Bank fraud: perception of bankers in the State of Qatar.INTRODUCTION
Fraud has been the major risk that attacks the structure of firms regardless of the size or the industry. Latest study by PriceWaterhouse Coopers (2007) showed that over 43% of companies surveyed from 40 countries from all over the world had reported losses from economic crimes during the previous two years. The study presented that a total of US$ 4.2 billion loss over the last two years was reported by these companies. It is estimated that undiscovered fraud cost US$ 5.7 billion due to the lack of internal controls of the organization.
Insurance industry seems to suffer the most from fraud. Accordingly, PriceWaterhouseCoopers (2007) indicated that this industry lost a total of US$ 4.5 million on average in (2007) mainly in asset misappropriation, while spending on average US$ 1 million in strengthening internal controls. It is impossible to eliminate the fraud but it can be minimized by understanding the reasons that cause fraud and develop a solution to diminish its occurrence.
Fraud started a long time ago and was related to goods in general, like, trading in goods by trying to avoid customs that must be paid or by hiding the poor quality of the goods. The purpose was to gain more profit. Also, fraud was related at that time to livestock and cattle which involved ways to make livestock bigger, healthier or heavier and selling meat by passing horsemeat instead of beef meat. In the late 1960s in America, fraud was perpetuated by filling tanks with oil except the top which was filled with water.
There are many definitions that explain fraud; all of them are around the same concept but in different applications or contexts. According to Spam laws (accessed on 30 May, 2008), "Fraud involves deception and misrepresentation in order to make money. Deception could involve manufacturing counterfeit credit cards or padding insurance claims, or making false claims to receive mortgage loans you wouldn't have received otherwise." Fraud Advisory Panel (accessed on 30 May 2008) defined fraud as "the removal of cash or assets to which the fraudsters is not entitled--or false accounting- the classification or alternation of accounting records or other documents". Another definition of the fraud by Advfn PLC is "illegal activity of trying to conceal information intentionally for personal gain. Many frauds involving financial transactions are committed by business professionals, who use their knowledge and gained credibility to deceive customers". Association of Certified Fraud Examiners (2004) defined fraud as "the use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets".
KPMG (2002) reported several causes of fraud. However, the major cause of fraud was the collusion between employees and third parties (55%) followed by poor internal controls (48%). Other causes of fraud are illustrated in the table 1 below:
Banking fraud could be divided to two main categories; namely External and Internal fraud. Examples of external fraud are credit and debit cards transactions, or theft done using automated teller machine to obtain cash in advance. Internal fraud relates to employees inside organizations who can steal cash or inventory from the company or from other employees, or allowing other staff to steal. Internal fraud also called occupational fraud and abuse. Joseph T. Wells (1997) defined occasional fraud as "the use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets." According to this definition, internal fraud includes asset misappropriations, corruption and fraudulent financial statements.
To minimize and detect fraud, the firm has to focus on its corporate governance which is based on a set of ethical principles that guide the company to take actions, including introducing new products. In addition, corporate governance establish a framework for reducing risk and detecting the fraud that might arise.
OBJECTIVES OF THIS STUDY
The objectives of this research were to study the reasons behind fraud in general and specifically in banking sector in State of Qatar by concentrating on the areas that the fraud had taken place. Another objective was to evaluate the current internal processes that had been utilized to detect fraud, reaching to a stage of designing a framework or solution to minimize fraud in the banking sector in the State of Qatar.
Many authors mentioned that there are unlimited types of fraud. As a matter of fact, it depends on how people are creating it and think about it. The most important types of fraud are divided in four categories. All these types of fraud can occur through employees who are working inside the organization or from illegal organization outside the firm.
This is the most commonly occurring fraud by occupational fraudsters and it is the easiest to detect. Asset misappropriation relates to the company assets which mean "using the company assets for sole purpose of capitalizing unfairly on goodwill and reputation of property owner." Joseph T. Wells, (1997), in other words using the companies' assets for the personal benefit. Asset misappropriation includes revenue skimming, inventory and receivable theft, and payroll fraud.
Bribery and Corruption
This is the second frequently occurring type of fraud. Bribery may be defined as "the offering, giving, receiving, or soliciting any thing of value to influence an official act." (Joseph T. Wells, 1997) Bribery may be classified into two categories which are: Kickbacks and Bid Rigging Schemes. A kickback involves, according to Wells (1997), "a vendor submitting a fraudulent or inflated invoice to the victim company an employee of that company helps to make sure that the payment is made on the false invoice. For his assistance the employee fraudsters receive some form of payment from the vendor. This payment is the kickback." The other type which is bid rigging scheme occurs when an employee supports the supplier to prevail the deal at the bidding process. The other aspect which is the corruption may be defined as "spoiled, trained, vitiated, depraved, debased, and morally degenerate. As used as a verb, to change one's morals and principles from good to bad" Joseph T. Wells, (1997).
