Considerations for building in-house fraud risk management teams: Cost

Our previous blog post highlighted the importance of having the right expertise to fight fraud. In this post we explore cost related considerations associated with building an in-house fraud risk management unit, and outline scenarios where it may be prudent to seek third party support

Building an effective fraud risk management unit today necessitates the following cost related considerations.

• Resource cost – In our experience, most organizations continue to rely on human expertise in tackling fraud, particularly when it comes to assessing futuristic fraud risks and bridging the gap between the current and future state of their fraud risk management programs. To do this effectively, organizations need to invest in resources who can gather information on potential fraud risks and apply them to the current business model. It may be prudent to hire third party experts for this area, considering the exposure they tend to have towards multiple fraud risk scenarios across different businesses and across the industry. Third party experts can leverage the knowledge of senior in-house resources on organizational policies (pertaining to fraud risk assessment) and culture so that a practical implementation plan is drafted to plug gaps in the current fraud risk management framework. Depending on the size of the organization, the geographical spread, the volume of transactions, and the scope of fraud risk management activities, the number of in-house fraud risk and compliance professionals can vary between 10 and 150. These resources can be spread across dedicated teams such as incident response, investigations, reporting (both internal and external), liaison with law enforcement agencies and regulator connect.
• Technology cost – With organizations recognising the need for continuous monitoring of transactions as key to fraud risk management, there is growing dependence on technology–tools and solutions–to support the human effort in tackling fraud. Many organizations today invest in enterprise wide fraud risk management solutions, analytical and diagnostic tools, and early warning systems. Aside from the cost of accessing such technology (licenses), organizations also need to factor in the associated infrastructure costs (storage, cyber security, and physical security). In our experience, third party experts can assist in-house teams in designing the scenarios to be monitored, creating dashboards and early warning systems to better manage fraud risks. However, for these dashboards to provide a comprehensive view of fraud risks, it is imperative that all departments in the organization use these technology platforms. The in-house risk and compliance teams therefore need to drive technology adoption through collaboration with other departments.
• Training cost – Unlike the last decade, this decade has seen a spate of new frauds that go beyond areas such as procurement or pilferage. To effectively decode fraud, there is need for regularly training resources engaged in fraud risk management so they can be equipped with the knowledge necessary to fight fraud. In this area, third party experts may have an edge owing to their exposure to different fraud schemes across industries. Some of these experts may also conduct training sessions for in-house teams for a fee. 
• Vendor/business partner cost - In the last decade we have seen the emergence of ancillary support providers offering due diligence/verification services and legal support to assist fraud risk management efforts. For instance, in many organizations certain document verification procedures and field visits are outsourced to vendors. Similarly, Private Equity/Venture Capital investors tend to outsource due diligence on potential investee companies. Organizations offering niche product/ services often commission vendors to undertake mystery shopping exercises to ensure store level compliance with their service standards. Depending on the scope of work, some of these companies may work on a retainer basis, securing annual contracts, whereas others may charge a fixed fee on a per assignment basis.

If you have had experience building an in-house fraud control unit, do share your feedback to this post by writing to inforensic@deloitte.com or via social media by tagging our handle @DeloitteIndia. Also, watch out for our forthcoming posts on other considerations in building in-house fraud risk management teams.