OCC outlines fraud risk management principles
On July 24, the OCC issued Bulletin 2019-37 to provide fraud risk management principles for all OCC-supervised institutions. The Bulletin supplements previously issued notices addressing corporate and risk governance, and focuses on fraud risk, operational risk, and the need for strong governance and sound risk management principles. According to the OCC, strong governance is vital to managing an institution’s exposure to fraud and must include a strong corporate culture that discourages imprudent risk-taking. However, the OCC noted that fraud risk management should be commensurate with the bank’s risk profile. The Bulletin highlights several preventative and detective controls, including (i) developing anti-fraud policies and procedures, such as ethics policies, codes of conduct, and identity theft programs; (ii) creating anti-fraud awareness campaigns; (iii) establishing fraud risk management training programs for employees and contractors and educating customers on preventative measures; (iv) implementing a system of controls intended to prevent employees and third parties from conducting fraudulent transactions, such as opening or closing of bank accounts; (v) conducting background investigations for new employees and periodic checks for existing employees and third parties; (vi) providing sound training and information security programs; and (vii) establishing processes for customer identification, customer due diligence, and beneficial ownership identification and verification. Additionally, the OCC stated that senior management should understand the institution’s exposure to fraud risk and associated losses.