Risk & Fraud Prevention - Advanced

Risk and Fraud

Prevention -
Advanced
July 2023 ───────
AAFS/HRD/L&D/MAN/018 Version 1 July, 2023

Page | 1
 Risk & Fraud Prevention - Advanced

CONTENTS
Introduction ................................................................................................................................... 3
Understanding Risk ....................................................................................................................... 3
Risk Taxonomy – Common Risk Types ....................................................................................... 4
Risk Management Process .......................................................................................................... 6
Risk Culture – The Lines of Defense ............................................................................................. 6
What is Fraud? ............................................................................................................................... 9
Why Fraud happens? ................................................................................................................. 14
The Fraud Triangle ....................................................................................................................... 15
Fraud Risk Management ............................................................................................................ 15
Zero Tolerance Policy ................................................................................................................. 18
Anti-bribery and Corruption ...................................................................................................... 18
Whistleblowing Policy ................................................................................................................. 19
Consumer Protection .................................................................................................................. 19
Fraud Indicators (Red Flags)...................................................................................................... 19
Common Fraud typologies used by fraudsters ....................................................................... 21
Further steps taken to prevent/detect fraud at Al Ansari Financial Services ...................... 21
Reporting of Fraud/Suspicious Activities .................................................................................. 23
Persona Non Grata (UAEPNG) ................................................................................................. 23
Covering Up/Non-reporting of Fraud ....................................................................................... 24
Important Points to Remember (Do’s and Don’ts) .................................................................. 24
Reminders .................................................................................................................................... 24
Case Studies ................................................................................................................................ 25
Reference to Industry Guidance ............................................................................................ 27

Page | 2
 Risk & Fraud Prevention - Advanced

Introduction
Welcome to the Risk & Fraud Prevention Training Program. This training manual is designed to
provide you with essential knowledge and an in-depth understanding of risk, risk management,
fraud prevention and the associated processes. By the end of this training, you will be
equipped with the tools to identify, report, prevent and respond to potential risks and
fraudulent activities within the organization.

Understanding Risk
What Is Risk?

Risk is defined as the likelihood that an external or internal event could have a potential
adverse impact on an organization's capital, profitability, reputation and / or its ability to
achieve the desired objectives.

Risk is the chance or possibility of loss, damage, injury, or failure to achieve objectives caused
by an unwanted or uncertain action or event. It cannot be completely avoided but can be
minimized through effective risk management.

Key Points to be remembered:

• Risk cannot be completely avoided; it can only be minimized.

• Risk should be managed to reduce the likelihood of frequent occurrences or severity.
• Risk can have both negative and positive impacts.
• "Risk is an effect of uncertainty on objectives" (ISO 31000-2019).

Risk is existent in every aspect our lives. A few common examples of risks are listed below:

• Risk of accidents/injury while crossing the road

• Risk of getting burnt while cooking food/Risk of fire while cooking
• Risk of accidents/injury while playing sports

B. What is Risk Management?

Risk management is the practice of identifying potential risks in advance to measure, evaluate,
record, mitigate, and monitor risks in order to reduce their impact on the business.

C. Benefits of Risk Management

Risk management is a crucial process that helps organizations identify, assess, and mitigate
potential risks that could impact their objectives, projects, or operations. Implementing
effective risk management practices offers various benefits, including:

 Minimizing losses: By proactively identifying and addressing risks, organizations can

reduce the likelihood and impact of potential negative events. This minimizes financial
losses, reputational damage, and operational disruptions.
 Enhanced decision-making: Risk management provides decision-makers with valuable
insights into potential threats and opportunities. This allows them to make more informed
and strategic choices that align with the organization's objectives.
 Improved resource allocation: Understanding risks helps organizations allocate resources
more efficiently and effectively. It ensures that resources are directed to the areas where
they are most needed, optimizing performance and outcomes.

Page | 3
 Risk & Fraud Prevention - Advanced

 Safeguarding reputation: Managing risks proactively helps maintain the organization's

reputation and credibility. By addressing potential issues before they escalate, the
organization can preserve its trust with stakeholders.
 Compliance and legal protection: Risk management helps organizations stay compliant
with relevant laws, regulations, and industry standards. This reduces the chances of legal
and regulatory penalties, fines, and sanctions.
 Stakeholder confidence: Investors, customers, and other stakeholders are more likely to
have confidence in an organization that demonstrates a robust risk management
approach. It shows a commitment to sustainability and responsible practices.
 Innovation and growth: Taking calculated risks is essential for innovation and growth.
Through risk management, organizations can identify opportunities and take strategic
risks that can lead to significant rewards.
 Business continuity: Identifying and preparing for potential risks ensures that the
organization can maintain its operations even during adverse events, such as natural
disasters or economic downturns.
 Efficient project execution: Risk management helps project managers anticipate and
mitigate potential project-related risks. This results in more efficient project execution,
meeting deadlines, and staying within budget.
 Employee morale and productivity: A proactive risk management approach provides
employees with a sense of security and confidence. It can improve morale and
productivity as employees feel supported and empowered to deal with potential
challenges.
 Competitive advantage: Organizations with effective risk management practices can
gain a competitive edge over their peers. They are better positioned to navigate
uncertainties, seize opportunities, and respond to market changes swiftly.

In summary, risk management offers a wide range of benefits, enabling organizations to

protect their assets, capitalize on opportunities, and achieve their objectives with greater
confidence and resilience. Given below are a few more pointers:

 Creates a safe and secure work environment for all staff and customers
 Increases the stability of business operations while also decreasing legal liability
 Provides protection from events that are damaging to both the company and the
environment
 Protects all involved people and assets from potential harm
 Increased focus on the achievement of specific strategies – will highlight areas in which
objectives are unclear or fail to link with the Al Ansari Financial Services’ corporate
strategy
 Improved awareness and control of risk
 Improved compliance with CBUAE requirements and internal policy
 Increased assurance that there are 'no surprises'
 Greater organizational awareness of the benefits of safe risk-taking

Risk Taxonomy – Common Risk Types

The term "risk universe" refers to the complete set or range of potential risks that an organization
may face in its operations, projects, or business activities. It encompasses all possible risks that
could have an impact on the organization's ability to achieve its objectives. The risk universe is
unique to each organization and can vary based on its industry, size, geographic location,
and other specific factors.

