11. Fraud Risk Managemnt Policy 6.6.24.pdf

Full Transcript

Internal

Ref. No. NB. RMD/ 106 /RMD- 68 /2024-25 06 June 2024
0 80
48 34
N :3 :
Circular
UI No. 112/RMD-16 /2024 UIN

1. The Chief General Manager/ General Manager/ Officer-in-Charge
National Bank for Agriculture and Rural Development
All Head Office Depts. and Regional Offices
80
: 34
2. The Principal/ Director/ Joint Director UIN
National Bank for Agriculture and Rural Development
All Training Establishments

Madam/Dear Sir

h
:S
Fraud Risk Management Policy y
0 0 e db
48 48 ad
:3 :3 lo
Please
UI N refer
to RMD Circular No. 83/RMD-05/2023 dated 10 May 2023 on the captioned
UI N wn
Do
subject. In this connection, we advise that the Board of Directors in its 257 th Meeting held
Y.
NL
on 24 May 2024, has approved revisions in the ‘Fraud Risk Management Policy’. USE O
L
NA
2. The Policy has been revised by making necessary amendments to align Ethe
R Policy with
INT
the extant regulatory guidelines. 0 4
48 :4
:3 3:32
3. The major revisions in the Policy are
U as follows:
I N
2 42
9/20
i. Modification in early detection of fraud, prompt 8/0
0 reporting, timely initiation of staff
1 on
accountability proceedings in the Fraud 8.1 Risk Management Framework;
5
8.1
ii. Role of Auditor/Internal Inspector 2.1 in Early Detection and reporting of frauds;
6
: 19
iii. Modification in the clause mon IP penal measures for fraudulent borrowers;
f ro
iv. Modification in the composition
ali
d of the Fraud Monitoring Committee (FMC);
48
0 Kh 48
0
: 3v. Mention of threshold
o h d limits for reporting under CRILC and Red Flagged Accounts :3
UIN (RFA)/Frauds; ri
M UI N
: Sh
vi. by
Process
ed to be followed for closure of fraud cases has been spelt out.
ad
nlo
4. A copy
Do of the revised Fraud Risk Management Policy is enclosed for your kind reference.
w
Y.
L
E ON5. This Policy shall be effective from the date of this Circular.
S 80
LU : 34
A
E RN UIN
INT Yours sincerely

Sd/-
R Inigo Arul Selvan
General Manager

0 80
Encl.:: 3As
48 above
: 34
UIN UIN
राष्ट्रीय कृवि और ग्रामीण विकास बैंक
National Bank for Agriculture and Rural Development
जोखिम प्रबंधन विभाग
प्लॉट क्र सी-24, 'जी' ब्लॉक, बांद्रा-कुर्ाा कॉम्प्प्लेक्स, बांद्रा (पूिा), मुंबई - 400 051. टे र्ी: +91 22 6812 0020 ई मेर्: [email protected]
Risk Management Department
Plot No. C-24, 'G' Block, Bandra-Kurla Complex, Bandra (E), Mumbai - 400 051 Tel.: +91 22 6812 0020 E-mail: [email protected]

गााँि बढ़े >> तो दे श बढ़े www.nabard.org Taking Rural India >> Forward
 Internal

80 80
: 34 : 34
UIN UIN
Fraud Risk Management Policy

Version 4.0
80
: 34
UIN

h
y :S
80 80 e db
: 34 : 34 load
UIN UIN wn
Do.
NLY
NABARD SEO
A LU
ERN
(As approved in the Meeting of 257th INT
the Board of Directors
48
0 held on 24 May 2024)
:44
:3 3:3
2
UIN 24
2
/20
8/09
on0.151.18
68
9 2.1
IP:1
rom
lidf
8 0 Kha 80
: 34 hd : 34
UIN Mo UIN
ri
: Sh
by
ed
load RISK MANGEMENT DEPARTMENT
wn
Do HEAD OFFICE, NABARD.
N LY
EO 0
L US 3 48
NA UI N:
ER
INT

