Cracking the code:

Fraud management
Continuous Audit Continuous Monitoring

DD Month 2022

KPMG Lower Gulf Limited

With you today

Simon Crowther Hamdan Hamdan

Partner, Head of Proactive Forensics Associate Director, Forensics
— Simon has over 20 years of professional experience across a broad
— Associate Director with 11 years of big four experience.
range of clients.
— Experience in Fraud Risk Management, Investigations, Dispute
— Simon is a specialist in the prevention and detection of fraud and
Advisory, Litigation Support, Anti-bribery & Corruption, FCPA & UK
serious non-compliance, with a unique background as an
Bribery Act Investigations.
accountant, lawyer, federal agent (police detective) and senior
executive in government. — Worked on many of the regions most pre-eminent investigation and
dispute cases.
— An experienced senior executive in the Australian government,
Simon has overseen legal, compliance an investigation areas of — Conducted investigations on behalf of GCC regulators, board of
large departments and has also held appointments as a regulator. directors, and internal audit teams.

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 1
Why we’re here today
01 Introduction

02 Evolution of Forensics in the Region

03 Fraud Risk Management

a. A fit for purpose fraud control framework
and common challenges
b. Responding to fraud
c. War stories and experiences

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 2
Evolution of Forensics
in the region
Evolution of Forensics in the region
Financial crisis marked by fraud in the
mortgage industry. With largest Large push for proactive forensics,
mortgage originators implicated in UK bribery act establishment of Anti-Fraud
regulatory settlements, and Frameworks, etc.
multibillion-dollar penalties

2008 2009 2010 2012 2016 2019

Large regional investigations and

corporate collapse investigations Increase in the number of AML Increase in the number of FCPA
as a result of global recession and remediation work investigations around the region
credit crunch.

The above events and driven by regulation

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 4
Fraud Risk
Management
Why is it important - business needs or
regulatory requirements?
Designing a ‘fit-for-purpose’ fraud control framework
Governance Prevention Detection Response

People, Skills, Technology Issues

Design and Policies and Fraud Risk Communication Monitoring
and Due and data Reporting management &
Strategy Procedures Assessments and training and testing
Diligence analytics investigation

Values, Tone at Regular & Whistleblowing Periodic reporting Investigation &

Mission, vision, Technology to
the Top and Roles & Categorize frequent hotlines and to Management Fraud
values support fraud risk
shared responsibilities inherent risk communications consumer & Oversight Response
statements management
commitment & training complaints committees Protocols

Fraud & Responsibility

Third-party and Transactional, Predictive
Structure and Misconduct Control Culture/tone of and
employee due process & control measures Record-keeping
organization Policies & assessment E&C Accountability for
diligence testing (KRIs)/(KPIs)
Procedures Investigations

Committee and Performance Periodic fraud Sources of Criteria for use

Policy Participation of
Senior management & Assess risk management intelligence (i.e. of external
management third parties in
Management compensation/ residual risk program complaints, exit investigation
activities training programs
Engagement Incentives evaluation interviews) resources

Disciplinary Remedial Actions

Anti-Fraud
enforcement & and Disclosure
Culture
accountability Protocols

Information
Technology and
Record
Management
© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 6
Ask yourself, does your organization have a robust
fraud control framework?
01 Does the CEO and senior management team demonstrate
commitment towards actively controlling fraud within
the organisation? 03 Does the organisation run a comprehensive awareness program
about fraud control and ethical framework?

04 Does the organisation have an ethics framework that most staff are
aware of, and understand that they’ll be disciplined for fraudulent or
corrupt behaviour, and for policy breaches? 05 Does the organisation have the right policies and systems in place to
ensure that third parties are appropriately checked and verified?

06 Are employees in the organisation aware of their responsibilities and

the responsibilities of management concerning fraud control?
07 Are staff and third parties are encouraged to report alleged fraud in
the organization?

08 Does the organisation have fraud control policies and procedures that
guides its employees on how to deal effectively with the fraud risks
we face? 09 Does the organisation systematically makes efforts to proactively
detect fraud?

10 Are department and functions within the organisation regularly

assessed to identify and address the fraud risks we face?
11 Are internal investigations of alleged fraud and corruption within the
organisation carried out independently and to high standards?