Page | 4
 Risk & Fraud Prevention - Advanced

Given below are a few of the risk types that is directly applicable to a financial institution like
Al Ansari Financial Services:

1. Operational Risk: The risk of loss resulting from inadequate or failed internal processes,
people and systems, or from external events. The definition includes risk of loss resulting
from failure to comply with internal policies & procedures of the company.
2. Strategic Risk: Strategic risks can be defined as the uncertainties and untapped
opportunities embedded in the defined strategy and how well they are executed. It is
the risk of business strategies (decision making, implementation of decisions, response to
industry changes) failing to achieve business goals and its impact on revenues, profits,
reputation and value. Strategic risk management is the response to these uncertainties
and opportunities. It involves a clear understanding of corporate strategy, the risks in
adopting and executing it. These risks may be triggered from inside or outside the
organization.
3. Market Risk (Currency Rate Risk): Market risk is the risk that the value of an asset may
increase or decrease due to movements of market factors; such as risk of fluctuation in
the foreign currency rates. AL Ansari Financial Services is exposed to Market risk through
the foreign currency losing value as a result of unfavorable exchange rate fluctuations
between the currency possessed and currency desired.
4. Counterparty Risks: Counterparty credit risk is the risk that the counterparty to a
transaction could default before the final settlement of the transaction's cash flows. An
economic loss would occur if the transactions or portfolio of transactions with the
counterparty has a positive economic value at the time of default. Counterparty credit
risk creates a bilateral risk of loss: the market value of the transaction can be positive or
negative to either counterparty to the transaction. The market value is uncertain and
can vary over time with the movement of underlying market factors.
5. Compliance Risk: Risk of loss and associated harm due to the company’s interaction
with the regulatory, legal & industry environment. It is the exposure to legal penalties,
financial forfeiture and material loss an organization faces when it fails to act in
accordance with industry laws and regulations. The licensing/regulatory authorities has
stipulated ongoing compliance requirements for business units in each jurisdiction, non-
compliance to which can lead to reputation risk or risk of business continuity itself.
6. Financial Risk: Being a financial institution engaged in remittance and foreign exchange
business, the company is exposed to various kinds of financial risks such as liquidity, credit
risk, interest rate risk, currency fluctuation, pricing etc.
7. Reputational Risk: Reputational Risk is the risk of loss, resulting from damages to the
organization’s reputation such as loss of revenue or increased operating, capital or
regulatory costs and this includes the risk to the country ‘s image resulting from the
unacceptable business practices of the organization.
8. Money Laundering/Terrorist Financing Risk: The risk of being involved in, whether
deliberately or not, transforming the proceeds of a crime into apparently legitimate
money or other assets. The risk on account of financing terrorism, directly or indirectly, is
also considered.
9. Security and Technological Risk: The processes at Al Ansari Financial Services rely on
technology which may be constantly under threat from data loss, system weakness or
project failure. Protecting information assets like operational and financial data,
customer data, intellectual property (IP), personally identifiable information (PII) are only
few of the mitigation strategies. It is also important to identify and verify events such as
data breaches, network failure, electronic fraud, and other suspicious activities before

Page | 5
 Risk & Fraud Prevention - Advanced

they result in fines and expenses, damage the brand or reputation, prevent the
company from achieving business goals or even lead to litigations.

Risk Management Process

Risk management is the process of identifying, assessing, and mitigating potential risks that
could affect an organization's objectives. It involves systematically evaluating uncertainties
and taking measures to minimize the negative impact of those risks while also recognizing
opportunities for positive outcomes.

The main goals of risk management are:

 Identification of Risks: The first step in risk management is identifying potential risks that
could affect the organization's ability to achieve its objectives. These risks can be internal
(e.g., operational, financial, compliance-related) or external (e.g., market changes,
geopolitical events, natural disasters).
 Risk Assessment: Once risks are identified, they need to be assessed to understand their
likelihood of occurrence and potential impact on the organization. This evaluation helps
prioritize risks based on their significance and potential consequences.
 Risk Mitigation: After assessing the risks, strategies are developed to mitigate or reduce
the impact of identified risks. This can involve implementing controls, processes, or
procedures to avoid, transfer, or minimize the consequences of risks.
 Risk Monitoring: Risk management is an ongoing process, and risks need to be
continually monitored to ensure that the mitigation measures are effective and up-to-
date. New risks may emerge, and existing risks may change over time, making
monitoring a critical aspect of risk management.
 Risk Reporting and Communication: Effective risk management involves clear and
transparent communication about risks across all levels of the organization. Reporting on
risks and their status allows stakeholders to make informed decisions and take
appropriate actions.

By implementing risk management practices, Al Ansari Financial Services can proactively

address challenges, reduce potential losses, and seize opportunities that arise in their business
environment. An effective risk management framework helps promote stability, resilience, and
sustainable growth, enhancing the overall performance and success.

Risk Culture
Understanding Risk Culture

Risk culture refers to the collective attitudes, beliefs, values, behaviors, and norms within an
organization regarding risk management. It is the shared understanding of how risks are
identified, assessed, communicated, and managed across all levels of the organization.
A strong risk culture is essential for effective risk management, as it influences how employees
and leaders perceive and respond to risks and uncertainties.

A risk management initiative is successful when the culture of the organization is receptive to
it. It significantly affects the capability to take strategic risk decisions and deliver on
performance premises.

Page | 6
 Risk & Fraud Prevention - Advanced

A risk culture can be interpreted as a:

 Reflection of the overall attitude of every employee within an organization

 Product of individual and group values, attitudes and patterns of behavior
 Commitment to the risk management objectives of the organization.

Risk Culture essentially comprises of the following factors:

 Employees’ Personal Predisposition to Risk

 Personal Ethics and behaviors of employees in the organization
 Overall Organizational Culture

Key characteristics of a positive risk culture include:

 Risk awareness: Employees at all levels understand the importance of risk management
and their role in identifying and addressing risks.
 Proactive mindset: The organization encourages a proactive approach to risk
management, where potential risks are identified and addressed before they escalate.
 Open communication: A culture of open and transparent communication allows for the
free flow of risk-related information throughout the organization.
 Accountability: Individuals are held accountable for managing the risks within their areas
of responsibility.
 Learning and improvement: The organization views risk incidents and near-misses as
opportunities for learning and continuous improvement.
 Integration with decision-making: Risk considerations are integrated into strategic
planning and decision-making processes.
 Supportive leadership: Senior leaders demonstrate a commitment to risk management
and set the tone for the organization's risk culture.
 Risk appetite: The organization defines and communicates its risk appetite, providing a
clear framework for risk-taking.
 Adaptability: The organization is adaptable and can respond effectively to emerging
risks and changing circumstances.

The Lines of Defense

The Three Lines of Defense is a risk management and internal control setup that provides
structure and clarity to an organization's risk management activities. It defines roles and
responsibilities in managing and mitigating risks and helps ensure that risk-related processes
are appropriately coordinated and monitored. The Three Lines of Defense model includes
three distinct lines, each playing a specific role in risk management:

i. First Line of Defense:

The first line of defense comprises the operational staff who own and manage risks
directly within their day-to-day activities. This line includes employees across all levels
and functions of the organization who are responsible for executing processes, making
decisions, and delivering products and services to customers. Their primary responsibilities
include:

1. Identifying and assessing risks within their areas of operation.

2. Implementing controls and risk management measures to prevent or mitigate
identified risks.
3. Monitoring and reporting on the effectiveness of controls and risk management
practices.

Page | 7
 Risk & Fraud Prevention - Advanced

4. Taking corrective action to address control deficiencies or process shortcomings.

In essence, the first line of defense involves individuals who are closest to the risks and
are responsible for managing them in their respective areas.

ii. Second Line of Defense

The second line of defense consists of specific functions or departments that support and
oversee risk management activities. These functions are responsible for providing
expertise, guidance, and monitoring to ensure that risks are appropriately managed
across the organization. Key components of the second line of defense include:

1. Compliance and AML (Anti-Money Laundering): This function ensures that the
organization complies with relevant laws, regulations, and internal policies and
procedures.
2. Risk & Fraud Prevention: This function focuses on identifying, preventing, and
detecting fraudulent activities within the organization.

