Fraud Monitoring Solution
-
date post
14-Sep-2014 -
Category
Business
-
view
2.830 -
download
0
description
Transcript of Fraud Monitoring Solution
Fraud monitoring solution
Ben Oguntala, LLB Hons, LL.M CEO
www.riesgoriskmanagement.comBen.oguntala@riesgoriskmanagement.com
About the Author • Ben Oguntala • Education
– LLB Hons– LL.M
• Financial/Securities regulation• UK/EC competition law
• Forte – Risk Management specialist – Fraud compliance Consultant – Compliance specialist – Data Protection specialist – Information Security Consultant
• Previous clients – British Gas– Vodafone – Orange – O2 Telefonica UK – RWE NPower – BNP Paribas – Ministry of Justice (London Probation) – Revenue & Customs– Nortel/Motorola/Ericsson/Nokia– CapGemini – BT – KPMG & Cisco
[email protected] – Riesgo Risk Management Telephone – 07812 039867
“Fraud management is not dissimilar in concept toa building’s architectural integrity, which requires a piecemeal distribution of integrity enforcement across all of the building blocks.”
Solution overview
Asset owner
Asset classification
Asset policy
Asset procedure
Asset baseline
Products & services
Incident reporting
Compliance
Fraud Information Asset
Point of contact
High
PCI | FSA | DPA
From business units
From assessment checklist
Alert triggers
Manual procedures
Minimum standard
Med Low
Adaptors Generate alerts
Introduction
• Our Fraud management solution includes three key strategies – Fraud detection (knowledge of the subsistence of fraud)
• Fraud Asset Register • Fraud baseline • Fraud policies & procedures • Fraud incident reporting
– Fraud prevention (mechanism to prevent the subsistence of fraud)
• Fraud Policy enforcement • Technical preventative measures • Fraud baseline implementation • Zero day detection reporting
– Fraud mitigation (business process by which Fraud risks are mitigated and reoccurrence prevention)
• Fraud risk management • Fraud remedial action plan
Fraud detection
Fraud prevention
Fraud mitigation
Fraud management
Incident management
Product & Services
Compliance assessment
Fraud landscape
Fraud asset register
Fraud baseline
Fraud risk register
FMA (Fraud management adaptors)
Fraud monitoring dashboard
Fraud policy management
Fraud detection engine
Fraud
man
agemen
t too
l
Fraud reporting Fraud investigation
Fraud incident
reporting
Fraud baseline in products &
services
Fraud detection
from compliance
Fraud trends from
authorities
Fraud trends subscription
from authorities
Fraud asset across all business
units
Fraud risks across the enterprise
Our Fraud management frameworkThe objective of the framework is to cover as a broad a spectrum as possible in your Estate (Fraud Asset Register across all business units), the next key stage is to determine the appropriate level of fraud policy that needs to be applied across each asset. IncidentManagement, compliance assessment then capture fraud requirements and refer to the Fraud management team for expert assessment, whilst the Fraud Risk register is maintainedto ensure all risks are captured.
• Fraud exists due to weaknesses in an organisations security framework. Our objective is to re-enforce the fortress of protection and enhance the capability to reduce possibility fraud perpetration.
• It is not always possible to prevent fraud from occurring which is why having adequate detection capability is equally important to zero day detect potential fraud in your organisation.