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 7
Fraud Risk
Management
Insights and common challenges faced
Challenges based on experience
Governance Prevention

Challenges based
on experience

Detection Response

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 9
Insights and challenges
Governance Prevention Insight

— Establishing the tone from the top

— Establishing the culture within the organization both internally and externally
Challenges based
on experience
Challenges

— Leadership messages on the importance of combatting fraud are not

Detection Response cascaded regularly
— Talking about fraud or the potential of fraud occurring remains a sensitive topic

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 10
Designing a ‘fit-for-purpose’ fraud control framework
Governance Prevention Insight

— Conducting Fraud Risk Assessments

— Developing fit for purpose policies and procedures
Challenges based — Annual awareness trainings

on experience
Challenges

— Understanding roles and responsibilities

Detection Response — Third party due diligence
— Including fraud prevention within year end appraisals

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 11
Why conduct a Fraud Risk Assessment?
Inherent Risk Environment

Fraud Risks

Evolving People
Controls

Unethical who want to Fraud

Fraud Evolving
People defraud the risks
Schemes cyber risks
Increased organization inherent to
business & the business
personal
pressures

Fraud and Corruption

Control framework
Residual
Risks

By definition, controls cannot

always stop or fully eliminate
the risk of fraud.

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 12
Designing a ‘fit-for-purpose’ fraud control framework
Governance Prevention Insight

— Whistleblowing Hotlines
— Internal testing of processes
Challenges based — Use of Data Analytics

on experience
Challenges

— Management of Whistleblowing Hotline systems

Detection Response
— How to use Data Analytics or should you be using Data Analytics

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 13
Using data analytics to detect fraud

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 14
Using data analytics to detect fraud

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 15
Our insights into Whistleblowing Hotlines
Postal/Fax Web Postal/Fax

0.1% reports/Mobile App

2.1%
Emails 31.9% Calls

13.4% 8.7%

VS. KPMG’s
Global UAE and
Middle
East data

Calls Emails Web

reports/Mobile App
54.6% 58.3% 30.9%

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 16
Our insights into Whistleblowing Hotlines
Identified Identified

40.5% 49.1% 75.6% 53.6% 82.4%

31.7% 43.1% 9.5% 31.4% 11.2%

VS.

50.9% 24.4% 46.4% 17.6% 56.9% 90.5% 68.6% 88.8%

Anonymous Calls Web Emails Postal/ Anonymous Calls Web Emails Postal/

59.5% reports/
Mobile
app
Fax
68.3% reports/
Mobile
app
Fax

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 17
Our insights into Whistleblowing Hotlines
1.9%

11.6% 7.4%
3.6%

14.9% 23.9% 28.4%

Accounting, Auditing
and Financial Reporting
Bullying, Discrimination or Harassment
— Including all forms of Discrimination,
Others (include Payroll,
Security Issue, Product 59.3%
Harassment, Victimization and Abuse. or Service Integrity, etc.)

6% 2.7% 0.3%
5% 1.1%
17.9%
4.7% Human Resources, Diversity
20.2% and Workplace Respect

Conflict Bribery & Health & Safety / Misuse, Misappropriation

of Interest Corruption Environmental of Corporate Assets KPMG’s UAE and Middle East
Safety
Global data
© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 18
Designing a ‘fit-for-purpose’ fraud control framework
Governance Prevention Insight

— Fraud Investigation Committees

— Insurance
Challenges based
on experience
Challenges

— Tip of the Iceberg

Detection Response — Lack of availability of tools to assist in investigations
— Independence of individuals conducting the review

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 19
Tip of the Iceberg

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 20
Responding to fraud – internal or external
investigations?
Expert
Independence Witness/Legal
Proceedings

Subject Matter
Tools for Forensic
Experts
Imaging

Time Pressure/Lack
of Resources

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 21
Forensic tools
Fact based insights to enable decision making
Multiple forensic tools and
capabilities, managed by subject Forensic mindset and reporting
matter experts in each area, to
enable the forensic team to execute
our methodology in the most
efficient manner.

Data Investigative Financial Corporate Investigative

Preservation Data Analysis Intelligence Interviews
and Hosting Analytics

Provides Identifies Discovers

Forensically Provides insights on hidden issues and
secure insights and key relationships evidence in a
collection areas to transactional and related direct
and focus the flows based parties manner
interrogation investigation on multiple
of data using data sources
structured
data

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 22
Financial analysis
Objectives Actions and expected outcomes

Compare the results of our analysis across different data sources and interrogate the findings

01 Understand various types of information. using multiple sources of evidence including original bank statements, accounting records and
email communications.

