India Banking Fraud Survey 2012

February 2012
India banking fraud survey - 2012

Navigating the challenging
environment
India banking fraud survey - 2012 Navigating the challenging environment

Contents

1. Foreword 4
2. Executive summary 5
3. About the survey 12
4. Size of the issue 13
4.1 What is the industry view 13
4.2 What is the banks Individual experience 13
4.3 Why did it happen 14
4.4 How much did they lose 15
5. The issue 17
5.1 Where did it happen 17
5.2 How did it happen 17
5.3 Retail Banking 18
5.4 Corporate Banking 18
5.5 Priority sector Banking 19
5.6 Others 19
5.7 Who committed the fraud 20
5.8 How was it discovered 21
5.9 How long did it take to uncover fraud 21
5.10 What was the response to fraud 22
6. How are banks geared to fight this menace 24
6.1 Who is responsible for fraud risk management 24
6.2 What is the current status of anti fraud programs 25
6.3 Proactive or reactive - What is the role of technology 26
7. What does the future foretell 30
7.1 What are the future trends 30
7.2 What will be the cost of fighting fraud 31
Conclusion 33

4 | India banking fraud survey - 2012 Navigating the challenging environment

1. Foreword
The Indian banking and financial services sector has witnessed exponential growth in the last decade. This
growth has not been without its pitfalls as incidents of fraud in the industry have also been on the rise.
Deloittes fraud survey shows that banks have witnessed a rise in the number of fraud incidents in the last
one year, and the trend is likely to continue in the near future. The survey points to the increased difficult
scenario for banks with increased fraud incidents and low recoveries, thereby directly affecting their bottom-
line. With increased regulatory scrutiny, banks are under increased pressure to implement best practices
and fraud risk management framework. However, as indicated from the survey, this still appears to be work
in progress in many of the organizations.
Risks are inherent in the banking business. In todays economic climate, the adage prevention is better
than cure has never been more accurate. No organization can be completely immune to fraudulent activity,
but steps can be taken to reduce the exposure to financial loss and reputational damage, which are
common consequences of fraud. Deloittes fraud survey for the banking industry was aimed at gaining an
insight into the fraud scenario in the industry, the areas that incur the maximum number of fraud incidents,
and the measures organizations are taking to fight the menace.
The survey questionnaire was sent out in November 2011 to leading banks in India. The respondents
included Chief Risk Officers, Chief Compliance Officers, Heads of internal audit and other senior
management personnel. We would like to take this opportunity to thank the people and organizations who
have taken time to share their views about the impact of fraud in their respective organisations. Our
gratitude to the executives and their respective banks as the survey would not have been possible without
their support.
We hope you will find the report insightful and informative.
Avinash Gupta
Leader Financial Advisory

India banking fraud survey - 2012 Navigating the challenging environment | 5

2. Executive summary
Over the last few years, India has been one of the worlds fastest growing economies with banking and
financial services companies experiencing significant growth both in size and profitability. In the last
decade, the Indian banking sector grew at an average of 18 percent compared to over 7 percent GDP
growth. So frauds in the financial services industry pose a significant risk to institutions, as well as to the
integrity of capital markets. Its effect can be widespread, causing long term financial and reputational
damage.
Deloittes fraud survey f ocuses on the key challenges facing the banking industry in fighting fraud. The
objective of the survey is to gain an insight into the current scenario on frauds in the industry, the areas that
are prone to fraud, and the way organizations are fighting this menace and preparing for the future.
This survey has been developed based on the survey questionnaire responses received from banks in India
including public sector banks, private sector banks, co-operative banks and multi-national (MNC) banks. We
have consciously attempted to include a variety of banks with different sizes and type of operations to
obtain a comprehensive picture of the fraud environment in the country. The profile of the respondents is
given in Section 3.
The survey covers the f ollowing key topics
1. What is happening
Current perception of fraud in the country/industry
Fraud incidents encountered by the banks
Average loss and ability to recover
2. What is the Issue
Fraud prone areas
Root cause analysis
Detection mechanism
3. How are banks geared to fight the menace
Anti-Fraud framework
Role of technology
4. What will happen
Areas perceived to be vulnerable in the years to come
Cost of various anti-fraud measures


Size of the issue
An overwhelming 93% of the respondents indicated that there has been an increase in fraud incidents
in the banking industry during the last year.
Seventy-five percent of these respondents indicated that banking industry has seen an increase in
fraud incidents by at least 5% as compared to the last one year.
An analysis of the survey findings for respondents who have disclosed the number of fraud incidents
encountered by them indicated that nearly one in every two institutions had encountered more than 50
incidents of fraud within the organization in the last one year. Similarly, one in every f our institutions
have witnessed at least 100+ fraud incidents in the last
one year. Banks with higher asset size, appear to have
encountered more fraud incidents.
The average loss per incident for nearly half of the
respondents is more than Rs 10 lac.
The average value of recovery for more than half of the
respondents is less than 25% of the reported fraud losses.

93% of
respondents
say banking
industry has
seen an
increase of
fraud incidents
in the last year
The banks are able to
recover less than 25%
of the losses in more
than half of the fraud
cases


The Issue
What happened?
Banks have encountered the maximum number of fraud incidents in retail banking followed by
corporate banking. A majority of the respondents who are actively involved in priority sector have also
encountered significant number of fraud incidents in this area.
Fraudulent documentation and overvaluation/non-existence of collateral are the types of fraud
incidents which appear to rank high to very high for all the areas of banking operations, i.e. retail,
corporate and priority sector
Frauds in private banking are attributed primarily to identity theft and misuse of power of
attorney/account takeover. However, interestingly incidents involving mis-selling have not been
identified by banks as a major contributor of frauds in private banking. Treasury and
administration/procurement operations appear to have encountered least number of fraud incidents
according to the respondents.
Why did it happen?
About 73% of the respondents cited lack of oversight by line
managers or senior managers on deviations from existing
process/controls as one of the major reason followed by current
business pressure to meet targets and difficult business scenario
as other two major reasons for increasing fraud incidents.
About 37% of the respondents indicated that there was collusion
between the employees and external parties.

