Fraud Monitoring Solution

Fraud monitoring solution

Ben Oguntala, LLB Hons, LL.M CEO

www.riesgoriskmanagement.comBen.oguntala@riesgoriskmanagement.com

http://www.riesgoriskmanagement.com/

mailto:[email protected]

About the Author • Ben Oguntala • Education

– LLB Hons– LL.M

• Financial/Securities regulation• UK/EC competition law

• Forte – Risk Management specialist – Fraud compliance Consultant – Compliance specialist – Data Protection specialist – Information Security Consultant

• Previous clients – British Gas– Vodafone – Orange – O2 Telefonica UK – RWE NPower – BNP Paribas – Ministry of Justice (London Probation) – Revenue & Customs– Nortel/Motorola/Ericsson/Nokia– CapGemini – BT – KPMG & Cisco

[email protected] – Riesgo Risk Management Telephone – 07812 039867

“Fraud management is not dissimilar in concept toa building’s architectural integrity, which requires a piecemeal distribution of integrity enforcement across all of the building blocks.”


Solution overview

Asset owner

Asset classification

Asset policy

Asset procedure

Asset baseline

Products & services

Incident reporting

Compliance

Fraud Information Asset

Point of contact

High

PCI | FSA | DPA

From business units

From assessment checklist

Alert triggers

Manual procedures

Minimum standard

Med Low

Adaptors Generate alerts

Introduction

• Our Fraud management solution includes three key strategies – Fraud detection (knowledge of the subsistence of fraud)

• Fraud Asset Register • Fraud baseline • Fraud policies & procedures • Fraud incident reporting

– Fraud prevention (mechanism to prevent the subsistence of fraud)

• Fraud Policy enforcement • Technical preventative measures • Fraud baseline implementation • Zero day detection reporting

– Fraud mitigation (business process by which Fraud risks are mitigated and reoccurrence prevention)

• Fraud risk management • Fraud remedial action plan

Fraud detection

Fraud prevention

Fraud mitigation

Fraud management

Incident management

Product & Services

Compliance assessment

Fraud landscape

Fraud asset register

Fraud baseline

Fraud risk register

FMA (Fraud management adaptors)

Fraud monitoring dashboard

Fraud policy management

Fraud detection engine

Fraud

man

agemen

t too

l

Fraud reporting Fraud investigation

Fraud incident

reporting

Fraud baseline in products &

services

Fraud detection

from compliance

Fraud trends from

authorities

Fraud trends subscription

from authorities

Fraud asset across all business

units

Fraud risks across the enterprise

Our Fraud management frameworkThe objective of the framework is to cover as a broad a spectrum as possible in your Estate (Fraud Asset Register across all business units), the next key stage is to determine the appropriate level of fraud policy that needs to be applied across each asset. IncidentManagement, compliance assessment then capture fraud requirements and refer to the Fraud management team for expert assessment, whilst the Fraud Risk register is maintainedto ensure all risks are captured.

• Fraud exists due to weaknesses in an organisations security framework. Our objective is to re-enforce the fortress of protection and enhance the capability to reduce possibility fraud perpetration.

• It is not always possible to prevent fraud from occurring which is why having adequate detection capability is equally important to zero day detect potential fraud in your organisation.

Framework objectives

Incident management

Product & Services


FraudThreat

landscape


Fraud risk register


Framework objectives (1)

Incident management

Product & Services


FraudThreat

landscape


Fraud risk register


Fraud incident

reporting

Fraud baseline in products &

services

Fraud detection

from compliance

Fraud trends from

authorities

Fraud policies &procedures dissemination

Fraud asset across all business

units

Fraud risks across the enterprise

To c

aptu

re a

ll fr

aud

inci

den

ts

rep

ort

ed f

rom

all

bu

sin

ess

un

its

incl

ud

ing

hel

pd

esk

inci

den

ts r

elat

ing

to f

rau

d

Sett

ing

a b

asel

ine

for

all

pro

du

cts

& s

ervi

ces

rega

rdin

g fr

aud

an

d a

lert

ing

bu

sin

ess

pro

cess

es

All

com

plia

nce

act

ivit

ies

will

b

e ab

le t

o r

epo

rt o

r re

fer

po

ten

tial

fra

ud

issu

es t

o t

he

Frau

d t

eam

fo

r ev

alu

atio

n

Au

to in

pu

t vi

a su

bsc

rip

tio

n

on

fra

ud

tre

nd

s an

d a

lert

s

A f

ram

ewo

rk fo

r d

istr

ibu

tin

g fr

aud

po

licie

s an

d p

roce

du

res

acro

ss t

he

ente

rpri

se.

The

asse

t re

gist

er li

sts

all t

he

frau

d r

elat

ed a

sset

s fo

r th

e o

rgan

isat

ion

acr

oss

all

bu

sin

ess

un

its

The

frau

d r

isk

regi

ster

d

emo

nst

rate

th

e fr

aud

ris

ks

asso

ciat

ed w

ith

th

e o

rgan

isat

ion

an

d t

he

rele

van

t as

sets

Incidents

4

P & S

5

Compliance

5

Threats

10

Policies

10

Asset register

5

Risk register

5

Fraud Management team

Frau

dm

anag

emen

t

Sources

Incidents

Products & services

Compliance referrals

Fraud threats

Fraud policies &

procedures


Fraud risk register

Captures

Auto forward from Helpdesk tools

Manual entries from staff

Risk assessment results on fraud

Fraud baselines

Baseline violation alerts

Fraud query referral from compliance

Fraud threats from authorities

Policies & procedures sent to all BUs

Update to procedures

FMT dashboard

Fraud assets for each business unit

Asset owner for responsibility

Fraud risk for each asset

Risks from assets, products or services

Risks from audit assessments

Risks from the threat landscape

Incidents

Products & services

Compliance referrals

Fraud threats

Fraud policies &

procedures


Fraud risk register

2 3 9

4 4 8

1 3 4

2 3 5

3 3 6

1 3 4

5 3 8

Frau

d M

anag

emen

t Im

ple

men

tati

on

Fraud implementation stages

• The creation of the Fraud Asset register gives you an idea of the scale of your fraud estate

