Bank fraud: perception of bankers in the State of Qatar.
Nabhan, Reem Adbul Latif ; Hindi, Nitham M.
INTRODUCTION
Fraud has been the major risk that attacks the structure of firms
regardless of the size or the industry. Latest study by PriceWaterhouse
Coopers (2007) showed that over 43% of companies surveyed from 40
countries from all over the world had reported losses from economic
crimes during the previous two years. The study presented that a total
of US$ 4.2 billion loss over the last two years was reported by these
companies. It is estimated that undiscovered fraud cost US$ 5.7 billion
due to the lack of internal controls of the organization.
Insurance industry seems to suffer the most from fraud.
Accordingly, PriceWaterhouseCoopers (2007) indicated that this industry
lost a total of US$ 4.5 million on average in (2007) mainly in asset
misappropriation, while spending on average US$ 1 million in
strengthening internal controls. It is impossible to eliminate the fraud
but it can be minimized by understanding the reasons that cause fraud
and develop a solution to diminish its occurrence.
Fraud started a long time ago and was related to goods in general,
like, trading in goods by trying to avoid customs that must be paid or
by hiding the poor quality of the goods. The purpose was to gain more
profit. Also, fraud was related at that time to livestock and cattle
which involved ways to make livestock bigger, healthier or heavier and
selling meat by passing horsemeat instead of beef meat. In the late
1960s in America, fraud was perpetuated by filling tanks with oil except
the top which was filled with water.
There are many definitions that explain fraud; all of them are
around the same concept but in different applications or contexts.
According to Spam laws (accessed on 30 May, 2008), "Fraud involves
deception and misrepresentation in order to make money. Deception could
involve manufacturing counterfeit credit cards or padding insurance
claims, or making false claims to receive mortgage loans you
wouldn't have received otherwise." Fraud Advisory Panel
(accessed on 30 May 2008) defined fraud as "the removal of cash or
assets to which the fraudsters is not entitled--or false accounting- the
classification or alternation of accounting records or other
documents". Another definition of the fraud by Advfn PLC is
"illegal activity of trying to conceal information intentionally
for personal gain. Many frauds involving financial transactions are
committed by business professionals, who use their knowledge and gained
credibility to deceive customers". Association of Certified Fraud
Examiners (2004) defined fraud as "the use of one's occupation
for personal enrichment through the deliberate misuse or misapplication
of the employing organization's resources or assets".
KPMG (2002) reported several causes of fraud. However, the major
cause of fraud was the collusion between employees and third parties
(55%) followed by poor internal controls (48%). Other causes of fraud
are illustrated in the table 1 below:
Banking fraud could be divided to two main categories; namely
External and Internal fraud. Examples of external fraud are credit and
debit cards transactions, or theft done using automated teller machine
to obtain cash in advance. Internal fraud relates to employees inside
organizations who can steal cash or inventory from the company or from
other employees, or allowing other staff to steal. Internal fraud also
called occupational fraud and abuse. Joseph T. Wells (1997) defined
occasional fraud as "the use of one's occupation for personal
enrichment through the deliberate misuse or misapplication of the
employing organization's resources or assets." According to
this definition, internal fraud includes asset misappropriations,
corruption and fraudulent financial statements.
To minimize and detect fraud, the firm has to focus on its
corporate governance which is based on a set of ethical principles that
guide the company to take actions, including introducing new products.
In addition, corporate governance establish a framework for reducing
risk and detecting the fraud that might arise.
OBJECTIVES OF THIS STUDY
The objectives of this research were to study the reasons behind
fraud in general and specifically in banking sector in State of Qatar by
concentrating on the areas that the fraud had taken place. Another
objective was to evaluate the current internal processes that had been
utilized to detect fraud, reaching to a stage of designing a framework
or solution to minimize fraud in the banking sector in the State of
Qatar.
LITERATURE REVIEW
Many authors mentioned that there are unlimited types of fraud. As
a matter of fact, it depends on how people are creating it and think
about it. The most important types of fraud are divided in four
categories. All these types of fraud can occur through employees who are
working inside the organization or from illegal organization outside the
firm.
Asset Misappropriations
This is the most commonly occurring fraud by occupational
fraudsters and it is the easiest to detect. Asset misappropriation
relates to the company assets which mean "using the company assets
for sole purpose of capitalizing unfairly on goodwill and reputation of
property owner." Joseph T. Wells, (1997), in other words using the
companies' assets for the personal benefit. Asset misappropriation
includes revenue skimming, inventory and receivable theft, and payroll
fraud.
Bribery and Corruption
This is the second frequently occurring type of fraud. Bribery may
be defined as "the offering, giving, receiving, or soliciting any
thing of value to influence an official act." (Joseph T. Wells,
1997) Bribery may be classified into two categories which are: Kickbacks
and Bid Rigging Schemes. A kickback involves, according to Wells (1997),
"a vendor submitting a fraudulent or inflated invoice to the victim
company an employee of that company helps to make sure that the payment
is made on the false invoice. For his assistance the employee fraudsters
receive some form of payment from the vendor. This payment is the
kickback." The other type which is bid rigging scheme occurs when
an employee supports the supplier to prevail the deal at the bidding
process. The other aspect which is the corruption may be defined as
"spoiled, trained, vitiated, depraved, debased, and morally
degenerate. As used as a verb, to change one's morals and
principles from good to bad" Joseph T. Wells, (1997).