The second line of defense collaborates closely with the first line to establish risk
thresholds, provide risk-related training, and ensure adherence to risk management
policies and procedures.

iii. Third Line of Defense

The third line of defense involves independent assurance providers who evaluate and
provide objective assessments of risk management and internal control processes. The
primary role of the third line is to offer an unbiased opinion on the effectiveness of risk
management practices. This line includes:

1. Internal Audit: Internal auditors conduct independent and systematic evaluations of

risk management practices and internal controls. They provide management and the
board with an objective assessment of the organization's risk management and
control processes.
2. External Assessors: External auditors or assessors, such as regulatory bodies or
independent consultants, may also be part of the third line of defense. They review
the organization's risk management practices and internal controls from an external
perspective.

By having distinct lines of defense, an organization ensures that risk management activities are
appropriately segregated and coordinated. The Three Lines of Defense model fosters a
systematic approach to risk management, promoting a more robust risk culture and
enhancing the organization's ability to identify and manage potential risks effectively.

Page | 8
 Risk & Fraud Prevention - Advanced

What is Fraud?
Understanding Fraud

Fraud is an intentional deception for unfair or unlawful personal gain. It involves various actions
like lying, misuse of assets, misrepresentation, bribery, etc.

Key Characteristics of Fraud:

 Intentional Deception: Fraud involves deliberate and purposeful actions to deceive

others. It is not accidental or unintentional but rather a calculated effort to achieve
personal gain.
 Unlawful or Unfair Gain: The primary objective of fraud is to gain an advantage, benefit,
or profit in a manner that violates laws, regulations, ethical standards, or the rights of
others.
 Misrepresentation: Fraud often includes false statements, lies, or manipulation of
information to create a false impression or induce others into a course of action that
benefits the perpetrator.
 Concealment: Fraudsters may attempt to conceal their activities or actions to avoid
detection or discovery. This can involve covering up evidence, altering records, or
providing misleading information.

Common Examples of Fraud:

 Financial Fraud: Involves false or misleading financial statements, embezzlement,

misappropriation of funds, or other deceptive financial practices.
 Identity Theft: The fraudulent use of someone else's personal information to gain access
to their financial resources or to commit other illegal activities.
 Credit Card Fraud: Unauthorized use of someone else's credit card information to make
fraudulent purchases or withdrawals.
 Internet and Cyber Fraud: Various scams and fraudulent activities conducted through
online platforms, such as phishing, online auctions fraud, and fraudulent emails.

Fraud poses significant risks to individuals, businesses, and society as a whole. It can lead to
financial losses, damage reputations, erode trust, and undermine the integrity of institutions.
Preventing and detecting fraud often requires strong internal controls, effective risk
management practices, and vigilant oversight. Organizations and individuals must remain
proactive in identifying and addressing fraud to protect themselves and their stakeholders
from its harmful consequences.

Actions constituting fraud

 Misappropriation of funds: This refers to the unauthorized use or theft of funds that
belong to the company or its stakeholders for personal gain or other purposes not
intended by the organization.
 Any dishonest or fraudulent act against all stakeholders: This is a broad category
covering any deceitful or fraudulent action that harms the interests of the company's
stakeholders, including employees, shareholders, customers, suppliers, etc.
 Misrepresentation of financial/non–financial statements: This involves presenting false
or misleading information in financial reports or other statements to deceive
stakeholders, investors, or regulators.
 Impropriety in the handling or reporting of money or financial transactions (abnormal
cash short/excess noticed, irrespective of the amount): Any suspicious or abnormal

Page | 9
 Risk & Fraud Prevention - Advanced

handling of financial transactions, like unexplained shortages or excesses of cash,

regardless of the amount involved.
 Accepting or seeking anything of material value from customers, contractors, vendors
or persons providing services/materials to the company (Bribery): This refers to the act
of offering, giving, receiving, or soliciting anything of value with the intention of
influencing business decisions in favor of the person providing the bribe.
 Breach of internal policies, procedures, laws, rules and regulations, notices and
standards: Violation of any internal company policies or procedures, as well as local
and international laws and regulations that guide the proper conduct of business.
 Any event/ attempt that could impact confidentiality, integrity or availability of
information asset or service such as hacking or unauthorized access, intruder attempts,
phishing emails etc.:
 Trying to use counterfeit currency/documentation in order to conduct remittance and
foreign currency transactions.
 Conducting transactions with the aim of defrauding Al Ansari Financial Services, its
customers or the intended beneficiaries of the transactions.
 Misuse of services provided by Al Ansari Financial Services including Western Union,
Cash Express, Global Funds Transfer, Domestic Transfer, Al Ansari Exchange Travel
Card, Cash Collection services, etc.
 Willful suppression of facts, deception in matters of appointments, placements,
submission of reports as a result of which wrongful gain(s) is/are made to one and
wrongful loss to the others.
 Any theft, forgery, irregularities, or other malpractices etc., or even attempt of the
same.

Common frauds evidenced at Al Ansari Financial Services

 Counterfeit currency: Customers visiting Al Ansari Exchange branches may try to

defraud the organization by presenting counterfeit currency.
 Procurement and shipping scam: Fraudster places an order for goods from countries
like China, Hong Kong etc. by promising that a payment would be made through
bank transfer.
 Fraudster then shares the payment receipt from an exchange house with the
supplier in order to get shipment released
 Once the shipment released, the fraudster approaches the exchange house to
cancel the transaction thereby defrauding the supplier.
 Social Engineering: Fraudsters may call Al Ansari Exchange branches to try and gain
access to internal Al Ansari Financial Services’ systems by asking the staff members to
download software or to make test transactions.
 The fraudsters may also call the branches claiming to be from the Sheikh’s office
or from an authority requesting them to conduct transactions and the payment
would be delivered at a later period in time.
 Test Transactions/ Code Entries: Fraudsters may call Al Ansari Exchange branches to
try and induce frontline staff members to conduct test transactions and share the
MTCN that may be later used for withdrawing money. They may also pose to be from
training unit and induce the FLA to conduct transactions as a part of a training
exercise.

