off-the-shelf anti-fraud solutions prior to conducting a robust and detailed business and operational requirements mapping exercise,” he stressed.
“Invest wisely since it is well known that fraud and money laundering prevention is less expensive and more efficient than detection, investigation and recovery,” he said.