FRAUD MANAGEMENT IN ROMANIAN BANKING SYSTEM

Abstract: Risk is a central ingredient of the business of banking. In the process of providing financial services, banks assume various kinds of risk, which need to be identified, managed, controlled, and, where appropriate, mitigated by a combination of pricing and product design. The architecture of Romanian banking system requires a number of steps in adjusting risk management and informatics system, staff training, collecting databases etc. Key-words: bank frauds, operational risk, preventive measures, internal control, compliance, and security controls

1. Introduction
Gradual maturation of the Romanian banking system increased the complexity of banking activities. For this reason it was necessary to ensure fairness, security and accuracy in circuit system of information taken by the banks. Romanian banks must answer and anticipate the needs of their clientele, to submit a competitive offer to foreign banks which requires new standards of quality for banking services. An efficient banking strategy should provide management procedures of banking risks in order to minimize the likelihood of those risks and a potential exposure of the bank.

2. Operational risk
Bank risk is a phenomenon which may occur during the course of banking and which may cause adverse effects to such business by deteriorating bank performance or even bank failure, is the probability that in a transaction may not obtain the expected profit and even experience a loss. Operational risk means the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, and includes legal risk. Here, too, legal risk is included in the definitions scope, while strategic and reputational risks are not explicitly excluded. Depending on the precise risk definition of a bank, this may play a signicant role in

considering management mistakes or reputational consequences of operation-related incidents because, by definition operational risk management processes relate to all the risk areas covered. Operational risk is the segment which we will analyze in detail in the banking risk chapter. It can result from failure to comply BNR Norms no.3/2002 on diligence standards; insufficient staff or significant fluctuations of staff members; deficiencies regarding the organization of audit and internal control activities; weaknesses of the IT system; nonsegregation of staff duties; reporting erroneous information to the CRB (credit bureau), affecting the overall risk assessment; failure to identify operations which by their nature can be classified as suspicious. Banks need to invest in equipment of high precision, reliability and safety but an important element in that domain is high quality staff. The concern of high representatives of banks to minimize exposure to risk management must be constant and has positive effects on employee behavior, becoming more rigorous and conscientious in fulfilling their duties, also, a special attention should be paid to the psychological effect of discouraging fraudulent activities Challenges of operational risk are worthy of being treated with all the attention impact of such spreads risk across the bank and can affect relationships with customers without the implications quantitative and value can be

measured accurately. Basel II Capital Accord has the following classification of types of operational risk events: Internal fraud is wrong allocation of property losses or conventional rules, law or policy, company, society exclusion / discrimination events, which involves at least one internal party (employee). For these types of fraud following activities are specific: falsification of documents by bank employees or their complicity in the preparation of false documents (credit agreement, warranty, house acts, payment instruments); mislead customers by negligence, errors, omissions, intentional or not, in steps of customer information; engaging the bank in transactions with customers based on incorrect analysis of the latter activity and potential of loss to the bank; preparation of statements and false reports in bad faith intent to fraud the bank; conducting unauthorized banking or exceed employee competence; introduction and modifying information in the bank's computer applications without jurisdiction and authorization; theft of materials objects and money; operations performed by employees in their own name, in such a way that affect the bank performance. External fraud losses due to the acts of a certain type of fraud / false attribution of ownership or legal circumstances, by a third party, namely: forgery of documents by third parties for bank fraud; introducing to the banks by the customers of false banknotes / coins; intentional deposits made by customers cash in an amount less than that recorded in documents; burglary / robbery at bank counters or its ATMs; unauthorized access to computer systems of the bank, resulting in injury to (including the image) bank or customers. Conditions for hiring the staff and job security, misconduct arising from bank staff; banking activities that can be performed only by certain employees, who were not provided substitutes in cases of force majeure; absence of key personnel; duties beyond employee training. Improper practices related to customers, products and activities: disclosure (including

competing banks) by employees of information on job tasks, including operations performed on behalf of clients; unequal treatment, preference and unsubstantiated subjective applied to customers; failure to identify the money laundering operations; initiating and conducting unauthorized banking or customer without contractual documents; failure to investigate customer data to the requisite due diligence and internal working rules; noncompliance with internal procedures relating to maximum exposure to groups or individual customers and skills to territorial units; misuse by customers of computer applications with remote access. Endangering physical assets: natural phenomena impact on tangible assets(earthquakes, fires, floods, etc.); unforeseen events involving third parties or employees of the bank and causing destruction of tangible assets of the bank (street events, vandalism); misuse of tangible and destruction. Activity disruption and system malfunction: issues related to the functioning applications, leading to the loss of data; viruses into the bank system; physical damage to the electronic equipment of bank storage information; errors related to data transmission in electronic format (e-mail.); loss of power supply which generates workflow interruptions of ATMs or front-office of banks; failures in communication systems of the bank, both at intra-bank and inter-bank level. Treatment of customers and trading counterparties and defective processing of data about them: documentation contractual arrangements with customers, including banking clients, incomplete or misleading; unintentional actions of bank employees that generate errors in the documents or software applications of the bank; insufficient study of quality values and cash handling by the banks operative units; inadequate transport and taking cash from other own outlets or branches of BNR; poor storage, archiving and processing documents customer and banking operations with them; insufficient knowledge of legal regulations and internal customers bank refereeing to customers; erroneous or