Page | 10
 Risk & Fraud Prevention - Advanced

Consumer Fraud

Consumer fraud, also known as consumer scams or consumer deception, refers to dishonest
practices carried out by individuals or businesses with the intention of deceiving consumers for
financial gain or personal benefit. These fraudulent activities can take various forms and can
occur through different channels, such as online, over the phone, or in person. The common
objective is to trick consumers into providing money, personal information, or valuable assets
under false pretenses. Here are some examples of consumer fraud:

 Employment Scam: In an employment scam, fraudsters pose as employers offering

attractive job opportunities to lure job seekers. They may request personal information,
application fees, or even conduct fake interviews to extract money from the victims.
In some cases, the scammer may claim to offer a remote job that requires an upfront
payment or investment from the job seeker.
 Advanced Fee or Pre-Payment Scam: This scam involves convincing victims to pay
upfront fees or charges for promised services, goods, or financial opportunities that
never materialize. The scammer may claim that the fees are necessary to process a
loan, secure a job, or release a prize, but once the payment is made, the scammer
disappears, and the victim is left empty-handed.
 Fake (Counterfeit) Cheque Scam: Scammers may send counterfeit cheques to victims,
often as part of a payment for goods or services sold online. The victim deposits the
cheque into their bank account, and before it bounces, the scammer requests a
refund of a portion of the money. The victim sends the refund, only to find out later
that the original cheque was fake, and they are responsible for the full amount.
 Mystery Shopping Scam: In this scam, individuals are offered mystery shopping
assignments where they are asked to evaluate the service quality of a particular store
or establishment. However, the scammer may charge a fee to access these
assignments, and in the end, no real assignments or payments are provided.
 Relationship Scam: Also known as romance scams, these scams involve fraudsters
creating fake online profiles on dating sites or social media platforms to form romantic
relationships with unsuspecting individuals. Once trust is established, the scammer may
ask for money under the pretext of a personal emergency or financial hardship.
 Antivirus Scam: Scammers may contact individuals claiming to be tech support
representatives from legitimate software companies or internet service providers. They
convince the victims that their computers are infected with viruses or malware, and
then offer fake security software or services at high prices.
 Immigration Scam: Fraudsters may target immigrants by posing as immigration officials
or consultants promising to expedite visa or immigration processes for a fee. Victims
may end up paying money without receiving any legitimate assistance with their
immigration applications.
 Grandparent Scam: In this emotional scam, the fraudster contacts elderly individuals,
pretending to be their grandchild or another family member in distress. They claim to
be in a difficult situation and urgently need financial assistance. The victim, concerned
for their loved one, sends money, only to realize later that they were tricked.
 Overpayment Scam: In an overpayment scam, scammers overpay for goods or
services using a fake cheque or payment method. They then request the victim to
refund the excess amount, and by the time the initial payment is found to be
fraudulent, the victim has already sent the refund.
 Lottery or Other Prizes Scam: Scammers may contact victims, informing them that they
have won a lottery, sweepstake, or other valuable prizes. However, the victim is

Page | 11
 Risk & Fraud Prevention - Advanced

required to pay taxes, fees, or shipping costs upfront to claim the prize, but the
promised prize never materializes.
 Charity Scam: In charity scams, fraudsters pose as representatives of legitimate
charities, soliciting donations from the public for various causes. However, the money
collected goes into the scammer's pockets and does not benefit any charitable
organization.
 Emergency Scam: Also known as the "grandchild in distress" scam, fraudsters may
contact individuals pretending to be a family member or friend facing an emergency,
such as an accident or arrest. They urgently request money to resolve the situation.
 Tax Scam: Scammers impersonate tax authorities, either through phone calls, emails,
or text messages, claiming that the victim owes taxes or has committed tax fraud. They
threaten legal action or arrest unless immediate payment is made.
 Internet Purchase Scam: This scam targets individuals making online purchases. The
scammer may offer goods at attractive prices, but once payment is made, the victim
never receives the items, or they receive substandard or counterfeit products.
 Rental Property Scam: In rental property scams, fraudsters pose as landlords or
property managers, offering attractive rental properties at low prices. They may ask
for a security deposit or advance rent before disappearing, leaving the victim without
a rental property

It's essential for consumers to be vigilant and cautious when dealing with unfamiliar individuals
or organizations, especially when sharing personal information or making financial
transactions. Always verify the legitimacy of offers or requests and report any suspicious activity
to the appropriate authorities.

Other Common Fraud Trends

 Phishing: Obtain sensitive information: Usernames, passwords, and credit card details
 Larceny: Taking property or services without permission to deprive the rightful owner
of it
 Embezzlement: Misappropriates the assets then used for unintended purposes
 Skimming: Using a device called a wedge/skimming device to obtain records from
cards

Forms of Fraud

Fraud can occur both internally and externally within an organization. Here are the forms of
fraud for each category:

1. Internal Fraud: Fraud perpetrated by employees in the organization. Any act of deceit
done by staff members within the organization. A few common examples of fraud by
employees at Al Ansari Financial Services are:
 Embezzlement: Occurs when an employee misappropriates funds or assets for
personal gain, such as siphoning company funds, forging checks, or manipulating
financial records.
 Vendor Fraud: Employees colluding with external vendors to submit fraudulent
invoices or receive /kickbacks in return for awarding contracts. Manipulating the
procurement process to favor certain suppliers or inflating prices for personal gain.
 Payroll Fraud: Manipulating payroll records to create fictitious employees or inflate
hours worked to receive unauthorized payments.
 Data Breaches and Intellectual Property Theft: Employees stealing sensitive data or
intellectual property for personal gain or to sell to competitors.

Page | 12
 Risk & Fraud Prevention - Advanced

A few more common examples of Internal Fraud are:

 Not entering transaction details in AREX and not providing a transaction receipt to
the customer
 Not returning the correct amount of change to the customer
 Paying out cash to someone other than the actual beneficiary with fraudulent
intentions
 Pocketing excess amount in the till
 Processing corporate transactions under the guise of individual transactions
 Unauthorized cancellations of transactions
 Splitting transactions to increase the number of transactions being conducted
 Corruption, bribery & illegal gratuities.
 Breach of internal policies and procedures
 Betraying confidentiality, integrity of asset or service
 Any theft, forgery, irregularities or other malpractices etc.
 Using counterfeit currency/documentation in conducting transactions

2. External Fraud: Any act of deceit done by any third party including potential, current
and ex-customers.
 Identity Theft: Fraudsters using stolen personal information to open accounts, apply
for credit, or commit other financial crimes in someone else's name.
 Phishing Scams: Fraudulent emails or messages that trick individuals into providing
sensitive information or clicking on malicious links.
 Credit Card Fraud: Unauthorized use of stolen credit card information to make
fraudulent purchases.
 Telemarketing Fraud: Fraudulent telemarketing calls or solicitations that deceive
individuals into providing personal or financial information.

It is essential for organizations and individuals to be vigilant against both internal and
external fraud. Implementing robust internal controls, conducting regular audits, and
promoting a strong ethical culture can help prevent and detect fraudulent activities.
Additionally, educating employees and customers about common fraud schemes and
encouraging them to report suspicious activities can further protect against fraud risks.

A few more common examples of external fraud noticed at Al Ansari Financial Services
are:

• Customers are called by fraudsters pretending to be representatives of Al Ansari

Financial Services and informed that they have won a prize and in order to claim
the prize they would need to provide personal information or pay a certain amount
of money as a processing fee.
• Customer using someone else’s identity document to conduct a transactions/
Customer posing as someone else to claim Western Union funds
• A particular customer visits only that particular staff member to conduct a
particular type of transaction
• Phishing – Individual tries to obtain sensitive information
• Using counterfeit currency to conduct transactions

Page | 13
 Risk & Fraud Prevention - Advanced

Why Fraud happens?

