First, the types and characteristics of commercial bank fraud
According to the nature of fraud, fraud can be divided into two basic types, namely, fraud that seeks economic benefits for organizations and fraud that harms economic benefits of organizations.
1. Fraud for the benefit of the organization. Fraud for the benefit of the organization mainly includes: selling or distributing fictitious or false assets; Illegal political donations, bribes, kickbacks, payment of remuneration to government officials or their agents, customers and suppliers, and other improper acts; Deliberately misstates or misjudges business transactions, assets, liabilities or income; Deliberately mispricing transfer payment (pricing of goods exchanged between affiliated institutions); Deliberately improper related party transactions, in which one party obtains some benefits that cannot be obtained in normal transactions; Deliberately failing to record or disclose important information that helps external groups to better understand the financial situation of the organization; Carry out illegal business activities; Tax fraud and so on.
Combined with the characteristics of commercial banks, we can find that there are mainly the following aspects: (1) Interception of intermediary business income, such as fee income, agency premium income, rental of fixed assets income, private coffers used for collective profit, etc. (2) embezzling or privately dividing credit assets, fixed assets, debt-paying assets, etc. And seek improper benefits for the collective at the expense of the loss of organizational assets. (3) inflated (or concealed) business indicators such as profits and deposits by improper means, seeking direct or indirect economic benefits for the organization or defrauding the collective (individual) honor. (4) Falsely listing expenses under expenses to seek illegitimate economic benefits for the organization. (5) Tax evasion and so on.
2. Fraud activities that endanger the organization. Fraud that harms the organization mainly includes: accepting bribes and kickbacks; Transfer transactions that usually bring profits to the organization to employees or outsiders; Corruption, such as tampering with financial records to cover up corruption, makes corruption difficult to find; Deliberately concealing (misreporting) matters (or data); Require payment for services or goods that are not actually provided to the organization.
Combined with the characteristics of commercial banks, we can find that the fraud that harms the organization mainly includes the following aspects: (1) corruption, embezzlement and misappropriation of bank or customer funds. (2) Forging, fabricating or falsely issuing bills, and defrauding banks or customers of funds by fraudulent means such as bills, letters of credit and bank cards. (3) Fake loans, self-approved loans, fake mortgage loans, high-interest loans, illegal loans to related parties, illegal loans for personal gain (or accepting bribes), and so on. (4) illegally absorbing public funds, illegally borrowing funds, and illegally engaging in off-balance-sheet business. (5) taking advantage of his position to engage in money laundering activities. (6) Participate in arbitrage, evasion and fraud. (7) Issuing false credit (or deposit) certificates and other acts. (8) Forging or altering valuable documents and important blank vouchers to defraud funds. (9) Interception of intermediary business income, pocketing, etc.
In addition, according to different standards, there are different types of fraud, mainly including: First, according to the subject of fraud, it can be divided into executive fraud and general employee fraud. Second, according to fraud means, it can be divided into computer fraud and traditional manual fraud. Third, according to the object of fraud, it can be divided into fraud on assets and fraud on liabilities. Fourth, according to the group nature of fraudsters, it can be divided into collective conspiracy fraud and individual fraud.
