Effective Fraud Control Strategies:

Safeguarding Your Organization's Assets

By Budi Santoso, SE, Ak, MForAccy, PGCS, CA, CFE, CPA (Aust.), QIA
With us today

foto Budi Santoso, SE, Ak, MForAccy, PGCS, CA, CFE, CPA (Aust.), QIA
Director
budi.santoso@pwc.com

Budi Santoso is Director in PwC’s Forensic Services and Financial Crime Territory Leader, based in the Jakarta office. Budi has more than 18 years of experience in Indonesia and other countries in South East Asia
conduct corruption/fraud and money laundering investigations; asset trace & recovery; dispute & litigation support; design, implement and evaluate anti-fraud programs (both prevention and detection), develop
artificial intelligence based fraud detection system and anti money laundering including transactions monitoring system, third party due diligence system etc.; perform fraud risk assessment; internal control
assessment and improvement; compliance due diligence; US FCPA & UK ABAC reviews; business process reviews; good corporate governance reviews; and perform complex worldwide business intelligence
before investing for Western and Far East companies. An experienced trainer, he is also capable in leading modernizing & transforming corporate GRC (performance, risk management, compliance & internal audit).
Budi participated in the selection of OJK 2022-2027 Commissioners who pass up to the President.
RELEVANT EXPERIENCES
★ 10 years : worked for the elite Indonesian Corruption Eradication Commission (KPK), serving as Head of the Commissioner’s Office, Head of the Prevention Secretariat, and also as an investigator/examiner
(2005-2015)
★ 2 years : Senior Manager in the Fraud Investigation and Disputes team at Ernst & Young (EY) Indonesia (2016-2018)
★ 2.5 years : Senior Director in the Business Intelligence & Investigations at Kroll in the Singapore office (2018-2020)
★ 3 years : Director in the Forensics & Financial Crime Unit Leader at PricewaterhouseCoopers (PwC) in the Jakarta office (2020-present)
EDUCATION AND CERTIFICATION PROFESSIONAL ASSOCIATIONS
★ Bachelor of Economics in Accounting from Sebelas Maret University (Solo-Indonesia) – 2004 ★ 5 years : Director of Training for the Association of Certified Fraud Examiner
★ Official education at Indonesia Police Academy (Semarang-Indonesia) - 2006 (ACFE) Indonesia Chapter and (2017-present)
★ Master of Forensic Accounting from University of Wollongong (New South Wales-Australia) - 2009 ★ 2 years : Board Member ACFE Singapore Chapter (2018-2020)
★ Postgraduate Certificate in Corruption Studies, University of Hong Kong (Hong Kong-China) – 2012 ★ Certification Board of Indonesia Qualified Internal Auditor Association (2022-2027)
★ National Integrity System (NIS) short course, Malaysia Anti-Corruption Academy (Kuala Lumpur-Malaysia) - 2013 ★ Visiting Lecturer at Atma Jaya Catholic University & Sebelas Maret University in
★ Governance & anti corruption short course from the International Law Institute, Georgetown University Forensic Accounting class
(Washington DC-USA) – 2015
★ Transparency & Accountability short course at Griffith University (Queensland – Australia) - 2023
★ Certified Fraud Examiner (CFE)
★ Chartered Accountant (CA)
★ Certified Practicing Accountant (CPA Aust.)
★ Qualified Internal Auditor
The Importance
01 Financial Stability
07 Investor Confidence

02 Reputation Management
08 Preventing Future Fraud

03 Legal Consequences
09 Stakeholder Trust

04 Operational Efficiency
10 Globalization and Technology

05 11
Compliance Requirements Data Protection and Privacy

06 Employee Morale
12 Ethical Considerations
Definition and Types of Fraud
Financial Corporate Consumer Healthcare Government
Fraud Fraud Fraud Fraud Fraud

• Credit card fraud • Embezzlement • Phishing • Health insurance • Public corruption