Financial Statements Fraud
This is the least type of fraud occurring, it involves the manipulation of the financial statements to create financial change for entity. Financial statements fraud arises when the top management wants to show earnings in the statements, by changing the nature element in the financial statements which means changing the debt to assets or report the credit as an equity to show an increase in the earning of the company to increase year- end bonus, or show favorable loan terms.
This is related to the use of any component of the internet such as email, web sites, financial transactions, to perform fraudulent transactions, to present deceptive picture to catch victims, or to convey the proceeds of fraud to cheat financial institutions or any other related organizations. Justice, http://www.usdoj.gov/criminal/fraud/internet/, accessed on 30, May 2008
The government and central banks pay close attention to the banking fraud and continue to issue the necessary rules and regulation to minimize fraud in financial institutions. In addition, many studies had been published in this field prepared by specialists and consultants who analyze the causes of fraud and ways to minimize the occurrence of fraud. The most important previously published studies covering this topic including its importance, losses, causes, and ways to minimize will be discussed in this section.
PriceWaterhouseCoopers (2003, 2005, 2007) indicated that fraud was one of the major problems that companies were facing regardless of the size of the firm or the industry. This study surveyed 5,428 companies from 40 countries to examine the impact of fraud. The result of this study showed that 43% of these companies reported fraud which they faced in the last two years. Table 2 below summarizes the companies reporting actual incidents of fraud.
According to table 2 above, there is an increase in all types of economic crimes starting from 2003 and ending with 2007. Clearly, growth can be noticed in the year 2005 followed by insignificant increase in fraud in 2007 which signaled that companies had taken preventive strategies to control the potential fraudsters' action. Additionally, regulators established necessary rules and policies emphasizing internal control and developed corporate governance principles.
Table 3 above indicates that the industry reporting fraud the most was Insurance (46%), the average direct losses was US$ 4.5 million while they spent approximately US$ 1 million to manage issues resulting from fraud. Forty-two percent of industrial manufacturing firms were victims and 39% of technology companies faced fraud mostly in intellectual property infringement.
The other major important part which the study discussed was the key elements of effective controls. It stated that for effective implementation of the internal controls, one must understand the nature of fraud and ways fraudsters use. So companies have to understand their system and environment and to keep space for any change that may rise to update this system according to the new methods of fraud.
Finally, the study concentrated on possible methods to detect fraud by trying to identify how company discovers fraud. Table 4 below list different method of detecting fraud in 2007.
As shown, fraud mostly discovered by internal control, whistle blowing, followed by Accidently discovered, the reason was, the firms' failure to update the internal controls which negatively affect the proper operation process and subsequently reflect on illegal transaction. Enhancement of internal control system, as well as the high attention paid to protecting the financial assets will create the necessary detective mechanism inside the organization.
Internal Control Components
James A. Hall (2004) stated that internal control in its concepts contain "procedures, policies and practices to protect the organization assets, support the firm efficiency in its operation, ensure the accuracy in the accounting records and information, and assess management compliance with the policies and procedures." Accordingly, internal control consists of five components which are: (1) control Environment, (2) risk assessment, (3) information and communication, (4) monitoring, and (5) control activities. Each component is described in the following section.
The Control Environment
This type of control is considered the basic of all other components. It sets the manner for the firms in which it must be understood by management and employees of the organization, including the structure of the firm, the participation of the board of directors or the audit committee, management method of operating and assessing performance, and the policies and procedures to manage human resources. So, auditors require understanding of the structure of the organization towards management, board of directors, and the responsibility of the internal control. They have to report any irregular conditions that may occur for fraud. Also, they have to understand the industry and set the conditions that may increase the risks which are related to the business risk. The board of directors should implement basic rules in the organization to avoid any conflict of interest such as separating the CEO and Chair person, set ethical standards to direct the management and the staff of the organization, and establish an audit committee to ensure that annual audit is conducted independently by being involved in selecting independent auditors.
Risk assessment must be utilized in firms to analyze, identify and manage risks related to financial reporting. (James A. Hall, 2004) These risks may be caused by change the way of operating environment in the organization, new joiners that understand internal controls in different way, reengineered the information system or implement new technologies that may affect the transaction while being processed, introduce new technology without having adequate knowledge about it, and implement new accounting principle that may affect the preparation of the financial statements.
Information and Communication
Accounting information systems consist of methods used to classify, analyze, identify and record transactions that occur in the organization. However, this will help the company to recognize assets and liabilities in making decisions concerning the firm operations and preparation of the financial statements. (James A. Hall, 2004)
James A. Hall (2004) stated that monitoring is a process to design internal controls and to assess the operation of the organization. So, auditors monitor the organization activity by using separate procedures to test internal controls and report its strengths and weaknesses to management.
It is related to policies and procedures to identify the risks of the organization. Control activities can be classified into two groups: computer controls and physical controls. Computer controls are related to the IT environment and auditing which is classified into (1) general group related to entity wide concerns like control of data centers and firm database, and (2) application controls which are related to specific systems like sales processing order and accounts payable. Physical Controls are related to human activities employed in accounting systems; it can be manual such as physical custody of assets or may be used by computers to register the transactions. (James A. Hall, 2004).