Second, the new trend of commercial bank fraud
Commercial bank fraud cases are moving towards "high positioning, high technology and high case value;" The trend of "three highs, three highs" is that the number of cases is more at the grassroots level, there are many internal and external collusion crimes, and there are many modus operandi. Fraud in commercial banks has the following characteristics: First, fraudsters are of high quality. Judging from the investigation of fraud cases in recent years, the trend of high position, high intelligence and high education of fraudsters is obvious. The second is high-tech fraud technology. In recent years, fraudsters have used a large number of high-tech means to commit fraud. For example, using simulation technology to forge and alter bills, credit cards, currency, etc. Enough to achieve the degree of confusing the real with the fake; Another example is the use of computer technology for so-called encryption and program tampering and forgery. Third, the means are more subtle. Using cutting-edge technology to dig out and alter vouchers and bills leaves almost no trace, so it is difficult to identify the authenticity; Take "fishing" means, imitate the web page of online banking, and steal customers' passwords and funds. Fourth, the forms are more diversified. While using a series of traditional fraud methods and forms, such as multi-head account opening, lending accounts, empty cheques, embezzling cheques, imitating signatures, engraving official seals, forging account certificates, embezzling vouchers, taking cash, keeping public funds in private, setting up small coffers privately, and misappropriating funds by taking advantage of the time difference between money deposit and withdrawal, fraudsters have created and invented many new fraud methods through careful selection, refining and transformation, and adopting high-tech technology. Fifth, the field is more extensive and complex. In recent years, various legal persons and natural persons collude with each other to defraud banks, and the phenomenon of collusion with internal personnel of banks is increasing, making the fraud situation more complicated.
Third, the fraud audit strategy of commercial banks
1. Pay close attention to the soundness and effectiveness of the internal control system of the audited entity. In the principle of evaluating the internal control system of banks, the Basel Committee on Banking Supervision clearly pointed out that control activities are the most effective only when the management and all employees of banks regard control activities as a necessary part of the daily operation of banks rather than an additional content. When regulations are regarded as a supplement to the daily operation of banks, they are often regarded as irrelevant. Therefore, as internal auditors of commercial banks, we must start with scientific evaluation of the internal control system of the audited units and pay close attention to the soundness and effectiveness of the internal control system of the audited units. Only in this way can we find out whether there are major systematic defects and potential fraud (cases) in the audited units, conduct substantive tests and look for fraud clues.
2. Pay close attention to the control environment of the audited entity. Control environment refers to the attitude and actions taken by the board of directors and management on the importance of control. The control environment includes the following elements: justice and moral values; Management philosophy and management style; Organizational structure; Distribution of power and division of responsibilities; Human resource policy and management; The ability of personnel. The internal auditors of commercial banks should further consider, pay attention to and evaluate the control environment and components of the organization on the basis of understanding the internal control system of the organization. Through the accumulation of daily work experience, a control environment model with the possibility of fraud can be formed:
The third principle of the Basel Committee on Banking Supervision to evaluate the internal control system of banks stipulates the internal control environment and internal control cultural atmosphere of commercial banks: the board of directors and senior management of banks have the responsibility to improve their professional ethics and standards of honesty and self-discipline, form a cultural atmosphere within the institutions, and explain and emphasize the importance of the internal control system to personnel at all levels. It is necessary for people at all levels of banking institutions to understand their role in the internal control procedure and should go all out to perform their respective duties in the procedure.
Combined with the reality of China's commercial banks, the internal auditors of commercial banks should focus on: (1) whether the operation of the internal supervision committee is standardized, and whether the problems found in the self-discipline supervision of major business departments have been collectively studied and seriously rectified; (2) The management's attitude towards internal audit, the importance attached to the problems found in the audit and whether the rectification is serious and thorough; (3) Whether fraud (case) analysis meetings are held regularly and whether corresponding countermeasures and measures are formulated; (4) The performance of "one post and two responsibilities" in each department, and whether there are regulatory faults, regulatory blind spots and regulatory vacuum in self-regulatory supervision.
By further evaluating the internal control environment of commercial banks, we can find doubts and catch clues by means of analysis, comparison and verification of logical relations.
3. Pay close attention to the division of responsibilities and potential conflicts of interest in the internal control system. Through a large number of investigations on global banking cases, the Basel Committee concluded that an important reason for the loss of funds in banking cases is the lack of proper division of responsibilities. Putting a person on conflicting responsibilities (for example, taking charge of the management and execution of a transaction at the same time) will create opportunities for him to access valuable assets and manipulate financial data for personal gain or conceal losses. Therefore, in the daily audit, the seemingly trivial system of post separation and regular rotation is likely to have a greater conflict of interest and serious fraud (case) risk behind it. Even if there is no sufficient evidence of fraud, it is necessary to give the audited entity a risk warning, because this is not only a system requirement, but also the key to prevent fraud (cases) and eliminate fraud opportunities. In this regard, the internal auditors of commercial banks must attach great importance to and be vigilant.
