Fraud Monitoring Solution


Published on

Riesgo Risk Management\'s Fraud Management solution is a cost effective means of implementing a Fraud management system that detects, prevents and mitigates fraud. It has adaptors that may sit on servers and trigger alerts to the Fraud Management dashboard.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Fraud Monitoring Solution

  1. 1. Fraud monitoring solution Ben Oguntala, LLB Hons, LL.M CEO
  2. 2. About the Author • Ben Oguntala • Education – LLB Hons – LL.M • Financial/Securities regulation • UK/EC competition law • Forte – Risk Management specialist – Fraud compliance Consultant – Compliance specialist – Data Protection specialist – Information Security Consultant • Previous clients – British Gas – Vodafone – Orange – O2 Telefonica UK – RWE NPower CEO – Riesgo Risk Management – BNP Paribas Telephone – 07812 039867 – Ministry of Justice (London Probation) – Revenue & Customs – Nortel/Motorola/Ericsson/Nokia “Fraud management is not dissimilar in concept to – CapGemini a building’s architectural integrity, which requires – BT a piecemeal distribution of integrity enforcement – KPMG & Cisco across all of the building blocks.”
  3. 3. Solution overview Adaptors Generate alerts Compliance PCI | FSA | DPA From business Incident reporting units Products & From assessment services checklist Asset baseline Alert triggers Asset procedure Manual procedures Asset policy Minimum standard Fraud Information Asset Asset classification High Med Low Asset owner Point of contact
  4. 4. Introduction Fraud management • Our Fraud management solution includes three key strategies Fraud detection – Fraud detection (knowledge of the subsistence of fraud) • Fraud Asset Register • Fraud baseline • Fraud policies & procedures Fraud • Fraud incident reporting prevention – Fraud prevention (mechanism to prevent the subsistence of fraud) • Fraud Policy enforcement • Technical preventative measures Fraud • Fraud baseline implementation mitigation • Zero day detection reporting – Fraud mitigation (business process by which Fraud risks are mitigated and reoccurrence prevention) • Fraud risk management • Fraud remedial action plan
  5. 5. Our Fraud management framework The objective of the framework is to cover as a broad a spectrum as possible in your Estate (Fraud Asset Register across all business units), the next key stage is to determine the appropriate level of fraud policy that needs to be applied across each asset. Incident Management, compliance assessment then capture fraud requirements and refer to the Fraud management team for expert assessment, whilst the Fraud Risk register is maintained to ensure all risks are captured. Fraud Fraud Fraud Fraud trends Fraud asset Fraud Fraud risks baseline in detection trends subscription across all incident across the products & from from from business reporting enterprise services compliance authorities authorities units Incident Product & Compliance Fraud Fraud policy Fraud asset Fraud risk management Services assessment landscape management register register FMA Fraud management tool (Fraud management adaptors) Fraud baseline Fraud detection engine Fraud monitoring dashboard Fraud reporting Fraud investigation
  6. 6. Framework objectives • Fraud exists due to weaknesses in an organisations security framework. Our objective is to re-enforce the fortress of protection and enhance the capability to reduce possibility fraud perpetration. Fraud Incident Fraud policy Compliance • It is not always possible to management management Threat assessment prevent fraud from landscape occurring which is why having adequate detection capability is equally important to zero day Fraud asset Product & register Services detect potential fraud in your organisation. Fraud risk register
  7. 7. To capture all fraud incidents reported from all business 4 units including helpdesk Fraud incident Incident reporting incidents relating to fraud Incidents management Setting a baseline for all 5 products & services P&S Fraud regarding fraud and alerting services Services Product & baseline in products & business processes All compliance activities will 5 be able to report or refer from Fraud potential fraud issues to the Compliance detection compliance assessment Compliance Fraud team for evaluation 10 Auto input via subscription Threats from Fraud Fraud on fraud trends and alerts trends Threat landscape authorities 10 Policies A framework for distributing Fraud Management team fraud policies and procedures across the enterprise. Fraud policy &procedures management Fraud policies dissemination 5 The asset register lists all the fraud related assets for the Asset register units organisation across all Framework objectives (1) register business across all Fraud asset Fraud asset business units The fraud risk register 5 demonstrate the fraud risks associated with the Risk register register organisation and the relevant Fraud risk across the enterprise Fraud risks assets
  8. 8. Fraud Management Sources Captures FMT dashboard Implementation Auto forward from Helpdesk tools Incidents Manual entries from staff Incidents 2 3 9 Products & Risk assessment results on fraud services Products & 4 4 8 Fraud baselines services Baseline violation alerts Compliance Compliance 1 3 4 referrals referrals Fraud query referral from compliance Fraud Fraud Fraud threats from authorities 2 3 5 threats threats Policies & procedures sent to all BUs Fraud Fraud management policies & Update to procedures policies & 3 3 6 Fraud procedures procedures Fraud assets for each business unit Fraud asset 1 3 4 Fraud asset Asset owner for responsibility register register Fraud risk for each asset Fraud risk 5 3 8 register Risks from assets, products or services Fraud risk register Risks from audit assessments Risks from the threat landscape
