NABARD Fraud Risk Management Policy PDF 2024-2025
Document Details
Uploaded by Deleted User
null
2024
null
null
Tags
Summary
This document is a fraud risk management policy for the National Bank for Agriculture and Rural Development. The policy has been revised to align with extant regulatory guidelines. It includes considerations for risk management practices and emphasizes early detection of fraud.
Full Transcript
Internal Ref. No. NB. RMD/ 106 /RMD- 68 /2024-25 06 June 2024 0...
Internal Ref. No. NB. RMD/ 106 /RMD- 68 /2024-25 06 June 2024 0 80 48 34 N :3 : Circular UI No. 112/RMD-16 /2024 UIN 1. The Chief General Manager/ General Manager/ Officer-in-Charge National Bank for Agriculture and Rural Development All Head Office Depts. and Regional Offices 80 : 34 2. The Principal/ Director/ Joint Director UIN National Bank for Agriculture and Rural Development All Training Establishments Madam/Dear Sir h :S Fraud Risk Management Policy y 0 0 e db 48 48 ad :3 :3 lo Please UI N refer to RMD Circular No. 83/RMD-05/2023 dated 10 May 2023 on the captioned UI N wn Do subject. In this connection, we advise that the Board of Directors in its 257 th Meeting held Y. NL on 24 May 2024, has approved revisions in the ‘Fraud Risk Management Policy’. USE O L NA 2. The Policy has been revised by making necessary amendments to align Ethe R Policy with INT the extant regulatory guidelines. 0 4 48 :4 :3 3:32 3. The major revisions in the Policy are U as follows: I N 2 42 9/20 i. Modification in early detection of fraud, prompt 8/0 0 reporting, timely initiation of staff 1 on accountability proceedings in the Fraud 8.1 Risk Management Framework; 5 8.1 ii. Role of Auditor/Internal Inspector 2.1 in Early Detection and reporting of frauds; 6 : 19 iii. Modification in the clause mon IP penal measures for fraudulent borrowers; f ro iv. Modification in the composition ali d of the Fraud Monitoring Committee (FMC); 48 0 Kh 48 0 : 3v. Mention of threshold o h d limits for reporting under CRILC and Red Flagged Accounts :3 UIN (RFA)/Frauds; ri M UI N : Sh vi. by Process ed to be followed for closure of fraud cases has been spelt out. ad nlo 4. A copy Do of the revised Fraud Risk Management Policy is enclosed for your kind reference. w Y. L E ON5. This Policy shall be effective from the date of this Circular. S 80 LU : 34 A E RN UIN INT Yours sincerely Sd/- R Inigo Arul Selvan General Manager 0 80 Encl.:: 3As 48 above : 34 UIN UIN राष्ट्रीय कृवि और ग्रामीण विकास बैंक National Bank for Agriculture and Rural Development जोखिम प्रबंधन विभाग प्लॉट क्र सी-24, 'जी' ब्लॉक, बांद्रा-कुर्ाा कॉम्प्प्लेक्स, बांद्रा (पूिा), मुंबई - 400 051. टे र्ी: +91 22 6812 0020 ई मेर्: [email protected] Risk Management Department Plot No. C-24, 'G' Block, Bandra-Kurla Complex, Bandra (E), Mumbai - 400 051 Tel.: +91 22 6812 0020 E-mail: [email protected] गााँि बढ़े >> तो दे श बढ़े www.nabard.org Taking Rural India >> Forward Internal 80 80 : 34 : 34 UIN UIN Fraud Risk Management Policy Version 4.0 80 : 34 UIN h y :S 80 80 e db : 34 : 34 load UIN UIN wn Do. NLY NABARD SEO A LU ERN (As approved in the Meeting of 257th INT the Board of Directors 48 0 held on 24 May 2024) :44 :3 3:3 2 UIN 24 2 /20 8/09 on0.151.18 68 9 2.1 IP:1 rom lidf 8 0 Kha 80 : 34 hd : 34 UIN Mo UIN ri : Sh by ed load RISK MANGEMENT DEPARTMENT wn Do HEAD OFFICE, NABARD. N LY EO 0 L US 3 48 NA UI N: ER INT 80 80 : 34 : 34 UIN UIN 1|Page For Internal Circulation Only Internal Main Document Document Title Fraud Risk Management Policy 0 80 48 34 Drafted : 3by Risk Management Department : IN U UIN Date 06 June 2024 Document Classification Internal Document No. 4.0 80 : 34 UIN Version History Version No. FY Changes/Comments Changed by 1.0 2016-17 NA Risk Management Department 2.0 2019-20 Overall review Risk Management Department h 3.0 2022-23 Overall review Risk Management Department y :S 0 0 db 48 a 48 de N :3 4.0 2024-25 Overall review :3 Risk Management Department nlo UI UIN o w D. Version Approval NLY SEO LU Date of NA Version No. Changes/Comments T ERApproved by approval IN 0 1.0 23.01.2017 Overall review 48 :44 Board :3 3:3 2 Overall UIN review – Segregation 42 of 2.0 24.01.2020 / 2 02 Board Operational Guidelines 08 /09 n 3.0 28.03.2023 Overall review 51o Board 8.1 8.1 4.0 24.05.2024.16 Overall review Board 