DATE : March 2020
RISK ORC CIB ANTI-FRAUD MISSION STATEMENT
The present document defines the missions, overall roles andresponsibilities of RISK ORC CIB Anti-Fraud from Lisbon, acting as the 2ndLine of Defence dedicated to fraud risk management for BNP Paribas Corporate& Institutional Banking (CIB).
Group globalframework for Fraud risk management
Fraud,whether internal or external, is an operational risk that follows the global frameworkfor operational risk management.
As per the Group procedure on Operational Risk managementframework 1 ,
Fraud prevention and protection are firstmanaged by operating entities as first line of defence. Operating entities haveto identify internal and external fraud risks within their scope, assess theserisks and define and operate a control framework, consistently with Groupguidelines, applicable regulations and their own risk environment.
The second line of defence on fraud risk isperformed under the aegis of RISK. Chief Risk Officers, acting through the RISKORC stream, are the second line of defence on fraud risk management along theorganizational setup defined for operational risk.
They are responsible for :
Challenging the first line fraud risk managementactivities & the control framework developed in the entities under theiroversight
Testing whether the risk mitigation framework operates asexpected, and in some case operates directly some controls through independenttesting,
Defining the fraud alert management and investigationframework
Operating the fraud alert management and investigationframework for the part assigned to the second line of defence.
Providing their Senior Management, their Board and localsupervisors with an independent view on the fraud risk profile of their entity.
Within the deconcentrated RISK ORC teams, anExpert on Fraud prevention - protection should be appointed, that should be thereferent for all the above matters and be specifically in charge of the fraudalert management and the investigations .
Context RISKORC CIB Anti-Fraud (versus Compliance)
Anti-Fraud team wastransferred from Compliance to RISK, October 1st 2016.
Compliance remains responsible for its sovereign themesand processes, as defined in level 2 procedure1 andreferred in the table below.
Surveillanceof Compliance risks and e-communication (FOCS within LOD1) are out of the scope.RISK organizes the proper information ofCompliance on money laundering matters coming from fraud events or suspicionsit may be aware of.
Vice versa, Compliance may alert RISK on any case of fraud,actual or suspicious, it may detect through its own processes.
Compliance manages the global whistleblowing process andrelies on RISK expertise for instructing any case with a fraud suspicion it ismade aware of.
Compliance themes / processes Legal themes / processes
Financial security (fighting against money laundering and terrorism financing, respect of embargoes & financial sanctions)
Anti-bribery and corruption
Legal advices including on contracts
Protection of the interests of clients
Market integrity (market manipulation, insider trading, conflict of interest)
Legal risk management framework
Referral of external legal counsel
Compliance with regulations related to personal data protection
Regulatory compliance with tax laws with extra territorial reach (FATCA, AEOI)
Regulatory compliance towards banking laws with extra territorial reach (Volcker rule, French banking law)
Scope of RISKORC CIB Anti-Fraud
RISK ORC CIB Anti-Fraudactivities cover Global Markets through traders’ unauthorized activitiesthrough Abnormal Trade Pattern (ATP) surveillance,
Coverage of CIB CorporateBanking and CIB functions have been integrated since Q3 2017.
Surveillance of ALMTtrading activity has been integrated in ATP framework in July 2017.
BP2S Anti-Fraudteam integrates the Anti-Fraud network as Risk correspondents.
RISK ORC CIB AF covers mainlyrogue trading, social engineering, security (data leakage when related to fraudor fraud attempts) and payments risks (client payments and Bank Paymentsystem).
RISK ORC CIBAnti-Fraud mandate and activities
In line with Groupguidelines, RISK ORC CIB Anti-Fraud mandate encompasses a three-fold coremission :
Be the global / local expertise centre on fraud riskmanagement for CIB activities,
Coordinate the Anti-Fraud network (globally or locally),
Be the single entry point for anti-fraud issues(internally and externally)
CIB anti-Fraud mandate applicableto all regions is articulated around five pillars :
1. Awareness : animation,training
2. Protection : prevention,detection
3. Reaction : investigation,remediation
5. Coordinationwith RISK ORC CIB network
To enhance BNPP CIB fraud risk awareness toBusinesses, CIB Anti-Fraud is responsible for :
Developing and animating internal communication andawareness campaigns in coordination with the Group, related to Anti-Fraudprinciples, fraud mechanisms and losses impacts
Participating in seminars and professional associationsrelated to Anti-Fraud
Participating in fraud risk training programs design andanimating trainings
Building and animating an Anti-Fraud community aiming atreinforcing global fraud awareness among Business Lines and Regions
CIB Anti-Fraud is responsible for assessingprinciples that apply to systems and processes within BNPP CIB to enable fraud prevention and detection .
CIB Anti-Fraud is responsible for :
Providing methodological advisory to prevent fraudincidents from occurring
Challenging 1st Line of Defence Control Plan and localframework through dedicated on-site reviews (independent testing realisedannually).
Performing thematic reviews (independent testing realisedannually).
Designing and implementing the Anti-Fraud 2nd Line ofDefence Control Plan(see controls details in Appendix), coordinated byCIB Anti-Fraud Transversal team (Paris), and run annually.
CIB Anti-Fraud is responsible for :
Cross-checking different sources of data to identifysuspicious schemes
Performing ad-hoc fraud risk assessment, data-mining andmodelling in case of suspicion
Performing controls to detect fraud and suspiciousevents, with the support of industrialised and dedicated tools (See Appendix onATP Radars)
Developing and maintaining internal and external watch toenhance existing known fraud patterns and mechanisms
Contributing to improve surveillance framework workingwith the 1st Line of Defence to set-up alerts criteria
The reaction role is articulated around investigation and remediation .
CIB Anti-Fraud is part of the CIB’s fraudresponse plan, and is responsible for conducting investigation processes and identifiesweaknesses
CIB Anti-Fraud can participate in theremediation phase through advisory.
The objective is to improve processes,systems and control environment to prevent occurred fraud schemes fromhappening again.
CIB Anti-Fraud, and in particular the globalHead of CIB Anti-Fraud team is a referred single entry point for :
External information on CIB Anti-Fraud risk matters withregulators
Internal information on CIB Anti-Fraud risk matterswithin the Group
5. Coordination with RIKS ORC CIB network
RISK ORC CIB Anti-Fraud leverages on RISK ORCCIB network to further develop awareness, prevention and remediationactivities.
RISK ORC CIB remains responsible for thefollow-up of remediation actions.
Withexperience in RISK Management, audit or consulting. An experience in antifraudfield would be a plus
Degree : Master (Bac+ 5, Grandes Ecoles)
BUSINESS & TECHNICALCOMPETENCIES
Goodknowledge of :
CIBmetiers, products and processes
Financial instruments and associated risks
Payment systemsused by CIB and associated risks
Languages : English and French (fluent)
Pack office MS
BEHAVIOURIAL AND / OR MANAGEMENT SKILLS
Excellent relationship capabilities
Capability to work in autonomy, in agile mode
Entrepreneurial spirit, dynamism, curiosity andvolontarism
Capability to deliver key messages to different level of management : synthesisand restitution abilities
Capability to challenge stakeholders in a constructive mindset
Analytical and synthetic spirit
1 Organizational framework andgovernance for Operational Risk Management & Permanent Control Framework