  9. 9. Fraud implementation stages Fraud asset register • The creation of the Fraud Asset register gives you an idea of the scale of your fraud estate • No. of Assets per business unit • Type of information contained and risk ratings Fraud Policy management • The creation of the Fraud policies relating to the Fraud Assets • Definition of the Fraud procedures, triggers across each Asset Products and services • Creation of Fraud risk assessment checklist • Inclusion of the Fraud risk assessment checklist into the risk assessment regime for all new products and services Compliance • Inclusion of the Fraud risk assessment to all compliance activities • Inclusion of 3rd party engagement to include fraud risk assessment checklist
  10. 10. Fraud implementation stages (1) Incident management • Capture of all incidents relating to fraud onto the Fraud dashboard • Automatic alerts generated when new fraud incidents are raised • All business units will have the capability to register a fraud incident Fraud risk register • An active register of all the fraud risk across all the business units • Contains the associated Fraud policy or fraud Asset • Fraud asset owners are included in the issues related to his/her asset Internal/External Audits • Internal/External auditors will have the capability to record non compliances against Fraud Assets, Policies or Departments.
  11. 11. Fraud Implementation stages (2) Creation of Across all business Fraud asset 1 the fraud units of the register asset register enterprise 7 Fraud Policies & procedures to support landscape Fraud policy each type of the Fraud assets for management 2 the enterprise Fraud All products & services are trends and Product & risk assessed to comply with 3 alerts from Services Fraud policies the Compliance teams authorities Compliance are impact implement fraud checklist 4 assessment assessed & in their assessments filtered All fraud incidents are Incident into captured & escalated to the 5 management relevant Fraud team areas Fraud risks from all the Fraud risk modules without 6 register immediate mitigation Incidents P&S Compliance Threats Policies Asset register Risk register 4 5 5 10 10 5 5 Fraud Management team
  12. 12. Operational overview Incidents 1. Visibility • End to end visibility Fraud Asset 2. Joined up approach Fraud alerts register • All relevant units involved 3. zero day detection of Fraud events 1. Email alerts 2. Dashboard listing Fraud Fraud Fraud Risk rd party inclusion policies & management 4. 3 team Register procedures 1. Incident reporting 2. Fraud policy application 3. Compliance Compliance Compliance assessment Fraud Threat register
  13. 13. Fraud monitoring dashboard Incidents P&S Compliance Threats Policies Asset register Risk register 4 5 5 10 10 5 5 Fraud Management team • Incident – Generates incidents reported from any of the business units – Generates automated alerts from any of the Fraud assets • Products & services – Reports fraud risks from new products and services that have failed fraud checklist or baseline • Compliance – Reports non compliance that create fraud risks • Threats – Subscription based fraud alert services from the authorities that alert on new fraud threats to the organisation – Provides guidance on how to improve fraud prevent, detection and mitigation mechanisms • Policies – Reports policy and procedure violations from Fraud assets • Asset register – Reports on the number of assets per business unit – Indicates which of the assets have risks associated with them • Risk register – List all the risks associated with the organisation and includes the relevant assets
  14. 14. Inside the Fraud management tool Fraud Asset A register of Asset & register their Fraud impact Host based adaptors Retrieve information and FMA for servers send to the dashboard Creation of a fraud All violations of the Fraud baseline FMA baseline for the estate baseline are reported (Fraud management adaptors) Fraud management tool Fraud detection Setting to determine the level of Fraud Fraud detection engine detection to be reported baseline engine Fraud monitoring All detections and alerts are dashboard placed on the dashboard Fraud monitoring dashboard Reports on all activities within Fraud reporting Fraud Fraud the Fraud framework. reporting investigation Fraud Fraud investigators will be able to take on investigation records for investigation and close off if needed. The tool is designed to set a fraud baseline across your estate ensuring loop holes are covered off. It also allows for adaptors to be installed in order to retrieve breach or non compliance alerts . All features are captured on the dashboard in real time and alerts sent out to the fraud team.
  15. 15. Snapshots Fraud Asset Register Fraud Assets by Business unit
  16. 16. Snapshot (1) Fraud Incidents reported per Business unit Fraud Risk register
  17. 17. Representation of all the business units in an organisation with each Head of Department and Fraud point of contact Assets Fraud estate overview with no. of Fraud
  18. 18. Implementation project Gap analysis Project design Implementation Roll out Stage 1 Stage 2 Stage 3 Stage 4 • Assess your current • Designing your • Once the HLD is Taking stage 3 estate & your requirements based designed and signed objectives on the result of off, we initiate the and • Release of your BRS stage1 implementation and methodically • Scope definition • Release of the HLD across a portion of rolling out the to be signed off your estate solution to the • We confirm that all the adaptors can rest of your trigger alerts. estate. The implementation project takes 6 months and 3 Man resources. The number of resources may vary due to the scope of the project. The costs associated include: -Software licence - incident management licence -Support and maintenance The solution is designed to be a cost effective means to curtailing fraud within your estate.
  19. 19. Contact details • Ben Oguntala • Email – • Telephone – +44 7812 039 867