How was it discovered?
It appears that a majority of the incidents are still detected through
a formal and inf ormal complaint mechanism. A significant 43% of
the respondents detected frauds through anonymous complaints by
external third party and another 37% through a whistle-blower
mechanism. More than half the respondents indicated that they
have detected fraud through internal audit reviews. However the
worrying sign is that 20% of the respondents indicated that they still
detect fraud by accident.
Technology appears to be gaining prominence in fraud detection.
Forty percent of the respondents indicated that they detected fraud using a fraud detection/analytics
tool.
According to more than half of the respondents, the average time taken to discover a fraud incident is
more than six months and 23% of them indicated it to be greater than a year.

How did they respond?
Almost 77% of the respondents indicated that the fraud incidents were investigated internally.
However, only 63% of the respondents reported it to the law enforcement agencies.

How are banks geared to fight the menace?
Fraud risk management is being discussed at the board level at least every quarter as indicated by
more than 93% of the respondents.
Eighty percent of the respondents have indicated that they have a fraud risk management framework in
place. The primary responsibility for fraud risk management according to 37% of the respondents is the
"Chief Vigilance officer". Only 13% of the respondents indicated that they have a chief fraud risk officer
for managing fraud risk.

Retail banking
has incurred the
maximum
number of fraud
incidents
... lack of
oversight by line
managers or
senior managers
on deviations
from existing
process/controls
has been
identified as one
of the major
reason for
increased fraud
incidents


Fifty percent of the respondents indicated, that they have already implemented a fraud analytics
solution, and overwhelming 73% of these respondents appear to be completely satisfied with the
solution. The primary issue f or those who have not implemented a fraud analytics solution is "issues in
data integration from existing internal system" or data insufficiency.

More than half
the respondents
discovered fraud
after more than
six months


Future Trends
What is in store?
With the current economic scenario, an overwhelming 83% of the respondents have indicated that the
fraud incidents will increase with 64% of them indicating that the increase will be between 6-25%
Of the respondents who indicated that frauds will rise in the coming years, an overwhelming 96% of
respondents indicated that retail banking will continue to be the most vulnerable to fraud. The
surprising revelation is that respondents feel that in the coming years priority sector will contribute to
increased fraud incidents with a small decrease in the corporate banking as compared to the current
scenario. Surprisingly, a few respondents indicated administration/procurement as the new areas
vulnerable to fraud, which is not reflected in the current environment.

Cost of compliance
An overwhelming 83% of the respondents indicated that the cost of anti-fraud measures will increase
over the next two years with "implementing a fraud detection/analytics solution", "periodic fraud
assessment", "providing fraud awareness training" and "setting up a dedicated fraud investigative cell"
appearing to be the top contributors for this increase in cost.

Fraud risk
management is a
board level issue
Fraud will
increase in the
years to come
Frauds in priority sector are expected to increase and the
new areas of focus appear to be administration
/procurement


Conclusion
Banks are facing a tidal wave of regulatory requirements and are increasingly under regulatory scrutiny. In a
bid to tackle the rising incidents of frauds, the Reserve Bank of India has issued various circulars and
guidelines for banks to implement robust anti-fraud systems and controls to counter fraud risks. With the
expected economic slowdown, the incidences of frauds are expected to increase further, which is confirmed
by the survey results. An interesting finding of the survey is that greater the asset size, higher is the number
of fraud incidents encountered. This could be due to the fact that as banks continue to increase their asset
size by entering into new geographies or by introducing new products and systems, these developments if
not managed well could contribute to increased fraud. However, it is important first to note the causes of
increase in fraud incidents.
According to the survey respondents, it appears that lack of oversight by the line managers or senior
managers to the deviations from existing process/controls is cited as one of the major reasons for fraud
followed by the current difficult business scenario and business pressure to meet targets. However only
37% of the respondents indicated that there was collusion between the employees and other third parties in
perpetrating fraud. So does this indicate business pressure to meet targets is resulting in circumvention of
controls? This brings us to a moot question: What does the future foretell?
An overwhelming majority of respondents indicated that fraud incidents will increase, with over 64% of them
stating that the increase will be at least 6%. In the current fraud situation coupled with the economic
scenario it becomes all the more imperative for banks to ensure that they adopt realistic business strategies
and ensure adequate internal controls and vigilance so as not to accentuate the existing problem.
It comes as no surprise that the usual suspect - Retail banking - has been identified as the major contributor
of fraud and will continue to do so in the foreseeable future. This fact has been highlighted by the Reserve
Bank of India as well through their circular in 2009. As retail banking is more process as well as volume
driven and decentralized, increased fraud incidents in this area could possibly be the tip of the iceberg - an
indicator of deeper issues waiting to surface that can adversely impact the entire portfolio of the bank.
Another area where banks are focusing is on the priority sector not only to meet their priority sector target,
but also due to increased expectation of financial inclusion. With a significant number of respondents
identifying it to be the area where fraud incidents are expected to increase, banks need to consider the risks
involved in priority sector lending and develop appropriate risk mitigation strategies to ensure profitable
growth.
In the current economic climate, there is increased pressure on organizations to reconsider the way in
which they incur and monitor expenses; the focus is shifting to frauds in the procurement/administration
functions. One of the reasons that organizations have not been actively f ocusing on this area is perhaps
because of the low ticket size and the difficulty in detecting them. However banks need to scrutinize this
area as it not only directly affects their bottom line, but could also lead to potential violation of various anti-
corruption laws.
The Reserve Bank of India has been coming out with various circulars and guidelines prodding banks to
adopt measures to fight the menace of fraud. The challenge for banks is to develop comprehensive fraud
risk management controls that will not only prevent frauds, but detect them as soon as they occur and
respond to them. It is encouraging to note that an overwhelming 80% of the respondents indicated that they
had a formal fraud risk framework in place. The survey responses when considered separately indicate
near uniform adoption of various anti-fraud measures; however, when responses were analyzed there
appeared to be some conflicting messages. With77% of the respondents investigating frauds internally, it
appears surprising that only 20% of them had implemented a dedicated f orensic technology tools for
investigation and 28% having implemented intelligence gathering mechanism; bringing into question the
effectiveness of the fraud risk management framework. This could possibly be because fraud risk
management techniques are still in the development phase and many of the framework measures may be
work in progress.
According to the survey, it appears that the majority of the fraud incidents are still detected through a formal
and informal complaint mechanism. More than half the respondents indicated that they detected fraud
through internal audit reviews. However, the disturbing part is that 20% of the cases were still detected by
accident and another 43% were by anonymous complaints by third parties, indicating that in spite of various
anti-fraud measures adopted by banks, a significant number of frauds are detected by means other than the
organizations fraud control framework. Hence it did not come as a surprise that the average time taken to


