Banking Fraud Audit Examination: Independent Review of the Bank's Governance of Ethical Culture and the Incidents of Fraud or Malpractice

Principal Course Developer: Ms. Edel Mary Vegamora

LEARNING FRAMEWORK / OUTLINE OF COVERAGE:

AGENDA. DAY 1.

I. REVIEWING THE BANK'S ETHICAL CULTURE (DAY 1).

1. High-level Introduction on Major Laws & Regulations on Corporate Fraud, as well as the BSP's Standards on Sound Business Practices for Banks, may impact the Ethical Culture of the Bank.

2. Salient Points of Board Committees' Mandate and Board Oversight Responsibility for Sound Ethical Culture in the Bank, as well as for Reported Incidents of Fraud or Malpractice;

3. Salient Points of HR Role for ensuring that the Board-approved Ethical Culture for the Bank is communicated and is practised bank-wide;

4. Salient Points of the Bank's Enterprise Risk Framework, the OPS Risk Management Policy, the Enterprise Fraud Management, with Focus on Fraud or Malpractice Risk, for purposes of this Webinar;

5. Salient Points of the Bank's Regulatory Compliance Framework, with Focus on Fraud or Malpractice Reporting, for purposes of this Webinar;

6. Approval for Unplanned Audits, such as Management's request for a Fraud Audit Examination.

7. Key Elements of Internal Audit's Fraud Audit Examination Policy.

II. THE KEY ELEMENTS OF THE INDEPENDENT REVIEW OF THE BANK'S GOVERNANCE OF ETHICAL CULTURE AND INCIDENTS OF FRAUD OR IRREGULARITY (DAY 1)

1. Standards Relevant to the Fraud Audit Engagement.

2. Audit Strategy & Plan of a Fraud Audit Engagement.

3. Audit Evidence Mapping, as is relevant to the Incident.

4. "The Scheme or Modus Operandi".

5. How the Auditor would articulate the Observations & Conclusion.

6. DAY-1 CASE REVIEW: Deposit Account with Actual Cash Flows that are not economically aligned with the client's disclosed KYC Information.

AGENDA. DAY 2.

III. ANALYSIS OF INCIDENTS OF FRAUD OR IRREGULARITY.

1. The Scheme or Modus Operandi

2. The Mapping of Evidence, that shows illustrative information/preliminary evidence mapped for the sample case.

3. "How-to-Audit-the-Fraud or Irregularity" Tips by the Speaker/SME.

4. Analysis of Governance of the Ethical Culture. Root Cause Analysis.

5. DAY-2 CASES REVIEW:

(a)Cash Abstraction from Depositor/Customer Accounts, such as any of the following: (i) Forgery in Cash Withdrawals, (ii) Unauthorized Encashment of cheques; (iii) Unposted Cash Deposits; (iv) Unposted Investment proceeds from customer; (v) Lapping of stolen cash using various depositors' accounts; (vi) Depositor's Representative that misappropriated depositor's account; (vii) Misappropriation of funds in Dormant Accounts; and other M.O.s

(b)Misappropriated Loan Proceeds, such as any of the following: (i) Identity Theft or Fictitious Loan (identity of another person/entity posing as Borrower; or fictitious borrower or fictitious collateral) with misappropriated loan proceeds, hence NPL.(ii) Non-Starters, with loan proceeds not used for the activity for which the loan had been approved, hence NPL

(c.) Misappropriated Bills Payment proceeds.

(d.) Depositor's Fund Transfer Fraud.

(e.) Money Remittances Fraud (Local or Offshore).

AGENDA. DAY 3.

III. ANALYSIS OF INCIDENTS OF FRAUD OR IRREGULARITY.

1. Standards and Practices pertaining to the bank's governance of technology and information security, in the face of the present-day computer-related irregularity/fraud/crime.

2. The Scheme or Modus Operandi

3. "How-to-Audit-the-Fraud or Irregularity" Tips by the Speaker/SME.

4. Analysis of Governance of the Ethical Culture. Root Cause Analysis.

5. DAY-3 CASES REVIEW of technology-related fraud/malpractice, such as any of the following:

(a) How Phishing/Vishing/Identity-Theft attempts are done and how the bank conducts tests to assess the vulnerability of the banking organization.

(b) Loss/Risk Exposure resulting from Cyber Attack on Credit Card Bins.

(c.) Loss/Risk Exposure resulting from Computer Crime in Internet banking;

(d) Loss/Risk Exposure resulting from Computer Fraud in Programs for selected Banking Systems;

(e.) Loss/Risk Exposure resulting from Attacks on IT Infra (e.g., Hardware/Network Ports/Telecom Assets; Insourced/Outsourced Technology);

(f) Loss/Risk Exposure resulting from Internet Domain-related irregularity (e.g., email domain, website domain);

(g) Loss/Risk Exposure resulting from failed DRP/BRP.

AGENDA. DAY 4.

III. ANALYSIS OF INCIDENTS OF FRAUD OR IRREGULARITY.

1. The Scheme or Modus Operandi

2. The "Mapping of Evidence" Framework, that shows illustrative information/preliminary evidence mapped for the sample case.

3. "How-to-Audit-the-Fraud or Irregularity" Tips by the Speaker/SME.