Horizontal and
Relationship Related Party Quantitative Transaction-
Vertical
mapping Dealings and Qualitative based testing

02 Identify trends or indicative information.

analysis

External Parties Related parties to

Company bank accounts company
USD [TBC]
[Related party 1]

03 Consider historical data, trends and ratios

to identify anomalies. Bank [TBC]
USD [TBC]
[Account name 1]
USD [TBC]
[Related party 2]

USD [TBC]
[Related party 3]

04 Drive the investigation based on the

evidence gathered.
USD [TBC]
[Account name 2]

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 23
Using data analytics during investigations
Identify data sources Transform data Provide insights

Transformed &
Staging Area
Modelled Data

Structured
Data Batch Ingestion

External External
ETL / ELT
data data

Data Quality

History Profile / Clean

/ Standardize
Snapshots
Financial Data
Raw/ Landing Mart
Zone Transformations

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 24
Corporate intelligence
Objectives Actions and expected outcomes

The corporate intelligence team will use a proprietary third party risk solutions to gather verifiable
What is the local reputation and integrity of your business information associated with customers, suppliers, agents, and other counterparties. The
partner, agent or other third party? information will be utilized as part of the analyses of matters under investigation.

Does this business partner have the track record and

credentials claimed?

What hidden risks exist in a given transaction or

relationship?

Does a transaction or relationship create risks relating to

corruption or financial crime?

What are the country-specific political risks that may

affect the longer-term success of a proposed venture?

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 25
Corporate intelligence
Objectives Actions and expected outcomes

Interviews are a good source of information to gather evidence

through facts and other supporting information for use during
the investigation and subsequent proceedings.
The objectives of investigative interviews are to:
— Obtain background information of aspects being investigated
— Obtain background information about witnesses and the
identification of potential additional witnesses
— Obtain background information about potential suspects and
the identification of potential additional suspects
— Test the available facts and identify additional facts that may
assist in the investigation

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 26
Data preservation and hosting

01 Identification 03 Collection
02 Preservation — Deploy an experienced team to collect
— Identify key data sources.
— Develop defensible preservation plans to the evidence.
— Evaluate the costs and benefits of
safeguard documents. — Document appropriate evidence handling
obtaining this data.
and chain of custody procedures.

04 Processing 05 Review and early 06 Review support

— Load, transform, consolidate, standardize, case assessment — Assist the investigative review throughout,
validate, and filter relevant data for analysis. — Provide information about the data to providing smart searches, statistical
— Search and analyse using tailored highlight data not collected or deleted. sampling and AI to find relevant
culling techniques. — Use machine learning, including predictive documents fast
models and Artificial Intelligence (AI)

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 27
Handling and indexing large amounts of
paperwork and data

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 28
Electronic review platforms a solution for large data
challenges

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 29
War stories 1/2
— The manager of a subsidiary of the family conglomerate had siphoned billions of
Firm Confidential dollars into ghost companies that amounted to a gigantic Ponzi scheme.
What happened? — As a result of the 2008/ 2009 global economic crisis, credit markets and asset prices
slumped, the manager of the subsidiary could no longer roll over the loans.
Multiple — Loans began to default and the banks began reach out to the alleged guarantors.
Industry Industries
— Total outstanding liabilities to multiple creditors world wide amounted to around
The value
USD 9.2 billion.
Embezzlement
Industry of funds
— Family conglomerate and its shareholders faced legal action by creditors to recover
the missing cash from family assets.
The
— Family members had their assets frozen and travel bans were imposed on them.
outcome
— Resulted in multiple court cases around the world between the family and the
manager of the subsidiary.

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 30
War stories 2/2
— A large media company needed assistance in gaining insight into legacy receivables
Firm Confidential that have remained on their books.
— Legacy receivables date back to 2011 and in some cases are prior to that period.
What happened? — In order to collect or clear these outstanding receivables management wanted to
understand why these receivables are still outstanding and to obtain any
Industry Media documentation to support collection efforts or justification for the outstanding
receivables to be written off.

Large legacy — The total value of the outstanding receivables under question amounted to over
The value
Industry receivables USD 50 million.

— Using forensic data technology were able to identify communications and

documentation to assist the management in the company to start negotiations with
The debtors or allowed them to understand reasons why these receivables remained on
outcome their books.
— Company was able to collect aged receivables and understand inefficiencies in their
invoicing and collection process.

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 31
Thank you
Simon Crowther Hamdan Hamdan
Partner, Head of Proactive Associate Director , Forensics
Forensics
KPMG Lower Gulf Limited
KPMG Lower Gulf Limited T: +971 5 6625 6124
T: +971 5 6500 5629 E: [email protected]
E: [email protected]

www.kpmg.com/ae
www.kpmg.com/om

Follow us on:

@kpmg_lowergulf

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide
accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one
should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG
International Limited, a private English company limited by guarantee. All rights reserved.

The KPMG name and logo are registered trademarks or trademarks of KPMG International.

© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. 32