Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Risks in Corporate Fraud


Published on

Published in: Economy & Finance, Business
  • Lot of information is there. Presentation is good and people should aware of scam or fraud. Thanks
    Are you sure you want to  Yes  No
    Your message goes here
  • Very informative one. You can share ideas on internet fraud in Online scam baiting forum Online internet community
    Are you sure you want to  Yes  No
    Your message goes here
  • Nice presentation . By scam 419 blog .
    Are you sure you want to  Yes  No
    Your message goes here
  • Though it would obviously be great if these scam for Fraud Losses
    were not carried on reputable sites such as Science blogs, most good web browsers either come with a tool that can be used to block scam or can provide this facility through an add-on. We've started to notice these types of scam on the site.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Reducing Fraud Losses through Risk Mitigation - ABF Conference on Managing Risks in Corporate Fraud

    1. 1. REDUCING FRAUD LOSES THROUGH RISK MITIGATION CNI’s Journey, Mistakes, and Lessons Learned Kenny Ong CNI Holdings Berhad
    2. 2. Contents: <ul><li>Defining Risk Mitigation </li></ul><ul><li>Reducing Fraud risk Probabilities </li></ul><ul><li>Decreasing the Impact </li></ul><ul><li>Tracking and Reporting </li></ul>
    3. 3. Intro and Background Different Business, Different Frauds
    4. 4. Intro: CNI <ul><li>18 years old </li></ul><ul><li>Core Business: MLM </li></ul><ul><li>Others: Contract Manufacturing, Export/Trading, eCommerce </li></ul><ul><li>Malaysia, Singapore, Brunei, Indonesia, India, China, Hong Kong, Philippines, Italy, Taiwan </li></ul><ul><li>Staff force: ± 500 </li></ul><ul><li>Distributors: 250,000 </li></ul><ul><li>Products: Consumer Goods and Services </li></ul>
    5. 5. Intro: CNI <ul><li>CNI’s Business Model background </li></ul>Factory CNIE DC SP Leaders Customers
    6. 6. A. Risk Mitigation in CNI No Business, No Risks.
    7. 7. No Business, No Risks. <ul><li>Ironically, our success is the cause of risk </li></ul><ul><li>More success, more money, more fraud </li></ul><ul><li>Easiest way to reduce fraud is to reduce business </li></ul><ul><li>Don’t laugh. This is what most FAC and HR people do, unintentionally </li></ul>
    8. 8. Fraud Risk Mitigation? (1/2) <ul><li>We follow standard Fraud definitions: </li></ul><ul><li>What is Fraud? </li></ul><ul><li>Someone is Lying </li></ul><ul><li>Someone is Benefiting </li></ul><ul><li>Both Conditions must be met in order to be considered Fraud. </li></ul>
    9. 9. Fraud Risk Mitigation? (2/2) <ul><li>We follow standard Fraud definitions: </li></ul><ul><li>Risk = Likelihood x Impact </li></ul><ul><li>Risk Mitigation = </li></ul><ul><li>↓ Likelihood, or </li></ul><ul><li>↓ Impact </li></ul>
    10. 10. Where are the Risks? <ul><li>Industry </li></ul>Management Staff Frontline Suppliers/Vendors Retail Front
    11. 11. Industry Risks <ul><li>Get-Rich-Quick Schemes (Skim Cepat Kaya) </li></ul><ul><li>Direct Selling myths </li></ul><ul><li>Bad Hats </li></ul><ul><li>Imposters </li></ul><ul><li>Products on Shelves </li></ul>These Fraud risks affect all Direct Selling organizations but cannot be controlled by us. Only in joint efforts by drafting & pushing new regulations
    12. 12. Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li>Distributor </li></ul><ul><li>DC Assistant </li></ul><ul><li>SP </li></ul><ul><li>Payroll </li></ul><ul><li>Undercutting </li></ul><ul><li>Purchasing </li></ul><ul><li>Credit Card </li></ul><ul><li>Ghost Staff </li></ul><ul><li>Ghost Distributor </li></ul><ul><li>Financial Reporting </li></ul><ul><li>Theft </li></ul><ul><li>F/L </li></ul><ul><li>eCommerce </li></ul><ul><li>Tickets </li></ul><ul><li>Share manipulation </li></ul>
    13. 13. B. Reducing Fraud risk Probabilities Prevent. Deter. Kill.