As per a survey conducted by the Association of Certified Fraud Examiners highlights two
significant reasons why fraud incidents take place:

 Lack of Controls: This refers to situations where organizations do not have robust
internal control systems in place to prevent and detect fraudulent activities. Internal
controls are policies, procedures, and mechanisms designed to safeguard an
organization's assets, ensure the accuracy and reliability of financial reporting, and
promote compliance with laws and regulations. When there are inadequate or poorly
implemented controls, it creates opportunities for individuals within the organization to
engage in fraudulent behavior without being detected.
 Override of Existing Controls: Even when an organization has established internal
controls, fraud can still occur if there is a lack of adherence to these controls. In some
cases, individuals may intentionally override or bypass established controls to carry out
fraudulent activities. For example, an employee might request an unnecessary
override or special approval from a supervisor or manager to conduct a transaction
that would otherwise be flagged as suspicious by the system.

Ultimately, preventing fraud requires a combination of strong controls, a vigilant workforce,

and a commitment to ethical practices from the top leadership down to all employees.

How fraud hurts

Fraud can have far-reaching and devastating consequences that affect individuals,
businesses, and society as a whole. Here are some ways in which fraud can hurt Al Ansari
Financial Services and the employees:

 Financial Losses: Fraud often results in significant financial losses. Victims of fraud can
lose money directly, such as when scammers deceive them into making payments for
nonexistent goods or services. In the case of businesses, fraud can lead to
embezzlement, theft, or other financial manipulations that harm their bottom line.
 Trust and Reputation: Fraud can erode trust in individuals, businesses, and institutions.
When consumers are defrauded by a company or professional, they may lose
confidence in that entity, leading to a damaged reputation and reduced customer
loyalty. Similarly, employees who commit fraud can tarnish the reputation of their
employers.
 Psychological and Emotional Impact: Damages the morale of colleagues working with
the fraudster as they may be questioned as well.
 Career Dampener: Staff members involved in fraudulent activities may face disciplinary
action, including/leading up to termination and legal action

Overall, fraud has a cascading effect on multiple levels, causing harm not only to direct victims
but also to the broader economy and society. Preventing fraud requires a combination of
robust security measures, public awareness, and strong enforcement of laws to safeguard
individuals and organizations from its damaging consequences.

Page | 14
 Risk & Fraud Prevention - Advanced

The Fraud Triangle

The fraud triangle is a model that describes the three factors that contribute to the occurrence
of fraud within an organization. These factors are:

1. Opportunity

This refers to the conditions or situations that allow a person to commit fraud without getting
caught. Weak internal controls, lack of oversight, and inadequate monitoring can create
opportunities for fraud to occur.

Example: A staff member working in the frontline at Al Ansari Exchange has easy access to
large amounts of cash.

2. Motivation (or pressure)

The motivation factor represents the personal financial or emotional pressures faced by an
individual that compel them to commit fraud. These pressures may include financial
difficulties, high personal debts, addiction problems, or the fear of losing a job.

Example: An employee who is struggling with mounting debts and financial obligations
feels immense pressure to pay off the financial burden.

3. Rationalization

Rationalization is the process by which the fraudster justifies their dishonest actions to
themselves, often by convincing themselves that their behavior is acceptable or justified
under the circumstances. This psychological coping mechanism allows them to alleviate
guilt and reduce cognitive dissonance.

Example: An employee in the procurement section at Al Ansari Financial Services

convinces himself/herself that the company owes them for their hard work and loyalty.
Feeling underappreciated, the employee decides to inflate expenses on company
purchases and keeps the excess money, believing they deserve it as compensation for
their dedication.

It's essential to recognize that the fraud triangle doesn't provide an excuse for fraudulent
behavior but rather helps to identify the underlying factors that may contribute to fraud.
Companies can use this model to strengthen internal controls, enhance employee integrity,
and create a culture of ethics and transparency to mitigate the risk of fraud.

Fraud Risk Management

Fraud Prevention

Fraud prevention is the proactive set of measures and strategies aimed at reducing the risk of
fraud and protecting individuals, businesses, and organizations from falling victim to fraudulent
activities. Implementing effective fraud prevention practices helps to safeguard financial
assets, sensitive information, and reputation. Here are some key steps and best practices for
fraud prevention:

 Strong Internal Controls: Establish robust internal controls within an organization to ensure
proper checks and balances. Segregate duties so that no single individual has complete
control over financial transactions, record-keeping, and approvals.

Page | 15
 Risk & Fraud Prevention - Advanced

 Employee Training and Awareness: Educate employees about common fraud schemes,
red flags to watch out for, and the importance of reporting suspicious activities promptly.
An informed and vigilant workforce can act as the first line of defense against fraud.

Al Ansari Financial Services also implements the following processes to ensure fraud prevention:

 Code of Conduct and other related standards

 Employee and third party due diligence
 Know Your Employee
 Communication and Training
 Process specific fraud risk controls
 Pro-active data analysis
 Fraud Control Policy Declaration

Further steps that have been taken to ensure fraud prevention at Al Ansari Financial Services
are:

 All FLA (frontline associates) and Treasury staff members i.e. cash-handling staff are
trained in identification of counterfeit currency and commonly used IDs during training
courses like Counterfeit Detection Training
 All Al Ansari Exchange branches are equipped with Counterfeit detection machines and
UV lights to verify the currency
 Information is shared with staff members only based on their nature of jobs to prevent
misuse of customer and organizational data
 Segregation of accesses to ensure maker-checker concept
 Verification of supplies/services received by appropriate end users
 Physical access controls to prevent unauthorized flow of information

Actions that are expected from Frontline associates are:

Pay close attention to the behavioral aspects of the customer and ask open ended questions
such as:

 Who? - What is the relationship with the beneficiary?

 What? - What is the purpose of the transaction?
 When? - Are the funds being remitted using instant transfer options like WU, CE, etc.?
 Where? - What is the destination of remittance transaction?
 How? - Are the funds being sent as bank transfer or cash pickup?
 Why? - Were you directed to receive the transaction by someone else?

By combining these fraud prevention strategies, organizations can create a comprehensive

and resilient defense against fraud, protecting themselves and their stakeholders from
potential financial and reputational damage. Remember that fraud prevention is an ongoing
process, and staying proactive in adapting to new threats is crucial to maintaining effective
protection.

Fraud Detection

Fraud detection involves identifying and uncovering fraudulent activities or attempts before
they cause significant harm. By using various tools, techniques, and technologies,
organizations can proactively monitor transactions and behaviors to spot anomalies and
patterns associated with fraudulent behavior. Here are some common methods used in fraud
detection:

Page | 16
 Risk & Fraud Prevention - Advanced

 Data Analytics: Utilize data analytics and machine learning algorithms to analyze large
volumes of data and detect unusual patterns or trends that might indicate fraud. These
algorithms can identify deviations from regular transaction patterns and flag potential
fraudulent activities.
 Behavioral Analysis: Monitor and analyze user behavior, both internal (employees) and
external (customers), to identify unusual activities or changes in behavior that might
indicate fraudulent intentions or compromised accounts.
 Rule-Based Systems: Establish predefined rules or thresholds based on known fraud
patterns or red flags. Transactions or behaviors that match these rules trigger alerts for
further investigation.
 Real-Time Monitoring: Implement real-time monitoring systems to analyze transactions
and activities as they occur, allowing for immediate detection and response to
suspicious events.
 Employee Monitoring: Implement systems to monitor employee access to sensitive data
and activities within the organization to detect insider threats or unauthorized activities.

