Wednesday, June 5, 2019

Crime Risk Management

Crime bump centeringHow keister the earnest/ put on the line coach utilise the Crime Risk Management butt on and how useful is this process?Crime Risk Management (CRM) is an evolutionary and analytical process to assess whether organisational procedures, assets or individuals could become exposed to a dominance threat to identify the measures necessary to reduce either such(prenominal) risk to mitigate the consequences of any hazard once realised to evaluate the success or otherwise of the prescribed course of work and to adapt appropriately. The conventions of risk way fruit into account that whilst risk is un electromotive force to be entirely eradicated, adapting organisational protection mechanisms to advertise protect against anticipated or imagined threats can significantly reduce it. The Crime Risk Management process provides those responsible for securing an organisation against risk with various tools. To arm a greater understanding of how CRM is utilised tod ay it is beneficial to consider the practices of a feature application in isolation. The manner in which the banking sedulousness combats monetary crimes such as plastic imposture provides a useful example. Further to this, in localize to critic exclusivelyy assess the legalness of the risees taken by industry watchdogs in safeguarding against risk, a brief comparison between the Banking sector and the United Nations CRM practices has been included. Ultimately, when best practices atomic number 18 followed, the CRM process can also have the effect of a deterrent against future mis add when the latent vulnerabilities of an operating room atomic number 18 recognised and appropriately reduced to within acceptable boundaries.According to constitutive criminology, crime is outlined as the harm resulting from people investing energy in harm-producing relations of power, which denies others their ability to take a shit a difference (McLaughlin and Muncie, 200666). The United S tates (US) Air Force somatic Command Pamphlet (AFMCPAM 63-101, 19975) describes risk as a measure of a projects inability to achieve broadcast objectives(it) has two components the probability of failing to achieve item performance, schedule or cost objectives, and the consequences of failing to achieve those objectives. Subsequently, risk care is the process of restrainerling such risks and includes identifying and tracking risk battlegrounds, developing risk mitigation plans as part of risk handling, supervise risks and performing risk judicial decisions to determine how risks have changed (AFMCPAM 63-101, 19975-6).Cox (200564) defines risk management as a decision process that maps available risk assessment information about the probable consequences of acts of crime, along with value judgments and priority information concerning the choices of which acts to take in response. This definition stock-still interprets the discipline of risk management as a more passive perf ormance, focusing more on the assimilation of information and the analysis that follows, rather than the progressive intervention postulate to avert or alleviate the risk. Conversely, Broder as cited in Nalla Newman (1990 92), defines CRM as the anticipation, recognition and appraisal of a risk and the initiation of some action to remove the risk or reduce the potential loss from it to an acceptable train.Based on the above contrasting definitions, one focusing on the information gathering and analysis aspect, and the other accentuating the notion of taking action to avert the risk, CRM can be concluded to have a number of objectives namely to assess risk by proactive means rather than simply reacting to risks as and when they are encountered, to assess potential losses that might result from these eventualities, conduct a cost benefit analysis of taking risk intervention measures such as setting up a CRM process, and finally, to minimise, control or tape drive foreseeable risk s (lamella, 199814). Therefore, a solid risk management uprise includes three primary elements a threat assessment, a vulnerability assessment, and a criticality assessment (Decker, 20011). Each of these aspects also takes into consideration the probability of an occurrence and the timeframe in which it is likely to occur during the lifetime of a project (AFMCPAM 63-101, 19976).Threat assessments are critical supports for operational decision-making in the security program design phase, identifying areas requiring crucial and concerted efforts. These assessments identify and evaluate risks establish on a number of elements including capability, intentions, and the potential lethality of a breach (Decker, 20011). Since on that point is no way to anticipate every possible risk, or to know everything about each risk, the two other processes involved in this method, vulnerability and criticality assessments, are essential in maximising preparedness against the threat of a violation. A vulnerability assessment determines weaknesses that whitethorn be utilise by potential perpetrators and suggests options to eliminate or mitigate those weaknesses. A criticality assessment is a process designed to formatically identify and evaluate an operations key assets based on their consequence to the fulfilment of its mission or basic function, those within the organisation that may prove vulnerable, or the implication of a structure (Decker, 20011). This aspect of the CRM sexual climax is imperative since it has the potential to aid preparedness against material threats, and in turn, enhance the allocation of scarce resources to those areas, whether to assets, procedures or structures, afterwards identified as being of the luxuriouslyest priority and at that placeby requiring special auspices from perceived threats (Decker, 20011-2).While a number of conventional theories are both kindly and feasibly applicable as CRM processes, the two contemporary methods that ar e the just about popular are the rational choice and routine activity theories. The routine activity approach considers only direct-contact predatory violations, where at least one offender takes or damages the property of at least one other person. It is thus based on three factors, a likely offender, a suitable target and the absence of capable guardians against crime (Cohen and Felson, 1979588). On the other hand, the rational choice approach focuses on situational crime prevention, predicting the time and place where crimes are likely to occur, reducing opportunities and the motivation to offend, and thereby decreasing the propensity of the criminal to offend at all (Clarke and Cornish, 1985174-177). Both of these approaches highlight the importance of assimilation and analysis of information. To this end, the Crime Pattern analysis (CPA) is a critical informative tool which seeks to determine what crimes are likely to impact particular targets, to identify the criminals ( nea rly) likely to commit the crimes, and (to forecast) how and when such crimes are likely to occur (Tyska and Fennelly, 199850).An initial consideration of these concepts would appear relatively straightforward, however the eyeshot of implementing an effective CRM process to adequately safeguard against risk can be a daunting endeavour for the security manager. One area in particular requiring a comprehensive CRM approach is the retail banking industry particularly relating to plastic fraud. Plastic fraud includes various types of criminal activity including use of stolen billhooks, skimming, absent