Two Key Fraud Organisations Support Charity Commission Proposals

UKFraud and Welfare Reform Group join forces in full agreement and support of the Cabinet Office consultation to propose greater powers for the Charity Commission that, in the cases of abuse of charities would effectively allow it to seize assets, replace trustees and/or put in managers to take over and to strengthen its ability to prosecute.

Many will have assumed that these powers would already have been in place given the size of the abuse of the problems and the £millions that get diverted by dishonest charities and errant charity trustees; and no-one would disagree that the money raised by charities should always reach the recipients that the money was intended for.

UKFraud and the Welfare Reform Group also strongly believe that the reforms should be extended to incorporate thinking that would support preventative measures too, as the focus on these proposals only cover the ways in which the Charity Commission should deal with abuse when it is discovered.

To deter and prevent fraud, consideration must also be given to requiring charities to provide full details on all key publicity, web-sites, documentation, correspondences and collection boxes that includes:

  • Fund-raising size of the charity
  • The percentage (or pence in the £) spent on charity staff salaries and expenses
  • The Percentage (or pence in the £) delivered directly in the hands of the intended recipients.

…. and then that these details would become a principle part of the auditing by the Charity Commission for accuracy.

Controls over the appointment of, duties required of and remuneration arrangements for all trustees, senior management and donation handling should also be key parts of an abuse-control regime.

Malcolm Gardner of the Welfare Reform Club said “Donations to charities are often made by people who have little to give themselves.  It is wrong that money given in good faith should end up funding lavish lifestyles for the greedy or to be lost through poor management, regardless of how noble the intentions.  It is important that charities and not-for-profit organisation are properly policed and regulated by a strong and focused Charities Commission.”

business & corporate risk review and mangement consultancy

Bill Trueman emphasised: “It is important that the Cabinet Office should strive to implement more and more preventative and deterrent measures against fraud attacks, in addition to their favoured tactical reactive/audit measures.” For more information on fraud prevention and detection strategies visit http://www.ukfraud.co.uk/

Advertisements

AIRFA – “Association of Independent Risk & Fraud Advisors” Formed

Much awaited and anticipated independent organization named AIRFA i.e “Association of Independent Risk & Fraud Advisors” formed and formally launched recently. This is an UK based independent and global member organization which provides free membership for every fraud prevention specialist, risk review specialists from worldwide. Any fraud prevention and risk review expert can join this organization.

AIRFA Logo

The ultimate motto behind this organization is to provide useful & legal advice on risk review and fraud prevention issues to corporates, companies, businesses, enterprises, insurance companies, banks, government organization, media corporations, journalists, and even common people.

The independent members of AIRFA can help enterprises tools & strategies in preventing fraud and total risk review assessment. Be it corporate fraud, bank fraud, credit card fraud, debit card fraud, enterprise fraud, government organization fraud or any commercial scam, AIRFA can provide an effective solution.

You can visit website of  AIRFA at http://www.airfa.net/

You can also connect with AIRFA at following:

Twitter

Facebook

Google Plus

UKFraud Mobile Payment SIG Urges Greater Stakeholder Collaboration

business3

Leading corporate risk prevention consultancy and analyst UKFraud (www.ukfraud.co.uk) has released an interim update on their on-going research and market analysis of mobile payments and related mobile initiatives. The findings follow an earlier warning to stakeholders about a ‘cocktail of emerging risks’ as a consequence of rapid growth in the global mobile payments market. Key findings of the interim report are as follows:

The marketplace and market activities continue to be exceptionally fast-moving as regular announcements from many parties herald major changes in available offerings, applications and technologies. These are becoming increasingly complex in a crowded market. New entities join the melee all the time, trying to stake their claim and demonstrate their role in the mobile payments process.

Few of the companies or stakeholders appearing in any one part of the market have a comprehensive view of the whole market (e.g. web developers trying to become payment gateways).

People think, write and discuss this market only in the relative terms of today’s marketplace and as such they are generally constrained by traditional payment models. This ensures that what they write is often out of date reasonably quickly.

Nomenclature is a problem. When industry pundits and stakeholders talk about “mobile wallets”, this can mean many things to different people. Areas can include: Web applications and in particular web-payments, Near Field Communications, online banking services and device loaded payment solutions. However, the term also encompasses ‘ticket’ repositories, loyalty voucher storage, password vaults, club membership passes and password encryption.

