The world has become a global platform as evidenced with our experience of COVID – 19 pandemic and the effect of the lockdown which resulted in both positive and negative outcomes.
According to the Nigeria Inter-Bank Settlement System (NIBSS), the pandemic accelerated the adoption of e-payments and transactions via epayment grew from N165.8 trillion in 2019 to N704.04 trillion in 2020.
The Covid 19 Delta variant which is currently ravaging some countries and the latest discovery of Omicron in Africa may necessitate another round of lockdown even before the end of year 2021 which will drive further embracement of electronic platforms as a convenient means of conducting banking transactions.
The fact that transactions are now done faster and better electronically via the various electronic channels has also led to an increase in the incidences of electronic fraud whose value stood at N10.93 Billion as at year end 2020.
It is expected that at the end of year 2021 the electronic fraud figure will rise astronomically due to the digital penetration of Nigerian market, regulatory innovation such as the recent launch of e-Naira, inadequate knowledge of users and the sophistication of the Cybercrime perpetrators.
It is often said that when the speed of change in the external environment is faster than the speed of change in the internal environment then the end is near.
It therefore implies that the Internal Auditor must also adapt to the changes in transaction pattern and revise its fraud management and investigation approaches to catch up with the times.
What is Electronic Fraud?
Fraud can be defined as the use of trickery, deception, or dishonesty to gain unfair advantage of another man’s possession or wealth. It is the intentional deception or misrepresentation made for unlawful or unfair personal gain or to damage another individual.
Cyber Fraud is a computer aided activity involving a deliberate misrepresentation of facts or alteration of facts/ data to obtain/receive something of value that causes financial loss to the person/organization.
Electronic Fraud (E-Fraud) is a type of cybercrime fraud or deception whereby fraudsters make use of the electronic channels such as emails, phone calls, SMS or the internet to take advantage of their victims.
E-Fraud is now the new norm when we talk about fraud globally as there is no limitation in terms of attack and impact.
E-Fraud takes different forms such as: ¬ Social Engineering which includes Smishing, Vishing, Phishing ¬ SIM Theft ¬ Card Swap ¬ Card Skimming ¬ Spoofing ¬ Counterfeit Websites/Online Shopping Scam ¬ Chargeback Fraud ¬ Business email compromise/email account compromise ¬ Hacking of Bank’s e-channel platforms.
Forms of E-Banking Products in Nigeria
The various forms of e-banking available in Nigerian Banks include: ¬ Payment card ¬ Internet Banking ¬ Unstructured Supplementary Service Data (USSD) ¬ Mobile Banking ¬ E-Naira.
In Q1 2021, fraud attempts via digital channels such as mobile banking and internet banking grew by more than 100% when compared to the fraud volume recorded on these channels in the previous year (from N0.57 billion in the Q1,2020 to N2.37 billion in Q1, 2021).
Although mobile-led channels recorded the highest growth, it was not top of the list in enhancing financial fraud. The list was topped by web channels followed closely by mobile.
What Role Can Internal Audit Play in Combating This Growing Menace of Electronic Fraud?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. Its role includes detecting, preventing, and monitoring fraud risks and addressing those risks in audits and investigations.
It should consider where fraud risk is present within the business and respond appropriately by auditing the controls of that area, evaluating the potential for the occurrence of fraud and how the organization manages fraud risk through risk assessment and audit planning. It is not internal audit’s direct responsibility to prevent fraud within the business.
This is the responsibility of management as the first line of defense. However, Internal Audit should use its expertise to analyze data sets to identify trends and patterns that might suggest fraud.
Operationally, Internal Audit should have sufficient knowledge of fraud to: µ Identify red flags indicating fraud may or have been committed µ Understand the characteristics of fraud and the techniques used to commit fraud, and the various fraud schemes and scenarios. µ Evaluate the indicators of fraud and decide whether further actions/controls are necessary or whether an investigation should be recommended. µ Evaluate the effectiveness of controls to prevent or detect fraud. Where electronic evidence is collected, internal audit should provide assurance on whether necessary access rights are being met.
Where fraud has occurred, internal audit should understand how the controls failed and identify opportunities for improvement. It should consider the probability of further errors, fraud, or noncompliance across the organization and reassess the cost of assurance in relation to potential benefits.
If Internal Audit is required to investigate fraud, the Internal Auditor should have the necessary skills and experience to undertake the investigation and discharge their responsibilities professionally without jeopardizing the investigation and associated evidence.
Factors contributing to E-Fraud incidents
Poor internal controls
Override of internal controls
Risks peculiar to the industry
Collusion between employees and third parties
Poor IT security
Poor hiring practices
Non deployment of Fraud Monitoring/Behavioral Solutions
Non-Compliance with Regulatory Directives v Moral Decadence
Influence of Social Media Measures Bank’s Internal
Auditors can deploy to combat E-Fraud The Internal Audit represents an efficient line of defense against fraud, having a role both in fraud prevention, detection, and Monitoring.
It is imperative that the audit function deploys an automated audit tool as the Internal Auditor cannot catch up with efraud using manual audit approach.
The following measures can be deployed by banks to address the cases of e-fraud.
Building Capacity of Audit staff through trainings and certifications
Cooperation and collaboration amongst banks including information sharing, set up an effective and responsive fraud desk, prompt response to Audit enquiry from other banks and law enforcement or court orders on fraud
Watchlisting of BVNs of confirmed fraudsters
Adopting an Electronic auditing system
Intelligence Gathering and Data Analysis v Effective system audits
Ha v i n g a d o c u m e n t e d a n d p r o p e r l y communicated Fraud Response plan
Continuous Monitoring of e-payment platforms
Compliance with the various Regulative directives on electronic payments such as the CBN Guidelines on Operations of Electronic Payment Channels in Nigeria, Regulatory Framework for Mobile Money Services in Nigeria, Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for The Nigerian Banking Industry etc.
The electronic payment systems have come to stay and internal audit continues to play a critical role in addressing e-fraud. It is important that Bank’s Internal Audit function adopt a futuristic plan and continue to evolve to combat the increasing cases of electronic fraud.
Tina Ebuehi Head of E-fraud Keystone BanK