Considerations for building in-house fraud risk management teams    

Fraud can manifest across functions and systems in an organization, and tackling it is a skill perhaps best left to a dedicated fraud management team. The question is whether such a team should be built in-house or whether organizations should rely on external experts to manage the risks of fraud.

In our previous blog posts, we discussed specific considerations of cost and expertise that impact an organization’s decisions with regard to setting up a fraud management team. This blog post explores the influence of undertaking comprehensive due diligence on deciding to outsource to a specialist or set up an in-house fraud risk management team.

We live in a connected world where information (and misinformation) is accessible in volumes that can overwhelm the best of us. Information can be overwhelming as it may be scattered, inaccurate, contradictory, or possibly even obsolete, and one may not know if it is adequate to meet one’s objectives. Take the case of engaging with a counterparty, such as a vendor, customer, etc. At the time of signing up a new vendor or a customer, businesses usually carry out certain elementary checks on these counterparties, in line with their Know Your Customer/Vendor (KYC/KYV) norms. While these checks may ensure compliance from a regulatory standpoint, these can fall short of identifying the background, integrity, financial information, creditworthiness, and track record of the counterparty—all of which are essential to gauge the risk exposure that is intrinsic to such an association. It is the responsibility of the organization’s fraud risk management team to undertake such due diligence on the counterparties.

Such a team would need to be familiar with the counterparty’s industry, its manner of functioning, and common fraud risks observed. They should be aware of the gaps in their own systems that a counterparty may attempt to exploit, and should also be updated with the latest fraud schemes and associated risk mitigation plans and controls. Lastly, this team would need to be aware of the varied avenues of data collection and the associated techniques to corroborate and triangulate information received from different sources to enable them to create a meaningful risk assessment for the counterparties being evaluated.

In our experience, external due diligence experts may prove to be more knowledgeable and efficient when dealing with vendors or customers from industries with which the organization may not interact frequently, due to their breadth of experience. An external team, typically an agency specializing in conducting integrity due diligence, can also leverage its linkages with industry and utilize its access to accurate information and specialized databases. In addition, it can help map the information landscape across online (digital) as well as offline (market inquiries) sources, and provide intelligence inputs and insights to identify and mitigate counterparty risks to help the business make an informed decision of engaging with the counterparty.

So how does your organization conduct due diligence? Please share your perspectives by emailing us on inforensic@deloitte.com or on social media by tagging us @deloitteindia. Do watch out for our forthcoming posts on other aspects of the debate on internal forensic teams and external experts for a more in-depth understanding of the challenges facing both.