Riesgo Risk Management\'s Fraud Management solution is a cost effective means of implementing a Fraud management system that detects, prevents and mitigates fraud. It has adaptors that may sit on servers and trigger alerts to the Fraud Management dashboard.
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Fraud Monitoring Solution
1. Fraud monitoring solution
Ben Oguntala, LLB Hons, LL.M
CEO
www.riesgoriskmanagement.com
Ben.oguntala@riesgoriskmanagement.com
2. About the Author
• Ben Oguntala
• Education
– LLB Hons
– LL.M
• Financial/Securities regulation
• UK/EC competition law
• Forte
– Risk Management specialist
– Fraud compliance Consultant
– Compliance specialist
– Data Protection specialist
– Information Security Consultant
• Previous clients
– British Gas
– Vodafone
– Orange
– O2 Telefonica UK
Ben.oguntala@riesgoriskmanagement.com – RWE NPower
CEO – Riesgo Risk Management – BNP Paribas
Telephone – 07812 039867 – Ministry of Justice (London Probation)
– Revenue & Customs
– Nortel/Motorola/Ericsson/Nokia
“Fraud management is not dissimilar in concept to – CapGemini
a building’s architectural integrity, which requires – BT
a piecemeal distribution of integrity enforcement – KPMG & Cisco
across all of the building blocks.”
3. Solution overview
Adaptors Generate alerts
Compliance PCI | FSA | DPA
From business
Incident reporting
units
Products & From assessment
services checklist
Asset baseline Alert triggers
Asset procedure Manual procedures
Asset policy Minimum standard
Fraud Information Asset
Asset classification High Med Low
Asset owner Point of contact
4. Introduction Fraud management
• Our Fraud management solution includes
three key strategies Fraud
detection
– Fraud detection (knowledge of the subsistence of fraud)
• Fraud Asset Register
• Fraud baseline
• Fraud policies & procedures Fraud
• Fraud incident reporting prevention
– Fraud prevention (mechanism to prevent the subsistence of
fraud)
• Fraud Policy enforcement
• Technical preventative measures Fraud
• Fraud baseline implementation mitigation
• Zero day detection reporting
– Fraud mitigation (business process by which Fraud risks are
mitigated and reoccurrence prevention)
• Fraud risk management
• Fraud remedial action plan
5. Our Fraud management framework
The objective of the framework is to cover as a broad a spectrum as possible in your
Estate (Fraud Asset Register across all business units), the next key stage is to determine
the appropriate level of fraud policy that needs to be applied across each asset. Incident
Management, compliance assessment then capture fraud requirements and refer to the
Fraud management team for expert assessment, whilst the Fraud Risk register is maintained
to ensure all risks are captured.
Fraud Fraud Fraud Fraud trends Fraud asset
Fraud Fraud risks
baseline in detection trends subscription across all
incident across the
products & from from from business
reporting enterprise
services compliance authorities authorities units
Incident Product & Compliance Fraud Fraud policy Fraud asset Fraud risk
management Services assessment landscape management register register
FMA
Fraud management tool
(Fraud management adaptors)
Fraud baseline Fraud detection engine
Fraud monitoring dashboard
Fraud reporting Fraud investigation
6. Framework objectives
• Fraud exists due to
weaknesses in an
organisations security
framework. Our objective is
to re-enforce the fortress of
protection and enhance the
capability to reduce
possibility fraud
perpetration.
Fraud
Incident Fraud policy Compliance
• It is not always possible to management management
Threat
assessment
prevent fraud from landscape
occurring which is why
having adequate detection
capability is equally
important to zero day Fraud asset Product &
register Services
detect potential fraud in
your organisation.
Fraud risk
register
7. To capture all fraud incidents
reported from all business
4
units including helpdesk Fraud
incident
Incident
reporting
incidents relating to fraud
Incidents
management
Setting a baseline for all
5
products & services
P&S
Fraud
regarding fraud and alerting
services
Services
Product &
baseline in
products &
business processes
All compliance activities will
5
be able to report or refer
from
Fraud
potential fraud issues to the
Compliance
detection
compliance
assessment
Compliance
Fraud team for evaluation
10
Auto input via subscription
Threats
from
Fraud
Fraud
on fraud trends and alerts
trends
Threat
landscape
authorities
10
Policies A framework for distributing
Fraud Management team
fraud policies and procedures
across the enterprise.
Fraud policy
&procedures
management
Fraud policies
dissemination
5
The asset register lists all the
fraud related assets for the
Asset register
units
organisation across all
Framework objectives (1)
register
business
across all
Fraud asset
Fraud asset
business units
The fraud risk register
5
demonstrate the fraud risks
associated with the
Risk register
register
organisation and the relevant
Fraud risk
across the
enterprise
Fraud risks
assets
8. Fraud Management Sources Captures FMT dashboard
Implementation
Auto forward from Helpdesk tools
Incidents
Manual entries from staff Incidents 2 3 9
Products & Risk assessment results on fraud
services Products & 4 4 8
Fraud baselines services
Baseline violation alerts
Compliance Compliance
1 3 4
referrals referrals
Fraud query referral from compliance
Fraud Fraud
Fraud threats from authorities 2 3 5
threats threats
Policies & procedures sent to all BUs
Fraud Fraud
management
policies & Update to procedures policies & 3 3 6
Fraud
procedures procedures
Fraud assets for each business unit
Fraud asset
1 3 4
Fraud asset Asset owner for responsibility register
register Fraud risk for each asset Fraud risk
5 3 8
register
Risks from assets, products or services
Fraud risk
register Risks from audit assessments
Risks from the threat landscape
9. Fraud implementation stages
Fraud asset register
• The creation of the Fraud Asset register gives you an idea of the scale of your fraud
estate
• No. of Assets per business unit
• Type of information contained and risk ratings
Fraud Policy management
• The creation of the Fraud policies relating to the Fraud Assets
• Definition of the Fraud procedures, triggers across each Asset
Products and services
• Creation of Fraud risk assessment checklist
• Inclusion of the Fraud risk assessment checklist into the risk assessment regime for
all new products and services
Compliance
• Inclusion of the Fraud risk assessment to all compliance activities
• Inclusion of 3rd party engagement to include fraud risk assessment checklist
10. Fraud implementation stages (1)
Incident management
• Capture of all incidents relating to fraud onto the Fraud dashboard
• Automatic alerts generated when new fraud incidents are raised
• All business units will have the capability to register a fraud incident
Fraud risk register
• An active register of all the fraud risk across all the business units
• Contains the associated Fraud policy or fraud Asset
• Fraud asset owners are included in the issues related to his/her asset
Internal/External Audits
• Internal/External auditors will have the capability to record non
compliances against Fraud Assets, Policies or Departments.
11. Fraud Implementation stages (2)
Creation of Across all business
Fraud asset
1 the fraud units of the
register
asset register enterprise 7
Fraud
Policies & procedures to support landscape
Fraud policy
each type of the Fraud assets for
management
2 the enterprise
Fraud
All products & services are trends and
Product &
risk assessed to comply with 3 alerts from
Services
Fraud policies the
Compliance teams authorities
Compliance are impact
implement fraud checklist 4
assessment assessed &
in their assessments
filtered
All fraud incidents are
Incident into
captured & escalated to the 5
management relevant
Fraud team
areas
Fraud risks from all the
Fraud risk
modules without 6
register
immediate mitigation
Incidents P&S Compliance Threats Policies Asset register Risk register
4 5 5 10 10 5 5
Fraud Management team
12. Operational overview
Incidents
1. Visibility
• End to end visibility Fraud Asset
2. Joined up approach Fraud alerts
register
• All relevant units
involved
3. zero day detection of
Fraud events
1. Email alerts
2. Dashboard listing Fraud Fraud
Fraud Risk
rd party inclusion policies & management
4. 3 team Register
procedures
1. Incident reporting
2. Fraud policy
application
3. Compliance
Compliance
Compliance
assessment
Fraud
Threat
register
13. Fraud monitoring dashboard
Incidents P&S Compliance Threats Policies Asset register Risk register
4 5 5 10 10 5 5
Fraud Management team
• Incident
– Generates incidents reported from any of the business units
– Generates automated alerts from any of the Fraud assets
• Products & services
– Reports fraud risks from new products and services that have failed fraud checklist or baseline
• Compliance
– Reports non compliance that create fraud risks
• Threats
– Subscription based fraud alert services from the authorities that alert on new fraud threats to
the organisation
– Provides guidance on how to improve fraud prevent, detection and mitigation mechanisms
• Policies
– Reports policy and procedure violations from Fraud assets
• Asset register
– Reports on the number of assets per business unit
– Indicates which of the assets have risks associated with them
• Risk register
– List all the risks associated with the organisation and includes the relevant assets
14. Inside the Fraud management tool
Fraud Asset A register of Asset &
register their Fraud impact
Host based adaptors Retrieve information and
FMA
for servers send to the dashboard
Creation of a fraud All violations of the
Fraud baseline
FMA baseline for the estate baseline are reported
(Fraud management adaptors) Fraud management tool
Fraud detection Setting to determine the level of
Fraud Fraud detection engine detection to be reported
baseline engine
Fraud monitoring All detections and alerts are
dashboard placed on the dashboard
Fraud monitoring dashboard
Reports on all activities within
Fraud reporting
Fraud Fraud the Fraud framework.
reporting investigation
Fraud Fraud investigators will be able to take on
investigation records for investigation and close off if needed.
The tool is designed to set a fraud baseline across your estate ensuring loop holes are covered off.
It also allows for adaptors to be installed in order to retrieve breach or non compliance alerts .
All features are captured on the dashboard in real time and alerts sent out to the fraud team.
17. Representation of all the business units in an
organisation with each Head of Department and
Fraud point of contact
Assets
Fraud estate overview with no. of Fraud
18. Implementation project
Gap analysis Project design Implementation Roll out
Stage 1
Stage 2
Stage 3
Stage 4
• Assess your current • Designing your • Once the HLD is Taking stage 3
estate & your requirements based designed and signed
objectives on the result of off, we initiate the
and
• Release of your BRS stage1 implementation and methodically
• Scope definition • Release of the HLD across a portion of rolling out the
to be signed off your estate
solution to the
• We confirm that all
the adaptors can rest of your
trigger alerts. estate.
The implementation project takes 6 months and 3 Man resources. The number of resources
may vary due to the scope of the project.
The costs associated include:
-Software licence
- incident management licence
-Support and maintenance
The solution is designed to be a cost effective means to curtailing fraud within your estate.