Financial Statements Fraud
This is the least type of fraud occurring, it involves the
manipulation of the financial statements to create financial change for
entity. Financial statements fraud arises when the top management wants
to show earnings in the statements, by changing the nature element in
the financial statements which means changing the debt to assets or
report the credit as an equity to show an increase in the earning of the
company to increase year- end bonus, or show favorable loan terms.
Internet Fraud
This is related to the use of any component of the internet such as
email, web sites, financial transactions, to perform fraudulent
transactions, to present deceptive picture to catch victims, or to
convey the proceeds of fraud to cheat financial institutions or any
other related organizations. Justice,
http://www.usdoj.gov/criminal/fraud/internet/, accessed on 30, May 2008
The government and central banks pay close attention to the banking
fraud and continue to issue the necessary rules and regulation to
minimize fraud in financial institutions. In addition, many studies had
been published in this field prepared by specialists and consultants who
analyze the causes of fraud and ways to minimize the occurrence of
fraud. The most important previously published studies covering this
topic including its importance, losses, causes, and ways to minimize
will be discussed in this section.
PriceWaterhouseCoopers (2003, 2005, 2007) indicated that fraud was
one of the major problems that companies were facing regardless of the
size of the firm or the industry. This study surveyed 5,428 companies
from 40 countries to examine the impact of fraud. The result of this
study showed that 43% of these companies reported fraud which they faced
in the last two years. Table 2 below summarizes the companies reporting
actual incidents of fraud.
According to table 2 above, there is an increase in all types of
economic crimes starting from 2003 and ending with 2007. Clearly, growth
can be noticed in the year 2005 followed by insignificant increase in
fraud in 2007 which signaled that companies had taken preventive
strategies to control the potential fraudsters' action.
Additionally, regulators established necessary rules and policies
emphasizing internal control and developed corporate governance
principles.
Table 3 above indicates that the industry reporting fraud the most
was Insurance (46%), the average direct losses was US$ 4.5 million while
they spent approximately US$ 1 million to manage issues resulting from
fraud. Forty-two percent of industrial manufacturing firms were victims
and 39% of technology companies faced fraud mostly in intellectual
property infringement.
The other major important part which the study discussed was the
key elements of effective controls. It stated that for effective
implementation of the internal controls, one must understand the nature
of fraud and ways fraudsters use. So companies have to understand their
system and environment and to keep space for any change that may rise to
update this system according to the new methods of fraud.
Finally, the study concentrated on possible methods to detect fraud
by trying to identify how company discovers fraud. Table 4 below list
different method of detecting fraud in 2007.
As shown, fraud mostly discovered by internal control, whistle
blowing, followed by Accidently discovered, the reason was, the
firms' failure to update the internal controls which negatively
affect the proper operation process and subsequently reflect on illegal
transaction. Enhancement of internal control system, as well as the high
attention paid to protecting the financial assets will create the
necessary detective mechanism inside the organization.
Internal Control Components
James A. Hall (2004) stated that internal control in its concepts
contain "procedures, policies and practices to protect the
organization assets, support the firm efficiency in its operation,
ensure the accuracy in the accounting records and information, and
assess management compliance with the policies and procedures."
Accordingly, internal control consists of five components which are: (1)
control Environment, (2) risk assessment, (3) information and
communication, (4) monitoring, and (5) control activities. Each
component is described in the following section.
The Control Environment
This type of control is considered the basic of all other
components. It sets the manner for the firms in which it must be
understood by management and employees of the organization, including
the structure of the firm, the participation of the board of directors
or the audit committee, management method of operating and assessing
performance, and the policies and procedures to manage human resources.
So, auditors require understanding of the structure of the organization
towards management, board of directors, and the responsibility of the
internal control. They have to report any irregular conditions that may
occur for fraud. Also, they have to understand the industry and set the
conditions that may increase the risks which are related to the business
risk. The board of directors should implement basic rules in the
organization to avoid any conflict of interest such as separating the
CEO and Chair person, set ethical standards to direct the management and
the staff of the organization, and establish an audit committee to
ensure that annual audit is conducted independently by being involved in
selecting independent auditors.
Risk Assessment
Risk assessment must be utilized in firms to analyze, identify and
manage risks related to financial reporting. (James A. Hall, 2004) These
risks may be caused by change the way of operating environment in the
organization, new joiners that understand internal controls in different
way, reengineered the information system or implement new technologies
that may affect the transaction while being processed, introduce new
technology without having adequate knowledge about it, and implement new
accounting principle that may affect the preparation of the financial
statements.
Information and Communication
Accounting information systems consist of methods used to classify,
analyze, identify and record transactions that occur in the
organization. However, this will help the company to recognize assets
and liabilities in making decisions concerning the firm operations and
preparation of the financial statements. (James A. Hall, 2004)
Monitoring
James A. Hall (2004) stated that monitoring is a process to design
internal controls and to assess the operation of the organization. So,
auditors monitor the organization activity by using separate procedures
to test internal controls and report its strengths and weaknesses to
management.
