Articles

Striking the right balance between profitable growth and fraud risk management

Release Date: 27 May 2008 
Author: Masoud Zabeti and Claire Broadbelt 
Original Publication: British Bankers' Association - Newsletter 

The challenging economic environment and the increasingly tough stance adopted by the regulators make this an important time for banks to review their approach to fraud risk management. The recently published final report by Société Générale into the substantial losses caused by trader Jérome Kerviel highlights how getting the basics wrong can expose banks to serious risk – financial and reputational.

To properly address the growing risk of fraud, banks must ensure regular review of, and investment in, fraud management procedures and technology. Greater awareness is required to achieve an integrated approach to fraud management, which should focus on prevention, detection and investigation. Collection of accurate fraud data is also essential if deficient internal controls are to be identified and investment is to be made in systems that aid early detection of fraud. As with most plans, however, fraud management procedures can only be effective when properly implemented and their effectiveness regularly reviewed.

In the event that fraud is detected, time is of the essence and the banks’ fraud response plan should be utilised. To investigate and deal with a fraud while minimising the financial and reputational fall out, senior management must be fully aware of the entire range of tools at their disposal. This article therefore deals in summary with the investigation of fraud and seeking the assistance of civil courts in responding to fraud.

Investigation – Gathering Evidence

The law, shareholders, customers, regulators and insurer expectations increasingly call for the investigation of fraud and recovery of losses where possible. The expectation is the same whether the underlying fraud relates to asset misappropriation, corruption, embezzlement or the theft of confidential information.

The first few hours of an investigation are critical and therefore knowing how to proceed from the outset can mean the difference between a successful and a disastrous investigation. A fraud response plan identifying key internal individuals responsible for investigating suspected fraud is invaluable. Senior management, external lawyers, external investigators, forensic accountants, IT experts, human resources and public relations departments might need to be involved.

Securing crucial evidence should be a priority. The most obvious initial source can be found internally (including an employee’s personal data) which employers can access during the course of an investigation to prevent and/or detect crime. Staff emails are often a fruitful source of information which can be accessed and reviewed provided that the bank owns the computers in question and has taken reasonable steps to make staff aware that their emails and computer use may be monitored (usually by its email policy, office manual or employment contracts). Deletion of data will not present a solution for the fraudster, as deleted data can usually be recovered.

Call logs for employees' telephones, including mobiles, can be checked. In some circumstances it may be appropriate to monitor a suspect’s emails or even telephone calls.

Throughout the investigation it is essential that all evidence is gathered lawfully to avoid the evidence being challenged, not to mention the risk of criminal liability and reputational damage. Involvement of in-house or external legal advisers from the outset can assist by preserving privilege in documents created during the course of the investigation.

Interviews are another important source of evidence. However, prior to conducting any interviews, those leading the investigation need to consider who to interview, how to conduct the interview and most importantly the timing of such interviews, especially as it might initially be important to avoid tipping off the suspected fraudster.

Whether, and if so, at what stage to involve the police is another issue that requires careful consideration. The advantages must be weighed up against loss of control of the investigation and its outcome. The answers to these questions will therefore depend on the bank’s end game and it is for this reason that a carefully considered strategy is essential. Asset investigations into the suspected fraudster are important in deciding this strategy.

Seeking assistance from the Courts

The English Courts will assist victims of fraud, provided they have satisfied a number of evidential tests, by granting a wide range of intrusive orders against individuals suspected of fraud before proceedings have been issued. The Courts take a particularly dim view of individuals who have abused their position to make an unlawful gain.

The purpose of these Orders is to secure and preserve assets, information and documentation before the suspected fraudster has an opportunity to dissipate assets or destroy evidence. Such orders are commonly obtained on a “without notice” basis in order to catch the suspected fraudsters “red-handed”.

A useful first step is to obtain Disclosure Orders against any third parties who may hold useful information or documentation about the suspect’s conduct or assets. Freezing Orders can also be obtained against the suspected fraudster to secure assets. If the suspect has stolen confidential information then the bank can apply for a Delivery Up Order. This compels the suspect to hand back the documentation and any further copies made, to confirm what they have done with the documentation and also prevents them from using the documentation until the matter has been decided by the Court.

Depending upon the nature and seriousness of the suspected wrongdoing it may be appropriate to apply for a Search Order which permits the bank’s search team, led by its external lawyers, to enter and search certain premises (most often the suspect’s home or office) and seize any relevant evidence. The Order will typically allow for an expert to take an “image” of any electronic data storage device, such as computers, PDAs and mobile telephones which can then be inspected at a later date. Failure to comply with the terms of the Order will represent contempt of Court.

The orders referred to above can be obtained with gagging provisions to prevent the recipient from discussing them (for a period of time specified in the Order) with anyone other than their legal advisers.

The first the suspected fraudster might therefore know about the orders is when he or she receives a knock on the door in the early hours of the morning. In catching the wrongdoer “red-handed” and preserving damning evidence, the bank should be in a much stronger position to secure an early settlement on favourable terms with confidentiality provisions, if necessary.

Conclusion

Beyond the immediate financial losses, fraud represents a serious reputational risk to banks and the financial services industry. Commercial concerns about putting in place adequate anti-fraud measures must therefore be balanced against the need to maintain confidence. The key to an effective response to fraud and therefore maintenance of confidence is effective fraud risk management, which includes an organised and immediate response to fraud. By utilising the range of tools at their disposal, senior management can adopt a strategy that presents a robust response to fraud and will act as a significant deterrent, but will at the same time result in the recovery of misappropriated assets and/or stolen confidential information.

The information and expressions of opinion this article contains are not intended to be a comprehensive study and should not be treated as a substitute for specific advice concerning individual situations.

Terms of Use | Privacy Policy | Site Map | Accessible | Copyright © 2008 Mishcon de Reya