80 80
: 34 : 34
UIN UIN

1|Page
For Internal Circulation Only
 Internal

Main Document

Document Title Fraud Risk Management Policy
0 80
48 34
Drafted : 3by Risk Management Department :
IN U UIN
Date 06 June 2024
Document Classification Internal
Document No. 4.0
80
: 34
UIN
Version History

Version No. FY Changes/Comments Changed by
1.0 2016-17 NA Risk Management Department
2.0 2019-20 Overall review Risk Management Department
h
3.0 2022-23 Overall review Risk Management Department y :S
0 0 db
48 a 48 de
N :3
4.0 2024-25 Overall review :3
Risk Management Department nlo
UI UIN o w
D.
Version Approval NLY
SEO
LU
Date of NA
Version No. Changes/Comments T ERApproved by
approval IN
0
1.0 23.01.2017 Overall review 48 :44 Board
:3 3:3
2
Overall UIN
review
– Segregation 42 of
2.0 24.01.2020 / 2 02 Board
Operational Guidelines 08
/09
n
3.0 28.03.2023 Overall review 51o Board
8.1
8.1
4.0 24.05.2024.16
Overall review Board
92 1
IP:
m
d fro
hali References
80 dK 80
: 34 h : 34
UIN Mo UIN
ri
Sl. Sh
Reference by : Reference No.
No. ed
load
RBIownMaster Directions on Frauds –
D DBS.CO.CFMC.DC.No.1/23.04.001/2016-17
1 Y.Classification and Reporting by
L
N Commercial banks and select FIs dated 01.07.2016 (updated as on 03.07.2017)
EO 0
L US 3 48
NA DFS, GoI – Framework for Utimely, I N:
ER
INT 2 detection, reporting, investigation, etc. F No.4/5/2014-Vig dated 06.11.2019
relating to large value bank frauds

CVC, GoI – Procedure for seeking
Commission advise in cases where CBI has
3 Office Order No.04/01/22 dated 21.01.2022
recommended sanction for prosecution –
regarding
0 0
8 8
: 34 : 34
UIN UIN

2|Page
For Internal Circulation Only
 Internal

Index

Para No. Content Page No.
80 80
: 341 Introduction 4 : 34
UIN UIN
2 Scope 4
3 Objectives 4
4 Definition of Fraud 5
0
48
5 Classification of Frauds N : 3 5
UI
6 Fraud Risk Management Framework 11
7 Governance Structure 15
8 Reporting 17
9 Closure of Fraud Cases - RBI Regulations 18
h
:S
10 Provisioning for frauds 18 db
y
80 80 ad
e
: 34 34 lo
UIN
11 Write off in case of fraud cases 19UIN : wn
Do
12 Record Retention 19.
NLY
O
13 Regular Communication Channels SE
A L U19
ERN
14 Operational Guidelines for FRM Policy INT 19
4 80 :44
:3 3:3
2
UIN 24
2
/20
8/09
on0.151.18
68
9 2.1
IP:1
rom
lidf
8 0 Kha 80
: 34 hd : 34
UIN Mo UIN
ri
: Sh
by
ed
load
wn
Do.
N LY
S EO 0
LU 348
NA UI N:
ER
INT

80 80
: 34 : 34
UIN UIN

3|Page
For Internal Circulation Only
 Internal

1. Introduction
The "Fraud 80
Risk Management Policy" in NABARD aims to facilitate the development of a 8set
0
34 34
of INorganisational principles, framework, systems and controls which shall aid INin: the
:
U U
deterrence, detection and prevention of frauds against the Bank, in the context of three
fundamental elements:
i. To create and maintain a culture of honesty and high ethics, including the understanding
and awareness of risks and controls; 0
48
ii. To identify and assess the risks of fraud
N : 3 and implement the processes, procedures and
UI
controls needed to mitigate the risks and reduce the chances for fraud; and
iii. To develop an appropriate oversight process.