4. Pay close attention to the signs of fraud. After the occurrence of fraud, the perpetrators often leave some clues, which require careful observation, serious inquiry and in-depth investigation and evidence collection by internal auditors. 1. Signs (signals) of employee fraud mainly include: overspending purchase or extravagant lifestyle; Unexplained mood swings or complex abnormal behaviors; Low psychological stress tolerance; Have the ability to rationalize their theft; Be able to use the weakness of internal control to cover up their fraud; Unwilling to ask for leave or leave; Personal handling business has a large number of write-offs and write-offs; Long-term low morale at work; Very close relationship with customers; Signs of heavy personal debt; Addicted to gambling, *; Do not provide or provide relevant information or articles needed for audit and inspection in time under various excuses. 2. Signs (signals) of organizational fraud mainly include: loss or destruction of accounting records or related documents; Too many "cancellations" or "refunds"; Abnormal or repeated transactions; A large number of accounting adjustments or cancellations; Unrealistic performance prediction or evaluation; Staff morale has been low for a long time; The person in charge of the financial department or the personnel in key positions change frequently; Bad debts and bad debts increased; Abnormal related party transactions; Deliberately misstates or misjudges business transactions, assets, liabilities or income; Rumors about conflicts of interest; Excessive financial pressure or unrealistic assessment of business indicators.
Through the comprehensive analysis and judgment of the soundness and effectiveness of the internal control system, the control environment, the division of post responsibilities, the potential conflicts of interest, and the signs (signals) of fraud, combined with the correct application of fraud auditing methods, clues and evidence of fraud can be found in time.
Four, commercial bank fraud audit methods
There are many methods of fraud audit. In addition to the routine audit methods such as supervision, inquiry, field observation and field investigation, some special audit methods should be used:
Analytical review (calculation). Refers to some important ratios or trends of the audited entity, including investigating the abnormal changes of these ratios or trends and their differences with the expected amount and other related information.
Confirmation. It refers to the method of sending a letter to a third party in the name of the audited entity to verify the matters contained in the accounting records of the audited entity and prevent the audited entity from practicing fraud.
Red flag marking method. In other words, expressing links with high fraud probability in words is equivalent to inserting a red flag to attract attention as the focus of fraud suspicion and investigation.
Manufacturing error method. In view of the weak links of internal control and the links that are easy to be destroyed by fraud, we should take a true and false approach and observe whether it passes through the control system, so as to observe the possibility and degree of fraud in the control system.
Auxiliary audit method. This means that fraudsters usually destroy some or all books and vouchers to cover up their actions. In this regard, auditors should supplement the destroyed books and vouchers by means of internal investigation and external investigation according to the accounting principle (there must be loans when borrowing, and the loans must be equal), and then audit the accounts to find out the facts of fraud.
Traceability tracking method. According to the flow of funds and accounting procedures, the accounting records and the whereabouts of funds are traced and checked. We can find out the ins and outs of funds by designing business flow chart and cash flow statement.
Audit methods of computer fraud. There are many ways to use computer fraud, such as tampering with input and output, tampering with program settings, tampering with data files, setting up "back doors", setting up logical bombs, computer viruses, computer Trojans (stealing passwords of online banking users), hacking and attacks. Therefore, there are many ways to detect and prevent computer fraud, such as physical control, logical control, installation of firewall and antivirus software, etc. Software review, machine change review, black box review and so on.
Preventive methods. It refers to promoting the gradual improvement of the internal control system of the audited unit through the use of employee background information inspection, comprehensive evaluation of internal control and various special audit inspections, so as to prevent fraud.