uncover fraud is more than six months for more than 53% of cases. However, the silver lining is that banks
are increasingly looking at leveraging technology solutions to detect fraud in addition to traditional methods
like internal audit reviews and whistle-blower mechanisms. Usage of technology solutions can provide
banks with a proactive way in identifying Red Flag transactions and weaknesses in their internal
controls.
With the increase in fraud incidents and recovery being less than 25% for 60% of the respondents, fraud
directly affects the bottom line of banks. An overwhelming 83% of the respondents indicated that the cost of
fraud risk management will increase over the years, which is attributed to implementing technology
solutions, periodic risk assessments, and various due diligence measures. Organizations are slowly
realizing that lack of crackdown in controlling frauds could create a culture of acceptability for this behaviour
within the organization leading to increased incidents or more sophisticated frauds in future. By
implementing appropriate controls and monitoring mechanism, management will not only be able to limit
frauds, but also set the tone for ethical behaviour within the organization. So this could be money well
spent.


3. About the survey
This report presents the key findings from Deloittes Fraud survey for banks. The survey was conducted
over three months from November 2011 to January 2012, to gather the views of key people responsible for
fraud risk management in banks.
Institutions who participated in the survey included private, public, multi-national and co-operative
banks in India.
The asset base of the participants varied from less than Rs 500 crore to greater than Rs 5000 crore.
The majority of respondents were primarily with asset base of more than Rs 5000 crore.
The customer base of the institutions who participated in the survey included those who had less than
10 lacs to a sizeable proportion with more than 50 lacs number of customers
Responses were received from head of fraud risk management for banks or key people responsible f or
managing fraud risk in the organization.
Fig 1: Respondent banks

3%
40%
23%
34%
Co-operative
Bank
Foreign bank
Private Sector
Bank
Public sector
26%
10%
7%
57%
< 10 lacs
10 25 Lacs
25 50 Lacs
> 50 Lacs
7%
3%
3%
10%
77%
<500 CR
500 - 1000
CR
1000 3000
CR
3000 5000
CR
Fig 2: Respondent customer base
10%
10%
20%
7%
53%
Audit
Business
Compliance
Operations
Risk
Fig 4: Respondent asset base Fig 3 : Respondent department-wise


4. Size of the issue
Today financial institutions operate in an increasingly competitive environment with complex products,
slowing economy, tidal wave of new regulations coupled with new technology, leading to avenues for
fraudsters to exploit loopholes. We asked the respondents about the general scenario in the banking
industry and their individual organizations experience on frauds.

4.1 What is the industry view?
Ninety-three percent of the respondents indicated that fraud has been on the rise in the industry in the last
one year. A breakdown of their responses indicated that 75% of the respondents who perceived an
increase in the fraud in the industry believed that the fraud incidents had risen by more than 5%, with nearly
one in every two of them believing that it had risen by 5 to 10% and one in every four indicating it to be
more than 10%

4.2 What is the banks Individual experience?
A significant 76% of all institutions surveyed have encountered more than two incidents of fraud within the
organization in the last one year, with 40% of them indicating that they have encountered more than 51
cases of fraud within the last one year.

Larger organizations are more likely to experience increased fraud incidents. This is true f or banks as well.
A comparison of the fraud incidents experienced by the organization indicates that banks with larger asset
size have been encountering more fraud cases with public, private and MNC banks equally affected by it.

Dont
know,
7%
21%
43%
25%
7%
4%
Yes
< 5%
5-10%
10-20%
20-50%
No change
93%
20%
17%
17%
23%
17%
6%
2-20
21-50
51-100
>100
No incident
Not Disclosed
13% 13%
22%
22%
26%
4%
> 5000 CR 3000 5000 CR 1000 3000 CR
>100
51-100
21-50
2-20
Fig 5: Industry perception
Fig 6 : Experience of respondent bank Fig 7 : Experience of banks Vis a Vis
asset base


4.3 Why did it happen?
According to the respondents, lack of oversight by line managers or senior management on deviations
from existing process/controls along with difficult business scenarios and business pressure to meet
targets appear to be some of the significant factors contributing to the fraud incidents. It is interesting to
note that 37% respondents have also identified lack of tools to identify Red Flags as one of the factors
which appears to contrast with the responses in Section 6.3 where half the respondents have indicated that
they have implemented a fraud analytics solution and an overwhelming 73% of them are completely
satisfied with it. Analysis of the responses for those who responded that they were satisfied with their data
analytics solution indicated that only 50% of these respondents detected frauds using technology solutions.
This variance could be because of the f act that banks may possibly be using their existing transaction
monitoring system or have implemented a limited fraud detection solution for certain areas of their banking
operations only. This brings into question, the adequacy of these solutions for fraud detection across the
banking operations.

47%
37%
27%
73%
50%
23%
33%
7%
Difficult business scenario
Lack of tools to identify potential Red Flags
Change to business strategy without changes
in business processes
Lack of oversight by line managers or senior
management on deviations from existing
process/controls
Business pressure to meet targets
Lack of Fraud Risk Framework within the
organization
Collusion between employees and external
parties
Not Disclosed
Fig 8 : Factors contributing to fraud (multiple choice)


4.4 How much did they lose?
We asked the respondents for the average loss per fraud incident. Forty-seven percent of the respondents
indicated that the average loss per incident is more than Rs 10 lac. Another 40% of the respondents
indicated that they have incurred an average loss of Rs 10 lac per case. Overall these amounts may appear
to be not very significant, but it is important to note that average loss per fraud case will be less for retail or
priority sector banking as compared to corporate banking due to smaller ticket sizes. However, it is
interesting to note that the average recovery for 60% of the respondents is less than 25%. With only 30% of
the respondents indicating recovery of more than 25% of the loss suffered, it appears that banks are not in
a position to recover the money lost and will have to write it off; affecting their profitability in addition to
reputational damage.