    14. 14. Fraud Root Causes <ul><li>Policy problem </li></ul><ul><li>People problem </li></ul><ul><li>Unavoidable problem </li></ul>
    15. 15. Risk Mitigation Strategies Culture Mitigation Identified Fraud Risks Structure Resources Leadership Person
    16. 16. Alignment: Framework <ul><li>Org Structure </li></ul><ul><li>Job Design – C.Fraud.O. </li></ul><ul><li>Policies & procedures </li></ul><ul><li>Governance, Internal Controls </li></ul><ul><li>Management Systems, SOPs </li></ul><ul><li>Central </li></ul><ul><li>Special Task Force </li></ul><ul><li>Internal Audit, Surprise Audit, Regular Audit (Surveillance) </li></ul><ul><li>Levels of Authority, Power Balancing* </li></ul>Structure
    17. 17. *Power Balancing <ul><li>Propose </li></ul><ul><li>Approve </li></ul><ul><li>Execute </li></ul><ul><li>Monitor </li></ul>BOD Set 1 BOD Set 2 Approval/Verification
    18. 18. Alignment: Framework <ul><li>Tools </li></ul><ul><li>ICT Systems </li></ul><ul><li>Rules detection </li></ul><ul><li>Whistle Blower </li></ul><ul><li>PED </li></ul><ul><li>Profiling/Assessment Tools </li></ul><ul><li>Budget for Investigation, Litigation </li></ul>Resources
    19. 19. Strategy: Framework <ul><li>PED </li></ul><ul><li>Involuntary Role Modeling </li></ul><ul><li>Personal accountability and Commitment </li></ul><ul><li>10 Ants Values </li></ul><ul><li>Watch out: Current people promoted to Key Positions </li></ul><ul><li>Promotional criteria </li></ul>Leadership
    20. 20. Alignment: Framework <ul><li>New Employee Background checks </li></ul><ul><li>Willingness to Punish </li></ul><ul><li>Root Cause Analysis (Mager & Pipe) </li></ul><ul><li>Rotation </li></ul><ul><li>PED </li></ul><ul><li>Fraud Detection & Analysis Competency </li></ul><ul><li>High Risk Jobs </li></ul><ul><li>IT breaches through Frontline </li></ul>Person
    21. 21. The Four Desperates 1. Desperate Competition 2. Desperate Consumer 3. Desperate Achievers 4. Desperate Changes
    22. 22. <ul><li>PED </li></ul>
    23. 23. Possible General Root Causes for Fraud <ul><li>&quot;Everyone does it.&quot; </li></ul><ul><li>&quot;It was small potatoes.&quot; </li></ul><ul><li>&quot;They had it coming.&quot; – the revenge syndrome </li></ul><ul><li>&quot;I had it coming.&quot; – the equity syndrome </li></ul>
    24. 24. GENERAL STRATEGIES AND POLICIES <ul><li>B1. Classification of Behaviors </li></ul><ul><ul><li>B1.1 Disrespectful Workplace Behavior </li></ul></ul><ul><ul><li>B1.2 Progressive Discipline </li></ul></ul><ul><ul><li>B1.3 Zero Tolerance </li></ul></ul>
    25. 25. GENERAL STRATEGIES AND POLICIES <ul><li>B2. Recruitment and Selection </li></ul><ul><li>B3. Exit </li></ul><ul><li>B4. Employee Assistance Program </li></ul><ul><li>B5. Anonymous Hotline </li></ul><ul><li>B6. Communication and Feedback </li></ul><ul><li>B7. Training and Education </li></ul><ul><li>B8. Formal Complaint and Grievance </li></ul>
    26. 26. GENERAL STRATEGIES AND POLICIES <ul><li>B9 Leadership </li></ul><ul><ul><li>1. Leaders act as role models whether consciously or unconsciously </li></ul></ul><ul><ul><li>2. Leaders determine the working environment </li></ul></ul>
    27. 27. GENERAL STRATEGIES AND POLICIES <ul><li>B9 Leadership </li></ul><ul><ul><li>1. Educate </li></ul></ul><ul><ul><li>2. Involve </li></ul></ul><ul><ul><li>3. Teach </li></ul></ul><ul><ul><li>4. Eliminate </li></ul></ul>