• Identity theft • Financial • Online shopping fraud • Welfare fraud
• Investment fraud statement fraud fraud • Prescription drug • Contractor fraud
• Tax fraud • Vendor fraud • Advance free fraud
• Insurance fraud • Payroll fraud fraud • Medical identity
• Tech support theft
scams

Charity Mortgage & Cyber Securities & Forgery &

Fraud Real Estate Fraud Investment Counterfeiting

• Charity scams • Mortgage fraud • Ransomware • Ponzi schemes • Check forgery

• Misuse of • Real estate attacks • Insider trading • Counterfeit
charitable funds scams • Business email currency
compromise
(BEC)
• Online auction
fraud
 Key Elements of Fraud
1. Deception

13. Knowledge of consequences 2. Intention

12. Unfair advantage 3. Materiality

11. Harm 4. Victim

10. Beneficiary 5. Personal gain

9. Pattern 6. Breach of trust

8. Illegal 7. Cover up
 Common Fraud Schemes
Phishing
Advance fee fraud
Ponzi schemes
Identity theft
Business email compromise
Counterfeiting
Mortgage & Real Estate
Check fraud
Investment fraud
Credit card fraud
Online auction & retail fraud
Insurance fraud
Ransomware
Charity scams
Healthcare fraud
Tech support scams
Public corruption
Cyberattacks
Forgery
Welfare Fraud
 Costs of Fraud to Organizations
1. Financial loss 2. Legal and Regulatory 3. Reputation Damage 4. Customer and Employee Trust 5. Operational
Consequences Disruption

6. Increased Costs 7. Insurance Premiums 8. Loss of Intellectual Property 9. Supply Chain Disruption 10. Decreased Market
of Borrowing Value

11. Cost of Fraud 12. Litigation Costs 13. Employee Turnover 14. Damage to Relationships 15. Loss of Market
Prevention and Detection Share

16. Compliance Costs 17. Recovery Costs 18. Emotional and 19. Innovation and 20. Potential Exit of
Psychological Impact Growth Stifling Key Personnel
Identifying Vulnerabilities
1. Understand the 2. Conduct a Risk Assessment 3. Review Historical Data 4. Assess Internal Controls 5. Analyze Fraud
Business Processes Schemes

6. Employee Interviews 7. Vendor and Supplier 8. Data Security 9. External Threat 10. Review Compliance
and Surveys Assessment Assessment Assessment and Regulations

11. Third-Party Audits 12. Benchmarking 13. Risk Heat Maps 14. Scenario Analysis 15. Continuous
Monitoring

16. Document Findings 17. Prioritize Mitigation 18. Training and 19. Regular Review
Strategies Awareness
Assessing the Impact of Fraud
Define Impact Financial Reputation Operational Legal and Customer and
Criteria Impact Impact Impact Regulatory Stakeholder

• Define specific • Calculate loss • Evaluate • Analyze • Evaluate legal • Assess

criteria scenarios reputation impact disruption effects consequences stakeholder trust
• Consider the • Assess financial • Watch online • Assess recovery • Examine • Analyze business
impact factors impact sentiment expenses applicable legal relationships
• Ensure stability framework
analysis

Market and Insurance and Scenario Assessment Prioritize Risks Regular

Competitive Recovery Analysis Review

• Examine market • Assess insurance • Model fraud • Blend quantitative • Prioritize high- • Ongoing impact
impact coverage scenarios and qualitative impact risks assessment
• Assess • Evaluate recovery • Prioritize risk • Assess impact • Mitigate top • Adapt to changes
competitive options analysis methods priorities
consequences
Mitigating Fraud Risk through
Internal Controls
1. Segregation 2. Access 3. Monitoring 4. Regular 5. Management
of Duties (SoD) Controls and Audit Trails Reconciliation Oversight