Fig 9 : Average loss per fraud incident

40%
23%
17%
7%
13%
10 Lacs 10-20 Lacs 20- 50 Lacs >100 Lacs Not Disclosed
Fig 10 : Average recovery of fraud loss

17% 17%
13% 13%
30%
10%
< 1% 1-5% 5- 10% 10-25% >25% Not
Disclosed


Deloitte point of view
Frauds are on the rise and no bank whether private, public or MNC is immune to the risk of fraud. As
economic conditions continue to soften, it could lead to increased fraud risks. A slowing economy may
increase pressure on organisations to meet and often exceed short-term performance goals
(sometimes at the detriment to the organization in the long-term). In some instances, organizations may
expect results that can be achieved only in a thriving economy. It is this mindset in slower economic times
that can contribute to increased fraudulent activity which has been confirmed by respondents who have
identified difficult business scenarios and business pressure to meet targets as significant f actors
contributing to the fraud incidents.
Even though the average loss per fraud case appears low, i.e., Rs 10 lac, it should be taken in light of the
fact that respondents have indicated that retail banking has contributed the most to fraud in banks. Since
the ticket size of retail banking products is small, the average loss per fraud case appears to be less.
However, the disconcerting part is that the recovery has been less than 25% according to more than half
the respondents, indicating that banks are not able to recover losses in case of frauds. This trend in the
context of corporate banking environment is significant given the fact that the value of fraud losses will be
higher. With banks struggling to recover the losses, the survey points to a progressively difficult scenario for
banks where frauds are increasingly affecting their bottom line.


5. The issue
Since the developments in the 1990s, the entire banking products structure has undergone a major change.
With de-regulation, increased competition and IT revolution making it possible to provide ease and flexibility
in operations to customers, banks are also evolving and trying to become one-stop financial supermarkets.
However, the entire range of banking operations can be segmented into four broad heads - retail, wholesale
or corporate banking businesses, treasury operations and other banking activities including advisory
services termed as private banking to "high relationship value" clients. Fraud follows opportunity and
attacks weakness in the system. It is important to know the areas which are vulnerable to fraud before
organizations can start working towards controlling them. With banks operating in various areas, we
specifically asked the respondents on the areas where they have encountered fraud and the root cause
analysis of the incidents.

5.1 Where did it happen?
An overwhelming 77% of the respondents indicated that they have suffered from frauds in retail banking.
The other major area appears to be corporate banking as indicated by 57% of the respondents. Even
though, only 33% of the respondents have indicated that they have experienced frauds in priority sector
lending, a deeper analysis of the results indicated that a significant number of banks active in this area have
faced frauds which are not truly reflected in the overall percentages above. Treasury and
administration/procurement appear to be the areas least prone to frauds as per the respondents of the
survey.

5.2 How did it happen?
With banking operations spanning across multiple areas from retail to corporate, treasury and private
banking, the types of fraud will vary considerably depending on the areas and processes applicable.
Fraudulent documentation appears to rank as the most common fraud scheme across all the areas of
banking operations except treasury operations where it may not be applicable. This brings into question, the
processes followed by banks in verif ying documents/information before entering into a relationship with their
customers.
77%
57%
10%
3%
33%
3%
13%
Fig 11 : Areas prone to fraud (multiple choice)

Retail
Banking
Corporate
Banking
Private
Banking
Treasury Private sector
lending
Administration
/ Procurement
No
Response


5.3 Retail Banking
With retail banking appearing to be the most vulnerable to fraud, it is interesting to see that the respondents
have indicated high to very high incidents of frauds encountered by them involving multiple funding,
overvaluation/non-existence of collateral, besides fraudulent documentation. Frauds due to incorrect
sanctioning processes and external vendor fraud are also some of the fraud prone areas. An intriguing
revelation of this survey is that even though many of the banks outsource the verification and valuation
process to third party vendors, the percentage of respondents identifying external vendor induced fraud
appears to be relatively low.

5.4 Corporate Banking
According to the respondents, overvaluation/non-existence of collateral and siphoning of funds are some of
the areas where banks have encountered high to very high incidents of fraud. Incorrect financial statements
along with asset stripping and incorrect sanctioning, besides fraudulent documentation, are some of the
other types of frauds increasingly encountered by the respondents in corporate banking area. Since banks
are encountering frauds which encompass the whole spectrum of corporate banking process from incorrect
sanctioning to siphoning of funds, it is important that banks not only review their sanctioning, but also
enhance disbursement and their post disbursement monitoring process. A good practise could be to
undertake a closer monitoring of accounts where early signals of stress are seen. The RBI circular of 15
January 2011, provides illustrative steps for banks which may be followed to ensure effective monitoring of
end use by the corporates for the credit facilities granted to them.

29%
7%
13%
46%
31%
55%
7%
7%
7%
15%
8%
9%
14%
29%
20%
15%
31%
9%
21%
14%
13%
8%
8%
29%
43%
47%
15%
23%
27%
Overvaluation/non-existence of collateral
Fraudulent documentation
Multiple funding
Identity Theft
External vendor induced fraud
Incorrect sanctioning
Very Low Low Medium High Very High
45%
30%
40%
20%
44%
50%
18%
10%
20%
30%
22%
9%
40%
30%
11%
25%
9%
10%
20%
11%
13%
18%
10%
20%
20%
11%
13%
Siphoning/Diversion of funds
Incorrect financial statements
Asset Stripping
Very Low
Low
Medium
High
Very High
Fig 12 : Fraud incidents in retail banking

Fig 13 : Fraud incidents in corporate banking


5.5 Priority sector Banking
The government of India identified certain sectors as priority sectors and banks were directed to set aside a
definite portion of their credit facilities to these sectors. RBI fixes the target for priority sector credit by
commercial banks. As per RBI rules, if there is any shortfall in priority sector lending from the above targets
and sub targets, the concerned bank should deposit an amount equivalent to the shortfall in certain
schemes.
We wanted to understand from the banks their experience of priority sector lending, as it has been identified
as one which has encountered increased fraud incidents by those who are actively involved in this area.
Siphoning of funds and overvaluation/ non-existence of collateral are some of the frauds where the most
incidents have happened, apart from fraudulent documentation. High to very high incidents of frauds
involving Identity theft is also identified by 26% of respondents. Since many of the priority sector customers
may face challenges in providing the requisite KYC documents, this loophole may be exploited by
fraudsters to steal the identity of gullible people and defraud banks. This brings us to the question of
customer due diligence process adopted by the banks for this segment. Since standard identity documents
like PAN cards, etc., may not be available with these customers, this problem may continue to persist for
some time to come. Hopefully, the Aadhar program should provide some relief to banks in the future to
contain this risk.