The definition of a ‘wallet’ is likely to change too. Initially, stakeholders have thought about a ‘wallet’ solely as a money repository. We should think about it more as somewhere where we put all those other personal items like tickets, coupons, vouchers, payment details and log-on credentials. The market should be  talking not about electronic wallets but about the  new ‘bigger thinking’ i.e. caring about our ‘handbag’ or ‘briefcase’, which might also contain other essential possessions, e.g. a wallet, ticketholder and list of passwords as well as a wide assortment of the other things that we collect and store there.

Technology advances and tech start-up innovations have led to a surge of many innovative products and services for consumers to keep abreast of and surveys show that people are confused. So how do these things all work, and how can they be integrated? Innovation and advances are positive and people are ever-chasing‘first-mover advantage’ – without the tools to deliver sustainable and secure solutions.

But this means that many will fail. They will not meet the challenges of scale, or develop a critical mass in terms of profitability or market presence. Most will be at risk of major fraud attacks as they grow. The legal or other losses could be overbearing once they start to attract the attention of criminals, regulators and other parties that raise the need for payment system compliance enforcement.

Noting the element of competition that exists and despite the flurry of activity to date, there still appears to be a distinct lack of broader collaboration, coordination and vision for where the market is or will be going.

Conversely, larger organisations and participants may have the market and brand presence, the necessary infrastructure and technology platforms, etc., but they suffer from the constraints of their own size and governance. Such players are typically more deliberate and laboured in their innovation development process. Where they are large payment organisations, for example, they often have a reputation to protect and secure infrastructure to maintain, upon which their reputation is founded.

They are typically more aware of risk management concerns plus the implications of regulatory input and feedback on their proposition. Consequently, these participants are unable to move as fast as they would like or as others would expect.

So, for both existing and for new participants in this market, as well as competing, they also need to think about how their product fits into the wider market and customer needs. Whilst speed to market is important, they need to achieve this with a robust, secure, future-proofed product or service. This should use today’s technology but that which is both business-proof, and commercially viable. This is difficult for any one organisation to achieve in isolation of others. The answer lies in collaboration and also in setting appropriate shared standards and governance.

Authentication of an ‘extended’ identity,  including that of devices, will be one of the single most important factors in the evolution of solutions, products and the global direction of standards.

Kevin Smith, Chair of UKFraud’s Mobile Payments & Wallet SIG reports on the state of evolution taking place in the marketplace and key findings. In his view, “There needs to be room for innovation and competition in payment systems, to ensure that the evolution of these new technologies and business-models is combined in ‘life-managing’ value-add solutions.  To be truly effective, this requires sector wide collaboration.

“The technologies, applications and solutions consist of many more components than suppliers can handle; and the solutions that are being evolved often miss the security and risk infrastructures required. Particular areas of weakness include: AML checks on identities and refer-listings, controls over and monitoring of hardware validation and the business being undertaken. Security of the software and the data transmitted is another area that requires greater focus. As the market is growing so rapidly the SIG is concerned that controls and proper infrastructure is often inadequate.”

The SIG sees the on-going challenge as putting in place the basics of proper checking, standards procedures, processes and highlighting the infrastructures needed. It also sees a requirement for setting base security thinking in place; to prevent the inevitable ‘crash’or a series of likely expensive regressions. This will prevent:

Different systems, standards and ‘languages’ that evolve needing to be merged

Big losses from criminal attacks

Abuse of systems for illegal and disreputable activity

Major failings of all of those parties who invest in the ‘wrong direction’

Adverse brand damage for key participants and stakeholders.

Commenting on the findings Bill Trueman CEO of UKFraud commented; “Every boardroom is confused about where this market is going and how to act and direct its efforts. This is because it is so clear that this will be the global future for consumers and suppliers. The big challenge is how to be successful as the landscape changes globally.

“Companies of all sizes face concerns. Many major corporates with strong security and infrastructure are worried that they can’t adapt to the future just as the thousands of smaller entities are trying to ‘create a solution or market’ with only a small piece of the jig-saw and none of the infrastructure or security or standards based upon interoperability required.