It is the intent of the Bank to promote consistent ethical organisational behaviour by providing
guidelines and assigning responsibility for the development of controls and conduct of
investigations. :S
h
y
0 80 e db
48 34 ad
:3 : lo
2.UScope
I N UIN wn
Do.
This Policy shall apply to any fraud, or suspected fraud, involving employees, membersNof LYthe
O
Board of Directors, consultants, vendors, borrowers, contractors, partners, agencies SE doing
A LU
business with NABARD, including employees of such agencies, and/ or any other ER
N parties with
INT
a business relationship with NABARD.
80 4
: 34 : 3 2:4
UIN 23
The Fraud Risk Management Policy has been framed in line/20with 24 the extant guidelines issued
/09
by the Ministry of Finance (Department of Financial Services), n 08 GoI and RBI
1 o
Guidelines/Master Directions on Frauds. 8.1
5
6 8.1
2.1
: 19
This Policy will have to be applied inmconjunction IP with the following documents:
f ro
i. NABARD Staff Rules, 1982; ali
d
4 80 Kh 48
0
ii. Relevant
:3 Policy Circulars o h d regarding Staff Accountability, issued from time to time by : 3 the
UI N M UI N
Bank; ri
: Sh
iii. CVC Manual/ by
d ed Guidelines issued from time to time;
loa
o wn
D
3. Objectives
Y.
L
ON
SE The Policy gives due consideration to all 80 relevant factors and is not limited to the
L U
: 34
A
ER
N organisational structure, products offered, UIN technology used, services provided, etc., as fraud
INT can also be perpetrated through collusion involving more than one individual. The Policy,
therefore, provides a holistic approach to identify, measure, control, monitor and report fraud
risk and lays down appropriate risk management policies and procedures across the
organisation.

The “Fraud48
0 Risk Management Policy” provides a system for detection and prevention of fraud,
48
0
:3 :3
reporting
UI N of any fraud that is detected or suspected and fair dealing of matters pertaining
UI N to
fraud. The policy shall ensure and provide for the following:

4|Page
For Internal Circulation Only
 Internal

i. To ensure that the Top Management of the Bank provides focus on the “Fraud
Prevention and Management Functions” to enable, among others, effective
investigation of fraud cases and prompt as well as accurate reporting to appropriate
80 48
0
: 3 regulatory and law enforcement authorities including the Reserve Bank of India;
4
N N :3
UI UI
ii. To provide a clear guidance to employees and others dealing with NABARD and
forbidding them from involvement in any fraudulent activity;
iii. To facilitate continued development of controls which will aid in prevention and
detection of fraud and minimise Bank’s exposure to fraud.
0
iv. To provide assurance that the Fraud 48
N : 3 Risk Management Framework in the Bank is
UI
effective in prevention, early detection, prompt reporting, investigation and follow up
action in respect of frauds.

4. Definition of Fraud
A fraud is defined as “A false representation of a matter of fact- whether by words or by
conduct, by false or misleading allegations, or by concealment of what should have been Sh
y:
disclosed 80 – that deceives and is intended to deceive another so that the individual will act upon 80 ed
b
34 34 ad
it to her or his legal injury”.
: :
wn
l o
UIN UIN Do
In terms of para 9.1 of the Report of the Study Group on Large Value Bank Frauds set up Y. by
NL
the Reserve Bank of India in 1997, “Fraud” has been defined as under; SE
O
U
AL
“A deliberate act of omission or commission by any person, carried out of a inRthe course
N
IN TE
banking transaction or in the books of accounts maintained manually or under computer
80 :44
system in banks, resulting into wrongful: 34gain to any person3:for
32 a temporary period or
UIN 2
otherwise, with or without any monetary loss to the Bank”./2024
/09
n 08
Fraud, in relation to the affairs of the Bank, includes 1 o any act, omission, concealment of any
8.15
fact or abuse of position committed by any person 68.1 or any other person with the connivance in
2.1
any manner, with intent to deceive, to gain 1 undue advantage from, or to injure the interests of
9
IP:
the Bank or its shareholders or itsfrcreditors o m or any other person, whether or not there is any
a lid
wrongful 48 gain or wrongful loss;
0 Kh 48
0
:3 o hd :3
UI a. “wrongful gain”
N
ri
means the gain by unlawful means of property to which the
M UI person
N
Sh
gaining isbnoty : legally entitled;
ed
b. “wrongful
loa
d loss” means the loss by unlawful means of property to which the person
wn
Dlosing is legally entitled.
o
L Y.
ON
U SE For the purpose of definition, a fraud shall48also 0
include submission of any return, report,
L : 3
N A I N
ER certificate, financial statement, prospectus, U statement or other document –
INT
a. which is false in any material particulars, knowing it to be false; or
b. which omits any material fact, knowing it to be material.