unauthorized recording of operations in customer accounts/documents. Security of electronic banking system: illegal activities performed on the system (by employees or customers) generating additional obligations for bank or customers including falsification of electronic money activities None of this, of course, is new. But now, the mitigation of operational risk will be influenced to a very large extent by the effectiveness or otherwise of internal systems and control over the use of technology. More than ever, payments processing functions, capacity and connectivity issues are under the spotlight.

etc.), because fraud is usually committed by one person with specialized training who has a good knowledge of the area in which he operates, who uses ingenious form to hide illegal activity. Also, the staff must be informed and trained on the procedures to be applied in certain situations, to know exactly the level of competence and risk that it assumes.
Tabel. Evoluia numrului de uniti i a numrului de salariai pe sistem bancar Numr total de salariai mii salariai 66 72 70 69 68 68 67 67 67 67 67 67 66 66 64 62 Numr total uniti uniti 5.482 6.552 6.544 6.500 6.464 6.425 6.344 6.235 6.187 6.170 6.135 6.109 6.070 6.040 5.981 5.688

3. Risk management promoted by Romanian banks

Operational risk measurement is done directly by the bank and an essential first step is creating an inventory of the types and methodologies to identify, to plan and to take its avoidance plans as crisis plans and remedial effect once operational risk event occurred in this category. Operational risk management requires a better knowledge of customers and their behavior, on the one hand, and on the other hand, a better understanding of your organization and its processes. Fraud is a sensitive issue for banks concerned about reputation, competitiveness and profit. Fraud is a specific operational risk, caused either by bank personnel or by persons outside the bank, which cannot be eliminated entirely. Methods of fraud are constantly expanding and developing. The causes are not always financial. There are cases when they occur to protect the reputation of certain individuals or to cover certain incompetence, are of more spontaneous than deliberate. The frauds become more common where there are identified at the outset and where appropriate measures are not taken to be prevented. Is necessary appropriate division of responsibilities so that each employee to be responsible for a small number of tasks (making a payment, recording a transaction accounting,

dec.2007 dec.2008 mar.2009 iun.2009 sep.2009 dec.2009 mar.2010 iun.2010 sep.2010 dec.2010 mar.2011 iun.2011 sep.2011 dec.2011 mar.2012 iun.2012 Sursa: BNR

Cases of fraud are detected through the control system of the company, most cases were initially detected by chance or through its external sources. Regarding the effectiveness of antifraud measures Romanian banks put on first place as efficiency internal audit and internal controls followed by audit committees, fraud risk management and compliance programs. Often the banks are not interested in showing fraud losses, trying to minimize the impact that could have the losses on their reputation, profit and not least its customers. In order to limit fraud and developing fraud control techniques is very important for banks to work together, because at the moment the exchange of

information and analysis is not reached the expected level. Banking frauds rose more than expected lately and get to generate cost banking costs even more than bad loans. Recently real networks have been developed to attack banks in various forms, over the internet or using false documents. Romanian Banking Association (RBA) considers that the local banking system is facing a real problem in terms of falsification of documents that proving an employee quality and therefore monthly income obtained on the basis of which credits are awarded to individual customers. Association talks about an increase in crime phenomenon in banking system. Lately, banks are facing increasing arrears accumulated by customers, the most vulnerable being unsecured consumer loans. If such loans were obtained on the basis of false documents, banks have even fewer opportunities to recover their money. Dramatic reversal of the downward trend in interest rates inevitably affects the quality of banks' loan portfolios. While the cost of credit increased if it is added and the effects of growing fraud, banks may end up incurring important costs to necessary provisions in order to cover losses. The rapid growth of volumes tests the effectiveness of scoring, including vigilance of bank officials on forged documents brought by the customers for credit files. Romanian banks and financial institutions have to improve their understanding and practice of banking risk management in order to be able to successfully manage this type of risk by: understanding the need for internal banking supervision and prudential domestic and international banking; knowledge of risk mitigation mechanism by imposing prudential rules; understanding prudential rules applied in Romania and inter-linked with European and international standards; developing of analysis based on banking income statement and bank performance indicators.