• No. of Assets per business unit

• Type of information contained and risk ratings


• The creation of the Fraud policies relating to the Fraud Assets

• Definition of the Fraud procedures, triggers across each Asset

Fraud Policy management

• Creation of Fraud risk assessment checklist

• Inclusion of the Fraud risk assessment checklist into the risk assessment regime for all new products and services

Products and services

• Inclusion of the Fraud risk assessment to all compliance activities

• Inclusion of 3rd party engagement to include fraud risk assessment checklist

Compliance

Fraud implementation stages (1)

• Capture of all incidents relating to fraud onto the Fraud dashboard

• Automatic alerts generated when new fraud incidents are raised

• All business units will have the capability to register a fraud incident

Incident management

• An active register of all the fraud risk across all the business units

• Contains the associated Fraud policy or fraud Asset

• Fraud asset owners are included in the issues related to his/her asset

Fraud risk register

• Internal/External auditors will have the capability to record non compliances against Fraud Assets, Policies or Departments.

Internal/External Audits

Fraud Implementation stages (2)

Incident management

Product & Services


Fraud landscape


Fraud risk register


Creation of the fraud

asset register

Across all business units of the enterprise

Policies & procedures to support each type of the Fraud assets for

the enterprise

All products & services are risk assessed to comply with

Fraud policies

Compliance teams implement fraud checklist

in their assessments

All fraud incidents are captured & escalated to the

Fraud team

Fraud trends and alerts from

the authorities are impact assessed &

filtered into

relevant areas

Fraud risks from all the modules without

immediate mitigation

Incidents

4

P & S

5

Compliance

5

Threats

10

Policies

10

Asset register

5

Risk register

5


1

2

3

4

5

6

7

Operational overview

Fraud management

team

Incidents

Fraud Asset register

Fraud Risk Register

Compliance

Fraud Threat register


Fraud policies &

procedures

Fraud alerts

1. Visibility • End to end visibility

2. Joined up approach • All relevant units

involved 3. zero day detection of

Fraud events 1. Email alerts 2. Dashboard listing

4. 3rd party inclusion 1. Incident reporting 2. Fraud policy

application 3. Compliance


• Incident – Generates incidents reported from any of the business units – Generates automated alerts from any of the Fraud assets

• Products & services – Reports fraud risks from new products and services that have failed fraud checklist or baseline

• Compliance – Reports non compliance that create fraud risks

• Threats– Subscription based fraud alert services from the authorities that alert on new fraud threats to

the organisation – Provides guidance on how to improve fraud prevent, detection and mitigation mechanisms

• Policies – Reports policy and procedure violations from Fraud assets

• Asset register – Reports on the number of assets per business unit – Indicates which of the assets have risks associated with them

• Risk register – List all the risks associated with the organisation and includes the relevant assets

Incidents

4

P & S

5

Compliance

5

Threats

10

Policies

10

Asset register

5

Risk register

5


Inside the Fraud management tool

Fraud baseline

FMA (Fraud management adaptors)



Fraud

man

agemen

t too

l

Fraud reporting

Fraud investigation

FMA

Fraud baseline



Fraud reporting

Fraud investigation

Host based adaptors for servers

Retrieve information and send to the dashboard

Creation of a fraud baseline for the estate

All violations of the baseline are reported

Setting to determine the level of detection to be reported

Fraud Asset register

A register of Asset & their Fraud impact

All detections and alerts are placed on the dashboard

Reports on all activities within the Fraud framework.

Fraud investigators will be able to take on records for investigation and close off if needed.

The tool is designed to set a fraud baseline across your estate ensuring loop holes are covered off.It also allows for adaptors to be installed in order to retrieve breach or non compliance alerts . All features are captured on the dashboard in real time and alerts sent out to the fraud team.

Snapshots

Fraud Asset Register Fraud Assets by Business unit

Snapshot (1)

Fraud Incidents reported per Business unit

Fraud Risk register

Fraud estate overview with no. of Fraud Assets

Rep

rese

nta

tio

n o

f al

l th

e b

usi

nes

s u

nit

s in

an

o

rgan

isat

ion

wit

h e

ach

Hea

d o

f D

epar

tmen

t an

d

Frau

d p

oin

t o

f co

nta

ct

Implementation project St

age

1

Gap analysis

• Assess your current estate & your objectives

• Release of your BRS

• Scope definition St

age

2

Project design

• Designing your requirements based on the result of stage1

• Release of the HLD to be signed off

Stag

e 3

Implementation

• Once the HLD is designed and signed off, we initiate the implementation and across a portion of your estate

• We confirm that all the adaptors can trigger alerts.

Stag

e 4

Roll out

Taking stage 3 and methodically rolling out the solution to the rest of your estate.

The implementation project takes 6 months and 3 Man resources. The number of resourcesmay vary due to the scope of the project.

The costs associated include:-Software licence- incident management licence -Support and maintenance

The solution is designed to be a cost effective means to curtailing fraud within your estate.

Contact details

• Ben Oguntala

• Email

– [email protected]

• Telephone

– +44 7812 039 867


Fraud Monitoring Solution

Business

Transcript of Fraud Monitoring Solution