External Fraud

From Open Risk Manual


External Fraud is the risk of unexpected financial, material or reputational loss as the result of fraudulent action of persons external to the firm. External Fraud is a recognized risk category in regulatory frameworks worldwide (Basel II/III standards).

The precise Basel definition of external fraud reads: Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party.

Basel Level 2 & 3 Event Type Classification

Further Categorization

External fraud events vary by the number of people involved and the "vector" or mechanism of attack. An important distinction concerns the identity of individuals involved in the External Fraud event. We can distinguish[1]:

Examples of External Fraud by Business Line

Types of external fraud vary by business line. An indicative list:

  • Corporate Finance:
    • Loan Fraud
    • Client Misrepresentation of Information
    • Theft
  • Trading and Sales:
    • Cybercrime
    • Forgery
  • Retail Banking:
    • Cybercrime
    • Check Fraud
    • Theft of Information
    • Theft of Assets
  • Commercial Banking:
    • Fraudulent Transfer of Funds
    • Credit Product Fraud (loans, letters of credit, guarantees)
  • Payment & Settlement:
    • Payment Fraud
  • Supply Chain Finance


External fraud is mitigated with strong internal controls comprising both of systems and processes and supported by the firm's risk culture embedded in employees. The principles for Sound Management of Operational Risk apply to external fraud as well.

Issues and Challenges

  • As with all operational risks, it is difficult to obtain objective measures of the actual risk, both before and after the application of controls
  • There is potential overlap with Credit Risk, e.g. when there is client misrepresentation of information around credit products

External Links


  1. EBA/CP/2014/08