Control Activities
It is related to policies and procedures to identify the risks of
the organization. Control activities can be classified into two groups:
computer controls and physical controls. Computer controls are related
to the IT environment and auditing which is classified into (1) general
group related to entity wide concerns like control of data centers and
firm database, and (2) application controls which are related to
specific systems like sales processing order and accounts payable.
Physical Controls are related to human activities employed in accounting
systems; it can be manual such as physical custody of assets or may be
used by computers to register the transactions. (James A. Hall, 2004).
Edward Fokuoh Ampratwum (2008) noted that one of the major types of
fraud is corruption. Ampratwum (2008) concentrated his research on
corruption and its implications for development in developing and
transition economies. The methodology used in this study included a
review of published theoretical and practical research to understand the
causes, effects, measurement, aid and international efforts to eliminate
corruption.
Ampratwum (2008) defined corruption as "the abuse of public
roles or resources for private benefit". Corruption was a major
issue in the mid 1990s from the political and economic sides in many
countries. Robinson (2004) defined the political corruption as "the
violation of the formal rules governing the allocation of public
resources by public officials in response to offers of financial gains
or political support".
The study illustrated several reasons behind the corruption
including low government wages and high taxes. The researcher studied
the effects of the corruption on the economy and investment culture. He
summarized these effects into five major parts which were misallocation
of resources on the level of macroeconomics, the unfair distribution of
wealth which affect negatively the social community, minimize the
required budget for significant sectors such as health and education
because of difficulty to manipulate these projects for bribe purposes,
harmful effect on economic growth and investment, including reducing the
opportunity to encourage investment, and reducing the value of the
government regulation and policies which will allow the companies to
work in illegal economic environment (i.e. violation of tax and
regulatory laws).
The developing governments had issued several policies and
procedures to measure and control the corruption in order to eliminate
the effect of these factors. In addition, aid donors recently developed
rules and laws on these matters to minimize the misuse of the funds to
invest in illegal transactions.
The conclusion of this study was that governmental and non
governmental agencies had concentrated on finding policies to minimize
the fraud by understanding its nature and identifying the most dangerous
type that affect the macroeconomic indicators (such as the rate of
growth, local and foreign investment levels, and unemployment rate).
Another study about corruption was conducted by Gjeneza Budima
(2006) entitled: "Can Corruption and Economic Crime be Controlled
in Developing Economies, and if so, is the Cost Worth it?" The
purpose of this study was to examine the effect of corruption on
developing countries and to identify the reasons why economic crimes
were more frequent in developing countries. The study indicated that it
is difficult to evaluate the losses resulting from fraud in developing
countries. Additionally, the study concluded that fraudsters commit
illegal transactions in developing countries due to lack of government
regulation to fight fraud.
The study illustrated the difference between economic crimes and
corruption. It was stated that economic crimes included corruption and
other types such as corporate fraud, false accounting, cheating, and
lying. Moreover, the study defined corruption as a personal benefit on
behalf of the public that will affect the government budget.
Although corruption may not be eliminated, it may be controlled by
amending the policies, motivating professional bureaucracy, and by
establishing relation between developing countries and international
organization to benefit from their professional expertise to legislate
laws to combat economic crimes.
The conclusion of this study was that theft corruption had positive
and negative impacts in developing countries. From the positive side,
dealing with corruption will allow foreigners to invest and this will
lead to accumulation of capital. From the negative side, corruption will
destroy the government budget (spending in unrelated issues), and allow
the accumulation of capital to be transferred outside the country.
Another study done by Wesley Kenneth Wilhelm (2004) entitled "
Fraud Management Lifecycle Theory: A Holistic Approach to Fraud
Management". This study developed a lifecycle framework and
evaluated six industries which faced economic crimes in the United
States including (1) telecommunications, (2) banking and finance, (3)
insurance, (4) health care, (5) internet merchants, (6) brokerage and
securities. This lifecycle contained eight stages which will be
discussed later in this study.
The methodology used in this study was based on previous literature
reviews as well as interviews, questionnaire and case study responses
about fraud management lifecycle. Statistics showed that
telecommunication is the industry suffering the most from fraud. Losses
reported by telecommunication industry were US$ 150 billion while
insurance reported US$ 67 billion annually (see table 5). According to
the study, FBI received 207,051 suspicion activities fraud related to
different areas in banking such as cheque fraud, counterfeit checks, and
counterfeit negotiable instruments amounting to US$ 1.2 billion.
The second important part of the study was fraud management
lifecycle which contained eight stages. These stages are interrelated
and need to be implemented together.
The conclusion reached by the researcher was that efficiency of the
fraud management requires balancing the activity for each stage in the
management lifecycle. The importance of this cycle is not only to
prevent fraud but also to identify solutions and improvements in the
existing activities to prevent fraud. In other words, successful
implementation of fraud management lifecycle will reduce the amount of
fraud loss and will adopt a new technique to minimize fraud occurrence
in the future.
BANKING FRAUD
The banking sector is playing a major role in the economy.
Therefore, proper rules and regulations are needed to regulate the
banking activities, policies and procedures. On the other hand, weak
regulation may lead to financial problems and significant losses which
finally affect the macroeconomics indicators.
One of the main activities of the central banks is to regulate,
supervise and control financial institutions in order to maintain the
stability of the banking system and minimize the losses caused by fraud
which will lead to protect the shareholders and depositors' funds
and maintain a good image of banking industry in the country.