“There is no crystal ball for anyone to rely upon and there is still a tremendous amount of bravado with people developing new and ‘sexy’ solutions that will probably not work. Typically there are the 90% that will fail and the 10% that might be successful. The simple truth, from the SIG’s findings, is therefore that those that collaborate will be better positioned for success.”

About UKFraud (www.ukfraud.co.uk)
UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.

News Source

UKFraud Launches New Mobile Wallet Consultancy Practice

Against a backdrop of recent developments in the mobile wallet and mobile payment device technology sectors, risk and fraud prevention specialist UKFraud (www.ukfraud.co.uk) has launched a new mobile wallet consultancy practice. The move reflects recent positive and influential developments from Google with their Wallet and more recently from Apple with the launch of its latest iPhone with an integral fingerprint reader. The announcement also reflects the in-depth analysis of the market by UKFraud’s own Mobile Payment Special Interest Group (SIG), which has recognised the need for all financial product stakeholders to develop risk reduction strategies capable of matching the projected rapid growth of the global mobile payments sector over the next eighteen months.

The new consultancy practice will provide strategic advice and direction to a wide range of mobile payment sector organisations that aim to reduce the risk of moving their products and services to an emerging wallet architecture. This could apply to new devices (including phones, PDAs and tablets), software (including Apps and browsers) and most importantly to the authentication systems that are to be considered, validated and used. The consultancy also advises on the fraud risks of transporting mediums such as the internet and/or mobile carriers, including NFC, Bluetooth or Wi-Fi. The service will also aim to ensure that money and time invested is not wasted by developing superfluous wallet based products that will not ‘fly’.

Kevin Smith, the Chair of UKFraud’s Mobile Payment SIG, can see a role for the provision of detailed guidance to mobile wallet and mobile payment organisations whilst key sector bodies grapple with how the markets need European wide codes of practice. In his view, “The European Payments Council is just one leading body that is working hard and well to evolve a common understanding and nomenclature for this complex and fast changing  environment. We are keen to see both their vision and the on-going fruits of their labour. However, in the meantime, the global mobile payment market and other key stakeholders have recently been influenced in a very positive and promising way by a series technological launches by market leaders such as Apple, Google and locally by mpowa.

“Those who choose to hone their products around these technologies need urgently now to ensure that there are clear technical rules and constraints, understandable principles and frameworks around what they develop. This includes the related requirements of authentication, reliability, interoperability and transferability. There is therefore clearly a role for advisors to deliver defining guidance to such organisations as how they can minimise the risks involved to both their organisations and their customers. This guidance should also point to the likelihood of emerging standards both at a European and indeed global level.”

Bill Trueman, CEO of UKFraud acknowledged Kevin Smith‘s view and commenting on the launch of the new practice added, “There are already so many new technology developments in mobile payments and we still haven’t heard from many of the main traditional players yet, probably because they are still gathering their thoughts or formulating business cases. Fortunately, the recent launches by sector leaders such as Google, PayPal and Apple have had an extremely positive impact and have influenced the market greatly for the better. Our aim in recognising both the beneficial impact of these recent developments and the prospect of announcements from Europe is to help organisations navigate the best route forward for their products and to help them reduce the risks of their own solutions within the broader mobile wallet ‘space’. Consequently, we hope to make a number of major announcements shortly regarding the specific areas of help related to particular mobile wallet and payment device products and propositions.”

News Source

 

Who Polices The Fraud And Security Managers?

UKFraud SIG Identifies The Measures That Need To Be In Place

Following the recent high profile cases of senior fraud and online security managers being caught up with fraudulent activity, UKFraud’s Special Interest Group (SIG) for Corporate Fraud Prevention has drawn up a new set of benchmarks which will help organisations identify the signs that something is awry. The SIG also outlines the most effective strategies for countering these risks.

Recently established by UKFraud, the Corporate Fraud Prevention SIG consists of leading fraud prevention consultants coupled with representative input from a wide range of fraud industry skill sets. The SIG was established in response to sector frustration at recent claims by the UK’s National Fraud Authority that fraud levels have risen significantly from £38bn in 2011 to £68bn in 2012. The aim of the SIG is to analyse the approach taken to fraud in the corporate sector and to make recommendations for change at local, national and global levels.