Edward Fokuoh Ampratwum (2008) noted that one of the major types of fraud is corruption. Ampratwum (2008) concentrated his research on corruption and its implications for development in developing and transition economies. The methodology used in this study included a review of published theoretical and practical research to understand the causes, effects, measurement, aid and international efforts to eliminate corruption.
Ampratwum (2008) defined corruption as "the abuse of public roles or resources for private benefit". Corruption was a major issue in the mid 1990s from the political and economic sides in many countries. Robinson (2004) defined the political corruption as "the violation of the formal rules governing the allocation of public resources by public officials in response to offers of financial gains or political support".
The study illustrated several reasons behind the corruption including low government wages and high taxes. The researcher studied the effects of the corruption on the economy and investment culture. He summarized these effects into five major parts which were misallocation of resources on the level of macroeconomics, the unfair distribution of wealth which affect negatively the social community, minimize the required budget for significant sectors such as health and education because of difficulty to manipulate these projects for bribe purposes, harmful effect on economic growth and investment, including reducing the opportunity to encourage investment, and reducing the value of the government regulation and policies which will allow the companies to work in illegal economic environment (i.e. violation of tax and regulatory laws).
The developing governments had issued several policies and procedures to measure and control the corruption in order to eliminate the effect of these factors. In addition, aid donors recently developed rules and laws on these matters to minimize the misuse of the funds to invest in illegal transactions.
The conclusion of this study was that governmental and non governmental agencies had concentrated on finding policies to minimize the fraud by understanding its nature and identifying the most dangerous type that affect the macroeconomic indicators (such as the rate of growth, local and foreign investment levels, and unemployment rate).
Another study about corruption was conducted by Gjeneza Budima (2006) entitled: "Can Corruption and Economic Crime be Controlled in Developing Economies, and if so, is the Cost Worth it?" The purpose of this study was to examine the effect of corruption on developing countries and to identify the reasons why economic crimes were more frequent in developing countries. The study indicated that it is difficult to evaluate the losses resulting from fraud in developing countries. Additionally, the study concluded that fraudsters commit illegal transactions in developing countries due to lack of government regulation to fight fraud.
The study illustrated the difference between economic crimes and corruption. It was stated that economic crimes included corruption and other types such as corporate fraud, false accounting, cheating, and lying. Moreover, the study defined corruption as a personal benefit on behalf of the public that will affect the government budget.
Although corruption may not be eliminated, it may be controlled by amending the policies, motivating professional bureaucracy, and by establishing relation between developing countries and international organization to benefit from their professional expertise to legislate laws to combat economic crimes.
The conclusion of this study was that theft corruption had positive and negative impacts in developing countries. From the positive side, dealing with corruption will allow foreigners to invest and this will lead to accumulation of capital. From the negative side, corruption will destroy the government budget (spending in unrelated issues), and allow the accumulation of capital to be transferred outside the country.
Another study done by Wesley Kenneth Wilhelm (2004) entitled " Fraud Management Lifecycle Theory: A Holistic Approach to Fraud Management". This study developed a lifecycle framework and evaluated six industries which faced economic crimes in the United States including (1) telecommunications, (2) banking and finance, (3) insurance, (4) health care, (5) internet merchants, (6) brokerage and securities. This lifecycle contained eight stages which will be discussed later in this study.
The methodology used in this study was based on previous literature reviews as well as interviews, questionnaire and case study responses about fraud management lifecycle. Statistics showed that telecommunication is the industry suffering the most from fraud. Losses reported by telecommunication industry were US$ 150 billion while insurance reported US$ 67 billion annually (see table 5). According to the study, FBI received 207,051 suspicion activities fraud related to different areas in banking such as cheque fraud, counterfeit checks, and counterfeit negotiable instruments amounting to US$ 1.2 billion.
The second important part of the study was fraud management lifecycle which contained eight stages. These stages are interrelated and need to be implemented together.
The conclusion reached by the researcher was that efficiency of the fraud management requires balancing the activity for each stage in the management lifecycle. The importance of this cycle is not only to prevent fraud but also to identify solutions and improvements in the existing activities to prevent fraud. In other words, successful implementation of fraud management lifecycle will reduce the amount of fraud loss and will adopt a new technique to minimize fraud occurrence in the future.
The banking sector is playing a major role in the economy. Therefore, proper rules and regulations are needed to regulate the banking activities, policies and procedures. On the other hand, weak regulation may lead to financial problems and significant losses which finally affect the macroeconomics indicators.
One of the main activities of the central banks is to regulate, supervise and control financial institutions in order to maintain the stability of the banking system and minimize the losses caused by fraud which will lead to protect the shareholders and depositors' funds and maintain a good image of banking industry in the country.
Also another important activity performed by the banking sector is the payment system which includes the international and local payments for goods and services. Accordingly, central banks will not allow money to be transferred if it is more than specific amount unless the purposes and the destination are known. However, there are several tools of payments such as cheque, debit and credit cards; electronic funds transfer (EFT), point of sale (POS) and real time gross settlement system (RTGS). (Bank of Uganda, 2005). This study stated that there are various kinds of fraud that can be done through check and / or use of electronic channels, credit & debit cards and misuse of customers' accounts.
