Banking and Financial Institutions Exposure

to Threats, Frauds and Risks

Page 2

Research Solutions, Inc.Dr. Mark D. Lurie,

CEO, Threat & Fraud Assessment

The Anti-Fraud Post-Fraud Operations (AFPFO©) Solution

Page 3

RSI, Global Threat Management Solutions

• RSI is comprised of a large, seasoned staff of exceptionally well-experienced professional analysts and professionals that maintain disciplines in designated areas that cover BFSI requirements, threats and frauds.

• RSI has the only staffing that is dedicated to deal directly with “mitigation” of threats, frauds and risks WHEN they happen.

• RSI’s GTMS group is not only experienced with domestic (United States) based operations, but has a 35+ year track record “internationally” with exceptional results.

• Main services:- Systems & Process Assurance- Governance, Risk & Compliance (GRC)- ITE (IT Effectiveness) & Security

RSI, Global Threat Management Solutions (GTMS)

• Main GTMS services:- Threat Analysis, Methodologies & Strategies- Fraud Analysis, Methodologies & Strategies- Risk Analysis, Methodologies & Strategies- Complete company/agency operations auditing and evaluation

procedures- Solutions for Prevention, Containment and Mitigation- AFPFO Formation and Implementation- Systems & Process Assurance- Governance, Risk & Compliance (GRC)- ITE (IT Effectiveness) & Security- Automated/Manual AFPFO & ATPTO Solutions

evaluations/Recommendations- Implementation, Training and Post-Operation Auditing

Page 4

Page 5

Dr. Mark D. Lurie – Background Summary

• Over 35+ years experience in global and local anti-fraud, post-fraud think tank, corporate strategy analysis/formation and operations/project development

• Ph.D., Business Administration, emphasis- finance, March 1978, Emphasis on International Banking and Finance

• M.A., Business Administration, emphasis- finance, Emphasis on International Banking and Finance

• Certified Fraud Examiner (CFE) with historical emphasis on AML, Fraud and Threats

• Certified Threat Analyst (CTA) with historical emphasis on Asset/Personnel Threats

• Certified High-Risk Examiner (CHRE) with major emphasis on compliance, mitigation programs, exposure levels and internal security operations

Research Solutions, Inc.

• Sampling of Historical and Current Projects/Clients

includes, but is not limited to:

Page 6

• BCCI• Enron• WorldCom• Crédit Agricole S.A.• Bank of America• DuPont• Credit Suisse• BASF• Syngenta AG (SYT) • Banco Bradesco

• BNP Paribas • Deutsche Bank AG• DBJ Nihon Seisaku

Tōshi Ginkō K.K. • Fujimi Mokei• Lilly Eli and

Company• Dow Chemical• General Dynamics• J.P. Morgan Chase

Sampling of Historical and Current Projects/Clients includes, but is not limited to (continued):

- General Electric- Rand Corporation- Think-Tank – R&D Coordinator for pre-9/11 – Post-Homeland Security

- State Department, FBI/PSTF and Regulatory Bureaus- Numerous International Private/Public Sector Operations- Systems and Procedures & Instruction for Anti-Fraud/Post Fraud Operations

Research Solutions, Inc.

Research Solutions, Inc.

UNITED NATIONS WORLD BANK

GROUP (UNWBG)

International Finance

Corporation (IFC)

International Bank for

Reconstruction and Development

(IBRD)

International Development Association

(IDA)

International Centre for

Settlement of Investment

Disputes (ICSID)

Multilateral Investment

Guarantee Agency (MIGA)

Page 8

Research Solutions, Inc.

Bank and Financial Institution

Frauds and Major Losses

BCCI

Enron

Arthur Anderson

Icelandic Central Bank

Glitnir Bank

PwC

Worldcom

Page 9

World Bank

What is the “World Bank”?

The World Bank consists of two distinct organizations:

• International Bank for Reconstruction and Development (IBRD)

• International Development Association (IDA).

Page 10

UNITED NATIONS WORLD BANK GROUP (UNWBG):

What is the UNWBG?