According to the SIG’s research, the most likely signs of wayward behaviour by fraud and security management are relatively easy to spot and yet often overlooked. They include:

Fraud Systems that are below par. The fraud systems chosen by an organisation can be unfit for purpose and may not deliver what is required. There is also often an unwillingness, due to the influence of the internal fraudster, to consider competitive fraud technology products that do deliver or that can deliver more quickly. Often, the SIG says, it is easy enough with hindsight to see that a change to effective systems had been deliberately avoided, but typically, career minded employees are reluctant to blow whistles.

Erratic, incomplete, late or excuse laden management and system reporting is a classic sign that line managers are covering something up and says the SIG, this is just as likely to be the case with those fraudulently managing the security and anti-fraud systems of a company. Normally, further investigation will reveal that ‘lip service’ and increasingly tenuous explanations are given assertively to thwart follow up activity. When though one is dealing with an errant fraud manager, these explanations are more difficult to see through and more than likely to pass the plausibility test. Often the blame for the cause of any suspicion will be thrown onto inadequate IT systems or on the political gaps between corporate silos.

Frequent excuses are often based around IT related issues, such as technology compatibility problems between different company systems or even between international systems.

Unexplained wealth of managers outside of work. There will be plenty of evidence of the rewards of wrong doing with fraudsters purchasing luxury housing, wardrobe, holidays, cars and home computing equipment together with other rewards for family and friends which can even extend to private school fees for children.

Work place rumours, jokes and tip offs. These are often dismissed as political jibes but often this is a tell tale sign that something is wrong and that staff are too afraid to ‘blow the whistle’ formally.

Frequent use of the ‘privileged rank’ of Security or Anti-Fraud Manager to divert questions or to avoid enquiries from those who might raise suspicion, such as the internal or financial auditors. This also includes the robust use of the ‘we don’t want to compromise security by answering your questions’ excuse.

Where fraud specialists know the latest trick, for example how on-line fraud works, the unique symptoms of that particular scam will show up in the company where the internal fraudster is using it themselves.

UKFraud’s Corporate Fraud Prevention SIG believes that ‘maintaining an independent review perspective managed by those with the greatest experience’ is the most effective solution for combating inside jobs by fraud and security management. Amongst the strategies the SIG would recommend are:

A greater emphasis on the use of Non-Executive Directors. This is crucial, says the SIG, as usually Non-Execs are appointed for their experience of skills and operations in other organisations and sectors. They have that ‘other worldly’ eye that is able to cast a different perspective. They should have the ability to review all aspects of a company’s anti-fraud strategy and to ask awkward questions ‘from the top’ as this carries more weight.

Up-to-date reporting must be a core mantra of good company management, with the details of repeated exceptions thoroughly investigated. Organizations should also ensure that reports are not only timely but that they are also complete, real and updated as required. These processes should also then be built into the internal audit schedule for checking. This in turn should feed into the main GRC (Governance Risk and Compliance) systems. In addition, wherever appropriate, organisations should adopt an enterprise-wide approach to technology as this will help with systems issues. Thus, if the technology works well in all other parts of an enterprise, it is highly noticeable if it fails in the management of the fraud department or the control of online and financial systems.

Organizations need to establish records both electronically and on paper. This should include specifying where documents are and when they should and should not be stored. One should identify who is in control of these systems, processes and procedures and who has ownership of specific records. Organizations also need to decide who is responsible for checking that these measures are followed. The scanning, and indexing of work needs to be carried out to professional standards and there must be rules to ensure that no-one can intercept/edit documents at an inappropriate stage or in a fraudulent way. It is also important, the SIG believes, to ensure that your storage capacity is controlled properly.

Where acquisitions and mergers are concerned, organizations need to ensure that all documents are available and stored appropriately and securely, especially those that relate to IP protection, IP development records, audit trails and staff contracts. In particular, when acquiring a business, companies must make sure that they have indemnities and penalty clauses built into the acquisition agreements which relate to the availability of data, logs, audit trails and so forth.