6. Training and 7.Whistleblower 8. Vendor Due 9. 10. Document

Awareness Hotlines Diligence Documentation Retention and
Storage

11.Data Security 12. Internal 13. Incident 14. Continuous 15. External
Measures Auditing Response Plan Improvement Auditing and
Review

16. Background 17. Vendor and

Checks Employee
Monitoring
 Fraud Risk Mitigation Strategies by
Technology Solutions
Data Analytics and Machine
Learning
• Apply data analytics
• use predictive detection
Fraud Detection Software
• Adopt fraud detection
• Utilize AI alerts
Behavioral Analytics
• Watch user behavior
• Employ behavioral analytics
Biometric Authentication
• Use biometric authentication
Multi-Factor Authentication
(MFA)
• Enforce critical MFA
Blockchain Technology
• Employ blockchain records
Cybersecurity Solutions
• Invest in cybersecurity
Encryption
• Encrypt sensitive data
Advanced Authentication
Methods
• Adopt advanced
authentication
Continuous Monitoring
• Use continuous monitoring
AI-Powered Fraud Prevention
• Employ AI for Fraud
detection
Robotic Process Automation
(RPA)
• Deploy RPA for efficiency
Cloud-Based Security
• Use Cloud security
Document Verification and
Authentication
• Use document verification
Anomaly Detection Systems
• Use anomaly detection
Integration of Fraud Data
• Integrate diverse data
Incident Response Software
• Use incident response
Secure Mobile and Remote
Access
• Secure remote access
Machine Learning in Email
Security
• Enhance email security
IoT Security Measures
• Secure IoT devices
Regular Software Updates and
Patch Management
• Update for security
Training and Awareness
Platforms
• Use tech-based training

Understand Common Fraud
Schemes
• Learn Common Fraud
• Detect Fraud Tactics
Establish Internal Controls
• Establish Internal Controls
Employee Training and
Awareness
• Promote Fraud Awareness
• Encourage Ethical Conduct
Data Analytics and Monitoring
• Analyze Data for Anomalies
• Detect Irregular Patterns
Real-Time Transaction
Monitoring)
• Monitor Transactions in
Real-Time
• Flag High-Risk Transactions
Detecting Fraud
Behavioral Analytics
• Use Behavioral Analytics
• Detect Deviations Effectively
Rules-Based Systems
• Customize Fraud Rules
• Flag Suspicious Activities
Machine Learning and AI
• Utilize AI
• Detecting Evolving Patterns
External Data Sources
• Incorporate External Data
• Enhance Fraud Detection
Alert Generation
• Establish Automated Alerts
• Enable Timely Response
Regular Reconciliation
• Perform Account
Reconciliations
Segregation of Duties
• Segregate Critical Tasks
• Prevent Collusion and Fraud
Vendor and Supplier Due
Diligence
• Verify Vendor Integrity
• Prioritize Due Diligence
Employee Background Checks
• Perform Background Checks
Whistleblower Hotlines
• Create Confidential
Reporting
• Whistleblower Hotline
Document Verification
• Authenticate Documents and
• Prevent Document Fraud
Regular Auditing
• Perform Regular Audits
• Evaluate Control
Effectiveness
Incident Response Plan
• Create Incident Response
• Define Roles Clearly
Cross-Channel Monitoring
• Monitor All Channels
• Detect Across Touch-points
Continuous Improvement
• Adapt Fraud Controls
Third-Party Assessments
• Seek Third-Party
Assessment
Legal and Regulatory
Compliance
• Maintain Legal Compliance
Preventing Fraud Effectively
Access Control and
Security Measures

Vendor and Supplier

Due Diligence

Establishing a Fraud
Prevention Culture

Policy and Procedure

Development
Employee Training
and Awareness
 Responding to Suspected Fraud
1. Stay Calm and Objective 2. Gather Information 3. Document Your Findings 4. Notify Leadership and 5. Consult Legal
Management Counsel