A few more processes deployed at Al Ansari Financial Services for fraud detection include:

• Whistleblower
• Periodic assessments and reporting
• Internal Audit
• Process audit/Department audit
• Day end verification
• Transaction monitoring
• Fraud Rules

C. Fraud Response

When fraud is detected or suspected, it is crucial to respond promptly and effectively to

minimize its impact and prevent further harm. Here are the essential steps in responding to
fraud:

 Conduct Internal Investigation: Conduct an internal investigation to understand the

extent of the fraud, identify the parties involved, and determine the vulnerabilities that
allowed the fraud to occur. If needed, hire external forensic experts to assist with the
investigation.
 Review and Strengthen Controls: Analyze the weaknesses in the existing internal controls
that allowed the fraud to happen. Implement corrective actions and strengthen controls
to prevent similar incidents in the future.
 Recover Losses: Take appropriate legal action to recover any financial losses incurred
due to the fraud. This may involve pursuing legal action against the perpetrators or
seeking insurance claims if applicable.
 Improve Fraud Prevention Measures: Use the lessons learned from the fraud incident to
enhance fraud prevention measures. Continuously assess and update fraud detection
and prevention strategies to stay ahead of evolving fraud techniques.

A few more processes implemented at Al Ansari Financial Services are:

• Initiation of Internal Investigation Protocols

• Remedial Actions to recover the losses
• Disciplinary actions based on the Code of Conduct and Schedule of Violations
• Reporting to Law enforcement and regulatory authorities

Page | 17
 Risk & Fraud Prevention - Advanced

Responding to fraud effectively requires a coordinated effort involving multiple stakeholders,

including management, legal advisor, Internal Auditors, etc. Being proactive in addressing
fraud and taking swift action can help mitigate its impact and protect the organization's
reputation and financial stability.

Zero Tolerance Policy

Al Ansari Financial Services’ Fraud Prevention Framework and Policy launched in the year 2022
highlights the following:

 Al Ansari Financial Services has a “Zero Tolerance” approach to Fraud. It sets out the
company’s stance on fraud prevention detection and investigation which will help in
mitigating any risk originating from fraudulent activities, corruption and misconduct.
 Al Ansari Financial Services is committed to develop a culture where it is safe for
stakeholders as well as employees to raise concerns about any poor or unacceptable
practice or any event of misconduct (Whistle Blowing Policy 2018, Code of Conduct
etc.)
 Al Ansari Financial Services have a legal and regulatory obligation to report customers
as well as employees who have indulged in a fraudulent activity (refer to chapter 11
of the Fraud Prevention Framework and Policy)

Anti-bribery and Corruption

The Anti-bribery and corruption policy at Al Ansari Financial Services is designed to prevent
and prohibit the act of offering, promising, giving, soliciting, or accepting bribes in any form.
These policies are essential for organizations to ensure ethical behavior, maintain compliance
with applicable laws, and uphold their reputation and integrity.

 Preventing Bribery and Corruption: Al Ansari Financial Services is committed to

preventing bribery and corruption. This means they have established policies and
procedures to identify and address potential bribery risks within their operations.
 Applicable Anti-Bribery Legislation: Al Ansari Financial Services commits to adhering to
all relevant anti-bribery legislation and regulations in the countries and markets where
it operates. This includes local laws, international conventions, and industry-specific
regulations related to anti-bribery and corruption.
 High Behavioral Standards: Al Ansari Financial Services maintains high behavioral
standards within the organization. This implies promoting a culture of integrity, ethical
conduct, and compliance among its employees and stakeholders.
 Doing the Right Thing: The organization emphasizes the importance of doing the right
thing, even when faced with challenging situations or potential temptations.
 No Bribes to Anyone: Al Ansari Financial Services explicitly states that it does not
engage in or tolerate bribery. This includes refraining from offering bribes to
government officials, employees of government-owned or controlled entities, private
individuals, or employees of other businesses.
 Improper Influence and Advantage: Al Ansari Financial Services does not seek to
improperly influence any act or decision to obtain or retain business. It also does not
use bribes to secure any unfair or improper advantage for the organization.

The purpose of such a policy is to create a transparent and fair business environment, free from
corrupt practices that could compromise the organization's values, credibility, and legal

Page | 18
 Risk & Fraud Prevention - Advanced

standing. By enforcing anti-bribery and corruption policies, Al Ansari Financial Services aims to
maintain a level playing field in its markets, build trust with stakeholders, and ensure a strong
commitment to ethical business practices. Employees and stakeholders are expected to
abide by these policies, and any violations may result in disciplinary actions, legal
consequences, or reputational damage for the organization.

Whistleblowing Policy
A Whistleblowing Policy is a set of guidelines and procedures established by an organization
to encourage employees and other stakeholders to report any suspected misconduct, illegal
activities, or failures in the processes or systems within the organization. The whistleblowing
policy at Al Ansari Financial Services aims to create a safe and confidential reporting
mechanism for individuals who have serious concerns about the organization's practices.

Key elements of a Whistleblowing Policy at Al Ansari Financial Services include:

 Encouragement to Report Concerns: The main objective of the policy is to actively

encourage employees to come forward and report any concerns they may have. This
could include issues related to unethical behavior, fraud, harassment, safety violations,
or any other wrongdoing.
 Protection of Whistleblowers: The policy assures individuals that they will be protected
from retaliation or adverse actions for making a genuine report in good faith.
Confidentiality is a crucial aspect of the policy to safeguard the identity of the
whistleblower.
 Response and Investigation: The policy outlines how the organization will respond to
the concerns raised by whistleblowers. It should establish a clear process for
investigating the reported issues and taking appropriate actions to address them.

You may report your concerns or suspicious activity at myvoice@alansari.ae.

Consumer Protection
Fraud against consumers is often related to false promises or inaccurate claims made to
consumers, as well as practices that directly cheat consumers out of their money.

To protect the customer from Consumer fraud, one must:

 Provide all customers with a transaction receipt detailing various aspects of the
transaction.
 Follow customer centric procedures that encourage total transparency of transaction.
 Monitor and respond to all customer queries and types of risks associated with
products/services.
 Ensure timely notifications to consumers to promote awareness and preventive
measures when a specific pattern of fraud or deception is identified.

Fraud Indicators (Red Flags)

Fraud Indicators – From Customers

Detecting fraud indicators from customers can be challenging, but it's crucial for all staff
members to be vigilant and attentive to potential warning signs. While no single indicator

Page | 19
 Risk & Fraud Prevention - Advanced

guarantees fraudulent activity, a combination of these factors may raise suspicion and
warrant further investigation. Here are some common fraud indicators from customers:

 Unusual Requests: Look for customers who make unusual requests like requesting
currency notes with serial numbers, particular denominations, etc.
 Rushed or Insistent Transactions: Customers who pressure or rush through transactions,
particularly if they avoid standard verification processes or refuse to provide necessary
information, might be attempting to bypass security measures.
 Unwillingness to Provide Personal Information: Customers who are hesitant or refuse to
provide standard personal information during account creation or transaction processes
might be trying to hide their identity.
 Frequent Cancellation requests: Customers who consistently request transaction
cancellation/modification.
 Inconsistent or Suspicious Information: Pay attention to customers who provide
inconsistent or suspicious personal information, such as mismatched addresses, phone
numbers, or names.