92 1 IP: m d fro hali References 80 dK 80 : 34 h : 34 UIN Mo UIN ri Sl. Sh Reference by : Reference No. No. ed load RBIownMaster Directions on Frauds – D DBS.CO.CFMC.DC.No.1/23.04.001/2016-17 1 Y.Classification and Reporting by L N Commercial banks and select FIs dated 01.07.2016 (updated as on 03.07.2017) EO 0 L US 3 48 NA DFS, GoI – Framework for Utimely, I N: ER INT 2 detection, reporting, investigation, etc. F No.4/5/2014-Vig dated 06.11.2019 relating to large value bank frauds CVC, GoI – Procedure for seeking Commission advise in cases where CBI has 3 Office Order No.04/01/22 dated 21.01.2022 recommended sanction for prosecution – regarding 0 0 8 8 : 34 : 34 UIN UIN 2|Page For Internal Circulation Only Internal Index Para No. Content Page No. 80 80 : 341 Introduction 4 : 34 UIN UIN 2 Scope 4 3 Objectives 4 4 Definition of Fraud 5 0 48 5 Classification of Frauds N : 3 5 UI 6 Fraud Risk Management Framework 11 7 Governance Structure 15 8 Reporting 17 9 Closure of Fraud Cases - RBI Regulations 18 h :S 10 Provisioning for frauds 18 db y 80 80 ad e : 34 34 lo UIN 11 Write off in case of fraud cases 19UIN : wn Do 12 Record Retention 19. NLY O 13 Regular Communication Channels SE A L U19 ERN 14 Operational Guidelines for FRM Policy INT 19 4 80 :44 :3 3:3 2 UIN 24 2 /20 8/09 on0.151.18 68 9 2.1 IP:1 rom lidf 8 0 Kha 80 : 34 hd : 34 UIN Mo UIN ri : Sh by ed load wn Do. N LY S EO 0 LU 348 NA UI N: ER INT 80 80 : 34 : 34 UIN UIN 3|Page For Internal Circulation Only Internal 1. Introduction The "Fraud 80 Risk Management Policy" in NABARD aims to facilitate the development of a 8set 0 34 34 of INorganisational principles, framework, systems and controls which shall aid INin: the : U U deterrence, detection and prevention of frauds against the Bank, in the context of three fundamental elements: i. To create and maintain a culture of honesty and high ethics, including the understanding and awareness of risks and controls; 0 48 ii. To identify and assess the risks of fraud N : 3 and implement the processes, procedures and UI controls needed to mitigate the risks and reduce the chances for fraud; and iii. To develop an appropriate oversight process. It is the intent of the Bank to promote consistent ethical organisational behaviour by providing guidelines and assigning responsibility for the development of controls and conduct of investigations. :S h y 0 80 e db 48 34 ad :3 : lo 2.UScope I N UIN wn Do. This Policy shall apply to any fraud, or suspected fraud, involving employees, membersNof LYthe O Board of Directors, consultants, vendors, borrowers, contractors, partners, agencies SE doing A LU business with NABARD, including employees of such agencies, and/ or any other ER N parties with INT a business relationship with NABARD. 80 4 : 34 : 3 2:4 UIN 23 The Fraud Risk Management Policy has been framed in line/20with 24 the extant guidelines issued /09 by the Ministry of Finance (Department of Financial Services), n 08 GoI and RBI 1 o Guidelines/Master Directions on Frauds. 8.1 5 6 8.1 2.1 : 19 This Policy will have to be applied inmconjunction IP with the following documents: f ro i. NABARD Staff Rules, 1982; ali d 4 80 Kh 48 0 ii. Relevant :3 Policy Circulars o h d regarding Staff Accountability, issued from time to time by : 3 the UI N M UI N Bank; ri : Sh iii. CVC Manual/ by d ed Guidelines issued from time to time; loa o wn D 3. Objectives Y. L ON SE The Policy gives due consideration to all 80 relevant factors and is not limited to the L U : 34 A ER N organisational structure, products offered, UIN technology used, services provided, etc., as fraud INT can also be perpetrated through collusion involving more than one individual. The Policy, therefore, provides a holistic approach to identify, measure, control, monitor and report fraud risk and lays down appropriate risk management policies and procedures across the organisation. The “Fraud48 0 Risk Management Policy” provides a system for detection and prevention of fraud, 48 0 :3 :3 reporting UI N of any fraud that is detected or suspected and fair dealing of matters pertaining UI N to fraud. The policy shall ensure and provide for the following: 4|Page For Internal Circulation Only Internal i. To ensure that the Top Management of the Bank provides focus on the “Fraud Prevention and Management Functions” to enable, among others, effective investigation of fraud cases and prompt as well as accurate reporting to appropriate 80 48 0 : 3 regulatory and law enforcement authorities including the Reserve Bank of India; 4 N N :3 UI UI ii. To provide a clear guidance to employees and others dealing with NABARD and forbidding them from involvement in any fraudulent activity; iii. To facilitate continued development of controls which will aid in prevention and detection of fraud and minimise Bank’s exposure to fraud. 