QATAR CENTRAL BANK RULES AND REGULATIONS
Qatar Central Bank plays an important role to support and strengthen the banking system by eliminating fraud through its policies and procedures. Currently, there is no specific data and information about the amount of losses caused by fraud in Qatari banking system. Qatar Central Bank approaches the best practices, standards and principles in supervising financial institutions. It addresses, among others aspects, corporate governance, anti- money laundry regulations, and prompt corrective actions against problems. The following is Qatar Central Bank framework to minimize banking fraud.
One of the corporate governance objectives is to control the conflict of interest between shareholders, depositors, borrowers, executive management, internal audit, and risk management. QCB, by implementing the rules of corporate governance, emphasis is on separating the responsibilities between different parties by deciding the roles and the authorities for each party to avoid any conflict of interest. Qatar Central Bank defined the rules and responsibilities of directors which could be summarized in eight topics as follows:
* Setting strategies, objectives and policies;
* Forming the organizational structure;
* Constituting committees and delegating powers and authorities;
* Monitoring the implementation and evaluating the performance and risks;
* Appointing and monitoring internal auditing staff;
* Appointing an independent external auditor;
* Assuming responsibilities towards shareholders and other parties; and,
* Assuming responsibilities towards QCB.
Also QCB define rules and responsibilities of executive management who should support the board in setting and developing the strategies, objectives, structure and policies which will be set by the board of directors. Executive management must set programs to evaluate the effectiveness of the internal control implementation and they should cooperate with the internal and external auditors to provide them with the necessary information and support they need.
Instructions of Combating Money Laundering and Terrorism Financing
Money laundry and terrorism finance is one of the major fraud types in banking industry; central bank issued its own rules and regulation to prevent such fraud. The main framework of these rules was as follows.
1. Bank employees have to check customers' representative by checking their identification cards, purpose of opening account, customer's good reputation and any other necessary information that the bank feel it must be checked along with customers' records must be kept for a minimum of 15 years;
2. In case of institutions, banks should check customer name and legal status with the company article of association;
3. Bank should know the source of any amount exceed QR 100,000/-, or has any doubt about banking transaction by getting the complete documentation and information about the transaction. In case the bank has doubt about money laundering transaction or terrorism, banks should freeze the account and report the suspicious transaction as well; and,
4. Control procedures and training programs for the staff must be maintained to prevent and detect money laundering and terrorism.
Accordingly, all banks should implement strategies to eliminate money laundering and terrorism which must comply with the regulation set by QCB to minimize economic crimes.
QCB Regulation Towards Crime, Cash, and Banking Electronic System
QCB had written policies to minimize fraud by setting procedure which must be followed by all banks. So, banks must notify QCB in case of any crime or fraud by providing the names of accused persons. Banks have to check regularly the efficiency of their electronic systems by setting measures to avoid any fraud that may occur in the future.
Know Your Customer (KYC)
The purpose of know your customer concept is to identify banks clients whether they are individuals or entities by checking the legal documentation before opening an account. The documentation should contain the minimum required information such as: contacts numbers, address, place of work and confirmation letter from their employers. Know your customer concept becomes one of the most significant tools to minimize fraud in financial institutions.
Know Your Employee (KYE)
Organizations have to know their employees before hiring them and should have a positive record from their previous employment or from legal entities. Also, they should keep track records about their employees. Institution and employees should comply with personnel laws and regulations, and code of conduct/ethics.
The aim of this research was to investigate the reasons and critical factors behind economic crimes in banking sectors generally, and especially in the State of Qatar. The objectives of this research were to investigate and identify the most types of fraud occurrence, to examine the amount of losses resulting from fraud, to review the awareness of banking sector in State of Qatar toward economic crimes, and to suggest recommendation and framework to be implemented to eliminate or minimize the fraud in banking sector in State of Qatar.
This research utilized one major tool, namely questionnaire which was used to facilitate the gathering of information from respondents. The questionnaire contained 24 questions in three different sections including, background information of respondents (e.g. age, education and work experience), general information about fraud, and fraud detection which is only answered by auditors, finance and risk management professionals. The survey was limited to the banking sector that operates in the State of Qatar. Table 7 lists banks utilized in this study. Two hundred questionnaires were distributed to the first line, middle, and senior management levels of these banks. One hundred ninety eight were completed for a response rate of 99 percent.