Framework objectives
Incident management
Product & Services
Compliance assessment
FraudThreat
landscape
Fraud asset register
Fraud risk register
Fraud policy management
Framework objectives (1)
Incident management
Product & Services
Compliance assessment
FraudThreat
landscape
Fraud asset register
Fraud risk register
Fraud policy management
Fraud incident
reporting
Fraud baseline in products &
services
Fraud detection
from compliance
Fraud trends from
authorities
Fraud policies &procedures dissemination
Fraud asset across all business
units
Fraud risks across the enterprise
To c
aptu
re a
ll fr
aud
inci
den
ts
rep
ort
ed f
rom
all
bu
sin
ess
un
its
incl
ud
ing
hel
pd
esk
inci
den
ts r
elat
ing
to f
rau
d
Sett
ing
a b
asel
ine
for
all
pro
du
cts
& s
ervi
ces
rega
rdin
g fr
aud
an
d a
lert
ing
bu
sin
ess
pro
cess
es
All
com
plia
nce
act
ivit
ies
will
b
e ab
le t
o r
epo
rt o
r re
fer
po
ten
tial
fra
ud
issu
es t
o t
he
Frau
d t
eam
fo
r ev
alu
atio
n
Au
to in
pu
t vi
a su
bsc
rip
tio
n
on
fra
ud
tre
nd
s an
d a
lert
s
A f
ram
ewo
rk fo
r d
istr
ibu
tin
g fr
aud
po
licie
s an
d p
roce
du
res
acro
ss t
he
ente
rpri
se.
The
asse
t re
gist
er li
sts
all t
he
frau
d r
elat
ed a
sset
s fo
r th
e o
rgan
isat
ion
acr
oss
all
bu
sin
ess
un
its
The
frau
d r
isk
regi
ster
d
emo
nst
rate
th
e fr
aud
ris
ks
asso
ciat
ed w
ith
th
e o
rgan
isat
ion
an
d t
he
rele
van
t as
sets
Incidents
4
P & S
5
Compliance
5
Threats
10
Policies
10
Asset register
5
Risk register
5
Fraud Management team
Frau
dm
anag
emen
t
Sources
Incidents
Products & services
Compliance referrals
Fraud threats
Fraud policies &
procedures
Fraud asset register
Fraud risk register
Captures
Auto forward from Helpdesk tools
Manual entries from staff
Risk assessment results on fraud
Fraud baselines
Baseline violation alerts
Fraud query referral from compliance
Fraud threats from authorities
Policies & procedures sent to all BUs
Update to procedures
FMT dashboard
Fraud assets for each business unit
Asset owner for responsibility
Fraud risk for each asset
Risks from assets, products or services
Risks from audit assessments
Risks from the threat landscape
Incidents
Products & services
Compliance referrals
Fraud threats
Fraud policies &
procedures
Fraud asset register
Fraud risk register
2 3 9
4 4 8
1 3 4
2 3 5
3 3 6
1 3 4
5 3 8
Frau
d M
anag
emen
t Im
ple
men
tati
on
Fraud implementation stages
• The creation of the Fraud Asset register gives you an idea of the scale of your fraud estate
• No. of Assets per business unit
• Type of information contained and risk ratings
Fraud asset register
• The creation of the Fraud policies relating to the Fraud Assets
• Definition of the Fraud procedures, triggers across each Asset
Fraud Policy management
• Creation of Fraud risk assessment checklist
• Inclusion of the Fraud risk assessment checklist into the risk assessment regime for all new products and services
Products and services
• Inclusion of the Fraud risk assessment to all compliance activities
• Inclusion of 3rd party engagement to include fraud risk assessment checklist
Compliance
Fraud implementation stages (1)
• Capture of all incidents relating to fraud onto the Fraud dashboard
• Automatic alerts generated when new fraud incidents are raised
• All business units will have the capability to register a fraud incident
Incident management
• An active register of all the fraud risk across all the business units
• Contains the associated Fraud policy or fraud Asset
• Fraud asset owners are included in the issues related to his/her asset
Fraud risk register
• Internal/External auditors will have the capability to record non compliances against Fraud Assets, Policies or Departments.