Also another important activity performed by the banking sector is
the payment system which includes the international and local payments
for goods and services. Accordingly, central banks will not allow money
to be transferred if it is more than specific amount unless the purposes
and the destination are known. However, there are several tools of
payments such as cheque, debit and credit cards; electronic funds
transfer (EFT), point of sale (POS) and real time gross settlement
system (RTGS). (Bank of Uganda, 2005). This study stated that there are
various kinds of fraud that can be done through check and / or use of
electronic channels, credit & debit cards and misuse of
customers' accounts.
QATAR CENTRAL BANK RULES AND REGULATIONS
Qatar Central Bank plays an important role to support and
strengthen the banking system by eliminating fraud through its policies
and procedures. Currently, there is no specific data and information
about the amount of losses caused by fraud in Qatari banking system.
Qatar Central Bank approaches the best practices, standards and
principles in supervising financial institutions. It addresses, among
others aspects, corporate governance, anti- money laundry regulations,
and prompt corrective actions against problems. The following is Qatar
Central Bank framework to minimize banking fraud.
Corporate Governance
One of the corporate governance objectives is to control the
conflict of interest between shareholders, depositors, borrowers,
executive management, internal audit, and risk management. QCB, by
implementing the rules of corporate governance, emphasis is on
separating the responsibilities between different parties by deciding
the roles and the authorities for each party to avoid any conflict of
interest. Qatar Central Bank defined the rules and responsibilities of
directors which could be summarized in eight topics as follows:
* Setting strategies, objectives and policies;
* Forming the organizational structure;
* Constituting committees and delegating powers and authorities;
* Monitoring the implementation and evaluating the performance and
risks;
* Appointing and monitoring internal auditing staff;
* Appointing an independent external auditor;
* Assuming responsibilities towards shareholders and other parties;
and,
* Assuming responsibilities towards QCB.
Also QCB define rules and responsibilities of executive management
who should support the board in setting and developing the strategies,
objectives, structure and policies which will be set by the board of
directors. Executive management must set programs to evaluate the
effectiveness of the internal control implementation and they should
cooperate with the internal and external auditors to provide them with
the necessary information and support they need.
Instructions of Combating Money Laundering and Terrorism Financing
Money laundry and terrorism finance is one of the major fraud types
in banking industry; central bank issued its own rules and regulation to
prevent such fraud. The main framework of these rules was as follows.
1. Bank employees have to check customers' representative by
checking their identification cards, purpose of opening account,
customer's good reputation and any other necessary information that
the bank feel it must be checked along with customers' records must
be kept for a minimum of 15 years;
2. In case of institutions, banks should check customer name and
legal status with the company article of association;
3. Bank should know the source of any amount exceed QR 100,000/-,
or has any doubt about banking transaction by getting the complete
documentation and information about the transaction. In case the bank
has doubt about money laundering transaction or terrorism, banks should
freeze the account and report the suspicious transaction as well; and,
4. Control procedures and training programs for the staff must be
maintained to prevent and detect money laundering and terrorism.
Accordingly, all banks should implement strategies to eliminate
money laundering and terrorism which must comply with the regulation set
by QCB to minimize economic crimes.
QCB Regulation Towards Crime, Cash, and Banking Electronic System
QCB had written policies to minimize fraud by setting procedure
which must be followed by all banks. So, banks must notify QCB in case
of any crime or fraud by providing the names of accused persons. Banks
have to check regularly the efficiency of their electronic systems by
setting measures to avoid any fraud that may occur in the future.
Know Your Customer (KYC)
The purpose of know your customer concept is to identify banks
clients whether they are individuals or entities by checking the legal
documentation before opening an account. The documentation should
contain the minimum required information such as: contacts numbers,
address, place of work and confirmation letter from their employers.
Know your customer concept becomes one of the most significant tools to
minimize fraud in financial institutions.
Know Your Employee (KYE)
Organizations have to know their employees before hiring them and
should have a positive record from their previous employment or from
legal entities. Also, they should keep track records about their
employees. Institution and employees should comply with personnel laws
and regulations, and code of conduct/ethics.
RESEARCH METHODOLOGY
The aim of this research was to investigate the reasons and
critical factors behind economic crimes in banking sectors generally,
and especially in the State of Qatar. The objectives of this research
were to investigate and identify the most types of fraud occurrence, to
examine the amount of losses resulting from fraud, to review the
awareness of banking sector in State of Qatar toward economic crimes,
and to suggest recommendation and framework to be implemented to
eliminate or minimize the fraud in banking sector in State of Qatar.
This research utilized one major tool, namely questionnaire which
was used to facilitate the gathering of information from respondents.
The questionnaire contained 24 questions in three different sections
including, background information of respondents (e.g. age, education
and work experience), general information about fraud, and fraud
detection which is only answered by auditors, finance and risk
management professionals. The survey was limited to the banking sector
that operates in the State of Qatar. Table 7 lists banks utilized in
this study. Two hundred questionnaires were distributed to the first
line, middle, and senior management levels of these banks. One hundred
ninety eight were completed for a response rate of 99 percent.
DATA ANALYSIS
Table 8 shows the demographics characteristics relating to the
respondents of this study. The survey was completed by 198 participants
of which 12 percent were less than 30 years old, 39 percent were between
the ages of 30- 40 years old, 33 percent were between the ages of 41-50,
and 16 percent in the range of 51-60 years old. It was noticed that more
males were working in banking sector than females (78 percent males vs.