5.6 Others
Ten percent of respondents have indicated that they have encountered fraud in private banking and 3% in
treasury operations and administration/procurement functions. Amongst various areas, in private banking,
respondents identified fraudulent documentation followed by identity theft as being the highest number of
fraud incidents. It is very surprising to note that mis-selling is considered as a low risk, especially in view of
the recent incidents highlighted in the media.

57%
27%
33%
38%
56%
71%
50%
100%
18%
22%
13%
11%
14%
18%
22%
25%
11%
20%
9%
13%
11%
43%
27%
22%
13%
11%
14%
30%
Multiple funding
Identity Theft
External vendor induced fraud
Siphoning of funds/collateral
Others - Interface with Government
Systems
Very Low
Low
Medium
High
Very High
67%
75%
80%
75%
20%
25%
25%
33% Fraudulent documentation
Identity Theft
Misselling
Account takeover/misuse of power of
attorney
Very Low
Low
Medium
High
Very High
Fig 14 : Fraud incidents in Priority sector
Fig 15 : Fraud incidents in Private Banking


5.7 Who committed the fraud?
Fraud occurs because there is a motivation and opportunity to commit fraud. Almost 37% of the
respondents indicated involvement of employees with 64% of these cases involving only one employee in
addition to external parties
Although banks have not encountered high levels of collusion, it begets the question: why is there increase
in fraud incidents then? Is it because fraudsters are aware of the lacuna in the banks internal control
systems? Is it because of negligence on the part of employees?
While banks can implement the best fraud controls, it cannot be a substitute to diligence as any loss
resulting out of negligence has to be borne by the bank. As the bank employees are at the forefront of
fighting fraud, it is important for the organization to make them aware of their obligations through training.
Employees should be provided periodic training for their specific areas of operations, which also includes
various applicable fraud scenarios, so that they can pre-empt fraud incidents. Another important fraud risk
management principle is to provide a clear and consistent message through a credible disciplinary system.
A well designed disciplinary process providing guidelines on sanctions based on the nature of the offence
and its uniform and consistent application will go a long way in sending the right signal to both internal and
external parties and help prevent/reduce negligence acts.

100%
100%
100%
100%
100%
Un accounted trades in error accounts
Deviations from existing process
Collusion with external parties
Overriding of controls
Others - Business Target Pressure
Very Low
Low
Medium
High
Very High
Fig 16 : Frauds incidents in Treasury

Fig 17: Collusion between employees and third party

17%
47%
37%
Not Answered No Yes
36%
64%
More than 1
employee
Only 1
employee


5.8 How was it discovered?
A well designed fraud control mechanism should enable organizations to identify frauds proactively.
According to 53% of the respondents, frauds were detected through internal audit reviews and significant
majority of the incidents were still detected through a formal or informal complaint mechanism. The
complaint mechanism consisted of 43% respondents detecting frauds through anonymous complaints by
external third party and another 37% through a whistle-blower mechanism.

With the advent of technology, banks are at the forefront of leveraging technology to fight frauds. Forty
percent of respondents were identif ying frauds using a fraud analytics solution. This is an encouraging sign
as a proactive fraud detection solution will not only enable banks to identify frauds before they occur, but
can also be leveraged to improve their internal control mechanism.
Even though 37% of the respondents indicated that they detected frauds through a whistle-blower
mechanism, the number of frauds discovered by anonymous complaints is more at 43%. This could
possibly be due to the fact that either the whistle-blower mechanism is probably not implemented fully or the
complainants are not comfortable using the whistleblowing hotline.
However, the disturbing part is that 20% of the cases were detected by accident and another 43% were by
anonymous complaints by third parties, indicating that despite various anti-fraud measures adopted by
banks, a significant number of frauds were detected by means other than the organizations fraud control
framework. It leads to the question: do many frauds stay undetected?

5.9 How long did it take to uncover fraud?
With a significant 63% of the respondents indicating that they identified frauds through anonymous
complaints or by accident, and another 53% were detected by internal audit reviews, it did not come as a
surprise that the average time taken to uncover fraud is more than six months in more than 53% of cases.

30%
30%
20%
3%
17%
< 6 months
6 -12 months
12-24 months
>24 months
Not disclosed
Fig 18 : Fraud Detection mechanism (multiple choice)

Fig 19 : Average detection time for fraud incidents

43%
53%
37%
20%
40%
20%
17%
Anonymous
complaint by
external party
Internal
audit/legal/
compliance
Whistleblower
mechanism
By
accident
Fraud
detection/
analytics
solution
Others Not
disclosed


A timely detection of fraud incidents will go a long way in containing the losses and improving the chances
of recovery. It is now time for banks to ensure that their current fraud risk management strategies are
revised to ensure that they are in line with the current fraud trends and adequate to take care of future
growth besides increasing ways of detecting frauds proactively. Hopefully, with the increase in usage of
technology to detect frauds, as mentioned in the previous section, the average time to uncover frauds
should reduce in future.

5.10 What was the response to fraud?
According to the survey, 77% of the respondents indicated that they responded to fraud by conducting an
internal investigation and 63% reported it to the law enforcement agencies. The respondents also indicated
that they allowed the individuals to resign in 10% of the cases, and in 20% of the cases they entered into a
negotiated settlement.
An important fraud risk management principle is the tone from the top. A tone that indicates zero tolerance
for fraud goes a long way in propagating a disciplinary culture within banks. Any response to fraud should
be swift and effective. The RBI circular of September 2009 required banks to investigate large value frauds
with the help of skilled manpower for internal punitive action against the staff and external legal prosecution
of the fraudsters and their abettors.
Fraud investigation requires specific skill sets like forensic accounting and technology to collect evidence,
which may not be available internally. However, with only 3% of the respondents going in for an external
investigation and lack of forensic technology tools as indicated in Section 6.2, there could be a possibility of
evidence getting lost during this period.