0 iv. To provide assurance that the Fraud 48 N : 3 Risk Management Framework in the Bank is UI effective in prevention, early detection, prompt reporting, investigation and follow up action in respect of frauds. 4. Definition of Fraud A fraud is defined as “A false representation of a matter of fact- whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been Sh y: disclosed 80 – that deceives and is intended to deceive another so that the individual will act upon 80 ed b 34 34 ad it to her or his legal injury”. : : wn l o UIN UIN Do In terms of para 9.1 of the Report of the Study Group on Large Value Bank Frauds set up Y. by NL the Reserve Bank of India in 1997, “Fraud” has been defined as under; SE O U AL “A deliberate act of omission or commission by any person, carried out of a inRthe course N IN TE banking transaction or in the books of accounts maintained manually or under computer 80 :44 system in banks, resulting into wrongful: 34gain to any person3:for 32 a temporary period or UIN 2 otherwise, with or without any monetary loss to the Bank”./2024 /09 n 08 Fraud, in relation to the affairs of the Bank, includes 1 o any act, omission, concealment of any 8.15 fact or abuse of position committed by any person 68.1 or any other person with the connivance in 2.1 any manner, with intent to deceive, to gain 1 undue advantage from, or to injure the interests of 9 IP: the Bank or its shareholders or itsfrcreditors o m or any other person, whether or not there is any a lid wrongful 48 gain or wrongful loss; 0 Kh 48 0 :3 o hd :3 UI a. “wrongful gain” N ri means the gain by unlawful means of property to which the M UI person N Sh gaining isbnoty : legally entitled; ed b. “wrongful loa d loss” means the loss by unlawful means of property to which the person wn Dlosing is legally entitled. o L Y. ON U SE For the purpose of definition, a fraud shall48also 0 include submission of any return, report, L : 3 N A I N ER certificate, financial statement, prospectus, U statement or other document – INT a. which is false in any material particulars, knowing it to be false; or b. which omits any material fact, knowing it to be material. 5. Classification of Frauds Frauds shall be classified as under, as per RBI guidelines and provisions of Indian Penal Code, 0 0 in order48 48 : 3 to have uniformity in reporting fraud: :3 UIN UIN a. Misappropriation and Criminal breach of trust; 5|Page For Internal Circulation Only Internal b. Fraudulent encashment through forged instruments, manipulation of books of accounts or through fictitious accounts and conversion of property; c. Unauthorised credit facilities extended for reward or for illegal gratification. 0 0 d. Cash 48 shortages; 48 N :3 N :3 I UI e.U Cheating and forgery; f. Fraudulent transactions involving foreign exchange; and g. Any other type of fraud not coming under the specific head as above. Frauds can be broadly classified into internal80and external frauds, which form an important 34 :all element of operational risk and cut across UIN risk categories. Further, frauds can be classified as Borrowal and Non-Borrowal frauds. 