5. Classification of Frauds
Frauds shall be classified as under, as per RBI guidelines and provisions of Indian Penal Code,
0 0
in order48 48
: 3 to have uniformity in reporting fraud: :3
UIN UIN
a. Misappropriation and Criminal breach of trust;

5|Page
For Internal Circulation Only
 Internal

b. Fraudulent encashment through forged instruments, manipulation of books of accounts
or through fictitious accounts and conversion of property;
c. Unauthorised credit facilities extended for reward or for illegal gratification.
0 0
d. Cash 48 shortages; 48
N :3 N :3
I UI
e.U Cheating and forgery;
f. Fraudulent transactions involving foreign exchange; and
g. Any other type of fraud not coming under the specific head as above.

Frauds can be broadly classified into internal80and external frauds, which form an important
34
:all
element of operational risk and cut across
UIN
risk categories. Further, frauds can be classified
as Borrowal and Non-Borrowal frauds.

5.1 Internal Fraud
Internal fraud occurs when a member of staff dishonestly makes false representation, or
wrongfully fails to disclose information, or abuses a position of trust for personal gain, or
Sh
causes loss to others. Internal fraud includes acts intended to defraud, misappropriate b y:
80 80 ed
property
: 34 or circumvent regulations, the Bank's policies and can range from compromising : 34 l o ad
UIN UIN wn
payroll data to inflating expenses to straightforward theft. Internal fraud refers to intentional Do.
conduct of unauthorised activity causing loss (financial, operational or reputational) NtoLYthe
O
Bank performed either fully or in collusion with a staff of the Bank. SE
LU A
ERN
INT
Internal frauds may occur in the following areas:
0
348 2:44
5.1.1 Expenses N: 3:3
UI 24
2
0
9/2
This covers all processes related to administrative and 0establishment expenditure which may
8/0
o n
be incurred on purchase of fixed assets, consumables, 51 maintenance of property, expenses in
1 8.1
respect of employee benefits, salaries, etc.,.where16
8. approved systems and procedures, policies
92
and guidelines of internal controls/ CVC IP: instructions/ statutory instructions have not been
1
m
followed, leading to misutilisation
id
fof the resources of the Bank.
r o
l
80 Kha 80
: 34 hd : 34
UIN Mo
5.1.2 Staff Matters,hrInventory
i & Record Keeping UIN
:S
by
i. Forgery oredalteration of any document belonging to the Bank/ kept in the custody of the
a d
Bankwnforl collateral/ security purposes;
o
Do
ii..Quantitative details of fixed assets, if not maintained properly providing scope for
N LY
E O pilferage of movable assets from the office0 premises and staff quarters;
US 48
N A L iii. Misleading, material alteration, forgingI N : 3 of and removal of records or documents in order
ER U
to conceal the fact that the assets are missing/ stolen.
INT
iv. Falsifying records such as payrolls, removing documents from files and/or replacing the
same with fraudulent notes, etc.;
v. Physical verification of fixed assets not undertaken periodically;
vi. Loss of assets during incidents of disaster (flood, fire, etc.) or during shifting of premises,
during which the Bank's assets may be deliberately stolen/ removed;
4 80 48
0
vii. NWilful
:3 suppression of facts/ deception in matters of appointment, placements, misuse N : 3 of
UI UI
power/official position for pecuniary gains or any other gains for self or for family, etc.;