3%
77%
63%
20%
10%
33%
30%
17%
Fig 20 : Response to fraud incident (multiple choice)
External
investigation
by an
independent
consultant
Reported
to law
enforcement
agencies
Negotiated
settlement
Internal
investigation

Permitted
individual to
resign
Termination
of contact
Termination
of facility and
initiate legal
action
Not
disclosed


An analysis of the fraud incidents provided by the respondents, as part of the survey, indicates possible
control failures throughout the process as shown below.

The risk profile of different segments in banks like retail or corporate banking is different and therefore the
processes which are required to control the risk of fraud in each segment needs to be customised for each
bank and their processes applicable to that particular segment. Since retail and priority sector banking
needs to be process driven due to huge volume of transaction, it is suitable for banks to employ fraud
analytics solution to detect anomalies or Red Flags to detect any deviations which may not be suitable in
corporate banking environment. For corporate banking adequate due-diligence and close post
disbursement monitoring are some measures which can help prevent or detect frauds. Depending on the
process, each bank must decide on the control that is appropriate to mitigate the risks. By adopting a
leading-practice approach to designing and implementing antifraud programs and controls, Banks can
reduce the risk of fraudulent activity.
Assessing your fraud risks is the first step that can help create greater awareness of where your
organization should improve its financial systems and processes. An effective fraud risk management
framework will enable banks to have controls that first prevent/reduce the fraud from occurring, detect as
soon as a fraud happens and respond effectively to fraud incidents when they occur.


6. How are banks geared to
fight this menace
In the wake of increasing incidents of frauds in the financial service sector, the Reserve Bank of India
introduced guidelines for comprehensive Fraud Risk Management (FRM) system for banks, concerning
fraud prevention and the role of management function in an organization to prevent fraud. Stated explicitly
within these guidelines is the need for controls related to the prevention, detection and deterrence of fraud
and the roles and responsibilities of the senior management in fraud prevention and management function.
With increased scrutiny by the regulators, top management face enhanced responsibility in identifying and
mitigating fraud, error, corruption, non-compliance, and unethical behavior. An effective fraud risk
management solution will provide banks with tools and techniques to manage risk in a manner consistent
with regulatory requirements, as well as with the entitys business needs and marketplace expectations.
Towards this, we asked banks in this survey for the various anti-fraud measures that they have adopted.

6.1 Who is responsible for fraud risk management?
Fraud can have a devastating impact on organizations in other ways as well. In addition to potential
revenue leakage, fraud can have a negative impact on a companys reputation, employee morale, and
investor confidence. The key objectives of an effective, business-driven fraud risk management approach
should encompass controls that help prevent occurrence of fraud, detect fraud as and when it occurs, and
provide f or an effective response mechanism to limit the consequences of fraud. The challenge for banks is
to develop a comprehensive FRM framework which includes identifying, assessing and categorizing risks
faced by the organization proactively and developing appropriate mechanism for preventing, detecting and
responding to fraud.

A significant 80% of the respondents indicated that they have already implemented a formal risk
management framework at the bank. Fraud risk management has become a board level issue, with an
overwhelming 93% of the respondents indicating that these issues are discussed at the board level with
senior management at least every quarter. A significant 23% of these respondents said that these issues
were discussed at the board level every month.

7%
13%
80%
No
Partly
Yes
Fig 21 : Implementation status of Fraud risk management framework


A small 7% of the respondents have still not implemented a FRM framework, which is surprising
considering the increased incidents of fraud and the scrutiny by the regulators.
As per RBIs September 2009 circular, the fraud risk management and fraud investigation function must be
owned by the bank's CEO, its Audit Committee of the Board and the Special Committee of the Board; and
they should set up a dedicated outfit to manage this function. To help ensure that fraud controls remain
effective, responsibility for the organizations fraud risk management should be delegated to a person at the
senior level who can interact with various departments of the banks like internal audit, vigilance and risk
management. The responsibility of fraud risk management is with the chief vigilance officer according to
37% of the respondents. However, only 13% of the respondents indicated that there is a separate chief
fraud risk officer who is responsible for only fraud risk management with another 17% of the respondents
indicating that the responsibility for this activity rests with the chief compliance officer or chief risk officer
(who is also responsible for financial risk management).

6.2 What is the current status of anti-fraud programs?
A significant number of respondents had indicated that they have implemented a formal fraud risk
management framework as mentioned in the earlier section. However, when we asked the implementation
status of various components of the framework, it revealed a startling picture.
A small 20% of the respondents have dedicated forensic technology tools for investigation.
Similarly, only 28% appear to have implemented intelligence gathering mechanism.
Only 60% of the respondents have a Fraud control organization structure with clearly defined reporting
structure and 67% have a fraud control strategy in place.

17%
13%
17%
37%
3%
13%
Chief compliance officer
Chief fraud risk officer (only for fraud risk)
Chief risk officer (also responsible for financial risk
management including credit and market risk)
Chief vigilance officer
Internal audit
Others
Fig 22 : Responsibility for fraud risk management


Despite the fact that more than half the respondents having implemented a fraud control organization
structure, number of frauds are rising which brings into question the effectiveness of the fraud risk
management framework at the banks. The reason f or complete implementation of all these framework
controls could possibly be because of the f act that many banks are in the early stages of implementation of
the framework and these are work in progress.
With the advent of new products and technologies, fraudsters will keep finding new ways to exploit the
system. To have robust and effective fraud control mechanism in place it is imperative for the banks to keep
reviewing their operations and gather market intelligence on the new fraud scenarios to understand their
operations vulnerability to fraud. However, it should be noted that market intelligence plays a key role in
understanding new fraud schemes in the market and banks may need to employ mystery shopping exercise
to understand the weakness in their system. So for a meaningful fraud risk assessment, banks should look
at increasing their market intelligence capabilities or seek external help.
A quick analysis of the results indicate that banks need to immediately focus and speed up their efforts in
the f ollowing areas to foster better fraud risk management:
Intelligence gathering mechanism
Dedicated forensic tools for investigation
Fraud risk assessment
Due diligence of vendor/third party

6.3 Proactive or reactive - What is the role of technology?
Technology has created new avenues f or banks to prevent or detect fraud as many of the indicators of
fraud are hidden within the bank's operational data. A clever data analytics tool can mine through this data
and identify hidden relationships and red flags. This will enable banks to proactively identify potential
fraudulent transactions bef ore they manifest themselves months or years down the line. Half the
respondents indicated that they are using fraud analytics solutions to identify potential fraudulent
transactions and another 23% are planning to implement it. It is interesting to note that 73% of the
respondents who have implemented a solution appear to be completely satisfied with it.