6. Engage Internal Audit or 7. Preserve Evidence 8. Engage Law Enforcement 9. Notify Regulatory 10. Secure Legal Counsel
Forensic Specialists Authorities for the Organization

11. Communicate 12. Implement Immediate 13. Conduct an Internal 14. Cooperate with External 15. Determine
Internally Controls Investigation Investigations Remediation Measures

16. Legal Action 17. Review and 18. Communicate 19. Evaluate Insurance 20. Continuous
and Recovery Update Controls Externally Coverage Monitoring
Internal vs.
External Internal External

Investigations 1. Conducted by the 1. Conducted by Third

Organization Parties
2. Scope of Investigation 2. Scope of Investigation
3. Control and 3. Independence
Confidentiality 4. Impartiality
4. Cost 5. Expertise
5. Knowledge of the 6. Cost
Organization 7. Confidentiality
6. Access to Internal 8. Regulatory Compliance
Information 9. Public Perception
7. Timeliness
8. Decision-Making
Legal and
ethical Legal
considerations 1. Adherence to Applicable
Laws and Regulations
2. Search and Seizure
Laws
3. Data Privacy and
Confidentiality
4. Whistleblower
Protections
5. Chain of Custody
6. Attorney-Client Privilege
7. Interviewing Witnesses
8. Preservation of
Evidence
9. Voluntary Cooperation
Ethical
1. Impartiality and
Independence
2. Transparency
3. Confidentiality
4. Respect for Rights
5. Fairness and Due
Process
6. Avoid Retaliation
7. Conflicts of Interest
8. Report Findings
Truthfully
9. Protection of Vulnerable
Parties
10.Continuous Review
Collecting Evidence and Documentation
during an Investigation
Define the Scope and
Objectives
• Define Investigation Scope
• Set Clear Objectives
Assemble an Investigation
Team
• Assemble Skilled
Investigation Team
• Include Legal and Forensic
Experts
Identify Sources of Evidence
• Identify Evidence Locations
• Locate Relevant Records
Preserve the Chain of Custody
• Maintain Evidence Custody
• Document Access Records
Obtain Legal Authorization
• Secure Legal Authorization
• Obtain Necessary
Permissions
Document the Collection
Process
• Maintain Detailed Evidence
Records
Secure Physical Evidence
• Secure Physical Evidence
Image Digital Devices
• Create Forensic Device
Images
• Preserve Original Data
Collect Relevant Documents
• Collect and Organize
• Relevant Documents
Completely
Interview Witnesses
• Interview Witnesses
Impartially
• Document Statements
Properly
Analyze Electronic Records
• Analyze Electronic Records
• Identify Patterns and
Anomalies
Review Financial Transactions
• Examine Financial
Transactions
• Detect Irregular Fund Flow
Use Forensic Tools
• Use Forensic Tools
• Recover Deleted Data
Collect Metadata
• Collect Crucial Metadata
• Establish Timelines and
Authenticity
Document Witness Statements
• Document Witness
Statements
• Verify and Confirm Accuracy
Maintain Confidentiality
• Safeguard Sensitive
Information
Adhere to Legal and Ethical
Standards
• Follow Legal and Ethical
Evidence Collection
Label and Store Evidence
Securely
• Label and Store
• Securely and Carefully
Prepare a Chain of Custody
Log
• Record Accurately
Document Findings and
Analysis
Continuously Review and
Assess
Reporting Channels for Fraud
1. Designate 3. Offer 4. Establish a
Reporting 2. Promote Anonymity Reporting
Channels Accessibility Options Protocol

7. Establish
5. Ensure 6. Educate 8. Assign
Anti-Retaliation
Confidentiality Stakeholders Responsibility
Policies

11.
9. Track and
10. Investigate Communicate 12. Continuous
Document
Promptly Findings and Improvement
Reports
Outcomes