6|Page
For Internal Circulation Only
 Internal

viii. Destruction, disposition, removal of records or any other assets of the Bank with an
ulterior motive to manipulate and misrepresent facts so as to create suspicion/
suppression/ cheating as a result of which objective assessment/ decision could not be
0 0
48
arrived at. 48
:3 :3
UIN UIN

5.1.3 Cash and Bank Balances
Misutilisation and misappropriation of the Bank's funds, unauthorized/ fraudulent
withdrawals of the Bank's funds, unauthorised remittances/ payment to parties within/
0
48
outside the Bank, double remittance of funds
N : 3 for personal consideration, forgery or alteration
UI
of cheque, bank draft or any other financial instrument, transferring the financial assets/
funds of the Bank to accounts other than those intended/ eligible, etc.

5.1.4 Investments
Investment of the Bank's funds in FDRs, CDs, CPs, Venture Capital Funds, other financial
investments, by granting undue favours to brokers/ agents, by wilfully ignoring the factual Sh
b y:
position
34
80while making investment decisions including wilfully concealing information from
34
80 ad
ed
: : l o
other
UIN decision making authorities, with a view to personal consideration and by ignoring
UIN theDown
Bank's interest, etc. LY.
N
SEO
LU
5.1.5 Sanction and Disbursement of Loans and Advances RN
A
E
INT
Not adhering to approved policies and delegation of powers while sanctioning loans and
80 4
advances, including sanctioning loans and : 34
advances to ineligible staff
: 3 2:4 members/ third parties,
3
UIN 42
for ineligible purposes, favouring staff members with personal / 2 02 considerations, accepting
/ 0 9
forged documents, not obtaining the required documents/securities08 intentionally, or
1 on
removing the documents from proper custody, allowing 8.1
5 staff members/ third parties to breach
8.1
the terms and conditions of sanction, etc. 92.1 6
1
IP:
rom
5.1.6 Subsidy and Grants alid f
48
0 Kh 48
0
:3
Sanction and release of o hd
subsidy and grants to ineligible parties, wilfully overlooking : 3 and
UI N M UI N
ignoring the terms: Sand hri condition of sanction with a view to gain personal consideration,
by
aiding, abetting d ed and colluding with corrupt officials/ agents, while recommending subsidy,
loa
concealing o wn facts with intention of personal consideration and allowing clients to misuse the
D
Bank's
LY. money.
N
S EO 0
LU 348
NA 5.1.7 Book Keeping and Accounting
UI N:
ER
INT
Intentional misapplication of accounting principles relating to wrong calculation of
outstanding principal and interest, application of lower rate of interest for personal
consideration, intentional non-reconciliation of Bank Statements for a long period of time,
material alterations in the Bank's records, wilful wrong accounting entries in authorized
computer applications, leading to financial loss to the Bank, or undue gain to staff members
or both.
34
80
34
80
: :
UIN UIN