3%
3%
10%
10%
37%
3%
7%
7%
7%
3%
3%
3%
7%
23%
10%
13%
3%
3%
3%
13%
3%
21%
13%
13%
10%
3%
20%
17%
13%
7%
23%
23%
23%
34%
7%
20%
17%
7%
27%
13%
13%
7%
60%
67%
63%
28%
20%
53%
73%
70%
53%
60%
63%
80%
Fraud control organization structure
including clearly defined reporting
Fraud control strategy and policies
Dedicated fraud investigative cell/team
and associated process
Intelligence gathering mechanism
Dedicated forensic technology tools for
investigation
Fraud risk assessment
Employee code of conduct
Whistleblower hotline
Fraud awareness training
Vendor/third party due diligence
Employee background check
Customer screening against negative list
Not Started
Planning to start
in the next 12
months
Just Started
Partially
Implemented
Implemented
Fig 23 : implementation status of fraud risk management elements


Of the 27% percent who have not implemented technology solution, the prominent reason appear to be
data related issues like data integration or data sufficiency issues.
The other reasons are:
Solution being expensive 13%
Ineffective solution 25%
Banks have been traditionally early adopters of technology resulting in a number of legacy applications
catering to various aspects of their operations. These systems often result in islands or pockets of
information with limited data. With modern data analytics solution requiring varied types of data, banks are
realizing that they may not have been capturing the requisite information in their existing system, resulting
in lack of sufficient data for analytics. Also integrating these varied data sources which may exist in different
platf orms with varied formats is often cumbersome.

Fig 24 : Role of technology
23%
27%
50%
Planned No Yes
73%
7%
20%
Satisfactory
Satisfactory in
certain areas
Partly
satisfactory
Fig 25 : Reason for non-implementation of fraud analytic solution (multiple choice)

50% 50%
13%
25%
13%
Issues in data
integration from
existing internal
systems
Do not have
sufficient data to
implement
Available
solutions are
expensive
As per our
understanding,
these solutions
have not been
effective
There are no
system
aavailable that
will cater to my
needs


One of the important factors why fraud occurs is because the organizational system/controls provide the
fraudster with an opportunity to commit fraud. This condition is principally managed by designing and
implementing a control environment that prevents, detects, and deters the most fraudulent behavior
whether conducted by employees, vendors, consultants, or in collusion with senior management. As part of
such a control environment, there are five key anti-fraud controls that banks can implement, and it begins
with the tone at the top.
1. Prevent: Tone at the Top
In organizations with multiple stakeholders, there is growing need for board of directors or other governing
body to ensure that its governance practices set the tone for fraud risk management. Top management
should implement policies that encourage ethical behaviour and demonstrate Enhanced ethical culture
(tone at the top). The roles and responsibilities for personnel at all levels of the organization involved in
fraud risk management should be defined clearly. The board of directors may appoint a senior person who
would be responsible for the anti-fraud efforts and report to the board of directors. Since one of the
strongest anti-fraud deterrents is the awareness that fraud prevention and controls are in place, it is
essential for the top management to communicate to employees across levels/functions. Additionally,
communication of action taken report to employees will go a long way in reinforcing the message.
2. Prevent: Conduct detailed fraud risk assessments
One of the objectives of a fraud risk assessment is to help focus managements attention on the significant
fraud risks to be addressed. A fraud risk assessment can be recurring and systematic, and it can involve
various levels of management across all functions of the business. An effective fraud risk assessment may
include specific fraud schemes that could be perpetrated against the organization, including the people or
departments within the organization that could commit them. The specific fraud schemes identified can be
linked to existing internal controls within the organization that can mitigate the fraud risk and a remediation
plan for significant fraud risks that could not be linked to existing internal controls.
3. Deter and detect: Promote the tools for effective reporting of suspicious or inappropriate
activities
A whistle-blower hotline is one of the easiest and least expensive of procedures that can be used for
reporting fraud and misconduct. However, the existence of a hotline may not be enough. Management
should also consider conducting periodic evaluations to determine whether the whistle-blower hotline is
effective, including benchmarking analysis against competitors. The organization should consider the use of
an experienced outside agency managing the whistle-blower hotline to enhance the perception of
confidentiality.
4. Prevent and deter: Anti-fraud policy and appropriate training
Fraud risks can never be completely eliminated, as some degree of residual risk always exists in the
operating environment. Hence actions to minimize such a risk include the fostering and development of a
strong ethical culture as a part of the anti-fraud program. It is not uncommon for employees to be confused
as to what activities constitute fraud or misconduct against the organization. The tolerance of frauds or
misconduct within an organization could also send the wrong message about managements lenience
towards employee misconduct and fraudulent behavior. This misunderstanding can be addressed by
drafting and publishing an anti-fraud policy that clearly defines fraud and misconduct. This definition of fraud
can also include specific, relevant examples of behavior that is not acceptable within the organization. Once
the anti-fraud policy is published, periodic training can be held throughout the organization to provide
employees with a forum to discuss the importance of ethical behavior. In addition to defining fraud, this
policy can also address how the company intends to respond to fraud and misconduct allegations.
5. Deter and detect: Response to fraud allegations
Regardless of the size of the fraud allegation or the individual involved, the organization should consider
having a documented policy of how fraud allegations will be investigated and resolved. The policy would
typically include procedures for preserving documentation and gathering evidence. The policy can address
which individuals or departments should be responsible, accountable, consulted, and informed depending
on the nature of the allegation. Similar to fraud risk assessments, there are many companies that may have
certified fraud examiners, attorneys, and certified public accountants on the payroll who may be able to
conduct an effective internal investigation. However, if the amounts involved are potentially material to the


financial statements or might involve members of senior management, leading practices would suggest that
in many cases the investigation be conducted by independent attorneys and other third-party specialists.


