Professional Postgraduate Diploma in GRC – Masterclass Evaluation template for Executive Summary
Financial Crime and GRC
Financial crime is a type of criminal behavior that occurs as a result of a confluence of economic gain-based motivationand opportunity. Financial crime or white-collar crime negatively affects nations, governments, and organizations by threatening the stability of financial systems and exposing them to substantial financial losses (Edelbacher, Kratcoski & Theil 2012). Governance, risk, and compliance (GRC) practitioners of an insurance company, Generali Group, are cognizant of the fact that false representation, misuse of assets, forgery, theft, corruption, and other types of financial crime have to be prevented at all cost (Generali Group 2014). Financial institutions are especially vulnerable to both financial crimes and sub-crime threats; therefore, there is a pressing need for the implementation of proper risk-based countermeasures.
The importance of the issue is emphasized by the fact the majority of financial crime risks constitute internal threats that emanate from companies’ staff and threaten to undermine both their financial standing and reputation. There are many methods for financial crime risk mitigation that concentrate on the following core areas: governance, structure, risk assessment, policies and procedures, staff recruitment, and quality oversight (ICT 2015). Effective GRC specialists have to recognize the vulnerabilities of their organizations, as well as products and services they produce, to both internal and external threats.
This reflective journal entry aims to explicate the recent financial crime developments from a GRC practitioner’s point of view. It will also explore the methods for safeguarding financial services organizations against internal and external threats. The topic is highly relevant to me because financial fraud is extremely prevalent in the insurance industry.
Key principles and issues raised within the Masterclass
The first key learning point is that organizations engaging in the provision of financial services are characterized by a high level of financial crime risk exposure. Intentionally harmful activities that are driven by economic gain-based intentions have usually been associated with Western countries. However, recently even developing countries that are undergoing rapid marketization have witnessed a surge in white-collar crimes.
For example, some analysts suggest that since 2000, Chinese banks lost more than $2.8 billion annually due to bank fraud (Hongming 2016). This development has led to the introduction of amendments to the country’s criminal law and triggered numerous investigations conducted by the China Securities Regulatory Commission (CSRC) Enforcement Bureau (Hongming 2016). Furthermore, governments around the world impose uniform risk-based countermeasures on their financial institutions.
Money laundering is a type of financial crime that is especially prevalent among financial services organizations. The term money laundering refers to “the process which criminals use to obscure the real origin of the proceeds which have been derived from criminal activities” (Alhosani 2016, p. 1). Compliance officers should carefully follow the Financial Action Task Force (FATF) recommendations as well as to make use of a toolkit developed by the organization to avoid negative outcomes.
Artificial intelligence (AI) is a new frontier of GRC. Until recently, the technology has been mainly used for the provision of digital advisory services through client-facing tools (MAS 2017). Its effectiveness and low cost have been recognized by professionals from many domains. However, it is also associated with additional technology risks, which have been addressed by the Monetary Authority of Singapore (MAS) (Plenderleith 2017). AI can also be effectively used for fraud prevention.
The technology has been successfully applied to thwart illicit activities in a wide range of business sectors. Financial services organizations rely on AI to analyze patterns of card and endpoint access usage. RBS WorldPay, a payment processing firm, has utilized AI for several years to trace illicit transactions, thereby preventing card fraud (Bank Info Security 2014). MasterCard has also incorporated the use of AI into its risk management activities.
Effective GRC leaders have to take a proactive approach to mitigate financial crime risks. Not only will it help to avoid negative consequences of fraudulent activities, but it will also make it easier to “address the influx of new regulatory challenges” (ICT 2015, p. 10). However, it has to be borne in mind that a successful compliance culture represents a confluence of proactive and reactive measures. The effective alignment of such models can be achieved if GRC practitioners develop a flexible policy approach allowing them to address both domains.
The second learning point is that financial crime is a threat that often arises from within a company. A study of white-collar criminals shows that staff members are the ones who are responsible for unlawful behavior and perpetration of crimes such as embezzlement, accepting bribes, misusing pension funds, and engaging in other abuses of trust (Gottschalk 2014).
By analyzing the results of global economic crime surveys, the study has shown that 75 percent of companies reporting lawbreaking have experienced asset misappropriation, 36 percent accounting fraud, 23 percent intellectual property infringement, 14 percent corruption, and 12 percent money laundering (Gottschalk 2014). Another study conducted by the Credit Industry Fraud Avoidance System (CIFAS) shows that in 2011, insiders committed 60 percent of frauds (ICT 2015).
Corruption and fraud hamper economic development and undermine the reputation of financial services organizations. Even though recent years have seen a decline in financial fraud, which points to the effectiveness of anti-fraud policies, GRC practitioners have to recognize both areas of abuse and specific fraudulent activities in which malicious insiders are known to engage (Carnegie Mellon 2012). For example, unauthorized trading and insider dealing are two illegal activities that can destroy financial institutions. Therefore, GRC leaders are responsible for developing and implementing governance systems that have controls against both low-level and high-level internal crimes.