Internal/External Audits
Fraud Implementation stages (2)
Incident management
Product & Services
Compliance assessment
Fraud landscape
Fraud asset register
Fraud risk register
Fraud policy management
Creation of the fraud
asset register
Across all business units of the enterprise
Policies & procedures to support each type of the Fraud assets for
the enterprise
All products & services are risk assessed to comply with
Fraud policies
Compliance teams implement fraud checklist
in their assessments
All fraud incidents are captured & escalated to the
Fraud team
Fraud trends and alerts from
the authorities are impact assessed &
filtered into
relevant areas
Fraud risks from all the modules without
immediate mitigation
Incidents
4
P & S
5
Compliance
5
Threats
10
Policies
10
Asset register
5
Risk register
5
Fraud Management team
1
2
3
4
5
6
7
Operational overview
Fraud management
team
Incidents
Fraud Asset register
Fraud Risk Register
Compliance
Fraud Threat register
Compliance assessment
Fraud policies &
procedures
Fraud alerts
1. Visibility • End to end visibility
2. Joined up approach • All relevant units
involved 3. zero day detection of
Fraud events 1. Email alerts 2. Dashboard listing
4. 3rd party inclusion 1. Incident reporting 2. Fraud policy
application 3. Compliance
Fraud monitoring dashboard
• Incident – Generates incidents reported from any of the business units – Generates automated alerts from any of the Fraud assets
• Products & services – Reports fraud risks from new products and services that have failed fraud checklist or baseline
• Compliance – Reports non compliance that create fraud risks
• Threats– Subscription based fraud alert services from the authorities that alert on new fraud threats to
the organisation – Provides guidance on how to improve fraud prevent, detection and mitigation mechanisms
• Policies – Reports policy and procedure violations from Fraud assets
• Asset register – Reports on the number of assets per business unit – Indicates which of the assets have risks associated with them
• Risk register – List all the risks associated with the organisation and includes the relevant assets
Incidents
4
P & S
5
Compliance
5
Threats
10
Policies
10
Asset register
5
Risk register
5
Fraud Management team
Inside the Fraud management tool
Fraud baseline
FMA (Fraud management adaptors)
Fraud monitoring dashboard
Fraud detection engine
Fraud
man
agemen
t too
l
Fraud reporting
Fraud investigation
FMA
Fraud baseline
Fraud detection engine
Fraud monitoring dashboard
Fraud reporting
Fraud investigation
Host based adaptors for servers
Retrieve information and send to the dashboard
Creation of a fraud baseline for the estate
All violations of the baseline are reported
Setting to determine the level of detection to be reported
Fraud Asset register
A register of Asset & their Fraud impact
All detections and alerts are placed on the dashboard
Reports on all activities within the Fraud framework.
Fraud investigators will be able to take on records for investigation and close off if needed.
The tool is designed to set a fraud baseline across your estate ensuring loop holes are covered off.It also allows for adaptors to be installed in order to retrieve breach or non compliance alerts . All features are captured on the dashboard in real time and alerts sent out to the fraud team.
Snapshots
Fraud Asset Register Fraud Assets by Business unit
Snapshot (1)
Fraud Incidents reported per Business unit
Fraud Risk register
Fraud estate overview with no. of Fraud Assets
Rep
rese
nta
tio
n o
f al
l th
e b
usi
nes
s u
nit
s in
an
o
rgan
isat
ion
wit
h e
ach
Hea
d o
f D
epar
tmen
t an
d
Frau
d p
oin
t o
f co
nta
ct
Implementation project St
age
1
Gap analysis
• Assess your current estate & your objectives
• Release of your BRS
• Scope definition St
age
2
Project design
• Designing your requirements based on the result of stage1
• Release of the HLD to be signed off
Stag
e 3
Implementation
• Once the HLD is designed and signed off, we initiate the implementation and across a portion of your estate
• We confirm that all the adaptors can trigger alerts.
Stag
e 4
Roll out
Taking stage 3 and methodically rolling out the solution to the rest of your estate.
The implementation project takes 6 months and 3 Man resources. The number of resourcesmay vary due to the scope of the project.
The costs associated include:-Software licence- incident management licence -Support and maintenance
The solution is designed to be a cost effective means to curtailing fraud within your estate.
Contact details
• Ben Oguntala
• Telephone
– +44 7812 039 867