Barclays 2007 Annual Report Download - page 114

Download and view the complete annual report

Please find page 114 of the 2007 Barclays annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 296

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296

Risk management
Financial crime risk management
112 Barclays PLC Annual Report 2007
Fraud risk
The Group establishes and operates a fraud risk control framework which
measures overall fraud risk exposure and controls. Together with Group-
wide policies, this directs how fraud is managed.
The Group Financial Crime Management team (GFCM) is responsible for
delivering the overall fraud strategy and providing oversight to Group and
Business Units in order to manage fraud risk. The strategy is designed to:
– Identify emerging threats in order that effective controls are embedded
across the Group and build up capability to manage risk.
– Identify and manage fraud incidents, ensuring regulatory and legal
conformance, appropriate escalation and control issues are addressed
to prevent further loss.
– Work proactively to highlight areas of concern in order that remediation
can take place.
GFCM assesses the fraud risk of existing and emerging products, services,
processes and jurisdictions to drive down fraud losses as turnover/growth
increases. It also represents Barclays at trade, industry and Government
bodies providing a conduit to maximise the flow of information and
intelligence. GFCM also provides technical expertise to business areas
whether to drive through Group solutions or provide assistance with
specific incidents and investigations.
Business Units, together with product holders and channels identify their
appetite for fraud loss which informs and determines the overall fraud
plan. Objectives are then set around these plans.
At a business level, fraud risk/loss committees track fraud (and in some
cases operational) loss. The Barclays Group Fraud Risk profile is exercised
regularly through the review and challenge of the net losses and key risk
metrics; these are then viewed against the overall Fraud Risk Profile (Fraud
Oversight Committee).
Fraud is reported monthly to senior management both within the Business
Units and to Group who provide a global oversight of fraud loss. Fraud is
measured against plan for both net and gross losses and in line with the
Principal Risk Policy; Key Risk Indicators (KRIs) are embedded in order that
overall exposure can be established.
As a result of this process, fraud performance both at Business Unit and
Group level can be measured and appropriate action taken to minimise or
track significant issues.
Externally there are ‘in country’ industry-wide forums to which Barclays
contributes and in some cases can benchmark performance, controls and
current and emerging issues.
Barclays overall reported fraud losses fell in 2007, with most of the
reduction coming from significant falls in internet banking fraud.
As part of its efforts to enhance security, Barclays offers all its personal
customers complimentary internet security software to reduce phishing
attacks. The Group has also rolled out two-factor authentication
technology using the new PINsentry device to make online transactions
more secure. Enhanced transaction profiling has further improved our
ability to identify where customer accounts have been targeted by
fraudsters and take preventative action to protect funds.
Following the loss of personal data, including bank details, by both
Government agencies and other third parties, data protection and security
was a prominent theme in 2007. Barclays treats any incident of this nature
with the utmost importance and has worked closely with industry and the
Government to take steps to:
Reassure customers and provide points of contact for help and guidance.
– Protect any customer accounts, whose details may have been
compromised.
– Develop a standard approach for dealing with accounts that may be
impacted by data security breaches.
Security risk
Group Financial Crime Management (GFCM) also manages security risk.
Its fundamental objective is to allow Barclays to operate in a safe and
secure manner in all existing and potential future markets.
In pursuit of this objective, the Security Risk team gathers and shares
current threat assessments across business areas, using intelligence from
Security and Government Agencies and ‘in country’ teams. It ensures that
suitable policies and control systems are in place to protect Group
business and that plans to protect high-risk personnel are fit for purpose
and in line with accepted best practice.
Barclays has developed and continues to improve a robust people
screening process to protect the bank from those people who want to
harm the organisation, by either joining as staff members or becoming
involved with its operations.
Security Risk is regularly reported by the businesses and reviewed via
the Security Risk Management Committee, whose objectives are to:
– Consider the latest management information and security threat
assessments.
– Drive forward mitigating action to protect the Group from potential
threats.
– Provide guidance to the design and effectiveness of the overall Barclays
Security Risk framework.
– Ensure all Security Risk workstreams have been effectively integrated
and implemented.
– Monitor corporate security profiles against the agreed plan, tracking
issues in order that remedial action can be taken.