Federal Reserve Bank of Richmond publishes guide to help businesses manage fraud risk
Wednesday, February 6, 2019
In light of NCUA’s 2019 supervisory focus on internal controls and with tax season underway, it's a good time to discuss something that affects all organizations — fraud.
Large frauds have led to the downfall of entire organizations, massive investment losses, significant legal costs, incarceration of key individuals, and erosion of confidence in capital markets. Publicized fraudulent behavior has negatively impacted the reputations, brands, and images of many financial institutions. Regulations such as the U.S. Foreign Corrupt Practices Act of 1977 (FCPA), the development anti-bribery conventions, the U.S. Federal Sentencing Guidelines of 2005, and similar state legislation have increased organizations' responsibility for fraud risk management.
The Federal Reserve Bank of Richmond has published a practical guide for businesses to bring fraud resources and departments into alignment.
Key Takeaways: Organizations should...
- Have a COSO internal control-integrated framework.
- Establish appropriate “tone at the top” and organizational culture.
- Document fraud-control strategy, code of ethics/conduct, and hiring and promotion standards.
- Establish, complement, or evaluate internal audit functions.
- Develop curriculum for provided training.
- Know its fraud prevention score to assess the strength of its fraud prevention system.
- Know its fraud risk exposure, which illustrates the types of frauds it may encounter
- Have a full fraud risk assessment framework. This should include fraudulent financial reporting in other areas relevant to the organization, such as accounts subject to estimation, related-party transactions, and inventory accounting. In addition, the risk of misappropriation of assets, corruption, and other misconduct would be assessed in the same manner.
- Have a fraud policy decision matrix. This matrix is be used as a tool to summarize and visualize the responsibilities that have been defined for the organization. This is not a standard for “who” should have “what” responsibilities.
Contact the CCUL Risk Department with questions or to request resources in this area. RSVP to attend the first CCUL quarterly "Fraud Chat" on March 14, 2019. This call will include a perspective on fraud from a local law enforcement agent.