7. What does the future foretell
Given the current economic scenario and the increased awareness of the risks posed by frauds in the
banking sector, we wanted to understand from the survey participants on the future trends in this area and,
most importantly, the cost of mitigation. Towards this, we asked them to identify the fraud trends and
specific areas which they perceive to be the most vulnerable to fraud, and the cost they expect to incur over
the next two years on various anti-fraud measures.

7.1 What are the future trends?
Over 83% of respondents felt that fraud incidents will continue to rise in the next two years. Of the
respondents who mentioned that frauds will rise and have provided inputs, more than 64% indicated that
frauds will rise more than 6%. Thus, the increase in incidents of fraud could be worrisome.

An overwhelming 96 % of the respondents have indicated that retail banking will be most prone to fraud
followed by the priority sector by 52% respondents and corporate banking at 48%. According to the
respondents, the priority sector appears to be more vulnerable in the current situation. Due to the current
economic conditions, banks may be planning to grow their retail asset portfolio along with priority sector due
to financial inclusion agenda; it appears that banks do not expect a sizeable increase in frauds in the
corporate banking environment. With retail and priority sector appearing to be vulnerable to fraud, banks
should focus their efforts in enhancing their fraud risk management efforts in this area if they are to contain
their non-performing asset (NPA) levels and also limit losses from fraud.
A recent survey report on occupational fraud and abuse by Association of Fraud Examiners (ACFE)
indicates that globally organizations lose approximately 5% of their revenues or more than $2.9 trillion to
fraud. Fraud in administration and procurement functions is also expected to contribute to about 14% of
fraud incidents. Banks therefore want to focus internally on their operational and administration expenses to
contain fraud in this area.

17%
83%
Fraud incidents will
remain same
Fraud incidents will rise
Fig 26 : Future trend in frauds (multiple choice)
4%
28%
48%
16%
4%
<1%
1-5
6-10%
1125%
Undisclosed


7.2 What will be the cost of fighting fraud?
An overwhelming 83% of the respondents said that the cost of anti-fraud measures will rise over the next
two years. The anti-fraud measures contributing to the increase in spending will be in the following order of
priority:
Implementing a fraud detection solution
Setting up a dedicated fraud investigative cell
Providing fraud awareness training
Conducting periodic fraud assessment
Conducting vendor due diligence and customer screening against negative list
Developing fraud control strategies and policies

The results are a bit surprising considering the fact that nearly half of the organizations have indicated that
they already have an analytical solution in place and a majority of them are satisfied with its results.
However, the fact that anti-fraud spending will increase indicates that some institutions may be using their
existing transaction monitoring and other technology solution to undertake some fraud analytics and would
25%
30%
17%
35%
22%
22%
21%
13%
17%
9%
26%
21%
13%
26%
25%
13%
29%
30%
17%
38%
30%
17%
21%
30%
25%
35%
9%
25%
22%
30%
8%
13%
13%
26%
13%
17%
13%
4%
Developing fraud control strategy and policies
Setting up dedicated fraud investigative cell
Periodic fraud risk assessment
Implementing a fraud detection/analytics solution
Implementing a whistleblower hotline
Providing fraud awareness training
Increased vendor/third party due diligence
Customer screening against negative list
Very Low
Low
Medium
High
Very High
Fig 27 : Areas prone to fraud in future (multiple choice)
96%
48%
4%
12%
16%
52%
4%
Fig 28 : Cost of Anti fraud measures
Retail
Banking
Corporate
Banking
Private
Banking
Treasury Administr
ation/
Procurem
ent
Priority
Sector
Not
disclosed


like to go in for a dedicated fraud risk management solution going forward. The other reason could be that
these solutions may be catering to specific areas only, and the banks are now looking at enhancing their
capability to cover other areas. With retail and priority sector being the focus areas for banks, the increased
use of technology is inevitable when dealing with large volumes of data and banks will not have an option
but to seek technology for detecting red flags proactively.
With banks aspiring to go global, they should be cognisant of the fact that prosecutors and regulators
across the globe are becoming increasingly active in enforcing the anti-corruption legislation. With the
advent of the new UK Bribery Act (UKBA) and continued regulatory developments, ant-bribery and
corruption compliance would now be a high priority for financial institutions. The highlight of the UKBA act is
the introduction of new offence of failing to prevent bribery (including bribery by an associated person of the
company) resulting in vendors coming under increased scrutiny. Expectedly, banks will be looking at
increased vendor due diligence to not only contain fraud risk, but also to comply with the anti-bribery and
corruption laws to which they must adhere.


Conclusion
Risks are inherent in the banking business, but fraud risk is something that no bank would like to deal with.
But the fact is that frauds are on the rise and organizations need to put their business affairs in order by
having effective control mechanisms in place to curb the menace. Internal controls can weaken over time
due to technological advances or human intervention (management override or collusion) or because of the
rise in new fraud schemes. Implementing anti-fraud controls is not a fool-proof measure against frauds.
Nonetheless, having anti-fraud measures in an organizations control environment can go a long way in
deterring individuals from perpetrating fraud because the message going down the line is that the senior
management is cognizant of this crime and is committed to preventing it within the organization.


Contacts
Neeta Potnis
Senior Director and National Leader
Forensic & Dispute Services
Mail: neetapotnis@deloitte.com
Tel: +91 (22) 66198630

Tedd Avey
Senior Director,
Mail: teddavey@deloitte.com
Tel: +91 (22) 67476154

Sumit Makhija
Senior Director,
Mail: sumitmakhija@deloitte.com
Tel: +91 124 679 2016

K.V. Karthik
Director Lead Financial Services
Mail: kvkarthik@deloitte.com
Tel: +91 (22) 66195833


Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its
network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about
for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

This material and the information contained herein prepared by Deloitte Touche Tohmatsu India Private Limited (DTTIPL) is
intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such
subject(s). None of DTTIPL, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the
Deloitte Network) is, by means of this material, rendering professional advice or services. The information is not intended
to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or
taking any action that might affect your personal finances or business, you should consult a qualified professional adviser.

No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this
material.

2012 Deloitte Touche Tohmatsu India Private Limited. Member of Deloitte Touche Tohmatsu Limited

India Banking Fraud Survey 2012

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

India Banking Fraud Survey 2012

Uploaded by

Copyright:

Available Formats

February 2012

India banking fraud survey - 2012

You might also like