Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 38

Fraud, by definition, entails intentional misconduct, designed to evade detection. Fraud risk denotes the vulnerability that an organisation faces from internal or external individuals capable of committing fraud. The fact that fraud risk is considered a sub-risk of operational risk is also visible from the BCBS loss event categorisation within operational risk, as both internal and external fraud are loss event types for the collection of operational risk loss data.[60]

In 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a fraud risk management guide that contains both a definition of fraud as well as guidance for establishing an overall fraud risk management programme, based on principles and points of focus. The definition of fraud according to it is as follows: “Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.”[61] The guide, however, acknowledges that other definitions exist, including those developed by the Auditing Standards Board of the American Institute of Certified Public Accountants, the Public Company Accounting Oversight Board, and the Government Accountability Office.

In 2019, the OCC published fraud risk management principles under the heading of operational risks. The definition of fraud provided by the OCC is the following:

“Fraud may generally be characterized as an intentional act, misstatement, or omission designed to deceive others, resulting in the victim suffering a loss or the perpetrator achieving a gain. Fraud is typically categorized as internal or external:

Internal fraud occurs when a director, an employee, a former employee, or a third party engaged by the bank commits fraud, colludes to commit fraud, or otherwise enables or contributes to fraud. […]

External fraud consists of first-party fraud and victim fraud. External fraud is committed by a person or entity that is not a bank employee, a former employee, or a third party engaged by the bank. […]

Fraud risk is a form of operational risk, which is the risk to current or projected financial condition and resilience arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events.”[62]

The APRA defines fraud risk, similar to the OCC, as

“the risk of loss from internal fraud or external fraud. These can be defined as: a) internal fraud – losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy (excluding diversity/discrimination events) which involves at least one internal party; and b) external fraud – losses due to acts of a third party that are of a type intended to defraud, misappropriate property or circumvent the law.”[63]

There are a number of sub-types for fraud risk, mainly based on the products or services for which fraud can happen.