7|Page
For Internal Circulation Only
 Internal

5.2 External Fraud
External fraud is the risk of unexpected financial, material or reputational loss as the result of
fraudulent 0 action of persons external to the Bank and includes losses due to acts of a type 0
3 48 48
intended
N : to defraud, misappropriate property or circumvent the law, by a third party. :3
External
N
UI UI
fraud refers to intentional conduct of unauthorised activity causing loss (financial, operational
or reputational) to the Bank performed by outsiders with or without collusion of staff in the
Bank.
0
48
:3
External frauds may occur in the following
UI N areas of functioning:
5.2.1 Expenses
Wilful suppression of facts/ deception in matters of submission of reports/ tender documents,
as a result of which wrongful gain/s are made to one and wrongful losses are caused to Bank/
others, intentional/ wilful submission of false/ inflated/ spurious claims, bills, documents,
misuse of power/ official positions for pecuniary gains or any other gains for self or for family, Sh
b y:
etc., by4external
80 parties such as suppliers, vendors, contractors, consultants/ consulting firms, 80 ad
ed
: 3 : 34 l o
third n
UIN parties, etc., procurement and supply of substandard goods and materials, wilful UIN non-Dow
completion of supply contracts leading to material/ financial loss to the Bank, etc., offering Y.
O NL
bribes/ kickbacks to internal staff with a view to securing business from the Bank, SE and
LU
colluding with Bank staff for undue consideration. RN
A
E
INT
0
5.2.2 Movable/ Immovable Assets 348 2:44
N: 3:3
UI 42
02
Removal/ pilferage of the Bank's assets, from the Bank's premises.
9/2 /0
n 08
1o
5.2.3 Fraudulent Withdrawals.15
8.18.16 2
Presenting cheques/ financial instruments 19 to the Bank after making material changes therein,
IP:
submission of counterfeit instruments, rom fraudulent withdrawals from current account of the
l i df
bank, making
80 unlawful online ha withdrawals, indulging in cyber-attacks/ crimes leading80to
: 34 h dK 34
financial
UIN loss to the Bank.M o
U I N:
hri
y :S
db
5.2.4 Loans de
loa and Advances
wn
Do
Submitting. false information/ documents/ statements/ returns for seeking financial
N LY
E Oassistance from the Bank, offering bribes/ kickbacks 0
to the Bank's employees/ agents to seek
US 48
NA
L undue financial assistance, non-adherence : to the terms and conditions of sanction, indulging
3
ER UIN
IN T in intentional/ wilful default, sale of assets acquired through Bank's loan without permission
of Bank/ before repayment of full & final loan amount, etc., misutilisation of loan/ grant
amount and all other activities constituting breach of trust etc.

5.2.5 Subsidy and Grants
Submission48
0 of fake progress reports/ forged documents/ false information with deceptive and
48
0
:3 :3
fraudulent
UI N intention to avail subsidy and grant, breach of trust, furnishing misleading
UI N
information, misuse of the Bank's funds, etc.

8|Page
For Internal Circulation Only
 Internal

5.3 Cyber Fraud
The digital evolution has, while increasing the availability of electronic resources, also exposed
organisations
80 increasingly, to cyber fraud risks. Cyber frauds involve the use of information 0
34 48
N :
technology to gain an illegal or an unauthorised access to a computer system with the N :3
intent
UI UI
of damaging, deleting or altering computer data. Cyber-crimes also include activities such as
electronic frauds, misuse of devices, identity and data theft as well as system interference. In
general, cyber fraud contains the same basic definition of traditional fraud, while employing
qualifiers that adapt its use for electronic resources.
80 4
N :3
With the advancements in informationUItechnology, the Bank shall follow enterprise-wide IT
solutions such as Human Resources Management System (HRMS), Centralised Loan
Management & Accounting System (CLMAS), and Enterprise Content Management (ECM)
System, etc. The Bank shall implement a comprehensive framework on fraud governance for
tackling electronic channel based frauds.
h
5.3.1 Illustrative List of Cyber Frauds y :S
80 80 e db
: 34 : 34 load
UIN UIN wn
Hacking: Act of gaining unauthorized access to a computer system or network. Do.
N LY
EO
Trojan Horse: Virus hidden in a file or a program. LU
S
A
ERN
INT
Phishing: A form of online identity theft that0uses spoofed e-mails designed to lure recipients
3 48 2 :44
to fraudulent websites which attempt to Itrick
N: them into divulging
23
:3personal financial data.
U 4
/202
/09
Vishing: Attacks in which bank customers are contacted 08 by e-mail or phone and told that
1 on
5
their checking accounts have been compromised..18. 1 Instead of referring to a website you are
68
given a toll-free number to call. 19
2. 1
IP:
m
fro
Spyware: A type of malwarehthat
ali
d is installed on computers and collects information about
4 80 d K 48
0
users
N : 3without their knowledge.
o h
N :3
I
U M I U
Shri
y:
db
Key Logger: de
n loa The practice of tracking (or logging) the keys struck on a keyboard, typically in
w
a covertDomanner so that the person using the keyboard is unaware that their actions are being.
LY
monitored.
E ON
0
L US 348
NA UI N:
ER
INT Denial of Service: Targeted effort to disrupt a legitimate user of a service from having access
to the service.

