I thank the Chairman for the invitation to address the joint committee on the issue of false identity documents being used to obtain financial services.
The Irish Fraud Bureau, IFB, is sponsored by BusinessPro, the operators of the Consumer Credit Bureau and Stubbs Gazette. Customers use the bureau’s services to manage credit risk, identify fraud and other related exposures. For example, a lawyer might check with the bureau to ascertain how many unpaid judgments there are against an individual before litigating on behalf of a client.
Last year the clerk to the committee approached the IFB requesting information on the use of false identity documentation to secure loans and related financial services. Obviously, this was an area of special interest and particular relevance to the IFB and its members. On that basis a survey was conducted in December 2008. There were 12 respondents, all of whom were senior executives with responsibility for compliance and risk management in the financial services sector, fraud prevention specialists and practitioners. As they were senior managers, the IFB could assume they had a good understanding of the impact of fraud on their businesses. They comprised management in banking, insurance and pension companies.
The survey was designed to address the subject at a high level but also to consider several aspects of the way in which fraudulent identity documents might be used, including frequency of use, the costs associated with fraud, detection rates, prevention strategies and any other trends that seemed to be emerging. Up to 66% of respondents confirmed their organisations had detected the use of false identity documentation such as passports, driving licences and identity cards. Those who did not report the use of false documents may have had low exposure or poor detection. Some 25% of respondents confirmed that current detection levels saved their organisations over €1 million a year. It must be borne in mind that this relates to the use of false identity documents, not all falsified documents. Half of the respondents reported savings of over €100,000 per annum. These figures only refer to detected fraud; it is harder to determine figures for undetected fraud. Some 58% of respondents confirmed that some false documentation had gone undetected and only 25% were certain that no false identity documentation went undetected. How much an organisation is losing in undetected fraud is an open question. However, 25% of respondents confirmed that undetected false identity documentation had cost their organisations over €500,000 a year. The majority were unable to answer the question.
A key component in the armoury against avoiding fraud is an organisation's anti-money laundering procedures. It is good to note that 75% of respondents confirmed their staff had been trained in these procedures and the KYC, know-your-customer, requirement. With the forthcoming legislation on money laundering, we expect that figure to rise to 100%. Some 83% of respondents confirmed KYC requirements were audited at least once a year. It must be stressed, however, these are procedures and cannot eliminate human error and high quality forgeries. At a recent IFB-sponsored forum a speaker brought along a driving licence purchased over the Internet which none of the fraud specialists was able to detect as a false document.
The survey also confirmed that 33% of respondents used the market leader, Keesing Reference Systems, for document verification. However, only 58% used some form of identity document verification. This leaves a degree of exposure, particularly considering the quality of forged identity documents available over the Internet. Only 58% of respondents confirmed the use of false identity documents was one of the top three fraud risks facing financial services organisations. Only 8% considered the position on the issue of individuals presenting false identity documentation could be judged to be improving, in other words, reducing in volume, with 25% convinced it was getting worse. From the classifiable elements of the survey, it shows there is a real problem.
The IFB believes the introduction of the new anti-money laundering legislation will encourage the wider use of false documentation. It may also drive up the quality of such documents as the requirements against money laundering become more stringent.
The survey also contained some unclassifiable material, quotes from personnel, which may be of interest to the committee. One respondent stated that although current verification processes were rigorous, legacy accounts might have been opened with undetected false documentation. Accounts opened up to 2002 might have been opened with false documentation. It may be prudent for organisations to review their existing account base rather than focusing on new accounts. Another recurring statement from respondents concerned the industry's willingness to accept documentation which was easily falsified such as a driver's licence. I have already referred to the quality of documents that are actually available. There needs to be some additional level of verification to ensure that what somebody is handing over as a vehicle driving licence can be authenticated against something else, and at the moment that does not exist.
There was widespread agreement that data protection rules are generally unhelpful in the prevention of identity fraud. When I questioned in more detail what they meant by that, in particular it referred to the consent to share data. Typically the industry standard for gaining consent to share data, in the same way that banks might share data with, for example, the Irish Credit Bureau, is through a personnel data clause in a contract one signs on applying for financial services. The Data Protection Commission has indicated that this might not constitute consent in that it is not necessarily freely given since one would not get the services if one did not sign up to that particular agreement. Therefore, this is making people very reticent as regards the sharing of fraud data. A couple of things tend to understate fraud, one of which is the tendency for it to get classified as something else, such as a credit loss. Another factor is that when it is identified, nobody is entirely happy to declare it as fraud and share it as such.
An indication of something that I am sure Mr. John O'Mahony will be very conscious of, is the fact that some individuals are incorporating limited companies and using false names as a front. Having got a limited company, one in effect has an employer and can then falsify employee references, PAYE documents and so on. The company in itself is just a shell, of course, and the names of the individuals are entirely fictitious, but once again they have credible false documentation. I hope that was helpful and I shall now hand over to Mr. O'Mahony.