The Deep Dive

Prioritizing fraud program documentation

Documenting your fraud program is a business imperative that shouldn’t be overlooked. The author details how to craft an enterprise-level fraud policy and a program document that can set your organization up for success.



In my consulting career, I often supported banks in the review or creation of fraud program documentation. Oftentimes, I found that enterprise fraud policy documentation lacked sufficient detail, with common gaps related to fraud definitions and examples, roles and responsibilities across the organization, and program governance. These common gaps can lead to program pitfalls, spanning day-to-day misses all the way to regulatory trouble. For example, a lack of sufficient detail related to roles and responsibilities across the organization can lead to several problems, such as:

  • Redundancy (the same task being completed by multiple teams in different ways, causing downstream confusion).
  • Lack of a cohesive understanding of the program and who does what.
  • Key fraud controls and activities lacking a clear owner, leading to those activities not being performed or being performed in an ad hoc manner.
  • Confusion across the organization about whom to contact with fraud-related questions or how to raise potential fraud concerns to the right people on the fraud team.

Documentation isn’t a novel or hard-hitting topic. For this reason, among others, I’ve seen fraud program documentation fall to the wayside as shiny, new fraud tools and constant fraud attacks steal the focus. However, documenting your fraud risk management program is essential and requires a strong foundation that includes policies, standards and a program framework to be successful. Fraud program documentation gaps can cause problems that might not surface until later, and at that point the damage may be done.


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.