Spam: Distribution of bulk e-mail that offers recipients deals on products or services. The
purpose of spam mail is to make customers think they are going to receive the real product or
service4at
80 a reduced price. 48
0
:3 :3
UIN UIN

Malicious Programmes/ Viruses: Intended to cause electronic resources to function
abnormally and may impact legitimate users access to computer resources.

9|Page
For Internal Circulation Only
 Internal

5.3.2 Some common Risk Mitigation Measures to manage Cyber Frauds1

80 80
:3
4
Firewalls: protect a user from unauthorized access attacks while on a network. : 34
UIN UIN

Password: for authentication and authorized access to computer assets.

Safe Surfing: avoid downloading from unknown sites and opening e-mails from unknown
0
sources. 48
:3
UIN

Virus Checks: with updated anti-virus software frequently.

E-mail Filters: for deleting suspicious mails to reduce risk.

5.4 Attempted Fraud h
y :S
In terms db
48 of RBI's "Master Directions on Frauds - Classification and Reporting", a report 48on
0 0 de
:3 :3 n loa
individual
UI N cases of attempted fraud involving an amount of Rs. 1 Crore and aboveUshall I N beDow
placed before the Audit Committee of the Board. The report should cover the following: LY.
ON
i. The modus operandi of the attempted fraud; SE
L U
ii. How the attempt did not materialize into fraud or how the attempt failed/
R NA was foiled;
TE
iii. The measures taken by the bank to strengthen the existing systemsINand controls;
0
iv. New systems and controls put in place :44 was attempted.
: 3 in the area where fraud
48
32 :
UIN 4 23
/202
The Bank shall conduct a consolidated review of such /09 cases detected during the year
n 08
containing information such as area of operations 1o where such attempts were made,
8.15. 1
effectiveness of new processes and procedures.16 put in place during the year, trend of such cases
8
1 92
during the last three years, need for further IP: change in processes and procedures, if any, etc.,
o m
as on March 31 every year and shalllid
f put up to the ACB within three months of the end of the
r
0 ha 0
relative
:3
4 year.
8
hd
K
:3
48
UIN Mo UIN
ri
: Sh
5.5 Suspectedd Fraud
by and Actual Fraud
de
loa
wn
A suspected
D o fraud is a doubt/suspicion about a transaction. This could be triggered by a client
Y.
complaint or by perusal of transaction by a staff or any unusual behavior of a client or staff.
ON
L
SE Suspected fraud has to be investigated to check 80 whether it is an actual fraud. An actual fraud
L U
: 34
A
ER
N UIN guidelines. Once fraud is suspected or detected in
is defined in main section 4 of this policy
INT
any loan/ subsidy/ grant account, due investigation procedure shall be initiated by the
concerned HOD/ RO in coordination with Inspection Department. Further disbursements to
the concerned agency may/shall be stopped immediately, and discontinued until it is proved
that fraud has not taken place.

80 80
: 34 : 34
UIN UIN
1 The Cyber Security Policy of DIT would provide further information on the Risk Mitigation Measures to manage Cyber Frauds

thus acting as the second line of defense.