The United Nations World Bank Group (UNWBG) Member of the “United Nations Economic and Social Council” in conjunction with five (5) international organizations that define and enter into leveraged loans with disadvantaged / poor countries, which consist of the:

• International Bank for Reconstruction and Development (IBRD)

• International Development Association (IDA)

• International Finance Corporation (IFC)

• Multilateral Investment Guarantee Agency (MIGA)

• International Centre for Settlement of Investment Disputes (ICSID)

Page 11

Page 12

Economic Crimes – Sample Figures

• 45% of companies worldwide have fallen victim to economic crime

• In the past two years, the average financial damage to companies from tangible frauds was $1.7 million

• More than half of the perpetrators were employed by the defrauded company

• Most fraud (34%) is detected by chance

• *Taken from the Global Economic Crime Survey – 2005*, Conducted by PwC

Page 13

Examples of Financial Fraud

• BCCI ($216B+) – Shell corporations and banks; Rotation of funds; Circumvention of internal & external regulatory procedures; overloading (1984-1992)

• Enron ($106B+) – Parasite implants; “Mutating” internal standards and procedures; Mirroring (i.e. Looking Glass) operating procedures; Puffing books (2002-2006)

• WorldCom ($57B+) – Simultaneous contracting; Shell vendors; Transparent vendors; Vapor-Payables Piggy-backing (2002-2006)

Page 14

Examples of Financial Fraud (cont.)

• Arthur Anderson ($10.3M + Civil Litigation Re. Colonial Realty) – Over-selling; Puffing of books; “Slip and Slide” accounting and monitoring systems; Shell companies “fronts” (1990-1993)

Note: Just “one” case violation

• Colonial Realty ($350M+) – Shell companies; Simultaneous contracting; Rotation of funds; Bank processing echoes; “Musical chairs” regulatory and procedural enforcement operations (1990-1993)

Page 15

WHY ANTI-FRAUD/POST FRAUD METHODOLOGY RESEARCH AND POLICY FORMATION?

Why Anti-Fraud/Post Fraud Policy Research, Development And Implementation?

• Each year, the average company loses up to six percent* (6%) of its revenues to internal fraud, which is also commonly known as “employee theft”, “fidelity losses”, or “occupational fraud”.

• At a $50 million revenue company, even a 10% reduction in annual exposure to internal fraud is worth $300,000. As fraud prevention efforts continue year-to-year, the annual savings will likely compound

Pursuing a Realistic Anti-Fraud Policy will result in a cost savings that continues will-beyond the original investment for it.

*CSI/FBI Computer Crime & Security Surveys – FCPA Global Studies

Page 16

Companies and the Government Sector still “feel” that the greatest risks are from “EXTERNAL” sources and beef up

their “outer walls” for protection. Such examples are:

•Firewalls

•Virtual Private Networks (VPN)

•Tightened Physical Security

The “Maginal Line” Defense Policy

Page 17

In Businesses and the Government Sector, the Number One Source of

Computer Crimes is from Authorized and Trusted Employees

(InfraGard FBI 2006 Report; CSI/FBI 2005-6; and FCPA 2005-6 results)

Research Solutions, Inc.

Page 18

62-77%* of the economic losses incurred through “automated” (computer) crimes are the result of “INSIDE” “authorized” employees or contract personnel

The more knowledgeable and familiar the insider is of the system, the higher the risk

* IIA, ICA

Internal Computer Fraud (ICF)

Page 19

Developing and Maintaininga Successful Anti-Fraud Post-Fraud

Operation (AFPF0)

Research Solutions, Inc.

Page 20

Premise and Goals – 6 Key Points

• The total elimination of exposure (risk) is NOT possible in any operation. There is NO “bullet-proof” operation

• Security concerns and regulatory conformity (compliance) will always be ever-present risks

• The “key” is to reduce exposure to acceptable levels through consistent and valid controls within a clearly-defined AFPFO Policy

Page 21

• Systems and procedures to be defined by the “policies” for such processes and controls “requires” zero tolerance

• The business that is operationally sound through such consistently-implemented and monitored controls and processes will have a symbiotic relationship with “both” internal and external auditors

• Preventative Maintenance Programs (PMP) and Preventative Maintenance Systems/Procedures (PMSP) are the cornerstone to a successful Anti-Fraud Post-Fraud Operation

Premise and Goals – 6 Key Points (Cont.)

Page 22

Anti-Fraud Post-Fraud Operations (AFPFO)

RSI

Page 23

• A Clearly-defined Policy

• Automated Systems and Procedures

• Manual Systems and Procedures Design and Implementation

• Internal Auditing

• External Auditing

• Disaster Planning and “Recovery”

• Preventative Maintenance Systems

• Training, Education and Instruction

• Policy Challenge/Proofing

Key Components Of An AFPFO

Page 24

• Define (define the plan, the scope and the formal policy)

• Design (build a structured AFPFO)

• Challenge (analyze and validate the AFPFO internal structure)

• Approve (Critical management review and proofing)

• Implement (launch the AFPFO)

• Audit (monitor and validate effectiveness and efficiency)