5.1 Internal Fraud Internal fraud occurs when a member of staff dishonestly makes false representation, or wrongfully fails to disclose information, or abuses a position of trust for personal gain, or Sh causes loss to others. Internal fraud includes acts intended to defraud, misappropriate b y: 80 80 ed property : 34 or circumvent regulations, the Bank's policies and can range from compromising : 34 l o ad UIN UIN wn payroll data to inflating expenses to straightforward theft. Internal fraud refers to intentional Do. conduct of unauthorised activity causing loss (financial, operational or reputational) NtoLYthe O Bank performed either fully or in collusion with a staff of the Bank. SE LU A ERN INT Internal frauds may occur in the following areas: 0 348 2:44 5.1.1 Expenses N: 3:3 UI 24 2 0 9/2 This covers all processes related to administrative and 0establishment expenditure which may 8/0 o n be incurred on purchase of fixed assets, consumables, 51 maintenance of property, expenses in 1 8.1 respect of employee benefits, salaries, etc.,.where16 8. approved systems and procedures, policies 92 and guidelines of internal controls/ CVC IP: instructions/ statutory instructions have not been 1 m followed, leading to misutilisation id fof the resources of the Bank. r o l 80 Kha 80 : 34 hd : 34 UIN Mo 5.1.2 Staff Matters,hrInventory i & Record Keeping UIN :S by i. Forgery oredalteration of any document belonging to the Bank/ kept in the custody of the a d Bankwnforl collateral/ security purposes; o Do ii..Quantitative details of fixed assets, if not maintained properly providing scope for N LY E O pilferage of movable assets from the office0 premises and staff quarters; US 48 N A L iii. Misleading, material alteration, forgingI N : 3 of and removal of records or documents in order ER U to conceal the fact that the assets are missing/ stolen. INT iv. Falsifying records such as payrolls, removing documents from files and/or replacing the same with fraudulent notes, etc.; v. Physical verification of fixed assets not undertaken periodically; vi. Loss of assets during incidents of disaster (flood, fire, etc.) or during shifting of premises, during which the Bank's assets may be deliberately stolen/ removed; 4 80 48 0 vii. NWilful :3 suppression of facts/ deception in matters of appointment, placements, misuse N : 3 of UI UI power/official position for pecuniary gains or any other gains for self or for family, etc.; 6|Page For Internal Circulation Only Internal viii. Destruction, disposition, removal of records or any other assets of the Bank with an ulterior motive to manipulate and misrepresent facts so as to create suspicion/ suppression/ cheating as a result of which objective assessment/ decision could not be 0 0 48 arrived at. 48 :3 :3 UIN UIN 5.1.3 Cash and Bank Balances Misutilisation and misappropriation of the Bank's funds, unauthorized/ fraudulent withdrawals of the Bank's funds, unauthorised remittances/ payment to parties within/ 0 48 outside the Bank, double remittance of funds N : 3 for personal consideration, forgery or alteration UI of cheque, bank draft or any other financial instrument, transferring the financial assets/ funds of the Bank to accounts other than those intended/ eligible, etc. 5.1.4 Investments Investment of the Bank's funds in FDRs, CDs, CPs, Venture Capital Funds, other financial investments, by granting undue favours to brokers/ agents, by wilfully ignoring the factual Sh b y: position 34 80while making investment decisions including wilfully concealing information from 34 80 ad ed : : l o other UIN decision making authorities, with a view to personal consideration and by ignoring UIN theDown Bank's interest, etc. LY. N SEO LU 5.1.5 Sanction and Disbursement of Loans and Advances RN A E INT Not adhering to approved policies and delegation of powers while sanctioning loans and 80 4 advances, including sanctioning loans and : 34 advances to ineligible staff : 3 2:4 members/ third parties, 3 UIN 42 for ineligible purposes, favouring staff members with personal / 2 02 considerations, accepting / 0 9 forged documents, not obtaining the required documents/securities08 intentionally, or 1 on removing the documents from proper custody, allowing 8.1 5 staff members/ third parties to breach 8.1 the terms and conditions of sanction, etc. 92.1 6 1 IP: rom 5.1.6 Subsidy and Grants alid f 48 0 Kh 48 0 :3 Sanction and release of o hd subsidy and grants to ineligible parties, wilfully overlooking : 3 and UI N M UI N ignoring the terms: Sand hri condition of sanction with a view to gain personal consideration, by aiding, abetting d ed and colluding with corrupt officials/ agents, while recommending subsidy, loa concealing o wn facts with intention of personal consideration and allowing clients to misuse the D Bank's LY. money. N S EO 0 LU 348 NA 5.1.7 Book Keeping and Accounting UI N: ER INT Intentional misapplication of accounting principles relating to wrong calculation of outstanding principal and interest, application of lower rate of interest for personal consideration, intentional non-reconciliation of Bank Statements for a long period of time, material alterations in the Bank's records, wilful wrong accounting entries in authorized computer applications, leading to financial loss to the Bank, or undue gain to staff members or both. 34 80 34 80 : : UIN UIN 7|Page For Internal Circulation Only Internal 5.2 External Fraud External fraud is the risk of unexpected financial, material or reputational loss as the result of fraudulent 0 action of persons external to the Bank and includes losses due to acts of a type 0 3 48 48 intended N : to defraud, misappropriate property or circumvent the law, by a third party. :3 External N UI UI fraud refers to intentional conduct of unauthorised activity causing loss (financial, operational or reputational) to the Bank performed by outsiders with or without collusion of staff in the Bank. 0 48 :3 External frauds may occur in the following UI N areas of functioning: 5.2.1 Expenses Wilful suppression of facts/ deception in matters of submission of reports/ tender documents, as a result of which wrongful gain/s are made to one and wrongful losses are caused to Bank/ others, intentional/ wilful submission of false/ inflated/ spurious claims, bills, documents, misuse of power/ official positions for pecuniary gains or any other gains for self or for family, Sh b y: etc., by4external 80 parties such as suppliers, vendors, contractors, consultants/ consulting firms, 80 ad ed : 3 : 34 l o third n UIN parties, etc., procurement and supply of substandard goods and materials, wilful UIN non-Dow completion of supply contracts leading to material/ financial loss to the Bank, etc., offering Y. O NL bribes/ kickbacks to internal staff with a view to securing business from the Bank, SE and LU colluding with Bank staff for undue consideration. RN A E INT 0 5.2.2 Movable/ Immovable Assets 348 2:44 N: 3:3 UI 42 02 Removal/ pilferage of the Bank's assets, from the Bank's premises. 9/2 /0 n 08 1o 5.2.3 Fraudulent Withdrawals.15 8.18.16 2 Presenting cheques/ financial instruments 19 to the Bank after making material changes therein, IP: submission of counterfeit instruments, rom fraudulent withdrawals from current account of the l i df bank, making 80 unlawful online ha withdrawals, indulging in cyber-attacks/ crimes leading80to : 34 h dK 34 financial UIN loss to the Bank.M o U I N: hri y :S db 5.2.4 Loans de loa and Advances wn Do Submitting. false information/ documents/ statements/ returns for seeking financial N LY E Oassistance from the Bank, offering bribes/ kickbacks 0 to the Bank's employees/ agents to seek US 48 NA L undue financial assistance, non-adherence : to the terms and conditions of sanction, indulging 3 ER UIN IN T in intentional/ wilful default, sale of assets acquired through Bank's loan without permission of Bank/ before repayment of full & final loan amount, etc., misutilisation of loan/ grant amount and all other activities constituting breach of trust etc. 5.2.5 Subsidy and Grants Submission48 0 of fake progress reports/ forged documents/ false information with deceptive and 48 0 :3 :3 fraudulent UI N intention to avail subsidy and grant, breach of trust, furnishing misleading UI N information, misuse of the Bank's funds, etc. 8|Page For Internal Circulation Only Internal 5.3 Cyber Fraud The digital evolution has, while increasing the availability of electronic resources, also exposed organisations 80 increasingly, to cyber fraud risks. Cyber frauds involve the use of information 0 34 48 N : technology to gain an illegal or an unauthorised access to a computer system with the N :3 intent UI UI of damaging, deleting or altering computer data. Cyber-crimes also include activities such as electronic frauds, misuse of devices, identity and data theft as well as system interference. In general, cyber fraud contains the same basic definition of traditional fraud, while employing qualifiers that adapt its use for electronic resources. 