An extra fraud prevention ‘task-set’ should be drawn up for auditors and IT auditors whether they are internal or external. This can have a real impact, although sadly most auditors are simply there to either report on financial results or check asset lists and software licence compliance. There are though many specialists that can undertake ‘special’ tailored checks to find frauds within all manner of business systems including: payroll, invoicing or payments. By turning them towards checking the efficacy of the security and fraud systems in place, says the SIG, it is not only a greater deterrent but also a far more certain way of catching wrong doing whilst in flight.

Getting HR more involved. This allows you to define responsibilities and handle warnings for non-compliance.

Organisations should actively consider the use of external risk consultants who can offer solutions which benefit from an independent viewpoint that resides outside of a company or its politics.

Where doubts exist, organisations should contemplate the use of private investigators to look deeper into the processes used by those who are deemed to be high risk people. These need to be the breed of computer literate investigators with corporate fraud experience.

SIG member Malcolm Gardner, the CEO of fraud prevention consultancy Freevision Ltd., believes that the situation may be worse than many fear. In his view, “Typically, when fraud or security managers are caught, it is either because they went too far, having become complacent, or where there has been a tip off. This tends to suggest that those who are caught might simply be the tip of the iceberg. With sectors such as the online market, now so very tempting to fraudster, it can also be tempting for internal cheats too. Corporations need to be sure of their staff and need to put the right systems in place to help the loyal staff who are the ones still working for the good of the company.”

Bill Trueman the CEO of RiskSkill and UKFraud, echoed Gardner’s comments adding, “It is awful whenever any fraudster is identified within a business, but if it is the person who has the responsibility for fraud prevention themselves, then this is even more abhorrent. Within the fraud SIG, we all universally believe that these fraudsters who were identified as fraud specialists themselves should have significantly more severe punishments, for abusing these particular positions of trust. The first step is finding them and then managing the problem. Hence, our SIG was keen to put these guidelines in place for all to benefit. We would welcome any feedback on other pointers and precautions that people feel might be also of benefit in future SIG reports.”

News Source

Mega Fraudsters Are Often NOT Held Responsible For Most of the Frauds.

The vast amount of fraud in most developed countries takes place from lots of people stealing more modest amounts from government and from large corporations. So whilst we may occasionally read about the $ multi-million losses perpetrated by individuals, this is comparatively rare.

There are many tens of thousands of people who steal $10 – $10,000 every day through false benefit applications, bogus grants, insurance claims, local authority claims, injury claims, stolen card usage and walking away from utility bills or internet orders. Oddly, the widespread deployment of IT systems to manage corporate fraud and corporate processes often makes business fraud easier, as fraudsters prefer such faceless processes to dealing with real people, thus making corporate fraud losses prevention difficult.

UKFraud is an independent fraud prevention organisation (under the leadership of Bill Trueman) which helps banks, corporates, insurance companies, telecommunication sector, and other organisations investigate, detect and prevent fraud to save millions.

When serious Corruption, Fraud or Illegal activities are exposed in Corporate or an organisation, should the Top Dog resign, even if they allege they were unaware of the offences?

Should Top Dogs Resign When any Scam or Fraud takes place in an Organization?

“Yes but not always…. life is never that simple! Even if the ‘top dog’ doesn’t set the fraud agenda, and has no prior knowledge of the corrupt or fraudulent practices, they still have to go as there is always an assumption of responsibility at the top. However, a good leader will make sure that their business team has fraud prevention tools, such as payment, audit and stock controls et. al. in place. Thus, the good leader should rarely see and experience such corruption or fraud. However. If the leader does not drive such disciplines into the business, then their leadership is poor AND he or she MUST go if that leadership comes under scrutiny when any business fraud or company fraud is discovered.

The biggest exception to this rule include; new leaders, who are trying to implement the right infrastructure, which will always take time to put in place. The judges in these cases must be independent non-executive directors, chairmen or shareholders; who should always also be in place in a supervisory oversight role.

Sometimes culpability stretches much further than ‘the one at the top’, and could include a broader base of stakeholders – shareholders etc  The Ministry of Defence might well see one of the causes for losing over £6bn as potentially the result of a very large company fraud, but we’d never hold the Queen liable…would we?”

UKFraud is an independent fraud prevention agency (under the leadership of Bill Trueman) working globally, which helps businesses, banks, corporates, insurance companies, telecom sector, ngo, and other organisations investigate, detect and prevent fraud(and corruption) in order to prevent losses and save millions.