External Fraud is the risk of unexpected financial, material or reputational loss as the result of fraudulent action of persons external to the firm. It is a recognized risk category in regulatory frameworks worldwide (Basel II standards). The precise Basel II definition of external fraud reads: Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party.
Basel Level 2 & 3 Event Type Classification
- Theft and Fraud
- Check Kiting
- Systems Security
External fraud events vary by the number of people involved and the "vector" or mechanism of attack. An important distinction concerns the identity of individuals involved in the External Fraud event. We can distinguish:
- First Party Fraud (fraud committed by an individual or group on their own account)
- Third Party Fraud (fraud committed by means of use of a third person's identity)
Examples of External Fraud by Business Line
Types of external fraud vary by business line. An indicative list:
- Corporate Finance: Loan Fraud, Client Misrepresentation of Information, Theft
- Trading and Sales: Cybercrime, Forgery
- Retail Banking: Cybercrime, Check Fraud, Theft of Information, Theft of Assets
- Commercial Banking: Fraudulent Transfer of Funds, Credit Product Fraud (loans, letters of credit, guarantees)
- Payment & Settlement: Payment Fraud
External fraud is mitigated with strong internal controls comprising both of systems and processes and supported by the firm's risk culture embedded in employees. The principles for Sound Management of Operational Risk apply to external fraud as well.
Issues and Challenges
- As with all operational risks, it is difficult to obtain objective measures of the actual risk, both before and after the application of controls
- There is potential overlap with Credit Risk, e.g. when there is client misrepresentation of information around credit products
- Operational Risk in the Basel ii framework
- Revised international capital framework is the text of the new Basel II Accord.