A few more examples are:

 Customers exhibiting nervousness, apprehensive and confused

 Unable to provide basic/specific details such as relationship, purpose, amount,
transaction country of origin
 Receiving split transactions in small or in odd amounts without reason within a short
period of time
 Receiving transactions from unrelated senders, inconsistent with profession/designation

Fraud Indicators – From Employees

Detecting fraud indicators from employees is important to prevent internal fraud and protect
Al Ansari Financial Services’ assets and reputation. While these indicators may not conclusively
prove fraudulent behavior, they can serve as red flags that warrant further investigation. Here
are some common fraud indicators from employees:

 Lifestyle Inconsistencies: Employees living beyond their apparent means or showing

sudden, unexplained improvements in their lifestyle, such as expensive purchases or
vacations, could be an indicator of embezzlement or theft.
 Financial Difficulties: Employees facing financial difficulties, such as mounting debts or
personal crises, may be more susceptible to committing fraud for personal gain.
 Excessive Overtime or Working Hours: Employees who consistently work late hours,
weekends, or holidays without a valid explanation may be using this time to commit
fraudulent activities without detection.
 Lack of Transparency: Employees who are reluctant to share information or collaborate
with colleagues may be trying to hide fraudulent actions or processes.
 Unusually Close Relationships with Vendors or Customers: Employees who have unusually
close relationships with vendors or customers could be colluding with them to defraud
the company through inflated invoices, kickbacks, or other schemes.

A few more examples are:

 Staff unwilling to take timely vacation

 Employee is noticed to be living beyond their means
 Staff facing excessive financial difficulties
 Unwarranted closeness of the employee with the customer

Page | 20
 Risk & Fraud Prevention - Advanced

 Unwarranted closeness of the procurement officer towards suppliers/vendors

 Staff processing transactions for the customer without clear/with suspicious
documentation
 Awarding of corporate contracts for personal benefits to the disadvantage of the
company
 Hiring, placement or promotion of personnel for any reason other than merit

Common Fraud typologies used by fraudsters

Fraudsters often use deceptive techniques to exploit people's trust and execute fraudulent
activities. While the examples provided may not encompass all possible fraud typologies, they
do cover some common scenarios. Here's a brief explanation of each typology:

 Financial Assistance Scams: In this type of fraud, scammers claim to be in need of

financial assistance for various reasons such as education expenses, medical
emergencies, or visa processing fees. They reach out to multiple individuals, often
unrelated, seeking monetary help. However, these stories are often fabricated, and the
money received is not used for the stated purpose.
 Operation Expenses/Rent Payment Scams: Here, the fraudster pretends to receive funds
from their employer or the employer's friends to cover operation expenses or rent
payments. However, in reality, there might be no legitimate employment, and the
received money is likely to be misused or used for illegal activities.
 Online Goods Sales Scams: In this type of fraud, the scammer sells goods online but does
not deliver the products as promised. The goods might be presented as originating from
other countries, but in reality, no delivery is made, resulting in financial losses for the
victims.
 Sales Proceeds and Cargo Clearance Scams: In these scams, fraudsters receive funds
purportedly as sales proceeds or cargo clearance charges for goods that do not exist
or have not been shipped. They trick victims into sending money without providing
essential documents like airway bills, bill of lading, custom clearance, shipment
documents, and trade licenses, making it difficult for the victims to verify the legitimacy
of the transaction.
 Receiving Funds on Behalf of Others: Fraudsters might ask unsuspecting individuals to
receive money on behalf of someone else, possibly a friend who does not have a valid
visa in a country like UAE. In this scenario, the receiver is likely to be unaware of the actual
purpose of the transaction, and the funds might be used for illegal or illicit activities.

It's crucial to be cautious when dealing with financial transactions involving unfamiliar
individuals or organizations, especially if the situation seems suspicious or too good to be true.
Always verify the legitimacy of the transactions and the identities of the parties involved before
proceeding. If you encounter any suspicious activity, it's essential to report it to the appropriate
authorities to help prevent others from falling victim to fraud.

Further steps taken to prevent/detect fraud at Al Ansari Financial Services

 All FLA (frontline associates) and Treasury staff members i.e. cash-handling staff are
trained in identification of counterfeit currency and commonly used IDs during training
courses like Counterfeit Detection Training.

Page | 21
 Risk & Fraud Prevention - Advanced

 Appropriate supporting documentation like source of funds and purpose of transaction

are requested from the customers to ensure transaction legitimacy.
 All Al Ansari Financial Services’ internal systems are secured as per the Network Security
policy that prevents access to personal emails. This is done to ensure data protection
and restricting the flow of privileged information without appropriate authorizations.
 All Al Ansari Exchange branches are equipped with state of the art counterfeit detection
machines to identify counterfeit currencies.
 All staff members are trained on identification of red flags as well as reporting of
suspicious transactions through appropriate channels.
 Information is shared with staff members based only on the requirements of the job.
Customer information, transaction data and other sensitive information is shared only
after express written consent from the GCEO/GDCEO.
 Suspicious links on emails are restricted immediately by IT Infrastructure team and are
released to the intended beneficiary only after a threat analysis has been done.
 All supplies received from supplier’s/service providers are verified for accuracy against
the orders placed by the requesting party. At least 3 quotations are obtained for all
goods and services that will be procured for the organization. All payments made to the
suppliers are put through a strict review process in order to ensure that the payments are
for the appropriately procured services.
 Enhanced due diligence and approvals/guidance from management while dealing
with Pubic officials.
 Al Ansari Financial Services has appropriate access controls in sensitive areas, both
physical and in IT systems. Access to IT systems is controlled with a well-defined User
Access Management policy under the functional domain of Information Technology.
The User Access Management policy calls for segregation of accesses based on job role,
maker-checker and regular review of accesses provided to staff members across the
organization.
 All frontline agents are instructed to never initiate a transaction without the presence of
customer at the branch or without collecting the cash / cheque / card.

Actions required from Frontline Agents

Pay close attention to the behavioral aspects of the customer and ask open ended questions
such as:

 What is your relationship with the sender?

 Where and when did you meet the sender?
 What is the purpose of the transaction?
 How often do you use Western Union or Cash Express?
 Were you directed to receive the transaction by someone else?

Note: If the customer is providing unclear answers, refuse to payout the transaction and inform
the receiver that the transaction is not available in the system at that time and obtain approval
from Area Manager. Follow internal procedures to raise a UPS through system by escalating
the same to AML department.

Page | 22
 Risk & Fraud Prevention - Advanced

Reporting of Fraud/Suspicious Activities

Reporting Channels

An employee or other person who suspects any fraudulent activity is taking place should, in
the first instance, report the matter to their line manager or concerned HOD/Area Manager
through phone, email or text messages.

Once a report of suspected/actual fraud is made to a supervisor/manager, the

supervisor/manager is required to pass that information promptly to his/her HOD. The HOD
would then forward the same to Risk and Fraud Prevention, Internal Audit and HR &
Administration Department.