15. Encourage
13. Monitor and 14. Legal
Reporting
Analyze Reports Compliance
Culture
Reporting Mechanisms for Fraud
1. Define 2. Establish a 3. Offer Multiple 4. Create 5. Promote
Reporting Centralized Reporting Reporting Accessibility
Mechanisms Reporting Point Options Guidelines

6. Maintain 7. Educate 8. Establish 9. Assign 10. Develop

Confidentiality Stakeholders Anti-Retaliation Responsibility Reporting
Policies Forms

11. Document 12. Investigate 13. 14. Continuous 15. Encourage

and Track Promptly Communicate Improvement Reporting
Reports Findings and Culture
Outcomes

16. Legal 17. Third-Party

Compliance Reporting
Services
Confidentiality in Fraud Reporting
1. Anonymous 2. Secure 3. Use Third- 4. Protect
Reporting Reporting Party Reporting Whistleblower
Options Channels Services Identities

5.
6. Restricted 7. Secure Data 8. Employee
Confidentiality
Access Storage Training
Agreements

9. Legal and
10. Secure 11. Avoid 12. Monitor for
Ethical
Communication Retaliation Violations
Guidelines

13. Document 14. Legal

15. Encourage
Safeguards Counsel
Trust
Involvement
Communication
for Fraud 1. Develop a
Reporting Communication Plan
2. Establish a Central Point
of Contact
3. Define Clear Reporting
Channels
4. Encourage Reporting
5. Provide Assurance of
Confidentiality
6. Educate Stakeholders
7. Timely Acknowledgment
8. Regular Updates
9. Use Multiple
Communication
Channels
10. Customize Messages
11. Address Concerns and
Questions
12. Transparency in
Reporting Outcomes
13. Regulatory Compliance
14. Maintain a Record
15. Continuous
Improvement
16. Legal Counsel
Involvement
Real-World Examples of Successful
Fraud Control
PayPal - Transaction Retailers - Inventory
Verification and Risk and Point-of-Sale (POS)
Scoring Fraud Control

American Express - Medicare and Medicaid -

Fraud Prevention Tools Healthcare Fraud
Detection

Amazon - Fraud Social Media Platforms -

Detection Algorithms Content Moderation and
Fraud Detection

JPMorgan Chase & Co. Anti-Money European Union - Value Added Tax
Laundering (AML) Efforts (VAT) Fraud Control
Lessons Learned from High-Profile
Fraud Cases
Robust Internal Controls
Whistleblower Programs
Fraud Risk Assessment
Data Analytics
Strong Ethical Culture Educating Employees
Regulatory Compliance Continuous Monitoring
Investigative Expertise
Collaboration and Reporting
Transparent Communication
Risk Mitigation Strategies
Fraud Control in a Digital World
1. Enhanced Data Analytics

14. Incident Response Plans 2. Identity Verification and Authentication

13. Encouraging User Vigilance 3. Cybersecurity Measures

12. Third-Party Risk Management 4. Secure Payment Processing

11. Regulatory Compliance 5. Behavioral Analytics

10. Collaboration and Sharing Information 6. Fraud Prevention Tools

9. Employee Training 7. Continuous Monitoring

8. Machine Learning and AI

E-commerce and Online Fraud
01 Payment Card Fraud
07 Auction Fraud

02 Phishing and Spoofing

08 Shipping and Reshipping
Fraud

03 Account Takeover (ATO)

09 Account Creation and
Loyalty Program Abuse

04 Chargeback Fraud
10 Synthetic Identity Fraud

05 Identity Theft
11 Marketplace Fraud

06 Fake Online Marketplaces

and Sellers
 Future Trends in Fraud Control &
Emerging Threats
AI and Machine Learning
Behavioral Biometrics
Biometric Authentication
Blockchain
Quantum Computing Threats Supply Chain Vulnerabilities
5G and IoT Security Synthetic Identity Fraud
Synthetic Media Ransomware
Cross-Channel Fraud Remote Work Risks
Regulatory Changes
Phishing
Insider Threats
THANK YOU