OCC issued Bulletin 2019-37 to inform national banks, federal savings associations, and federal branches and agencies (collectively, banks) of sound fraud risk management principles. This bulletin supplements other OCC and interagency issuances on corporate and risk governance, including the references listed in appendix A of the bulletin. Fraud risk management principles can be implemented in a variety of ways and may not always be structured within a formal fraud risk management program. Regardless of the structure, fraud risk management should be commensurate with the risk profile of a bank.
The bulletin highlights that banks with significant and far-reaching retail-oriented business activities should have well-documented fraud risk management programs with appropriate monitoring, measurements and reporting, and mitigation. The risk management principles addressed in the bulletin include the following:
- A bank should have sound corporate governance practices that instill a corporate culture of ethical standards and promote employee accountability.
- A bank’s risk management system should include policies, processes, personnel, and control systems to effectively identify, measure, monitor, and control fraud risk consistent with the size, complexity, and risk profile of a bank.
- A bank’s risk management system and system of internal controls should be designed to prevent and detect fraud and to appropriately respond to fraud, suspected fraud, or allegations of fraud.
- Bank management should assess the likelihood and impact of potential fraud schemes and use the results of this assessment to inform the design of the bank’s risk management system.
- Senior management and the board of directors should measure, monitor, and understand fraud losses across the enterprise and employ tools that appropriately quantify and assess loss experience and exposure.
- Control reviews and audits should include fraud risk as part of their assessments.
Related Link: OCC Bulletin 2019-37
Keywords: Americas, US, Banking, Operational Risk, Governance, Bulletin 2019-37, Fraud Risk, OCC
Previous ArticleNCUA Amends Rule on Real Estate Appraisals for Certain Transactions
Next ArticleAPRA Enforces Stable Funding Requirements on Banks
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.
MAS published the guidelines on individual accountability and conduct at financial institutions.
APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.
SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.
FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.
ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.
OSFI published the key findings of a study on third-party risk management.
FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.