10 | P a g e
For Internal Circulation Only
 Internal

6. Fraud Risk Management Framework

The Bank’s Fraud Risk Management Framework consists of prevention, early detection of
frauds, 0 0
48prompt reporting to RBI and investigating agencies, initiating corrective actions 48to
N :3 N :3
avoid
UI recurrence of frauds and timely initiation of staff accountability proceedings.UThe
I key
fraud prevention measures adopted by the Bank are:

6.1 Preventive action
80
34 your employee/ vendor procedures
6.1.1 Know Your Client (KYC) and know
N: UI
A strong KYC process is the backbone of any fraud prevention activity, which helps in
preventing unscrupulous elements from gaining entry into the Bank’s environment. Similarly,
appropriate due diligence before recruitment of employees and engagement of vendors is
essential to prevent known fraudsters or people with fraudulent motives to have access to
Bank’s resources. The Bank must implement strong procedures to carry out due diligence of
potential clients, employees and vendors before they are recruited/ enrolled. A negative list of Sh
b y:
known 80 80 ed
: 34 fraudsters/negative elements shall be maintained and reviewed continuously : 34 by l o ad
UIN
Inspection Department. UIN wn
Do.
NLY
6.1.2 Maker & Checker Concept SEO
ALU
RN
TE
The Bank shall follow a system of maker and checker for any decision IN making involving
0 4
significant implications including, completion
: 3 of any financial transaction
48
32
:4 in the Bank.
:
UIN 4 23
/2 02
6.1.3 Audit Systems 8/09
on0
The Bank shall follow a system of pre-audit, legal 51audit, credit audit on a regular basis, and. 1 8.1
also forensic audit (which shall be undertaken68
2.1 on a need to undertake basis).
19
IP:
r om
df
6.1.4 Use of Technology, Automation, and Digitalisation
ali h
80 dK 80
34 h 34
TheIN :Bank shall use technology,
Mo automation, and digitalization to drive efficientIN :fraud
U r i U
management practices.
: Sh
y
db
ade
6.1.5 Employee nlo
Rotation
ow
D.
The
NL Bank shall follow a “Staff Rotation Policy” to ensure effective fraud risk management.
Y
O
U SE 48
0
3
N AL N:
ER UI
INT 6.1.6 Fraud Prevention Mechanism
The Bank shall put in place policies and operational guidelines for covering all aspects of its
functioning. These policies and operational guidelines are to be reviewed periodically and
updated on lines with extant GoI and regulatory policies and guidelines. The Bank shall have
a robust system of internal audit to report breaches in systems/processes as well as robust HR
management/IT
48
0 management systems in place. 48
0
:3 :3
The
UI Bank shall ensure timely prevention of fraud by putting in place mechanisms to:-
N UI N

a. Familiarise each employee with the types of improprieties that might occur in their
area;

11 | P a g e
For Internal Circulation Only
 Internal

b. Educate employees about fraud prevention and detection;
c. Create a culture whereby employees are encouraged to report any fraud or suspected
fraud
80 which comes to their knowledge, without any fear of victimization; 80
4 4
:3 :3
UINd. Promote employee awareness of ethical principles subscribed to by the Bank;UI
N

Due amendments shall be made in the general conditions of contracts, sanctions, loan/
subsidy/ grant agreements of the Bank, wherever required, wherein all bidders/ service
providers/ vendors/ lenders/ borrowers/ consultants, etc., shall be required to certify that
0
they shall adhere to the Fraud Risk Management 48 Policy guidelines of NABARD and not
N :3
UI
indulge or allow anybody else working in their organisation to indulge in fraudulent activities
and would immediately apprise the Bank of the fraud/ suspected fraud as soon as it comes to
their notice. These conditions shall form part of documents both at the time of submission of
bid/ loan/ subsidy/ grant application and agreement of execution of contract/ loan/ subsidy/
grant.
h
6.1.7 Due Diligence y :S
0 0 e db
48 48 ad
:3
Adequate procedures shall be followed by various Departments/ ROs for carrying out 3
: prior lo
UIN