22 percent females). Respondents included 64 percent of non-Qatari
compared to 36 percent of Qatari workers. Forty-four percent of
participants were holding a senior management position, while 38 percent
were in the middle management level. Forty-six percent of respondents
had experience between 11 and 15 years and 27 percent had more than 15
years of experience
in the banking sector in Qatar. While analyzing education level of
respondents, it was noticed that the lowest percentage (5 percent) were
employees with high school degrees and the highest percentage was 48
percent for employees holding bachelor degrees. Most of the respondents
were working in retail (15 percent) and operation (15 percent)
departments. The remaining respondents were allocated almost equally
among different departments.
Respondents from different departments were asked several questions
related to fraud to capture their perception about employees'
awareness about fraud. Table 9 shows that most respondents (95 percent)
agreed that they had information about banking fraud in general and 86
percent agreed that they were familiar with internal control systems in
their banks. When respondents were asked about reporting fraud committed
by their employees, 44 percent answered positively. Of those respondents
positively, 31 percent indicated fraud occurred in credit card while 22
percent selected asset misappropriation. Twenty- two percent reported
the amount of fraud was between less than hundred thousand and up to
five hundred thousand. Eighteen percent of respondents reported that
there were no cash losses resulting from fraud.
Most of the respondents (84 percent) stated that they reported
fraud directly to their line managers while 11 percent report directly
to the auditors.
Most respondents (64 percent) reported receiving awareness session
or information from their banks, 75 percent indicated their banks had
anti-fraud policies, and 66 percent of their staff were aware of these
anit-fraud policies. Finally, 82 percent indicated their banks had
written policies and procedures concerning asset usage.
The third part of the questionnaire was specified to auditors,
finance and risk managers to measure their important role to implement a
strong system to detect fraud. Respondents were asked to indicate
whether their banks encourage whistle blowing. Results indicated that
the majority of respondents (82 percent) had encouraged the technique,
while the rest (18) percent did not encourage whistle blowing as a
mechanism in detecting fraud.
There were a variety of responses from participants toward which
type of fraud occurs most frequently in the banking sector. The highest
percentage was in credit card (51 percent) followed with ATM fraud (45
percent) and the least percentage was in theft (7 percent). When asked
about which departments' fraud occurs the most, respondents
reported the highest percentage in retail (52 percent) followed by
investment (31 percent). When asked about the procedure most effective
in discovering fraud, respondents indicated internal control, (66
percent), internal audit reviews (28 percent), and government agency
notification (19 percent).
When respondents were asked about controls utilized in their banks
77 percent indicated preventive, 62 percent reported detective, and 57
percent mandated corrective controls. The most widely used internal
control components were control environment (72 percent) and risk
assessments (67 percent). It is worth noting that the least utilized
internal control components were control activities (48 percent) and
information and communication (39 percent).
The last question asked respondents how they dealt with fraud.
Sixty- five percent reported fraud directly to audit committee and 9
percent reported to the board of directors.
The chi-square non-parametric test was used to determine whether
various relationships were statistically significant. Table 10 shows a
summary of calculated values for various chi-square tests involving age,
gender, nationality, title and education in one hand and awareness about
fraud, areas of fraud, reporting and losses resulting from fraud, most
frequently occurring fraud types, procedures to discover fraud, and
types of controls available on the other hand. Many of the indicators
did not show any statistical significant between the dependent and
independent variables. The first variable tested was age. There was
statistically relationship between age and familiarity with internal
control systems, reporting fraud, receiving awareness session about
fraud, the availability of written policy and procedures about asset
usage, types of fraud, departments were fraud frequently occurs,
effective procedures in discovering fraud, types of control, and how to
deal with fraud. As employees became older, they were more familiar with
internal control systems, tended to report fraud more frequently,
received fraud awareness session, their banks had written policies and
procedures of how to utilize assets, perceived fraud to occur most
frequently in financial statements. Employees with age group between
30-40 were twice more likely to identify internal controls as the
procedures most effective in discovering fraud than the employees
between 41-50.
The second variable was gender. There was a significant relation
between gender and familiarity with the policies and procedures in their
banks, reporting of fraud, department were fraud most frequently occurs
particularly in investment, awareness of QCB regulations and rules as
most effective procedure in discovering fraud and finally the importance
of information and communication as the most internal control components
utilized in banks.
Male were more aware of the internal control system in their banks,
identified credit cards as the area were fraud most occur, more likely
to recognize that information and communication as the proper tool of
internal control system.
However, females think that investment is the department in which
fraud was reported, also they were three times more likely to believe
that QCB rules and regulations are the most effective way to discover
fraud. Both genders agreed on reporting fraud to line managers rather
than auditors.
Nationality was divided into two groups namely Qatari and
Non-Qatari. Results showed statistically significant relation between
the nationality and employees general information, internal control
system, reporting of fraud, receive fraud awareness session, existence
of anti-fraud policy, encouraging of whistle blowing as a mechanism to
report fraud, perceived fraud to occur most frequently in financial
statements and finally investigation by employees as a most effective
method in discovering fraud.
Non-Qatari more familiar with the general information about the
fraud, internal control system and more likely receive awareness session
about fraud. Qatari nationals reported ten times more likely than
non-Qatari in relation to Investigation by employees as the most
effective procedure in discovering fraud.
The other variable used in this research was education. There was
statistically relationship between education and general information
about fraud, familiarity with internal control systems, and effective
procedures in discovering fraud. As employees became more educated, they
were more familiar with internal control systems. Results show masters
degree holders were more likely aware of internal control than bachelor
and diploma degree holders.
Last important variable is the employees' seniority. As
employees become more seniority, they were more familiar with the
policies and procedures in their banks, reporting fraud, losses figures
as a result of fraud, awareness of the anti-fraud policy, the
availability of written policy and procedures about asset usage,
encouragement of the whistle blowing as a mechanism to report fraud,
types of fraud, departments were fraud frequently occurs, effective
procedures in discovering fraud, types of control, internal control
components utilized in banks and how to deal with fraud. As employees
became more seniority, they were more familiar with internal control
systems, tended to report fraud more frequently, believed that the
corrective action is the kind of control to minimize fraud, and
monitoring as one of the internal control components which their banks
utilized.
SUMMARY AND CONCLUSION
This study discussed the nature of fraud in general and it focused
in banking sector especially in State of Qatar. The study showed several
factors that must be used to minimize fraud. Some of these factors must
be followed and applied in banks which are regulations addressed from
Qatar Central Bank and others are optional depending on the system and
the management style in implement efficient internal control system and
other internal policies. This study tried to minimize the banking fraud
to enhance the effectiveness of the banking operations. A survey was
utilized to gather the data required and the SAS statistical software
was used to analyze the data. A total of 200 questionnaires were
distributed and 198 had been collected.
This study found that the majority of management levels in all
banks had information about policies and procedures. However there is
still room for training of all staff in different areas in banking
sector. Additionally, the study found that banks are not utilizing the
three methodologies (detective, corrective, preventive) in the same
manner. According to study, senior management emphasis on corrective
control while it is suppose to build the set up of preventive control
rather than the corrective action. Majority of banks reported the use of
the different component of internal control including control
environment (72 percent), risk assessment (67 percent), and monitoring
(59 percent). Bankers report fraud to audit committee (65 percent)
followed by reporting to board of directors (9 percent). Finally,
education had a major effect on the internal control awareness which
mean that the lower educated staff need more focus on training and
continuous session about fraud.
Based on our findings, the study recommends the following to
minimize fraud occurrence:
1. Regular sessions and courses must be available to all levels of
staff, provided by professional trainers, to update employee with the
latest techniques of fraud and how to protect their organization;
2. Local anti-fraud organization must be established to implement
the full policies and procedures related to fraud in cooperation with an
international fraud organization such as Association of Certified Fraud
Examiners;
3. Strengthening the control system by updating and ensuring the
system can handle the new challenges and threats;
4. Activate the internal audit function in banks to equip with
appropriate defense techniques against possible fraud; and,
5. Establish compliance culture by assigning teams to monitor the
employees to ensure that regulations and rules of the bank are followed
and to avoid conflict of interest.
The limitations of this study were as follow:
1. No clear statistics of fraud losses in the Middle East;
2. Annual reports or regular banks financial statements do not show
any official effect of fraud on banks performance; and,
3. Difficulty to calculate losses in relation to each type of fraud
in State of Qatar.
REFERENCES
ACL, 2005, "Fraud detection & prevention: transaction
analysis for effective fraud detection,
http://www.pentana.com/ACL/fraud%20white%20paper/wp_fraud.pdf accessed
on 30, May 2008
ADVFN PLC USA, http://www.advfn.com/money-words_term_2081_fraud.html, accessed On 30 May 2008
Ampratwum, Edward Fokuoh, 2008, "the fight against corruption
and its implications for development in developing and transition
economies", Journal of money laundering control, Vol. 11, No. 1
Bank of Uganda, 2005, "bank fraud-a challenge to Uganda's
banking industry" http://www.bou.or.ug/BANKFRAUD.pdf, accessed on
30, May 2008
BMF, "Fighting money laundry and terrorism funding"
http://english.bmf.gv.at/FinancialMarket/Fightingmoneylaundr_85/_start.htm, accessed on 30, May 2008
Budima, Gjeneza, 2006, "can corruption and economic crime be
controlled in developing economies, and if so, is the cost worth
it?" Journal of financial crime, Vol. 13 No. 4
Blanque, Pascal, 2002," Crisis and Fruad", Journal of
financial regulation and compliance.
Bussmann, Kai-D, 2005, "Global economic crime survey
2005", economy and crime research centre, Martin Luther-
University.
Bussmann, Kai-D., 2007," Economic and crime: people, culture
and controls", economy and crime research centre, Martin Luther-
University.
Coenen, Tracy, 2008, "Three basic fraud types", All
business A D&B Company,
http://www.allbusiness.com/crime-law-enforcement-corrections/
criminal-offenses/6635361-1.html, accessed on 30, May 2008
Ernest & Young, 2004, "Common fraud types",
http://www.tecbrand.com/eyrisk/newsletter1004/fraud_warning.htm,
accessed on 30, May 2008
Fraud Advisory Panel,
http://www.fraudadvisorypanel.org/newsite/PDFs/
advice/Fighting%20Fraud.pdf, accessed on 30, May 2008
Hall, James A., 2004, Accounting information system, fourth
edition.
Internal Controls,"they key to good business practices",
http://www.cafm.vt.edu/dbmg/internal_controls.php#typescontrols,
accessed on 30, May 2008
Justice, "What is the internet fraud?"
http://www.usdoj.gov/criminal/fraud/internet/, accessed on 30, May 2008
Lloyd, Clem and Paul Walton, 1999," Reporting corporate
crime", volume 4, number 1.
Louw, John & Petrus Marais, 2002, "Southern Africa fraud
survey", KPMG Mercer University," Internal control"
http://www2.mercer.edu/Audit/Internal+Control.htm, accessed on 30, May
2008
PCAOB, 2007, "Observations on auditor's implementation of
PCAOB standards relating to audit responsibilities with respect to
fraud", http://www.pcaobus.org/Inspections/Other/2007/01-22_Release_2007-001.pdf, accessed on 30,May 2008
QCB, 2006, eighth edition, http://www.qcb.gov.qa/
Instruction_To_banks_March_2006/Part%20Seven/page117-124.pdf, accessed
on 30, May 2008
QCB, 2006, eighth edition, http://www.qcb.gov.qa/
Instruction_To_banks_March_2006/Part%20Seven/page117-124.pdf, accessed
on 30, May 2008
QCB, 2006, eighth edition, http://www.qcb.gov.qa/
Instruction_To_banks_March_2006/Part%20Six/page58-62.pdf, accessed on
30, May 2008
Sandrei, Igor, 2005. "Credit fraud in retail banking",
Narodna Banka Slovensea, volume xIII
Spam laws, http://www.spamlaws.com/fraud.html, accessed on 23, June
2008
Wells, Joseph T., 1997, Occupational fraud and abuse,
Wells, Joseph T., 2000," So that's why it's called a
pyramid scheme", Journal of accountancy, Association of Certified
Fraud Examiners.
Wilhelm, Wesley Kenneth, 2004, "The fraud management lifecycle
theory: A holistic approach to fraud management", Journal of
economic crime management, Volume, issue 2.
Wikipedia the free encyclopaedia,
http://en.wikipedia.org/wiki/Bank_fraud, Accessed on 30, May, 2008
Wilmer,. Cluter and Pickering, 2003, "Economic crime
survey", Pricewaterhousecoopers.
Zikmund, Paul, 2008," 4 steps to a successful fraud risk
assessment: internal auditing is an excellent position to identify fraud
schemes and scenarios and evaluate the controls in place to prevent
them".
Reem Abdul Latif Nabhan, Qatar University
Nitham M. Hindi, Qatar University
Table 1: Several Causes of Fraud
Percentage Reported
Causes of Fraud by Respondents
Collusion between employees and third party 55%
Poor internal controls 48%
Management override of internal controls 32%
Collusion between employees 30%
Type of industry (i.e. Industry at high 23%
risk of fraud)
Poor hiring practices 16%
Poor or non-existent corporate ethics policy 14%
Lack of control over management by directors 10%
Other 9%
Source: KPMG (2002)
Table 2: Companies Reporting Actual Incidents of Fraud
(2003, 2005, 2007)
Percentage of Companies
Types of Fraud Reported Fraud
Year 2003 2005 2007
Asset Misappropriation 26% 29% 30%
Intellectual Property Infringement 11% 12% 15%
Corruption & Bribery 6% 11% 13%
Accounting Fraud 4% 11% 12%
Money Laundering 1% 3% 4%
Source: PriceWaterhouseCoopers (2007)
Table 3: Losses Reported by Industry Sectors (2007)
Average Fraud Average
Direct Management
Industry Sector Loss (US$) Costs (US$)
Insurance 4,476,717 1,018,114
Industrial Manufacturing 4,837,975 758,651
Technology 3,462,819 554,895
Entertainment & Media 3,118,516 300,862
Engineering & Construction 2,819,975 360,313
Retail & Consumer 2,801,719 481,224
Global 2,420,700 550,350
Pharmaceuticals 2,479,047 357,251
Total Average Percentage of
Cost to Companies
Industry Sector Business (US$) Reporting Fraud
Insurance 5,494,831 46%
Industrial Manufacturing 5,096,826 42%
Technology 4,017,714 39%
Entertainment & Media 3,419,378 42%
Engineering & Construction 3,280,288 25%
Retail & Consumer 3,086,873 24%
Global 2,971,056 -
Pharmaceuticals 2,836,298 27%
Source: PriceWaterhouseCoopers (2007)
Table 4: Methods of discover fraud
Methods to discover fraud Percentage
Internal audit 19%
Whistle blowing 8%
By accident 6%
Fraud risk management 4%
Suspicious transaction reporting 4%
By law enforcement 3%
Source: PriceWaterhouseCoopers (2007)
Table 5: Industries Annual Fraud Losses
Industry Annual Losses in US$
Telecommunications fraud 150 billion
Insurance fraud 67 billion
Money laundering 40 billion
Internet fraud 5.7 billion
Bank fraud 1.2 billion
Credit card fraud (excluding debit card) 1.0 billion
Total 264.9 billion
Source: Wesley Kenneth Wilhelm, "The fraud management life cycle
theory", Journal of economic crime management, 2004.
Table 6: Fraud Management Lifecycle
Stages Definition
Stage one: Deterrence Activities used to prevent fraud before
occurring.
Stage two: Prevention Activities to prevent or stop fraudsters
from doing fraudulent activities. Usually
prevention stage is coming after
deterrence failed in stopping fraud.
Stage three: Detection Activities used to find fraud and to
reveal the presence of the fraud.
Stage four: Mitigation Stopping the fraudsters from continuing
criminal crimes by taking an action such
as blocking accounts.
Stage five: Analysis Losses discovered from the previous
stages must be identified and factors
causing fraud should be understood.
Stage six: Policy Activities and policies are created,
evaluated and communicated to reduce the
occurrence of fraud.
Stage seven: Investigation Conducting research to obtain evidence
and information to stop fraudsters
from committing illegal activities.
Stage eight: Prosecution Communication with legal firms to punish
the fraudsters and to maintain a business
reputation to prevent and minimize the
occurrence of fraud.
Source: Wesley Kenneth Wilhelm, "The Fraud Management Life Cycle
Theory", Journal of economic crime management, 2004.
Table 7: Banks Operating in State of Qatar
Capital
(December Total Assets
31, 2007) (Dec. 31, 2007)
Bank Name in 000 QR in 000 QR
Qatar National Bank 1824975 114360668
Commercial Bank of Qatar 1,401,579 45397279
Doha Bank 1,248,175 30088112
Qatar Islamic Bank 1,193,400 21335768
Al-Ahli Bank 507,812 15576381
International Bank of Qatar 321,430 10770637
Masraf Al Rayan 3,749,685 10191470
Qatar International Islamic Bank 700,782 9951209
Arab Bank 20,000 4347000
Qatar Industrial Development Bank 1,500,000 1692499
QR 3.65 = $ 1
Table 8: Demographics of Respondents
No. of respondents Percent of
Variable (n=198) Respondents
Age:
Less than 30 years 23 12
30 - 40 years 78 39
41 - 50 years 66 33
51 - 60 years 31 16
Above 61 0 0
TOTAL 198 100
Gender:
Male 155 78
Female 43 22
TOTAL 198 100
Nationality:
Non-Qatari 126 64
Qatari national 72 36
TOTAL 198 100
Title:
Senior management 88 44
Middle management 75 38
First line managers 33 17
Other 2 1
TOTAL 198 100
Working Experience:
Less than 5 years 8 4
5 - 10 years 45 23
11 - 15 years 92 46
More than 15 years 53 27
TOTAL 198 100
Education:
High school degree 11 5
Bachelor degree 95 48
Diploma degree 40 20
Master degree or equivalent 38 19
Doctoral degree 14 7
TOTAL 198 100
Department:
Operation 30 15
Retail 29 15
Corporate 23 12
Credit 22 11
Audit 19 10
Risk Management 17 8
Finance 16 8
Investment 14 7
Trade Finance 14 7
Other 14 7
TOTAL 198 100
Table 9: General information about fraud
Variable Frequency Percent
General knowledge about banking fraud:
Yes 188 95
No 10 5
Familiarity of internal control system:
Yes 170 86
No 28 14
Reporting of fraud:
Yes 88 44
No 110 56
Areas where fraud have been reported:
Credit Cards 17 31
Bank assets (asset misappropriation) 15 22
Bribery 13 19
Theft 12 18
ATM fraud 9 13
Financial statements 9 13
Corruption 9 17
Other 4 6
Amount discovered as fraud:
Less than 100 15 22
101-500 15 22
501-1000 13 19
More than 1000 12 18
No cash losses 12 18
Report of fraud:
Line manager 167 84
Auditors 22 11
Other 9 4
Fraud awareness session/ information:
Yes 126 64
No 72 36
Anti fraud policy:
Yes 148 75
No 50 25
Staff awareness of anti fraud policy:
Yes 130 66
No 68 34
Written policy & procedures for
using bank assets:
Yes 164 83
No 34 17
Table 10: Fraud detection
Variable Frequency Percent
Encourage of whistle blowing:
Yes 40 82
No 9 18
Types of fraud occur most frequently:
Credit card fraud 27 51
ATM fraud 24 45
Financial statement 18 34
Asset misappropriation 15 28
Bribery 7 13
Theft 4 7
Other 0 0
Department that fraud occur most frequently:
Retail 28 52
Investment 17 31
Corporate 14 26
Operation 12 22
Trade finance 8 15
Other 4 7
Risk management 3 5
Finance 2 4
Audit 0 0
Credit
Effective procedure in discovering fraud:
Internal control 35 66
Internal audit review 15 28
Government agency notification (QCB) 10 19
Specific investigation by management 6 11
Customer notification 4 7
Specific investigation by employee 4 7
Other 2 4
Policy notification 2 4
Accidental discovery 1 2
Control utilize in bank:
Preventive 41 77
Detective 33 62
Corrective 30 57
Internal control components:
Control environment 39 72
Risk assessments 36 67
Monitoring 32 59
Control activities 26 48
Information & communication 21 39
Deal with fraud:
Report to audit committee 35 65
Other 12 22
Report to board of director 5 9
Immediate dismissal 2 4
Keep it quite 0 0