4. Analysis of Governance of the Ethical Culture. Root Cause Analysis.

5. DAY-4 CASES REVIEW:

(a) Check Clearing Items.

(b) Cash Management Center.

(c.) Client's Deposits in Deposit Pick Up Arrangements.

(d) Financial Instruments Investment.

AGENDA. DAY 5.

III. ANALYSIS OF SAMPLE INCIDENTS OF FRAUD OR IRREGULARITY.

1. The Scheme or Modus Operandi

2. The "Mapping of Evidence" Framework, that shows illustrative information/preliminary evidence mapped for the sample case.

3. "How-to-Audit-the-Fraud or Irregularity" Tips by the Speaker/SME.

4. Analysis of Governance of the Ethical Culture. Root Cause Analysis.

5. DAY 5 – CASES REVIEW:

(a) ROPA/Asset Management.

(b) Corporate Client's Payroll Accounts Servicing Arrangement.

(c.) Foreign Exchange Dealings.

(d) PEP Client Account funds flow.

AGENDA. DAY 6.

IV. AIMING TO ADD VALUE THROUGH FRAUD AUDIT EXAMINATION (AUDITOR'S VALUE ADDED OR "AVA")

1. "Follow-The-Money Footprints" Methodology, and related "Audit Analytics", which may be useful for business decision about loss claims, or to other Control Functions who report on crimes and suspicious transactions, or AML web of accounts ;

2. Matrix for Culpabilities, which could be useful for HR's due process;

3. The Fraud Audit Report and related Communications, enhancing IA 'Partnership' with AuditCom & Senior Management

4. Other "AVA"

LEARNING ASSESSMENTS. (Webinar DAY 1 through DAY 6)

1.Online Quiz/Polls to be answered by Participants during the 6-Day Webinar.

2. Interactive online discussion among participants, during the Speaker's lecture sessions.

3. Participants/Group Work:

Case Workshop via virtual breakout room discussion for Day 2 to 5.

Each Group will present online the results of their discussions (See NOTE below for the "Group Deliverables"). This provides an opportunity for real-time feedback from the Speakers/SMEs as well as from other Participants/Groups.

In the Case Workshop, any 2 or more of the following Group Deliverables will be assigned for Cases on Day 2 to 5:

A. the Group's identified aspects of Ethical Culture or Practice that the Auditor would cover in the Audit Assessment of Ethical Culture, relevant to the DAY's Sample Case that is assigned to the Participants/Group. Group's presentation, Powerpoint (1- 2 pages).

B. the Group's statement of the Audit Objectives on the Sample Case. Group's presentation.

C. the Group's identified possible root cause or vulnerabilities (bank or client or 3rd party) that had allowed the fraud or malpractice to happen. Group's presentation.

D. the Group's identified key piece/s of evidence or key information that would be used as basis for the Auditor's conclusion. Group's presentation.

E. the Group's Recommendation on areas of improvement, to preclude the recurrence of the fraud or malpractice or of specific offence against Major Laws & Regulations (Webinar Topic I). Online presentation.

TARGET AUDIENCE:

1. Banking Fraud Auditors;

2. All Internal Auditors, for their skills enhancement and wider audit exposure;

3. Internal Audit practitioners who have "Audit Analytics" or IA Outsourcing services;

4. Internal Audit Management and the Chief Audit Executive (CAE);

5. Audit Committee Members and other Independent Directors of the Board, who have Governance Oversight for Fraud Examination Results;

6. Operational Risk Management & Enterprise Fraud Management personnel, who report to the Board/Committee on fraud matters, and who ensure there is Board-approved Fraud Risk Management Policy, as well as who administer an adequate Fraud Risk Register, Fraud Studies for Corrective Measures, Fraud Policy Enhancements to prevent recurrence.

7. Human Resources Management, who oversee the Board-Approved Ethical Culture for the Bank, the HR Due Diligence on Personnel Culpabilities, the Breaches of the Bank's Ethical Culture and the Bank's Code of Conduct;

8. Business Management, Legal Team, Centralized Control Operations, District/Regional Supervisors, who have Supervisory Responsibility for Fraud Incident Reporting and for the Bank's Administrative Action on fraud incidents;

RESOURCE SPEAKERS:

MS. MYRNA E. AMAHAN

SVP/Chief Audit Executive

Union Bank of the Philippines

MR. MANUEL C. CHAN

OIC - Head of Internal Audit

Security Bank Corp

MR. RANDY M. CAISIDO

Chief Audit Executive

City Savings Bank, Inc.

MR. NENER G. CONCEPCION

First Vice President

Rizal Commercial Banking Corp.

MR. REGINALD C. NERY

SVP/Chief Audit Executive

Bank of Commerce

MS. MILAGROS G. TINIO

Assistant Vice President

Rizal Commercial Banking Corp.

SCHEDULE:

6 Half-day Sessions (1:00 PM - 5:00 PM)

Day 1 - September 29, 2022 (Thursday)

Day 2 - September 30, 2022 (Friday)

Day 3 - October 1, 2022 (Saturday)

Day 4- October 3, 2022 (Monday)

Day 5- October 4, 2022 (Tuesday)

Day 6- October 5, 2022 (Wednesday)

TRAINING FEE PER PARTICIPANT:

From Member Institution – P 8,400.00

From Non-Member Institution – P 11,760.00

**VAT inclusive