As a response against fraud, Bank Indonesia (BI) issued Circular Letter No. 13/28/DPNP in 2011 to all commercial banks and made it compulsory for commercial banks to possess an effective antifraud strategy and submit the necessary reports related to the strategy and fraud cases to Bank Indonesia. In 2015, the Financial Services Authority (OJK) issued regulation No. 4/POJK.03/2015 on rural bank governance to require the implementation of good corporate governance with the regulated minimum standards.

Despite all the laudable regulations, fraud cases that hurt our banking industry still ruthlessly reappear and inundate our national news. An OJK report showed that there were 63 cases of special investigations into commercial banks because of indications of fraud in 2018 alone. Rural banks are in a much more serious condition. The 2016 Indonesian Fraud Survey by the Association of Certified Fraud Examiners (ACFE) Indonesia Chapter marked the banking and financial industry as the second industry most harmed by fraud.

From a wider point of view, the “2018 Global Study on Occupational Fraud and Abuse Report to The Nations” by the ACFE noted that the second greatest number of fraud cases in the Asia-Pacific occurred in banking and financial services. As alarming as the facts can be, it is not the time for the banking industry to show lackluster efforts in strengthening its risk management strategies.

Fraud is a constant cat and mouse game, and the greatest tragedy happens when fraudsters have exploited the situations in which fraud might look like an issue of any usual banking risk — and then only when monetary damage has been done and the criminals have returned to their protective shelters that the full understanding of the situation is finally realized by the victim. By this point, fraud prevention efforts are already too late.

It is worthy to be understood — or maybe constantly reminded — that fraud risk is not entirely a stand-alone risk. It is a risk that can generate all other types of banking risks; and then even worse, disguising itself under other usual banking risks. For example, in terms of credit risk, an instance of fraud could seem like, initially, just another missed payment. Other obvious examples are people risk, operational risk, reputational risk and legal risk. For instance, a fraudulent activity occurring at the early stages of a recruitment process could easily be dismissed as issues of people risk caused by careless misconduct and an intentional management override of control as normal issues of operational risk because of human error. Similarly, fraud risk can hide beneath the interest rate risk, optional risk, market risk and foreign exchange risk, where fraud activities or kickbacks and fraudulent statements could very possibly take place. No organizations are immune to fraud risks.

There is only a very thin line that can distinguish fraud activities from anything else: intention — unfortunately an element notorious for its hard-to-prove characteristic. This often leads to many fraudulent activities being dismissed as issues of other risks, or in some tragic cases, the incrimination of the innocent coupled with the acquittal of the guilty. Especially with the pressure of competition, striking a balance between on-boarding consumers as quickly and as seamlessly as possible, and protecting the institution from fraud, becomes extremely challenging. For this reason, a mature and robust enterprise risk management oversight — not just a good on-paper system — that can effectively and efficiently manage fraud risks is imperative.

Popular

RI, Australia strengthen partnership on taxing crypto assets

Analysis: Indonesia denies normalization with Israel to enter OECD

Citroen to produce electric cars in Indonesia