80 4 N :3 With the advancements in informationUItechnology, the Bank shall follow enterprise-wide IT solutions such as Human Resources Management System (HRMS), Centralised Loan Management & Accounting System (CLMAS), and Enterprise Content Management (ECM) System, etc. The Bank shall implement a comprehensive framework on fraud governance for tackling electronic channel based frauds. h 5.3.1 Illustrative List of Cyber Frauds y :S 80 80 e db : 34 : 34 load UIN UIN wn Hacking: Act of gaining unauthorized access to a computer system or network. Do. N LY EO Trojan Horse: Virus hidden in a file or a program. LU S A ERN INT Phishing: A form of online identity theft that0uses spoofed e-mails designed to lure recipients 3 48 2 :44 to fraudulent websites which attempt to Itrick N: them into divulging 23 :3personal financial data. U 4 /202 /09 Vishing: Attacks in which bank customers are contacted 08 by e-mail or phone and told that 1 on 5 their checking accounts have been compromised..18. 1 Instead of referring to a website you are 68 given a toll-free number to call. 19 2. 1 IP: m fro Spyware: A type of malwarehthat ali d is installed on computers and collects information about 4 80 d K 48 0 users N : 3without their knowledge. o h N :3 I U M I U Shri y: db Key Logger: de n loa The practice of tracking (or logging) the keys struck on a keyboard, typically in w a covertDomanner so that the person using the keyboard is unaware that their actions are being. LY monitored. E ON 0 L US 348 NA UI N: ER INT Denial of Service: Targeted effort to disrupt a legitimate user of a service from having access to the service. Spam: Distribution of bulk e-mail that offers recipients deals on products or services. The purpose of spam mail is to make customers think they are going to receive the real product or service4at 80 a reduced price. 48 0 :3 :3 UIN UIN Malicious Programmes/ Viruses: Intended to cause electronic resources to function abnormally and may impact legitimate users access to computer resources. 9|Page For Internal Circulation Only Internal 5.3.2 Some common Risk Mitigation Measures to manage Cyber Frauds1 80 80 :3 4 Firewalls: protect a user from unauthorized access attacks while on a network. : 34 UIN UIN Password: for authentication and authorized access to computer assets. Safe Surfing: avoid downloading from unknown sites and opening e-mails from unknown 0 sources. 48 :3 UIN Virus Checks: with updated anti-virus software frequently. E-mail Filters: for deleting suspicious mails to reduce risk. 5.4 Attempted Fraud h y :S In terms db 48 of RBI's "Master Directions on Frauds - Classification and Reporting", a report 48on 0 0 de :3 :3 n loa individual UI N cases of attempted fraud involving an amount of Rs. 1 Crore and aboveUshall I N beDow placed before the Audit Committee of the Board. The report should cover the following: LY. ON i. The modus operandi of the attempted fraud; SE L U ii. How the attempt did not materialize into fraud or how the attempt failed/ R NA was foiled; TE iii. The measures taken by the bank to strengthen the existing systemsINand controls; 0 iv. New systems and controls put in place :44 was attempted. : 3 in the area where fraud 48 32 : UIN 4 23 /202 The Bank shall conduct a consolidated review of such /09 cases detected during the year n 08 containing information such as area of operations 1o where such attempts were made, 8.15. 1 effectiveness of new processes and procedures.16 put in place during the year, trend of such cases 8 1 92 during the last three years, need for further IP: change in processes and procedures, if any, etc., o m as on March 31 every year and shalllid f put up to the ACB within three months of the end of the r 0 ha 0 relative :3 4 year. 8 hd K :3 48 UIN Mo UIN ri : Sh 5.5 Suspectedd Fraud by and Actual Fraud de loa wn A suspected D o fraud is a doubt/suspicion about a transaction. This could be triggered by a client Y. complaint or by perusal of transaction by a staff or any unusual behavior of a client or staff. ON L SE Suspected fraud has to be investigated to check 80 whether it is an actual fraud. An actual fraud L U : 34 A ER N UIN guidelines. Once fraud is suspected or detected in is defined in main section 4 of this policy INT any loan/ subsidy/ grant account, due investigation procedure shall be initiated by the concerned HOD/ RO in coordination with Inspection Department. Further disbursements to the concerned agency may/shall be stopped immediately, and discontinued until it is proved that fraud has not taken place. 