Watchlists
Restrict access by blocking items on a designated list until additional verification is completed.
This control targets both internal and external fraud risks.
Examples
Examples of this control include:
- blocking suspect bank accounts so they cannot be used for a client, provider or vendor receiving funding
- making grey-listed providers go through additional suitability checks before being registered
- providing an approved list of providers or vendors who have already been vetted.
Risks from control gap
Not using watchlists can lead to fraudsters:
- operating or moving across different government programmes without detection
- reusing methods, e.g. compromised identities to access accounts
- using the same bank account to hijack multiple payments.
Assessing effectiveness
Methods to evaluate the effectiveness of this control include:
- conducting fraud control testing to confirm that the watchlist works as intended
- consulting subject matter experts about the watchlists
- reviewing policies or other documentation related to the watchlists
- conducting a process walkthrough to observe how the watchlists are used
- undertaking analysis of data and reports related to the watchlist, e.g. reviewing reports to see how many blocks are reported and how often
- confirming the watchlists are always on and automatically applied
- confirming that the systems or processes underlying the watchlists are adequate and reliable
- confirming that attempts to use listed information are flagged and reviewed
- confirming that watchlist information is not widely known or accessible
- confirming that someone cannot manipulate the lists, even when pressure or coercion is applied
- confirming that access to the lists is monitored and reviewed
- confirming that the lists are kept up to date.
Complementary controls
Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:
Related fraudster personas
Types of behaviour this control is designed to mitigate:
The exploiter
|
The fabricator
|
The impersonator
|
The organised
|
Download the complete fraud control catalogue
Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.
More information
- Check out our range of guidance to see where to start your counter fraud journey
- Learn the red flags of mandate fraud, like grooming or manipulation, urgent change requests and emails from unknown senders
- Find out more about the fraud triangle framework of pressure, rationalisation and opportunity
- Emergency relief programmes can be an attractive target for fraudsters – address the fraud risk before an emergency occurs