    28. 28. SPECIFIC STRATEGIES AND POLICIES <ul><li>C1. Theft and Fraud – Root Causes </li></ul><ul><ul><li>68.6% - no prior criminal record. </li></ul></ul><ul><ul><li>Struggling financially or large purchases </li></ul></ul><ul><ul><ul><li>difficult time in their lives </li></ul></ul></ul><ul><ul><ul><li>gets out of hand </li></ul></ul></ul><ul><ul><li>Merger and acquisition or reorganization activity. </li></ul></ul><ul><ul><ul><li>‘ I don’t have a career here’ attitude. </li></ul></ul></ul>
    29. 29. SPECIFIC STRATEGIES AND POLICIES <ul><li>C1. Theft and Fraud - Prevention </li></ul><ul><ul><li>Background checks </li></ul></ul><ul><ul><li>Duties segregated </li></ul></ul><ul><ul><li>Anonymous hotline </li></ul></ul><ul><ul><li>Share the wealth </li></ul></ul><ul><ul><li>Communicate successes </li></ul></ul><ul><ul><li>Make a big noise when discovered </li></ul></ul><ul><ul><li>Video surveillance equipment </li></ul></ul>
    30. 30. SPECIFIC STRATEGIES AND POLICIES <ul><li>C2. Violation of confidentiality or security of company information - Prevention </li></ul><ul><ul><li>a. ICT Security Policies* </li></ul></ul><ul><ul><li>b. Ownership of Intellectual Property </li></ul></ul><ul><ul><li>c. Inside Information and Trading of CNI shares </li></ul></ul>
    31. 31. *ICT Security and Fraud (1/3) <ul><li>Biggest ICT risks to CNI </li></ul><ul><li>Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information </li></ul><ul><li>Backup - including Storage of critical and non-critical information and Disaster Recovery </li></ul><ul><li>Continuity – Availability of systems and information at a 24x7x365 standard </li></ul>
    32. 32. *ICT Security and Fraud (2/3) <ul><li>The following are threats faced by CNI from ‘inside’ the company: </li></ul><ul><li>Current Employees, </li></ul><ul><li>On-site Contractors, </li></ul><ul><li>Former Employees, </li></ul><ul><li>Vendors/Suppliers, </li></ul><ul><li>Strategic Partners, and </li></ul><ul><li>OEMs </li></ul>
    33. 33. *ICT Security and Fraud (3/3) <ul><li>Web browsing and Internet Access </li></ul><ul><li>Username and passwords </li></ul><ul><li>Instant Messaging </li></ul><ul><li>E-Mail </li></ul><ul><li>File access permissions </li></ul><ul><li>Backups </li></ul><ul><li>Crisis management, Disaster recovery and Business Continuity </li></ul><ul><li>Physical </li></ul><ul><li>PCs and laptops </li></ul><ul><li>Remote access </li></ul><ul><li>Servers, routers, and switches </li></ul><ul><li>Internet / external network </li></ul><ul><li>Wireless </li></ul><ul><li>PDA and cell phone </li></ul><ul><li>Documentation and change management </li></ul>ICT Security, Backup, and Continuity Strategies 2005-2008:
    34. 34. C. Decreasing the Impact We failed. Now what?
    35. 35. Why Impact? <ul><li>Escaped prevention </li></ul><ul><ul><li>Policy or Procedure </li></ul></ul><ul><ul><li>Performance </li></ul></ul><ul><li>Cannot reduce likelihood - unavoidable </li></ul>
    36. 36. Levels of Impact (Fraud) <ul><li>small impact </li></ul><ul><li>BIG impact </li></ul><ul><li>Tangible </li></ul><ul><ul><li>Monetary Loss (>1,000,000) inc. capital, share price </li></ul></ul><ul><ul><li>Locality </li></ul></ul><ul><li>Intangible </li></ul><ul><ul><li>Reputation, Image </li></ul></ul><ul><ul><li>Competitiveness </li></ul></ul><ul><ul><li>Consumer confidence </li></ul></ul>
    37. 37. small Impact <ul><li>Escaped prevention </li></ul><ul><ul><li>Policy or Procedure </li></ul></ul><ul><ul><li>Performance </li></ul></ul><ul><li>Cannot reduce likelihood - unavoidable </li></ul><ul><li>CAR/PAR </li></ul><ul><li>Mager & Pipe </li></ul><ul><li>Study Trends </li></ul><ul><li>PAR </li></ul>
    38. 38. Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li>Distributor </li></ul><ul><li>DC Assistant </li></ul><ul><li>SP </li></ul><ul><li>Payroll </li></ul><ul><li>Undercutting </li></ul><ul><li>Purchasing </li></ul><ul><li>Credit Card </li></ul><ul><li>Ghost Staff </li></ul><ul><li>Ghost Distributor </li></ul><ul><li>Financial Reporting </li></ul><ul><li>Theft </li></ul><ul><li>F/L </li></ul><ul><li>eCommerce </li></ul><ul><li>Tickets </li></ul><ul><li>Share manipulation </li></ul>
    39. 39. Real Fraud, Real Risks <ul><li>DC Fraud </li></ul><ul><li>Staff Fraud </li></ul><ul><li>Management Fraud </li></ul><ul><li>Distributor </li></ul><ul><li>DC Assistant </li></ul><ul><li>SP </li></ul><ul><li>Payroll </li></ul><ul><li>Undercutting </li></ul><ul><li>Purchasing </li></ul><ul><li>Credit Card </li></ul><ul><li>Ghost Staff </li></ul><ul><li>Ghost Distributor </li></ul><ul><li>Financial Reporting </li></ul><ul><li>Theft </li></ul><ul><li>F/L </li></ul><ul><li>eCommerce </li></ul><ul><li>Tickets </li></ul><ul><li>Share manipulation </li></ul>
    40. 40. BIG Impact <ul><li>Crisis Management Plan </li></ul><ul><li>Crisis Communications Plan </li></ul>
    41. 41. Crisis Management Plan Logistics & Info Systems Communications Process Owner: [dept. accountable] Policy and Planning After (profiting and learning) During (sound crisis management) Before (readiness for crisis) Crisis: Business Function
    42. 42. Crisis Communication Plan <ul><li>Crisis Communication Team (to determine small or BIG for communications purposes) </li></ul><ul><li>Crisis Media Plan </li></ul><ul><ul><li>Media Management </li></ul></ul><ul><ul><li>Media Centre </li></ul></ul><ul><ul><li>Crisis Spokesperson & Interview </li></ul></ul><ul><ul><li>Press Release </li></ul></ul>
    43. 43. <ul><li>No case study from CNI on Crisis Communications arising from Fraud </li></ul><ul><li>Not yet happened (fingers crossed) </li></ul>
    44. 44. D. Tracking and Reporting
    45. 45. <ul><li>“ Asking the people responsible for preventing a problem if there is a problem is like delivering lettuce by rabbit&quot; </li></ul><ul><li>Norman Augustine </li></ul><ul><li>CEO & Chairman, Lockheed Martin </li></ul>
    46. 46. Tracking: Who? How? <ul><li>Centralized monitoring: trends, patterns, flag unusual, symptoms </li></ul><ul><li>Regular reporting </li></ul><ul><li>BSC, KPI and PMS embedded </li></ul><ul><li>RWC – RMC </li></ul><ul><li>Industry comparison </li></ul><ul><li>IAD, MSD, RD, SDD </li></ul>
    47. 47. E. New Fraud Risks We need help.
    48. 48. New Fraud Opportunities <ul><li>Change in Business Model: Inexperienced </li></ul><ul><li>eCommerce </li></ul><ul><li>Partner Merchants </li></ul><ul><li>Franchise </li></ul><ul><li>Conventional retail </li></ul><ul><li>M&A Targets </li></ul>
    49. 49. eCommerce Frauds Account Takeover Pharming Counterfeit Advances Phishing Application Lost/Stolen Credit Cards eCom Frauds?
    50. 50. Mistakes and Lessons Learned <ul><li>Price to Pay for Fraud/Risk Mitigation => Business Flexibility </li></ul><ul><li>Control vs. Growth </li></ul><ul><li>Rules vs. Humanity/Motivation </li></ul><ul><li>Not tackling the root cause i.e. Motive + Opportunity i.e. Humans </li></ul><ul><li>Focus on FAC vs. Sales/Marketing => who has control? </li></ul><ul><li>Relationship Role vs. Enforcement Role e.g. SDD/Ticketing, FTF vs. RD </li></ul>
    51. 51. In the end… <ul><li>Great Wall of China </li></ul><ul><ul><li>humans are the weakest link </li></ul></ul><ul><ul><li>bad treatment of staff will lead to weak link i.e. easier to bribe, easier to con, etc; </li></ul></ul><ul><ul><li>bad treatment examples: insulting, lose face, broken promises, no dignity, public criticism, restructure without communication </li></ul></ul>
    52. 52. Thank You. soft copy of slides: