A Framework for Managing Crime and Fraud

Similar documents
OVERVIEW BROCHURE GRC. When you have to be right

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Cyber Risks in the Boardroom Conference

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Compliance is, in general, the compliance of requirements with appropriate resources.

INTELLIGENCE DRIVEN GRC FOR SECURITY

GRC SURVEY RESULT Please indicate your profession

Protecting your data. EY s approach to data privacy and information security

PROVIDING INVESTIGATIVE SOLUTIONS

Risk Advisory Academy Training Brochure

CYBER SOLUTIONS & THREAT INTELLIGENCE

2017 Ethics & Compliance Hotline & Incident Management Benchmark Report Webinar

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Canada Life Cyber Security Statement 2018

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Modern slavery and human trafficking statement 2017

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

Contact us What makes us different Dinesh Anand Our offices Forensic Bangalore Kolkata Cutting-edge technology to deliver more efficiently Services

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

CCISO Blueprint v1. EC-Council

Global Statement of Business Continuity

Turning Risk into Advantage

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Achieving effective risk management and continuous compliance with Deloitte and SAP

ISO 37001:2016 Anti-Bribery Management Systems - Benefits of Implementation and Certification

Building a BC/DR Control Library and Regulatory Response Program

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

THE TRUSTED NETWORK POWERING GLOBAL SUPPLY CHAINS AND THEIR COMMUNITIES APPROVED EDUCATION PROVIDER INFORMATION PACK

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Introduction to ISO/IEC 27001:2005

Information for entity management. April 2018

Security Director - VisionFund International

Business Continuity Management Standards A Side-by-Side Comparison

Physical security advisory services Securing your organisation s future

How to Conduct a Business Impact Analysis and Risk Assessment

Corporate Governance and Internal Control

Continuous protection to reduce risk and maintain production availability

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Business continuity management and cyber resiliency

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

ISO Certification. How we got there and why it s worth it! Worried that your compliance program isn t good enough?

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

POSITION DESCRIPTION

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

locuz.com SOC Services

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

CFE Exam Review Course

Article II - Standards Section V - Continuing Education Requirements

TSC Business Continuity & Disaster Recovery Session

Avanade s Approach to Client Data Protection

UNCONTROLLED IF PRINTED

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

STRATEGIC PLAN. USF Emergency Management

Position Title: IT Security Specialist

POSITION DESCRIPTION

Information Security Risk Strategies. By

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

GDPR: A QUICK OVERVIEW

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Cyber Security Incident Response Fighting Fire with Fire

Information Technology Branch Organization of Cyber Security Technical Standard

A new approach to Cyber Security

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

An Overview of ISO/IEC family of Information Security Management System Standards

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Table of Contents. Sample

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

AML/CTF Graduate Program

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

European Union Agency for Network and Information Security

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

A View From the Top. Mark Hughes BT Group Security Director

Cyber Espionage A proactive approach to cyber security

John Snare Chair Standards Australia Committee IT/12/4

ISO/IEC Information technology Security techniques Code of practice for information security controls

Cyber Security in Smart Commercial Buildings 2017 to 2021

Security and Privacy Governance Program Guidelines

Cyber Security Program

SEC Issues Updated Guidance on Cybersecurity Disclosure

Why you MUST protect your customer data

ADVISORY. Forensic services. Protecting your business from fraud, misconduct and non-compliance. kpmg.com/in

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Management Update: Information Security Risk Best Practices

CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

Department of Justice Policing and Victim Services BUSINESS PLAN

What is ISO/IEC 27001?

IBM Security Services Overview

It s Not If But When: How to Build Your Cyber Incident Response Plan

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Transcription:

A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations

Agenda Introduction Economic Crime Landscape Economic Crime Framework 2

Introduction About Zurich Zurich is one of the world s leading insurance groups, and one of the few to operate on a global basis. Our mission is to help our customers understand and protect themselves from risk. With about 60,000 employees serving customers in more than 170 countries, we aspire to become the best global insurer as measured by our shareholders, customers and employees. We help individuals, small- and medium-sized companies and global corporations around the world understand and protect themselves from risk by offering a wide range of insurance products, solutions and advisory services. 3

Introduction Group Security: Vision and Mission VISION Group Security is a trusted advisor of choice, viewed as business partner with security expertise, providing world- class service that can adapt at the speed of change. MISSION One Group Security acts as a business enabler, taking both preventive and reactive measures in order to secure Zurich s aspiration of becoming the best global insurer. We accept responsibility for the security and safety of Zurich employees, assets and activities, protecting them from internal and external threats. 4

Introduction Business Protection Model Governance Quality Security Threat Management Emergency Management Travel Security Employee Reputation Assets Personnel Protection People Toolbox Technology Event Security Business Customer Shareholder Security & Safety Governance People Networks Economic Crime Prevention & Detection Processes Processes Standards 5

Agenda Introduction Economic Crime Landscape Economic Crime Framework 6

Economic Crime Landscape Definitions Claims Fraud Exaggerated claims Fictitious claims Financial Crime Money Laundering/ Terrorist Financing Bribery/ Corruption Sanctions Economic Crime Internal/ employee crime and fraud External non-claims crime and fraud Theft 7

Economic Crime Landscape Impact of Economic Crime Hidden costs by far outweigh direct financial impact! Impact on customer including increased premiums Loss of confidence in organization Damage to reputation and brand Damage to stock value Possible loss of market share Closer regulatory focus and possible fines (Regulator) Cost of investigations and new internal controls Accountability of company senior executives and possible legal action against them Decline in staff morale Impaired business relations 8

Economic Crime Landscape Key players in the insurance industry 3 Selected fraud schemes 1 Intermediary External Party 1 Distribution crime Commission fraud Policy fraud Insurance Carrier Premium fraud Customer 2 Third Party Service Provider 2 Internal crime Claims fraud (committed by employee) Salvage Sales incentives Vendor 3 Identity crime Reinsurer Surrender fraud 9

Agenda Introduction Economic Crime Landscape Economic Crime Framework 10

Economic Crime Framework Mandate Economic Crime Prevention and Detection, prevent and detect criminal activities and security incidents to mitigate business damage from crime. Investigate fraud and security incidents. Fraud Triangle Opportunity Pressure Rationalization 11

Economic Crime Framework Overview Governance & Quality People & Networks Ethical policy ( Zurich Basics ) Anti-crime Policy ( Zurich Risk Policy ) Anti-crime guidelines ( Global Security Standards ) 7 Adherence monitoring Site visits Audit reviews Identify crime risk Crime detection Zurich anti-crime professionals 1 Internal support External support Peer organizations Communication/ training Processes & Standards Internal Control Framework 4 Process Benchmarking Data mining Reporting of economic crime statistics 5 Escalation of significant incidents Staff vetting 6 Investigations Continuous process Improve control environment Assess crime risk Response to incident Root cause analysis Investigation Toolbox & Technology Awareness training 2 Fraud Risk 3 Questionnaire Whistleblowing ( Zurich Ethics Line ) Reporting database Web conferences 12

Economic Crime Framework Improving the control environment Crime detection Identify crime risk Continuous process Assess crime risk Response to incident Investigation Improve control environment Root cause analysis 13

1 Economic Crime Framework Organizational set-up Global Business Solutions Group Security Expertise Center Group Security Governance and leadership Strategy, policy, framework, and methodology Driving execution Interfacing with other functions Objective setting CEO COO ACD Countries Execution of strategy Implement policy requirements Development support Collaboration across entities Subject matter expertise Country support ACD = Anti Crime Delegate 14

2 Economic Crime Framework Employee crime awareness training Global training (Zurich Basics) Ethics training Anti-crime module Close collaboration with Compliance Participation mandatory Execution of local training mandatory Crime awareness training Generic all employee training developed Minimal local adaptation necessary (language) Deployed via HR system (tracking of participation) Option to continue with own solutions 15

3 Economic Crime Framework Fraud Risk Questionnaire (1/2) Comprehensive coverage Modular approach Crime risk scenarios and anticrime controls Entity and/ or Business Area level Fully integrated into risk assessment processes Leveraging existing risk tools and methodologies 16

3 Economic Crime Framework Fraud Risk Questionnaire (2/2) External observations Management Request Continuous FRQ enhancement Execution facilitated through guidelines, training and individual consulting Continuous enhancement (external/ internal trends, management requests) Development of new modules Refinement of existing modules Internal analysis 17

4 Economic Crime Framework Internal Control Framework Goal: Strengthen the internal control environment Consistent view of crime risks and associated controls Set of minimum controls to address crime and fraud - Governance, roles and responsibilities - Risk assessment and response - Collection and reporting of incidents - Investigations Mandatory for all Business Units Process owner: Member of local executive management Quarterly sign-off evidences adherence 18

5 Economic Crime Framework Reporting Economic Crime Report Statistics of all incidents Goal: Transparency of economic crime and crime attempts Database: Local data entry central analysis to identify trends Number of cases, potential loss, actual loss Report shared with governance functions and external auditor Key findings shared with the members of anticrime network Escalation of single economic crime incidents USD 50k Business Group Security Group Legal Board Escalation criteria Potential financial impact above USD 250,000 Potential reputational exposure for the Group A CEO or a direct report to a CEO Employee in a control function/ fraud role Alleged/ actual accounting or financial statement improprieties (regardless of amount) Systemic occurrence of particular fraud incidents 19

6 Economic Crime Framework Pre-employment screening Key component of effective anti-crime governance framework Obvious benefits - best hiring decision - safe working environment - avoiding cost of bad hiring decision Investigations of incidents revealed perpetrators had criminal records Various practices across the organization; impacted by local laws and regulations 20

7 Economic Crime Framework Monitoring adherence Self assessments Review of work products - operational risk assessments - economic crime statistics - investigation reports Visits to selected countries Policy adherence review Regular sign-off of Internal Control Framework Internal audit reviews 21

Economic Crime Framework Wrap-up Governance & Quality People & Networks Ethical policy ( Zurich Basics ) Anti-crime Policy ( Zurich Risk Policy ) Anti-crime guidelines ( Global Security Standards ) Adherence monitoring Site visits Audit reviews Identify crime risk Crime detection Zurich anti-crime professionals Internal support External support Peer organizations Communication/ training Processes & Standards Internal Control Framework Process Benchmarking Data mining Reporting of economic crime statistics Escalation of significant incidents Staff vetting Investigations Continuous process Improve control environment Assess crime risk Response to incident Root cause analysis Investigation Toolbox & Technology Awareness training Fraud Risk Questionnaire Whistleblowing ( Zurich Ethics Line ) Reporting database Web conferences 22

Economic Crime Framework Added value Economic Crime Prevention and Detection, prevent and detect criminal activities and security incidents to mitigate business damage from crime. Investigate fraud and security incidents. Business added value Reduced cash outflows Recovery of damages No bad press hurting reputation Fraud Triangle Opportunity Increased confidence of investment community Lesser attention by regulators Reduced likelihood of fines Deterrence of crime attempts Positive staff morale Pressure Rationalization 23

Questions

Thank you! Contact details torsten.wolf@zurich.com +41 44 625 26 53

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback