AS FRAUD can happen any time and in different ways, banks have to be on their guard at all times.

Therein lies the challenge for Mr Winson Toh, 33, who is the head of Fraud Risk Management in the Group Risk Management division at OCBC Bank.

His job is to oversee the fraud risk management programme from a group-wide perspective. This includes formulating fraud risk management policies, incident response, developing fraud prevention, detection as well as monitoring initiatives to help the bank pursue its business objectives in a risk-controlled manner.

Asked to define fraud from the banking industry's perspective, Mr Toh explains: "As there is no universal understanding as to what constitutes fraud, it is important that OCBC defines fraud from its own ethical perspective so that all staff will have a common understanding of fraud and adopt a consistent approach towards preventing it and mitigating the risks involved.

"We refer to fraud as the act of misconduct or the intentional misrepresentation or concealment of information in order to cheat, deceive or mislead another party, with the aim of obtaining property, including intellectual property, money or other assets or benefits from that party or any other party."

Despite the best efforts of banks and other commercial organisations, fraud does occur. How and why does it happen?

"In order to understand how and why fraud takes place, we need to understand the motives and the 'drivers' behind it,'' Mr Toh explains.

A widely accepted theory in criminology is the Fraud Triangle, which proposes that there must be an opportunity, motivation or incentive, and rationalisation for fraudulent behaviour to arise.

"By understanding these three 'drivers' and using past experiences and industry intelligence, we will be able to build our defences based on possible future scenarios. This will help us to proactively identify potential weaknesses to limit opportunities for fraudulent activities,'' he adds.

Banks have to be on the lookout for fraudulent activity that may arise from falsification or concealment of information. This includes manipulation of records or reconciliation to conceal losses, unauthorised alteration of documents, unauthorised use of the bank's name by third parties, and falsification of accounts to obtain loans, says Mr Toh.

Theft or misappropriation of assets is also what banks have to watch out for. This includes theft of the bank's property, including intellectual property rights, and the unauthorised transfer of assets and cheque, credit card or payroll fraud.

According to Mr Toh, a third category of possible fraud relates to breach of trust - which includes receiving bribes from customers or suppliers for the provision of loans or award of contracts, and manipulation of share prices by publicising inaccurate or invalid claims and news announcements on bulletin boards.

He has this advice for guarding against bank fraud.

"For individuals, it is important to perform regular bank account reconciliation and safeguard personal assets, including cheque book and confidential banking details such as account numbers, access codes and PIN. You should also be wary of requests to disclose confidential banking details to third parties and conduct checks via the official bank's hotline.

"For businesses, it is critical to have in place a strong internal control system with proper segregation of duties, dual signatures on cheques and reconciliation of bank statements. There should also be effective access controls to ensure only authorised access to the organisation's assets, as well as a robust whistle-blowing programme," he says.

Watchdog role

Three years on the job with OCBC Bank, Mr Toh is enjoying his watchdog role.

He says that it was after much deliberation that he decided "to leave his comfort zone after 10 years in the law enforcement environment to pursue a career in a financial institution, where there are new learning opportunities which are different and more challenging".

He adds: "While my career in the law enforcement agency has developed my skills in criminal investigation, my role back then was confined to solving crimes.

"My current responsibilities give me the opportunity to understand the entire fraud risk management process, from fraud prevention and detection to rapid incident response.

"Through this exposure, I am more conversant with how internal controls and fraud risk management contribute positively to good corporate governance."

Mr Toh says the skills and experience of a fraud risk officer in the banking industry are relevant in other areas such as risk management, regulatory compliance and audit. A fraud risk officer may also be able to work in a law enforcement agency, or branch out into the consultancy business.