• All actual fraud /suspected fraud incidents shall be mandatorily reported to Risk & Fraud
Prevention Department at risk.team@alansari.ae without any delay or failure
• IT or information security related incidents or suspicious activities shall be reported to
itsupport@alansari.ae.
• In case of a telephonic/verbal conversation, a follow-up email is to be sent to the line
manager, Area Manager/HOD so that the concern raised is clearly explained and the
line of authority should acknowledge the same.

Points to consider while reporting fraud:

• Avoid alerting suspected individuals to an investigation that is underway.

• Do not make statements that could lead to claims of false accusations or other charges.
• Details of the incident, facts, suspicions or allegations should not be discussed with
anyone inside or outside Al Ansari Financial Services unless the investigating team
specifically directs this
• The matter should not be discussed with the individual suspected of fraud

Reporting Fraud to Law Enforcement Agencies

Once the suspicious activity has been investigated by Internal Audit, Risk & Fraud Prevention,
HR & Administration and the concerned HOD, all fraud incidents are to be immediately
reported to the following authorities:

 Police Authorities for investigation

 Financial Intelligence Unit via STR system in the form of a fraud report
 Banking Supervision Department if the amount of loss is equal to or exceeds AED
100,000.
 Recovery of funds through legal action and criminal referrals will be taken up by the HR
& Administration department
 Insurance claims, if any, will be taken up with the help of Finance & Accounts team

Persona Non Grata (UAEPNG)

“The Persona Non Grata [UAEPNG] system was developed to protect the banking sector from
the appointment of persons whose services have been terminated for reasons related to
professional integrity, including but not limited to committing fraud,” – The Central Bank of UAE.

• In case of employee termination due to fraudulent activities, the employee details are
to be shared to the Persona-Non-Grata (PNG) system under the aegis of CBUAE.

Page | 23
 Risk & Fraud Prevention - Advanced

• The PNG system is designed as a central database containing information about

individuals who have been restricted from working in the financial sector.
• The restriction may be imposed on any individual who has been involved in
fraud/unlawful activities/misuse of the financial system.
• This includes individuals who have been found to be a part of or enabled any financial
crime including bypassing MLTF/Sanctions requirements, etc.

Covering Up/Non-reporting of Fraud

In case of a cover up, non-reporting of fraud or obstructing investigations, the following actions
would be taken against the individual:

 Action up to and including dismissal.

 Persons who threaten retaliation against a person reporting a suspected fraud shall
be subject to the disciplinary code which could include action up to and including
dismissal or prosecution or both.

Important Points to Remember (Do’s and Don’ts)

Do’s Don’ts
 Read our Company's Anti-Fraud Policy –  Do not use company assets for personal
make sure you understand our rules and use without permission
code of ethics
 Know what personal use is and isn’t  Steal company time – example: arriving
allowed – get permission if you’re not late, running your personal business during
sure company time, excessive chatting,
working slowly to conduct lesser number
of transactions.
 Make sure your expense claims and  Make false claims about sickness, your
timesheets are accurate and honest, qualifications, experience or gaps in your
with supporting evidence employment – you may face dismissal
 Be vigilant and watch out for signs of  Bypass our systems or controls to commit
fraud among your colleagues fraud
 Report any knowledge or suspicion of  Collude with suppliers to defraud our
employee fraud immediately company

Reminders
We can only prevent/reduce fraud incidents by understanding that:

 The responsibility of reporting fraud lies with the staff members in the organization
 Be vigilant and watch out for signs of fraud among your colleagues
 Following policies and procedures as have been established
 Read and understand Fraud Prevention Policy & Framework, the Whistleblowing policy
as well the Employee Handbook that highlights the principles of Fraud detection,
prevention and reporting.
 Make sure you understand our rules and code of ethics
 Know what personal use is and isn’t allowed – get permission if you’re not sure

Page | 24
 Risk & Fraud Prevention - Advanced

 Make sure your expense claims and overtime/under time sheets are accurate and
honest
 Report any knowledge or suspicion of employee fraud immediately

Remember that everyone has a role in Risk & Fraud Prevention:

 Understand the Organizational Objectives and Process

 Identify potential risks and fraudulent activities within their respective processes/ job
roles
 Report potential risks and suspicious activities through appropriate channels
 Adhere to Standard Operating Procedures and avoid deviations from internal
processes to minimize risks in respective area of functioning

Case Studies
Scenario 1: Cashier processed customer’s transaction using own personal
membership card details

Possible scenarios of Fraud:

 Data manipulation
 Obtain customer’s privileges (such as MY WU points)
 Bypassing sanctions – Customer may be a national of a sanctioned/embargoed
country
 Customer’s name may be blacklisted

How to avoid/appropriate action to be taken:

 Always ensure to create transactions using customer’s membership details only and
never use own membership for customer transactions

Scenario 2: Branch documents were taken by the staff without authorization

Possible scenarios of Fraud:

 Data manipulation
 Forgery of signatures
 Obtain and leak confidential information
 Expose signatories/authorized persons’ private information

How to avoid/appropriate action to be taken:

 Never carry any documents pertaining to Al Ansari Financial Services, customer’s ID’s
or any other documents outside the branch premises.

Scenario 3: Failure to log out of the user ID

Possible scenarios of Fraud:

 Other staff members can gain access to personal and private information of user.
 Framing by conducting transactions using other’s ID and pocketing the transaction
value.

Page | 25
 Risk & Fraud Prevention - Advanced

How to avoid/appropriate action:

 Never leave your system unattended

 Always ensure to log out of the system before leaving your work station
 Inbuilt auto-lock system trigger when inactive (already present)

Scenario 4: Corporate refund paid in cash

Possible scenarios of Fraud:

 Authorized representative easily gains access to cash

 Terminated/resigned authorized representatives may misuse the cash

How to avoid/appropriate action to be taken:

 Refunds should always be made payable in the form or cheques bearing the name
of the company

Scenario 5: Cash embezzlement

Possible scenarios of Fraud:

 Staff member misappropriates assets that do not belong to him/her – Staff member
pockets the excess cash noticed in his/her till.
 Staff member may use his access to AREX/Cash Express to make personal transactions
without paying the required cash.

How to avoid/appropriate action:

 Avoid making personal transactions using your own AREX/Cash Express ID

 Make personal transactions only with the help of other cashiers while standing on the
other side of the till.
 Make sure to pay the correct amount of cash to the staff member making the
transaction

Scenario 6: Cash Payout made to the wrong beneficiary

Possible scenarios of Fraud:

 Embezzlement
 Collusion between staff and customer

How to avoid/appropriate action:

 Always verify the identity documents of the customer before initiating the domestic
receive transaction.
 The name on the customer’s ID should match the name on the transaction.
 If there is a difference in the name of the ID and the transaction, consult the Branch
Manager for further process

Page | 26
 Risk & Fraud Prevention - Advanced

Reference to Industry Guidance

Central Bank of the UAE https://www.centralbank.ae

Egmont Group https://egmontgroup.org

FATF http://www.fatf-gafi.org

MENAFATF http://www.menafatf.org/

Wolfsberg Group https://www.wolfsberg-principles.com/

IMOLIN https://www.imolin.org/

Page | 27