80 80 : 34 : 34 UIN UIN 1 The Cyber Security Policy of DIT would provide further information on the Risk Mitigation Measures to manage Cyber Frauds thus acting as the second line of defense. 10 | P a g e For Internal Circulation Only Internal 6. Fraud Risk Management Framework The Bank’s Fraud Risk Management Framework consists of prevention, early detection of frauds, 0 0 48prompt reporting to RBI and investigating agencies, initiating corrective actions 48to N :3 N :3 avoid UI recurrence of frauds and timely initiation of staff accountability proceedings.UThe I key fraud prevention measures adopted by the Bank are: 6.1 Preventive action 80 34 your employee/ vendor procedures 6.1.1 Know Your Client (KYC) and know N: UI A strong KYC process is the backbone of any fraud prevention activity, which helps in preventing unscrupulous elements from gaining entry into the Bank’s environment. Similarly, appropriate due diligence before recruitment of employees and engagement of vendors is essential to prevent known fraudsters or people with fraudulent motives to have access to Bank’s resources. The Bank must implement strong procedures to carry out due diligence of potential clients, employees and vendors before they are recruited/ enrolled. A negative list of Sh b y: known 80 80 ed : 34 fraudsters/negative elements shall be maintained and reviewed continuously : 34 by l o ad UIN Inspection Department. UIN wn Do. NLY 6.1.2 Maker & Checker Concept SEO ALU RN TE The Bank shall follow a system of maker and checker for any decision IN making involving 0 4 significant implications including, completion : 3 of any financial transaction 48 32 :4 in the Bank. : UIN 4 23 /2 02 6.1.3 Audit Systems 8/09 on0 The Bank shall follow a system of pre-audit, legal 51audit, credit audit on a regular basis, and. 1 8.1 also forensic audit (which shall be undertaken68 2.1 on a need to undertake basis). 19 IP: r om df 6.1.4 Use of Technology, Automation, and Digitalisation ali h 80 dK 80 34 h 34 TheIN :Bank shall use technology, Mo automation, and digitalization to drive efficientIN :fraud U r i U management practices. : Sh y db ade 6.1.5 Employee nlo Rotation ow D. The NL Bank shall follow a “Staff Rotation Policy” to ensure effective fraud risk management. Y O U SE 48 0 3 N AL N: ER UI INT 6.1.6 Fraud Prevention Mechanism The Bank shall put in place policies and operational guidelines for covering all aspects of its functioning. These policies and operational guidelines are to be reviewed periodically and updated on lines with extant GoI and regulatory policies and guidelines. The Bank shall have a robust system of internal audit to report breaches in systems/processes as well as robust HR management/IT 48 0 management systems in place. 48 0 :3 :3 The UI Bank shall ensure timely prevention of fraud by putting in place mechanisms to:- N UI N a. Familiarise each employee with the types of improprieties that might occur in their area; 11 | P a g e For Internal Circulation Only Internal b. Educate employees about fraud prevention and detection; c. Create a culture whereby employees are encouraged to report any fraud or suspected fraud 80 which comes to their knowledge, without any fear of victimization; 80 4 4 :3 :3 UINd. Promote employee awareness of ethical principles subscribed to by the Bank;UI N Due amendments shall be made in the general conditions of contracts, sanctions, loan/ subsidy/ grant agreements of the Bank, wherever required, wherein all bidders/ service providers/ vendors/ lenders/ borrowers/ consultants, etc., shall be required to certify that 0 they shall adhere to the Fraud Risk Management 48 Policy guidelines of NABARD and not N :3 UI indulge or allow anybody else working in their organisation to indulge in fraudulent activities and would immediately apprise the Bank of the fraud/ suspected fraud as soon as it comes to their notice. These conditions shall form part of documents both at the time of submission of bid/ loan/ subsidy/ grant application and agreement of execution of contract/ loan/ subsidy/ grant. h 6.1.7 Due Diligence y :S 0 0 e db 48 48 ad :3 Adequate procedures shall be followed by various Departments/ ROs for carrying out 3 : prior lo UIN