According to Skife, Veenman, and Wangerin (2014), there is a link between the number of capital gains from insider trading and the effectiveness of internal control over financial reporting (ICFR). The researchers argue that the ‘tone at the top’ approach is “the foundation of effective internal control” (Skife, Veenman & Wangerin 2014, p. 92). It means that to dissuade some internal financial crimes, it is necessary to improve the quality of ICFR in a company. GRC specialists have to be cognizant of the fact that a high level of the chief executive officer (CEO) and chief financial officer (CFO) turnover is also indicative of ineffectual ICFR (Skife, Veenman & Wangerin 2014).
The third learning point from the Masterclass is that cybercriminals are often motivated by financial reasons; therefore, financial services organizations are vulnerable to cyberattacks. According to a recent investigation conducted by Federal Bureau of Investigation’s Internet Crime Complaint’s Centre, the list of the most perpetrated cybercrimes includes the following items: non-delivery payment, identity theft, computer crimes, miscellaneous fraud, credit card fraud, and overpayment fraud among others (ICT 2015). It means that cyber defense in financial services organizations has to revolve around “protecting the confidentiality, integrity, and availability of data and the IT systems that process it” (Donaldson et al. 2015, p. 9).
Utilization and recommendations
The use of promotion, protection, and enhancement (PPE) instruments developed by the European Commission can be fairly effective in fighting against many types of financial crime (ICT 2015). GRC practitioners working in financial services sectors should apply the tools in the following areas: culpability, accountability, integrity, stewardship, proportionality, and asset recovery (ICT 2015).
To diminish the risk of financial crime occurrence, GRC practitioners of Generali Group, in addition to using the PPE tools, should also recognize the personality traits of white-collar criminals. According to Gottschalk (2014), these traits include, but are not limited to, narcissism, hubris, social dominance, and Machiavellianism. Also, neurotic personality types often display a lack of behavioral self-control that can result in the desire to take risks.
Gottschalk (2014, p. 7) argues that white-collar criminality is also associated with gender and claims that people engaging in financial crime are usually “from 26 to 40 years of age, earn a substantial annual income, and have been employed for between 2 and 5 years.” It means that effective pre-employment screening practices can deter financial fraud. Also, a special report issued by Carnegie Mellon (2012, p. 15) recommends reaching out to employees experiencing financial struggles and assist them to prevent them from “finding illegal means of solving their problems.”
GRC specialists have to ensure that both data and infrastructure of their companies’ IT systems are protected against cyber threats. To this end, they have to implement enterprise cybersecurity by organizing personnel, selecting security controls, defining scopes of security policies and implementing them, and monitoring security effectiveness (Donaldson et al. 2015). Security practitioners of Generali Group should also make use of Internet Organised Crime Threat Assessment (iOCTA).
The paper has outlined recent trends associated with financial crime from a GRC practitioner’s point of view. It has explicated effective methods for protecting the financial sector institutions from both internal and external threats. Given that Generali Group is vulnerable to white-collar crimes, it is hard to overestimate the relevance of this topic to me.
Alhosani, W 2016, Anti-money laundering: a comparative and critical analysis of the UK and UAE’s financial intelligence unites, Palgrave Macmillan, New York, NY. Web.
Bank Info Security 2014, How to fight fraud with artificial intelligence and intelligent analytics. Web.
Carnegie Mellon 2012, Insider threat study: illicit cyber activity involving fraud in the U.S. financial services sector. Web.
Donaldson, S, Siegel, S, Williams, C & Aslam, A 2015, Enterprise cybersecurity: how to build a successful cyberdefense program against advanced threats, Apress, New York, NY. Web.
Edelbacher, M, Kratcoski, P & Theil, M 2012, Financial crimes: a threat to global security, CRC Press, Boca Raton, FL. Web.
FATF 2012, The FATF recommendations. Web.
Generali Group 2014, Anti-fraud policy. Web.
Gottschalk, P 2014, Financial crime and knowledge workers: an empirical study of defence lawyers and white-collar criminals, Palgrave Macmillan, New York, NY. Web.
Hongming C 2016, Financial crime in China: developments, sanctions, and the systemic spread of corruption, Palgrave Macmillan, New York, NY. Web.
ICT 2015, ICA professional postgraduate diploma in governance, risk and compliance: course manual – module 9, International Compliance Training Ltd, Birmingham. Web.
MAS 2017, Provision of digital advisory services. Web.
Plenderleith, J 2017, Artificial intelligence in financial services: here to stay?. Web.
Skife, H, Veenman, D & Wangerin D 2014, ‘Internal control over financial reporting and managerial rent extraction: evidence from the profitability of insider trading’, Journal of Accounting and Economics, vol. 55, no. 1, pp. 91-110. Web.