CIO Talk

GRC is the Answer to Cyber Threats

Is India witnessing the rise of frauds, especially in the banking sector? Well, this may stand true in the light of incidents that have happened over the last few years.

According to an April 2015 survey conducted by Deloitte in India, 93% of those surveyed felt that bank frauds in India have increased over the past two years.

Shyamsundar Balasubramaniam,
Vice President,
Product Delivery International,
MetricStream.

Starting from loan-for-bribe scam in 2014, where the then chairman of Syndicate Bank was arrested for taking a bribe to sanction loans to Bhushan Steel Ltd. In the month of October this year, we heard of two big scams – it was reported that IDBI Bank may have sanctioned loans worth Rs.900 crore to the now defunct Kingfisher Airlines Ltd, which raised eyebrows. Bank of Baroda forex scam seems to be the biggest of all with the alleged illegal remittance of around Rs 6,172 crore to Hong Kong between 1 August 2014 and 12 August 2015. The bank had detected the 8667 illegal transactions through 38 such accounts, and should have ideally faced losses. According to the audit report, excess money was transferred while the official records mentioned false numbers. Some of the transactions were made at a conversion rate as low as .00001, in one such case, there was a debit of Rs.1 which was transferred as $90,450.

These frauds are certainly not new to know, but quite surprising. Despite the presence of industry and government bodies like the CBI, the Enforcement Directorate and the Serious Fraud Investigation Office (SFIO), there is still a deficit of a robust structure and system that will counter future attacks of this stature.

A survey by KPMG- Cybercrime Survey Report 2015 analyzed the preparedness of organizations in India to deal with cybercrime and incidents by unearthing its modus operandi and its extent. According to an April 2015 survey conducted by Deloitte in India, 93% of those surveyed felt that bank frauds in India have increased over the past two years. The top reasons cited for the increase in frauds included lack of oversight by line managers and senior management on deviations from existing processes. Business pressures to meet unreasonable targets were also seen as a cause. Both the surveys reveal that majority of respondents believe that cybercrime is a major threat to organizations in general. The largest number of frauds was found in the retail banking segment followed by corporate banking.

To strategize and devise an effective risk management plan, all banks need to comprehend the areas that are prone to security risks. These areas include identity fraud, where there are no systems to detect a false identity, Internet Banking and ATM frauds and theft of credit/debit cards. There are multiple causes that threaten the security of an organization– no risk management systems or solutions are in place to detect and correct the frauds, no effective supervision on the deviation from the existing processes by the management, no proper know-your-customer (KYC) checks and customer data integration, and no prompt assessment and reporting trajectory in place. The biggest cause in this regard is the failure to adhere to RBI directives and guidelines which is crucial for the efficient functioning of such organizations. What is also important to understand is that there are other factors like the ineffective training of employees and internal conflict like the lack of segregation of work between front and back offices etc. that can hinder the prevention of frauds. While, government can be more stringent with regulations and organizations can take a closer look at those being followed by employees, situation like these ring an alarm to set up a strong GRC system that can prevent such frauds and help organizations operate well.

How GRC will help?

These are the cases that the importance of architecting a GRC structure becomes imperative. Banks need to upgrade their older technologies to combat the rising issue of cybercrime, implement fraud detection and monitoring systems and also deploy fraud risk assessments and investigations as and when required. What should take precedence is that, they need to constantly reiterate the notion of taking pro-active steps to anticipate frauds and put in place an organization friendly GRC practice while meeting the statutory requirements of the government and other regulatory bodies. The role of the Chief Risk officer (CRO) in all financial organizations is to implement a clearly defined fraud control strategy based on which he can implement periodic fraud risk assessments. To unearth the frauds, the CRO needs to hear and protect the whistleblowers and organizations need to invest in data analytics so that this process becomes more integrated and efficient.

Related posts

Generative AI, the creative power of Artificial Intelligence….

enterpriseitworld

“The Art of Negotiation” Leadership Skills Required for Negotiation in the Time of Crisis.

enterpriseitworld

Cyber Fraud Fusion Centres, Leveraging Network Effect Is Essential to Fight Fraud

enterpriseitworld
x