Table 8 shows the demographics characteristics relating to the respondents of this study. The survey was completed by 198 participants of which 12 percent were less than 30 years old, 39 percent were between the ages of 30- 40 years old, 33 percent were between the ages of 41-50, and 16 percent in the range of 51-60 years old. It was noticed that more males were working in banking sector than females (78 percent males vs. 22 percent females). Respondents included 64 percent of non-Qatari compared to 36 percent of Qatari workers. Forty-four percent of participants were holding a senior management position, while 38 percent were in the middle management level. Forty-six percent of respondents had experience between 11 and 15 years and 27 percent had more than 15 years of experience
in the banking sector in Qatar. While analyzing education level of respondents, it was noticed that the lowest percentage (5 percent) were employees with high school degrees and the highest percentage was 48 percent for employees holding bachelor degrees. Most of the respondents were working in retail (15 percent) and operation (15 percent) departments. The remaining respondents were allocated almost equally among different departments.
Respondents from different departments were asked several questions related to fraud to capture their perception about employees' awareness about fraud. Table 9 shows that most respondents (95 percent) agreed that they had information about banking fraud in general and 86 percent agreed that they were familiar with internal control systems in their banks. When respondents were asked about reporting fraud committed by their employees, 44 percent answered positively. Of those respondents positively, 31 percent indicated fraud occurred in credit card while 22 percent selected asset misappropriation. Twenty- two percent reported the amount of fraud was between less than hundred thousand and up to five hundred thousand. Eighteen percent of respondents reported that there were no cash losses resulting from fraud.
Most of the respondents (84 percent) stated that they reported fraud directly to their line managers while 11 percent report directly to the auditors.
Most respondents (64 percent) reported receiving awareness session or information from their banks, 75 percent indicated their banks had anti-fraud policies, and 66 percent of their staff were aware of these anit-fraud policies. Finally, 82 percent indicated their banks had written policies and procedures concerning asset usage.
The third part of the questionnaire was specified to auditors, finance and risk managers to measure their important role to implement a strong system to detect fraud. Respondents were asked to indicate whether their banks encourage whistle blowing. Results indicated that the majority of respondents (82 percent) had encouraged the technique, while the rest (18) percent did not encourage whistle blowing as a mechanism in detecting fraud.
There were a variety of responses from participants toward which type of fraud occurs most frequently in the banking sector. The highest percentage was in credit card (51 percent) followed with ATM fraud (45 percent) and the least percentage was in theft (7 percent). When asked about which departments' fraud occurs the most, respondents reported the highest percentage in retail (52 percent) followed by investment (31 percent). When asked about the procedure most effective in discovering fraud, respondents indicated internal control, (66 percent), internal audit reviews (28 percent), and government agency notification (19 percent).
When respondents were asked about controls utilized in their banks 77 percent indicated preventive, 62 percent reported detective, and 57 percent mandated corrective controls. The most widely used internal control components were control environment (72 percent) and risk assessments (67 percent). It is worth noting that the least utilized internal control components were control activities (48 percent) and information and communication (39 percent).
The last question asked respondents how they dealt with fraud. Sixty- five percent reported fraud directly to audit committee and 9 percent reported to the board of directors.
The chi-square non-parametric test was used to determine whether various relationships were statistically significant. Table 10 shows a summary of calculated values for various chi-square tests involving age, gender, nationality, title and education in one hand and awareness about fraud, areas of fraud, reporting and losses resulting from fraud, most frequently occurring fraud types, procedures to discover fraud, and types of controls available on the other hand. Many of the indicators did not show any statistical significant between the dependent and independent variables. The first variable tested was age. There was statistically relationship between age and familiarity with internal control systems, reporting fraud, receiving awareness session about fraud, the availability of written policy and procedures about asset usage, types of fraud, departments were fraud frequently occurs, effective procedures in discovering fraud, types of control, and how to deal with fraud. As employees became older, they were more familiar with internal control systems, tended to report fraud more frequently, received fraud awareness session, their banks had written policies and procedures of how to utilize assets, perceived fraud to occur most frequently in financial statements. Employees with age group between 30-40 were twice more likely to identify internal controls as the procedures most effective in discovering fraud than the employees between 41-50.
The second variable was gender. There was a significant relation between gender and familiarity with the policies and procedures in their banks, reporting of fraud, department were fraud most frequently occurs particularly in investment, awareness of QCB regulations and rules as most effective procedure in discovering fraud and finally the importance of information and communication as the most internal control components utilized in banks.
Male were more aware of the internal control system in their banks, identified credit cards as the area were fraud most occur, more likely to recognize that information and communication as the proper tool of internal control system.
However, females think that investment is the department in which fraud was reported, also they were three times more likely to believe that QCB rules and regulations are the most effective way to discover fraud. Both genders agreed on reporting fraud to line managers rather than auditors.
Nationality was divided into two groups namely Qatari and Non-Qatari. Results showed statistically significant relation between the nationality and employees general information, internal control system, reporting of fraud, receive fraud awareness session, existence of anti-fraud policy, encouraging of whistle blowing as a mechanism to report fraud, perceived fraud to occur most frequently in financial statements and finally investigation by employees as a most effective method in discovering fraud.
Non-Qatari more familiar with the general information about the fraud, internal control system and more likely receive awareness session about fraud. Qatari nationals reported ten times more likely than non-Qatari in relation to Investigation by employees as the most effective procedure in discovering fraud.
