James Fleming

As the Fraud Risk Steward for Australia and New Zealand, this role is a key strategic risk management role in the second line of defence that has a broad remit and responsibility for leading the implementation and management of all aspects of fraud risk stewardship across retail and institutional / wholesale banking in Australia and New Zealand.

• Overseeing and leading the impact analysis and embedment of fraud and scams related regulatory changes, specifically, the Scam Prevention Framework (SPF). This includes working with internal stakeholders and driving pragmatic risk-based solutions at an industry level through the Australian Banking Association (ABA).
• Leading and managing the Money Mule opportunity analysis across the retail bank. Currently working with first line of defence and product stakeholders on the process for managing mule accounts, the associated control environment, and the opportunities derived to ensure HSBC is able to effectively mitigate the mule risk. This also involves driving change at an industry level to ensure this is managed across the whole Australian financial ecosystem, and including law enforcement, regulatory bodies, and the financial ombudsman where appropriate.
• Maintaining a management overview of control standards, including providing governance of risk exposures, providing analysis, reporting, and oversight. Examples include monthly governance reporting, challenging Risk and Control Assessments where impact ratings have not been adequately assessed, and working with Internal Fraud on the implementation of internal fraud monitoring, including liaising with Legal to ensure this is completed within the guidelines and policies of HSBC, and applicable laws in Australia.
• Managing multiple industry consultations including the ABA Money Mule Working Group, driving logical positive change in the way the money mule problem is managed in Australia, and the Australian Payments Plus PayTo liability framework, ensuring liability for fraud and scams is appropriately apportioned, including uplifting the recoveries process.

Australian Payments Plus (AP+) are the owners of the three Australian Payment Schemes; NPP, BPAY, and eftpos, (along with other products such as Connect ID and Beem). This role is responsible for working with all financial institutions that subscribe to the aforementioned schemes in order to design, manage, and govern products from a risk perspective to ensure the security and fraud and scam health of the Australian payments landscape.

• Led the design and implementation of the NPP PayTo liability framework for fraud and scams. This involves interpreting current scheme liability frameworks, and managing the interplay between the large number of financial institutions impacted by this, including the often dichotomous nature between major banks and Payment Service Providers (PSPs) in order to design and implement a pragmatic, legally sound, and operationally feasible framework.
• Drove design and implementation of the Secure Remote Commerce (Click to Pay [C2P]) product for eftpos from a fraud risk perspective, enabling more merchants to route online transactions through eftpos in a secure manner.
• Designed the uplift for the reporting mechanism that all financial institutions report known fraud and scams through; this includes establishing the appropriate governance and frameworks around managing this process.

This role leads a team of Fraud Risk Managers responsible for providing fraud risk advice to uplift the security posture across the CBA Group.

• Drove fraud strategy for new business ventures under the X15 division of CBA including for Unloan and Kit. This required careful balancing with respect to the maturity and scale of a start up with the regulations and risk appetite of CBA. Implementation of various controls saw a material reduction in fraud vectors in these ventures.
• Delivered an Australian first, Two-Way Push in App Authentication, leading the risk and advisory function. This resulted in a 20% reduction in call handling times for front line staff and provided additional security for high-risk activity through digital channels. Fraudulent card provisions were reduced by 50% in the first month of introduction in that channel.
• Developed and implemented the new CBA Group Fraud and Scams Management Policy in alignment with the Operational Risk Management Framework. Controlled entire process review including senior leadership endorsement and independent third-party review and approval.
• Established the CommBank Fraud Outreach program shaping CBA’s voice, perception, and mission for customer and community awareness for fraud and scams. Since inception in late 2022, over 83 initiatives have been launched in the first 12 months including targeted customer awareness communications, vulnerable community programs, and various customer engagement workshops and seminars.
• Drove multiple high value post incident reviews, including one with an $18m exposure. This involved extensive stakeholder management, identification of control deficiencies, developing and implementing control uplift strategies including leading funding and prioritisation conversations to ensure implementation of these control uplifts. Incident detection was vastly improved resulting in ≥$500k savings.

This role was responsible for delivering key projects affecting digital channels in an agile workstream. It managed a scrum team of five including developers and engineers. A key component of this role was stakeholder management with large groups invested in projects across varying levels of seniority.

• Spearheaded development and launch of Apple Pay to CBA which resulted in a 270% increase in digital wallet transactions within 3 months. Overcoming significant financing and resourcing hurdles, risk-based decisions were made to ensure delivery was implemented with a sound security posture whilst managing pre-arranged contractual obligations with Apple.
• Successfully delivered strategic control uplifts for payments made through the New Payments Platform (NPP). This included uplifting the control environment for PayID payments to the migration of transactions from Direct Entry (DE) to the NPP payment rails (Osko payments) across retail and business banking platforms. This allowed more customers to access the instant transfer of funds, whilst still ensuring the risk of fraud remained within business appetite.

This role functioned as an advisor and conduit to other business units to provide fraud and operational risk expertise to ensure support of business objectives. This included providing pragmatic advice for new projects, conducting incident reviews for complex fraud incidents, and ensuring business unit compliance to the Group Fraud and Scams Management Policy.

• Identified an issue with a particular product’s clearance period being exploited. Following extensive stakeholder consultation, the root cause was uncovered, and a technical solution expedited to close a control gap with million-dollar exposure.
• Drove an initiative to improve the Business Banking customer on-boarding journey. This resulted in an uplifted control environment and reduced complexities which led to a one-week time saving for customer onboarding.
• Identified a payment segregation of duties gap which faced an exposure >$1m. This was escalated and reported to business stakeholders to remediate by employing tactical processed based controls before system-enforced controls could be implemented.

Led the Fraud Team charged with ensuring fraud losses were managed within risk appetite. Reporting on credit performance and compliance with respect to trends in purchase quality of loans up to $20m and any potential breaches, as well as training and guidance to the Credit Team.

• Led team to implement an internal matching system for live applications. Benefits included increased accuracy and efficiency resulting in the detection of suspicious applications, a control to stop settlement that reduced potential losses.
• Led the development of the Fraud Framework for Macquarie Leasing. An immediate improvement was seen regarding the behaviour of analysts when assessing applications, which resulted in reduced losses due to fraud for Macquarie.
• Successfully implemented new AML/CTF process and procedures with the Financial Crimes Compliance Team to ensure compliance with internal Macquarie and external APRA regulations.

Conducted investigations into suspicious and fraudulent applications and transactions and provided hindsight reviews of loans up to $5m. Developed and implemented a fraud training program for internal and external stakeholders including targeted brokers.

• Key fraud stakeholder on the team responsible for completing due diligence for the successful acquisition of the Esanda Finance dealer portfolio, consisting of over $6 billion worth of assets.
• Developed supplier onboarding process for Macquarie Leasing, resulting in a decrease in supplier fraud and a reduction of 30 minutes in average handling time per transaction.