• Append (fine-tune the AFPFO)

• Post-Maintenance Responsibilities and Follow-up

8 STEPS to a Successful AFPFO

Page 25

Compliments to the AFPFO – Automated Tools

Benefits of Automated Tools:

• Compliance with greater speed and efficiency• Viewing “real-time” current exception and summary reports• Tracking potential liabilities and questionable history• Authentication Security Solutions• Authorization Monitoring• Live “real-time” audit trail• Data Protection over the WAN (target malicious users)

Automated Tools – A Major Compliment to a AFPFO

Page 26

Established Companies Offering Automated Tools, such as:

•Data Cleansing

•Data Integration

•Data Monitoring

•Data Auditing

HOWEVER….

An “Automated System” is NOT enough!

“HOWEVER, NO AUTOMATED SYSTEM WILL GUARANTEE

AGAINST A SUCCESSFUL FRAUD INTRUSION.”

Thinking that an “automated solution” is all that is needed is a “REACTIVE METHODOLOGY” which is both dangerous and a “guarantee” that there will be a MAJOR disaster “WHEN” the fraud takes place.

An automated system must work with an equally-balanced MANUAL system with “PROACTIVE” strategies in place so WHEN the fraud takes place, it can be MITIGATED quickly, efficiently and with the lowest loss possible.

Page 27

Copyright NoticeWarning

AFPFO and ATPTO written works are copyrighted by RSI, Dr. Mark D. Lurie and specific contributions are acknowledged appropriately

AFPFO ©1978 – 2015 RSI/MDL (all rights reserved)

ATPTO ©1978 – 2015 RSI/MDL (all rights reserved)

AFPFO™ and ATPTO™ are trademarks of RSI and Dr. Mark D. Lurie (all rights reserved)

“Fraud, Computer Fraud and Abuse Part-1” © 2015 RSI (all rights reserved) – A PowerPoint Presentation

All other works, including, but not limited to white papers, reports, analysis articles, general articles, PowerPoint presentations, streaming videos and the like (hereinafter referred to as “Intellectual Property”) are the sole and exclusive of Research Solutions, Inc. (hereinafter referred to as “RSI”), or any of its subsidiaries. Such Intellectual Property is protected under Copyright (as well as other Protective Acts Nationally and Internationally) with all rights reserved. Any unauthorized use of any of RSI’s (or any of it’s subsidiaries) Intellectual Property without the exclusive written permission by RSI will be considered unauthorized and illegally reproduced and/or used.

Such unauthorized reproduction and/or use shall be prosecuted to the fullest extent of the law with all legal remedies used, whether they be national or international, including the seeking of injunctive remedies, court costs, legal fees, expert witness fees, expenses and whatever the court(s) of law deem fit to award.

We do welcome the “proper and procedurally correct” use of our Intellectual Property ; however, the following procedures are “mandatory” for consideration by RSI to approve such use of “any” of RSI’s Intellectual Property, which is as follows: Any request for reproduction or use of any of RSI (or any of it’s subsidiaries) Intellectual Property must be made, in writing.

Such request(s) must include, but not be limited to:

The name of the Intellectual Property that is being requested to be used

The purpose of the use of the Intellectual Property

The manner in which the Intellectual Property is to be used

How the Intellectual Property is to be reproduced

For how long the Intellectual Property is be used

If the requesting party is planning to charge a fee or cost (please state the amount in United States Dollars) to other individuals, companies, institutions or agencies (nationally or internationally) for any RSI Intellectual Property of RSI, in part or whole, and if so, the amount to be charged, the frequency of such charges and over what period of time

Research Solutions, Inc. shall review the request and will respond, in writing to the terms, conditions, restrictions, provisions and charges/costs (if applicable) for the use of such proposed RSI Intellectual Property

If the requesting party, company or agency who made the submission for use of such RSI Intellectual Property is “approved”, such approval will be contingent upon the execution of a written Agreement, prepared by RSI, that will reflect the terms, conditions, provisions, restrictions and charges/costs (if applicable) which must be agreed upon and executed by the requesting party “prior” to ANY use, in ANY manner of the proposed Intellectual Property

If RSI declines the request, such declination shall be made in writing and submitted to the requesting company

If there are and costs/charges that will apply to the use of said Intellectual Property, such costs/charges shall be paid, in advance to RSI, or by whatever terms and conditions stated in the Agreement which is executed by all parties

Research Solutions, Inc.

51 Bedford Road Roundup Montana 59072

1-406-320-1036 / 1-406-323-2992 inquiries@rsi4u.org

Page 29