The other variable used in this research was education. There was statistically relationship between education and general information about fraud, familiarity with internal control systems, and effective procedures in discovering fraud. As employees became more educated, they were more familiar with internal control systems. Results show masters degree holders were more likely aware of internal control than bachelor and diploma degree holders.
Last important variable is the employees' seniority. As employees become more seniority, they were more familiar with the policies and procedures in their banks, reporting fraud, losses figures as a result of fraud, awareness of the anti-fraud policy, the availability of written policy and procedures about asset usage, encouragement of the whistle blowing as a mechanism to report fraud, types of fraud, departments were fraud frequently occurs, effective procedures in discovering fraud, types of control, internal control components utilized in banks and how to deal with fraud. As employees became more seniority, they were more familiar with internal control systems, tended to report fraud more frequently, believed that the corrective action is the kind of control to minimize fraud, and monitoring as one of the internal control components which their banks utilized.
SUMMARY AND CONCLUSION
This study discussed the nature of fraud in general and it focused in banking sector especially in State of Qatar. The study showed several factors that must be used to minimize fraud. Some of these factors must be followed and applied in banks which are regulations addressed from Qatar Central Bank and others are optional depending on the system and the management style in implement efficient internal control system and other internal policies. This study tried to minimize the banking fraud to enhance the effectiveness of the banking operations. A survey was utilized to gather the data required and the SAS statistical software was used to analyze the data. A total of 200 questionnaires were distributed and 198 had been collected.
This study found that the majority of management levels in all banks had information about policies and procedures. However there is still room for training of all staff in different areas in banking sector. Additionally, the study found that banks are not utilizing the three methodologies (detective, corrective, preventive) in the same manner. According to study, senior management emphasis on corrective control while it is suppose to build the set up of preventive control rather than the corrective action. Majority of banks reported the use of the different component of internal control including control environment (72 percent), risk assessment (67 percent), and monitoring (59 percent). Bankers report fraud to audit committee (65 percent) followed by reporting to board of directors (9 percent). Finally, education had a major effect on the internal control awareness which mean that the lower educated staff need more focus on training and continuous session about fraud.
Based on our findings, the study recommends the following to minimize fraud occurrence:
1. Regular sessions and courses must be available to all levels of staff, provided by professional trainers, to update employee with the latest techniques of fraud and how to protect their organization;
2. Local anti-fraud organization must be established to implement the full policies and procedures related to fraud in cooperation with an international fraud organization such as Association of Certified Fraud Examiners;
3. Strengthening the control system by updating and ensuring the system can handle the new challenges and threats;
4. Activate the internal audit function in banks to equip with appropriate defense techniques against possible fraud; and,
5. Establish compliance culture by assigning teams to monitor the employees to ensure that regulations and rules of the bank are followed and to avoid conflict of interest.
The limitations of this study were as follow:
1. No clear statistics of fraud losses in the Middle East;
2. Annual reports or regular banks financial statements do not show any official effect of fraud on banks performance; and,
3. Difficulty to calculate losses in relation to each type of fraud in State of Qatar.
ACL, 2005, "Fraud detection & prevention: transaction analysis for effective fraud detection, http://www.pentana.com/ACL/fraud%20white%20paper/wp_fraud.pdf accessed on 30, May 2008
ADVFN PLC USA, http://www.advfn.com/money-words_term_2081_fraud.html, accessed On 30 May 2008
Ampratwum, Edward Fokuoh, 2008, "the fight against corruption and its implications for development in developing and transition economies", Journal of money laundering control, Vol. 11, No. 1
Bank of Uganda, 2005, "bank fraud-a challenge to Uganda's banking industry" http://www.bou.or.ug/BANKFRAUD.pdf, accessed on 30, May 2008
BMF, "Fighting money laundry and terrorism funding" http://english.bmf.gv.at/FinancialMarket/Fightingmoneylaundr_85/_start.htm, accessed on 30, May 2008
Budima, Gjeneza, 2006, "can corruption and economic crime be controlled in developing economies, and if so, is the cost worth it?" Journal of financial crime, Vol. 13 No. 4
Blanque, Pascal, 2002," Crisis and Fruad", Journal of financial regulation and compliance.
Bussmann, Kai-D, 2005, "Global economic crime survey 2005", economy and crime research centre, Martin Luther- University.
Bussmann, Kai-D., 2007," Economic and crime: people, culture and controls", economy and crime research centre, Martin Luther- University.
Coenen, Tracy, 2008, "Three basic fraud types", All business A D&B Company, http://www.allbusiness.com/crime-law-enforcement-corrections/ criminal-offenses/6635361-1.html, accessed on 30, May 2008
Ernest & Young, 2004, "Common fraud types", http://www.tecbrand.com/eyrisk/newsletter1004/fraud_warning.htm, accessed on 30, May 2008
Fraud Advisory Panel, http://www.fraudadvisorypanel.org/newsite/PDFs/ advice/Fighting%20Fraud.pdf, accessed on 30, May 2008
Hall, James A., 2004, Accounting information system, fourth edition.
Internal Controls,"they key to good business practices", http://www.cafm.vt.edu/dbmg/internal_controls.php#typescontrols, accessed on 30, May 2008
Justice, "What is the internet fraud?" http://www.usdoj.gov/criminal/fraud/internet/, accessed on 30, May 2008
Lloyd, Clem and Paul Walton, 1999," Reporting corporate crime", volume 4, number 1.
Louw, John & Petrus Marais, 2002, "Southern Africa fraud survey", KPMG Mercer University," Internal control" http://www2.mercer.edu/Audit/Internal+Control.htm, accessed on 30, May 2008
PCAOB, 2007, "Observations on auditor's implementation of PCAOB standards relating to audit responsibilities with respect to fraud", http://www.pcaobus.org/Inspections/Other/2007/01-22_Release_2007-001.pdf, accessed on 30,May 2008
QCB, 2006, eighth edition, http://www.qcb.gov.qa/ Instruction_To_banks_March_2006/Part%20Seven/page117-124.pdf, accessed on 30, May 2008
QCB, 2006, eighth edition, http://www.qcb.gov.qa/ Instruction_To_banks_March_2006/Part%20Seven/page117-124.pdf, accessed on 30, May 2008
QCB, 2006, eighth edition, http://www.qcb.gov.qa/ Instruction_To_banks_March_2006/Part%20Six/page58-62.pdf, accessed on 30, May 2008
Sandrei, Igor, 2005. "Credit fraud in retail banking", Narodna Banka Slovensea, volume xIII
Spam laws, http://www.spamlaws.com/fraud.html, accessed on 23, June 2008
Wells, Joseph T., 1997, Occupational fraud and abuse,
Wells, Joseph T., 2000," So that's why it's called a pyramid scheme", Journal of accountancy, Association of Certified Fraud Examiners.
Wilhelm, Wesley Kenneth, 2004, "The fraud management lifecycle theory: A holistic approach to fraud management", Journal of economic crime management, Volume, issue 2.
Wikipedia the free encyclopaedia, http://en.wikipedia.org/wiki/Bank_fraud, Accessed on 30, May, 2008
Wilmer,. Cluter and Pickering, 2003, "Economic crime survey", Pricewaterhousecoopers.
Zikmund, Paul, 2008," 4 steps to a successful fraud risk assessment: internal auditing is an excellent position to identify fraud schemes and scenarios and evaluate the controls in place to prevent them".
Reem Abdul Latif Nabhan, Qatar University
Nitham M. Hindi, Qatar University
Table 1: Several Causes of Fraud Percentage Reported Causes of Fraud by Respondents Collusion between employees and third party 55% Poor internal controls 48% Management override of internal controls 32% Collusion between employees 30% Type of industry (i.e. Industry at high 23% risk of fraud) Poor hiring practices 16% Poor or non-existent corporate ethics policy 14% Lack of control over management by directors 10% Other 9% Source: KPMG (2002) Table 2: Companies Reporting Actual Incidents of Fraud (2003, 2005, 2007) Percentage of Companies Types of Fraud Reported Fraud Year 2003 2005 2007 Asset Misappropriation 26% 29% 30% Intellectual Property Infringement 11% 12% 15% Corruption & Bribery 6% 11% 13% Accounting Fraud 4% 11% 12% Money Laundering 1% 3% 4% Source: PriceWaterhouseCoopers (2007) Table 3: Losses Reported by Industry Sectors (2007) Average Fraud Average Direct Management Industry Sector Loss (US$) Costs (US$) Insurance 4,476,717 1,018,114 Industrial Manufacturing 4,837,975 758,651 Technology 3,462,819 554,895 Entertainment & Media 3,118,516 300,862 Engineering & Construction 2,819,975 360,313 Retail & Consumer 2,801,719 481,224 Global 2,420,700 550,350 Pharmaceuticals 2,479,047 357,251 Total Average Percentage of Cost to Companies Industry Sector Business (US$) Reporting Fraud Insurance 5,494,831 46% Industrial Manufacturing 5,096,826 42% Technology 4,017,714 39% Entertainment & Media 3,419,378 42% Engineering & Construction 3,280,288 25% Retail & Consumer 3,086,873 24% Global 2,971,056 - Pharmaceuticals 2,836,298 27% Source: PriceWaterhouseCoopers (2007) Table 4: Methods of discover fraud Methods to discover fraud Percentage Internal audit 19% Whistle blowing 8% By accident 6% Fraud risk management 4% Suspicious transaction reporting 4% By law enforcement 3% Source: PriceWaterhouseCoopers (2007) Table 5: Industries Annual Fraud Losses Industry Annual Losses in US$ Telecommunications fraud 150 billion Insurance fraud 67 billion Money laundering 40 billion Internet fraud 5.7 billion Bank fraud 1.2 billion Credit card fraud (excluding debit card) 1.0 billion Total 264.9 billion Source: Wesley Kenneth Wilhelm, "The fraud management life cycle theory", Journal of economic crime management, 2004. Table 6: Fraud Management Lifecycle Stages Definition Stage one: Deterrence Activities used to prevent fraud before occurring. Stage two: Prevention Activities to prevent or stop fraudsters from doing fraudulent activities. Usually prevention stage is coming after deterrence failed in stopping fraud. Stage three: Detection Activities used to find fraud and to reveal the presence of the fraud. Stage four: Mitigation Stopping the fraudsters from continuing criminal crimes by taking an action such as blocking accounts. Stage five: Analysis Losses discovered from the previous stages must be identified and factors causing fraud should be understood. Stage six: Policy Activities and policies are created, evaluated and communicated to reduce the occurrence of fraud. Stage seven: Investigation Conducting research to obtain evidence and information to stop fraudsters from committing illegal activities. Stage eight: Prosecution Communication with legal firms to punish the fraudsters and to maintain a business reputation to prevent and minimize the occurrence of fraud. Source: Wesley Kenneth Wilhelm, "The Fraud Management Life Cycle Theory", Journal of economic crime management, 2004. Table 7: Banks Operating in State of Qatar Capital (December Total Assets 31, 2007) (Dec. 31, 2007) Bank Name in 000 QR in 000 QR Qatar National Bank 1824975 114360668 Commercial Bank of Qatar 1,401,579 45397279 Doha Bank 1,248,175 30088112 Qatar Islamic Bank 1,193,400 21335768 Al-Ahli Bank 507,812 15576381 International Bank of Qatar 321,430 10770637 Masraf Al Rayan 3,749,685 10191470 Qatar International Islamic Bank 700,782 9951209 Arab Bank 20,000 4347000 Qatar Industrial Development Bank 1,500,000 1692499 QR 3.65 = $ 1 Table 8: Demographics of Respondents No. of respondents Percent of Variable (n=198) Respondents Age: Less than 30 years 23 12 30 - 40 years 78 39 41 - 50 years 66 33 51 - 60 years 31 16 Above 61 0 0 TOTAL 198 100 Gender: Male 155 78 Female 43 22 TOTAL 198 100 Nationality: Non-Qatari 126 64 Qatari national 72 36 TOTAL 198 100 Title: Senior management 88 44 Middle management 75 38 First line managers 33 17 Other 2 1 TOTAL 198 100 Working Experience: Less than 5 years 8 4 5 - 10 years 45 23 11 - 15 years 92 46 More than 15 years 53 27 TOTAL 198 100 Education: High school degree 11 5 Bachelor degree 95 48 Diploma degree 40 20 Master degree or equivalent 38 19 Doctoral degree 14 7 TOTAL 198 100 Department: Operation 30 15 Retail 29 15 Corporate 23 12 Credit 22 11 Audit 19 10 Risk Management 17 8 Finance 16 8 Investment 14 7 Trade Finance 14 7 Other 14 7 TOTAL 198 100 Table 9: General information about fraud Variable Frequency Percent General knowledge about banking fraud: Yes 188 95 No 10 5 Familiarity of internal control system: Yes 170 86 No 28 14 Reporting of fraud: Yes 88 44 No 110 56 Areas where fraud have been reported: Credit Cards 17 31 Bank assets (asset misappropriation) 15 22 Bribery 13 19 Theft 12 18 ATM fraud 9 13 Financial statements 9 13 Corruption 9 17 Other 4 6 Amount discovered as fraud: Less than 100 15 22 101-500 15 22 501-1000 13 19 More than 1000 12 18 No cash losses 12 18 Report of fraud: Line manager 167 84 Auditors 22 11 Other 9 4 Fraud awareness session/ information: Yes 126 64 No 72 36 Anti fraud policy: Yes 148 75 No 50 25 Staff awareness of anti fraud policy: Yes 130 66 No 68 34 Written policy & procedures for using bank assets: Yes 164 83 No 34 17 Table 10: Fraud detection Variable Frequency Percent Encourage of whistle blowing: Yes 40 82 No 9 18 Types of fraud occur most frequently: Credit card fraud 27 51 ATM fraud 24 45 Financial statement 18 34 Asset misappropriation 15 28 Bribery 7 13 Theft 4 7 Other 0 0 Department that fraud occur most frequently: Retail 28 52 Investment 17 31 Corporate 14 26 Operation 12 22 Trade finance 8 15 Other 4 7 Risk management 3 5 Finance 2 4 Audit 0 0 Credit Effective procedure in discovering fraud: Internal control 35 66 Internal audit review 15 28 Government agency notification (QCB) 10 19 Specific investigation by management 6 11 Customer notification 4 7 Specific investigation by employee 4 7 Other 2 4 Policy notification 2 4 Accidental discovery 1 2 Control utilize in bank: Preventive 41 77 Detective 33 62 Corrective 30 57 Internal control components: Control environment 39 72 Risk assessments 36 67 Monitoring 32 59 Control activities 26 48 Information & communication 21 39 Deal with fraud: Report to audit committee 35 65 Other 12 22 Report to board of director 5 9 Immediate dismissal 2 4 Keep it quite 0 0