11.2.1The Licensed Person must implement an appropriate Anti-Fraud Framework in order to prevent, detect, investigate and respond to fraud incidents; and
11.2.2The following are the four basic elements that must be included in the Anti-Fraud Framework at a minimum, depending on the nature, size and complexity of the Licensed Person:
Elements of an Anti-Fraud Framework
a)Preventive measures for reducing the risk of Fraud from occurring:
•Tone at the top by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) on zero tolerance of fraud;
•Introduce Policies and Procedures including a Code of Conduct and a Fraud Prevention Policy;
•Conduct Fraud Risk Assessment;
•Appropriate access controls in sensitive areas, both physical and in IT systems;
•Segregation of duties (e.g. introducing maker/checker controls);
•Background screening before hiring employees;
•Annual declaration completed by all employees to:
oDisclose conflict of interest, if any; and
oConfirm their understanding of the Code of Conduct.
•Provide training to assist employees to prevent fraud and to maintain public confidence.
b)Detection measures for discovering fraud when it occurs:
•Accurate and timely account reconciliations;
•Independent Audits/AUPs (e.g. by External Auditors);
•Scrutinizing required documents prior to completing transactions;
•System controls;
•Systematic fraud detection tools (to be implemented only if the Licensed Person has more than 25 branches); and
•Whistleblowing Policy (to be implemented only if the Licensed Person has more than 25 branches).
c)Investigation Process that includes the following:
•Laid down Procedures for investigating fraud incidents through research, followup, interviews or a formal procedure of discovery.
d)Response
•Immediate reporting of fraud incidents to the police authorities, FID and the Banking Supervision Department;
•Recovery through legal action, insurance claim, criminal referrals, disciplinary action, etc.; and
•Monitoring:
oOngoing corrective actions to ensure that internal controls continue to operate effectively; and
oOngoing updates to respective policies and procedures to reflect developments in the Licensed Person and its operational environment.