OCC Releases Bulletin on Fraud Risk Management Principles

Moore & Van Allen PLLC
Contact
LinkedIn
Facebook
X
Send
Embed

Moore & Van Allen PLLC

In the aftermath of sales practices, the Office of the Comptroller of the Currency (OCC) recently published a bulletin on fraud risk management principles that are applicable to all federally chartered financial institutions. The bulletin supplements existing OCC and interagency guidance and provides a roadmap of OCC expectations.  

The OCC highlights certain risk management principles:

  • A bank should have sound corporate governance practices that instill a corporate culture of ethical standards and promote employee accountability.
  • A bank’s risk management system should include policies, processes, personnel, and control systems to effectively identify, measure, monitor, and control fraud risk consistent with the bank’s size, complexity, and risk profile.
  • A bank’s risk management system and system of internal controls should be designed to (i) prevent and detect fraud and (ii) appropriately respond to fraud, suspected fraud, or allegations of fraud.
  • Bank management should assess the likelihood and impact of potential fraud schemes and use the results of this assessment to inform the design of the bank’s risk management system.
  • Senior management and the board of directors should measure, monitor, and understand fraud losses across the enterprise and employ tools that appropriately quantify and assess loss experience and exposure.
  • Control reviews and audits should include fraud risk as part of their assessments.

An effective fraud risk management approach is one that focuses on the above objectives. The OCC expects board and senior management level to set the tone at the top and actively engage in the governance of fraud risk. In a likely reference to recent sales practice scandals, the OCC noted “A sound corporate culture should discourage imprudent risk-taking. Incentives or requirements for employees to meet sales goals, financial performance goals, and other business goals, particularly if such goals are aggressive, can result in heighted fraud risk.”

Fraud risk management principles should correspond with the bank’s size, complexity, and risk profile. Senior management should also frequently review the potential impact of fraud and modify their system accordingly. The OCC expects firms to utilize software and other technological tools as part of an effective fraud risk management program that can predict fraud and implement preventive and detective controls. The OCC provides a list of examples of controls and metrics that can be used to monitor and deter fraud.

The OCC will expect institutions to assess how efficient its risk management strategy is working and how its strategy fits within its current business plan. While conducting reviews and audits, the auditor must report findings of fraud to the board or management and has the duty to determine if the OCC also needs to be made aware. It is then management’s obligation to respond to any concerns in a timely and effective manner.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Moore & Van Allen PLLC | Attorney Advertising

Written by:

Moore & Van Allen PLLC
Moore & Van Allen PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Moore & Van Allen PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide