Banks with significant and far-reaching retail-oriented business activities should have well-documented fraud risk management programs with appropriate monitoring, measurements and reporting, and mitigation, the regulator of national banks advised in a bulletin Wednesday.
The Office of the Comptroller of the Currency (OCC) said it issued the bulletin (OCC Bulletin 2019-37)to the institutions it supervises (which includes national banks, federal savings associations, and federal branches and agencies) to inform them of sound risk-management policies. The bulletin makes no reference to its timing of release, or why it was issued.
However, the bulletin does highlight several key aspects of effective bank fraud risk management, including:
- sound corporate governance practices that instill a corporate culture of ethical standards and promote employee accountability;
- policies, processes, personnel, and control systems to effectively identify, measure, monitor, and control fraud risk consistent with the bank’s size, complexity, and risk profile;
- Internal controls designed to prevent and detect fraud, and respond to fraud (suspected or alleged);
- assessment of the likelihood and impact of potential fraud schemes, and use of the assessment’s results to inform the design of the bank’s risk management system;
- measurement, monitoring, and understanding fraud losses across the enterprise by senior management and board members, with employment of tools that appropriately quantify and assess loss experience and exposure;
- control reviews and audits as part of fraud risk assessments.
The bulletin also stresses that “strong governance is of paramount importance to controlling the bank’s exposure to fraud,” and asserts that strong corporate culture against fraud is crucial for any size bank or its complexity.
“The tone at the top sets the foundation on which the bank operates,” the bulletin states. “The board and senior management have a responsibility to lead by example and demonstrate that the bank is serious about promoting ethical behavior to deter and prevent fraud. The board-adopted code of ethics (or code of conduct) should encourage the timely communication and escalation of suspected fraud through the appropriate oversight channel.”