OCC Publishes Guidance on Fraud Risk Management Principles for Banks

The bulletin highlights that banks with significant and far-reaching retail-oriented business activities should have well-documented fraud risk management programs with appropriate monitoring, measurements and reporting, and mitigation. The risk management principles addressed in the bulletin include the following:

• A bank should have sound corporate governance practices that instill a corporate culture of ethical standards and promote employee accountability.
• A bank’s risk management system should include policies, processes, personnel, and control systems to effectively identify, measure, monitor, and control fraud risk consistent with the size, complexity, and risk profile of a bank.
• A bank’s risk management system and system of internal controls should be designed to prevent and detect fraud and to appropriately respond to fraud, suspected fraud, or allegations of fraud.
• Bank management should assess the likelihood and impact of potential fraud schemes and use the results of this assessment to inform the design of the bank’s risk management system.
• Senior management and the board of directors should measure, monitor, and understand fraud losses across the enterprise and employ tools that appropriately quantify and assess loss experience and exposure.
• Control reviews and audits should include fraud risk as part of their assessments.

Related Link: OCC Bulletin 2019-37

Keywords: Americas, US, Banking, Operational Risk, Governance, Bulletin 2019-37, Fraud Risk, OCC