LogoRegulatory Alerts
2019-05-13

Circular CN-BSD/2019/6: Fraud Risk Management and Reporting

The Maldives Monetary Authority mandates that all commercial banks establish board-approved internal policies for fraud prevention, detection, and investigation. Banks must report specific fraud incidents to the regulator within strict timeframes, including immediate notification for cross-bank risks and same-day reporting for customer fund impacts. Additionally, institutions are required to submit quarterly returns detailing all fraud occurrences and maintain contact protocols for urgent out-of-hours alerts.

Maldives Monetary Authority logo

Maldives

Maldives Monetary Authority

Click to view thumbnail

بسم الله الرحمن الرحيم

MALDIVES MONETARY AUTHORITY MALDIVES

Circular no: CN-BSD/2019/6

13th May 2019

To: All Commercial Banks

Dear Sir,

Fraud Risk Management and Reporting

We refer to Circular no: CN-BSD/2017/6 dated 20th February 2017 regarding reporting of frauds.

As indicated in the above mentioned circular, increased incidences of fraud would undermine confidence in the bank and the overall banking system. It also poses reputational, operational, and legal risks to the bank. It is important that measures are taken to safeguard against such issues and to address them promptly. Delays in reporting of frauds may result in similar frauds being perpetrated at other banks, delays in timely action against the perpetrators by enforcement agencies.

Therefore, in view of strengthening the fraud risk management of banks and reporting, banks are required to do the following:

  1. Banks should establish an internal policy for fraud prevention and should be approved by the Board. The policy should address prevention, detection, investigation and reporting of frauds. The policy should at a minimum address the following: a. Description of actions that are considered as frauds. b. Roles and responsibilities of bank staff and the management. c. Measures that are to be taken for prevention and detection of frauds d. Procedures for investigation e. Procedures for reporting and accountability for reporting /non-reporting of frauds f. Remedial measures

MALDIVES MONETARY AUTHORITY MALDIVES

  1. Banks are required to inform as per details given below, of actual or attempted fraudulent withdrawals of customers’ funds, using means such as credit card, debit/ATM cards and forged cheques.

    2.1 Where the fraud/ attempt affects or has the potential to affect only that bank’s customer funds, inform MMA before close of business on the day that the bank’s management becomes aware of it through ‘Fraud Incident Reporting Form’ attached with this circular.

    2.2 Where the fraud/ attempt has the potential to impact other banks, it must be reported to MMA immediately when the management becomes aware of it, so that other similar frauds maybe prevented.

    2.3 Banks should provide MMA the contact details of an officer who should be alerted in cases of fraud incidents that occur outside working hours which require urgent attention.

  2. Banks are required to inform through ‘Fraud Incident Reporting Form’ attached with this circular, of actual or attempted other fraud cases including frauds committed by bank staff irrespective of the amount involved, to MMA within three days from the date of detection.

  3. Banks should report to MMA, all actual and attempted fraud incidents that occurred during the quarter. Bank shall use ‘MMA Quarterly Fraud Reporting Return’ to file the report to MMA Extranet on a quarterly basis.

The above reporting requirements to MMA are in addition to any reporting obligations to Financial Intelligence Unit and law enforcement authorities.

This circular supersedes Circular no: Circular no: CN-BSD/2017/6 dated 20th February 2017.

Yours Sincerely,

Idham Hussain Assistant Governor, Financial Stability

MMA Fraud Incident Reporting Form

Reporting Institution:[Name of the institution]
Branch/ Business Unit:
Reporting Date:<dd/mm/yyyy>
Reference No.:[Fraud/<Bankname>/<Year>/<Case no.>]
Type of Fraud:
1Details of the Case
1.1Date fraud occurred or identified<dd/mm/yyyy>
1.2Brief summary of the fraudThe reporting institution must include the following minimum information:
1.3Estimated expected loss from fraud if availableThe reporting institution must include the following minimum information:
2Action(s) taken
2.1List of organizations to which case has been reported, with reporting date. (if any)
2.2Other actions taken if any

Approved by: Name: __________________________________________________ Signature: _______________________________________________

MMA Quarterly Fraud Reporting Return All amounts in MVR Bank: ____________________ Reporting Period: mm/yyyy

Reference No. (a)Type of Fraud (b)Date of occurrence of fraud (c)Date of Reporting to MMA (d)Total Amount involved (e)Total Recovery ( through insurance and other sources) (f)Provisions made (g)Detail of case (in brief) (h)
Share