ordering, and identity element theft (Newman and Clarke, 2003145, Refer also to Appendix 1, page 13).Misuse of stolen tease is the most traditional form of plastic fraud, where cards are stolen from customers, enabling the fraudsters to make purchases in the window available to them between their acquisition of the card and the original card holder reporting the loss of the card to t heir issuing bank who take action to revoke or cancel the account (Slawsky and Zafar, 2005101). Skimming is another form of plastic crime that takes place when a cardholder uses his card at any commercial establishment or cash machine. The details of the electromagnetic strip at the back of the card are copied onto a secondary storage device, which can later be replicated onto a counterfeit card, illegally cloned to resemble the details of the original, and reused by the fraudster for access to funds or illegal purchases. (Slawsky and Zafar, 2005104). Another form of card crime growing in incidence is the Card Not Present (CNP) variety. This occurs when the perpetrator makes a purchase done mail order or rally order, usually buying expensive swop, for their own personal gain, for either reselling it in the market-place or by tricking the merchant into refunding the value of the goods upon their return (Montague, 200412).Leonard and Lamb (200791) define identity theft as afraud co mmitted using the identifying information of another person. As such, it comprises the misuse of information that is specific to an individual, usually involving a partial and flitting adoption (of the details)in order to facilitate criminal activity (Finch, 200286). In extreme cases, this could cause the victim huge financial losses, discomfort and social plethora where the protagonist attempts to use these details to derive material benefit at the expense of the victim.When applying the CRM process to this form of crime, the first step the security manager is required to take is the initial assessment phase, which involves evaluating the threats and areas of vulnerability in order to determine the level of risk. A number of tools are required at this stage, some of which are quantitative in nature, and others are qualitative (Fennelly, 2003494). Quantitative analyses usually employ statistical sampling, based on mathematical calculations to assess the likelihood of a crime, extr apolated from results selective information (DePersia and Pennella, 1998304). The aforementioned Rational Choice Theory is a related quantitative approach. Within the context of plastic fraud crime, application of this particular theory is exemplified through the regulated practice of profiling customers.In order to identify extraordinary behaviour financial institutions commonly track the regular operation histories of their clientele. This is especially foursquare of institutions that issue cards for credit purchases, viewing investment in database profiling of customer transaction histories as crucial. These arrangings make it possible to characterise potential wary incidents by programming patterns which trigger warnings including sudden spending sprees, reaching the credit limit or exhausting the account balance, duplicate transactions of unlikely merchandise especially expensive items such as televisions, and an unusual avoidance of delivery services (Slawsky and Zafar, 20 05102). An example of automated programming used to detect uncharacteristic activity on card accounts is the Visa Intelligent Scoring Of Risk (VISOR) facility provided by the Visa network (Grabosky and Smith, 1998170). The use of this CPA technique has improved the potential to diminish the effect of duplicitous activity on both customers and institutions alike, by simultaneously preventing throw out theft and acting as a deterrent against draw a bead on felons.Qualitative assessments determine the chances of risk on a sliding scale from negligible to prohibitive based on the opinions, experience and knowledge of leading security management experts (Kovacich and Boni, 1999192). Considering most plastic fraud takes place at the Point of Sale (POS), and since highly skilled security managers cannot monitor everything at once, one of the most effective means of incorporating qualitative assessment into the CRM process is by implementing a thorough training regimen for employees, alon gside a widespread awareness nurture campaign aimed at educating customers and installation of permanent surveillance equipment such as CCTV (Horan, 199668-76). This dual approach instructs on the nefarious methods employed to misuse either cards or card information in order to create a front-line defence mechanism and enhance the fraud detection capacity of the operation. Any unsound activities intercepted by staff are rapidly communicated throughout the organisation, for instructive and investigative purposes, to further foster this self-regulative method (Horan, 199668).The assimilation of quantitative and qualitative analysis into banking industry best-practice CRM has resulted in the introduction of a number of effective controls designed specifically to curtail plastic fraud. One solution has been the introduction of embedded microchip protection and PIN cards in the United Kingdom (Hoare, 2007274). This security enhancement prevents the misuse of credit cards by requesting the card PIN for every transaction regardless of whether the customer is making a simple purchase or a cash withdrawal, thereby further reducing the risk of fraudulent transactions. This approach is then combined with customer advisories such as the need to keep cards and PIN information separate (Grabosky and Smith, 1991170). When implementing crime risk management systems of this nature, however, there are two imperative considerations security managers must remain mindful of in advocating a particular method probability and the associated cost-benefit outcomes.Proponents within crime management recommend that risk should always be viewed in a probabilistic context (Fischer and Green, 2004139). For example, the recent collapse of the sub-prime mortgage market, beginning in the United States, has had a tremendous impact on global financial markets, however those organisations that viewed the probability of this event occurring as remote presumably installed fewer measures to insure against such a risk, thereby suffering the greatest losses. This example vindicates those weary observers who viewed this practice as dubious, although not criminal in the strictest sense, and who have continued to advocate for more rigorously stringent regulation of credit lending (Munro, Ford, Leishman, and Kofi Karley, 20051-3 26-30).The second, and arguably more important factor, is that the cost of CRM execution should not exceed the benefits received to the institution in pursuit to avoid the risk in the first instance (Culp, 2001226). The indomitable pervasiveness of plastic fraud, although costly, does not quite warrant the installation of sophisticated risk management systems at all POS sites. One of the more dramatic recent proposals to counteract crimes of an identity fraud nature involves biometrically tagging individuals to a corresponding identification card in order to develop a log of all activities, which is then compiled into an ominous central database (Ahlefe ld and Gaston, 200579). Although some view these measures as the only way possible of comprehensively monitoring and controlling such crimes, there are certainly many criticisms against this suggested method including the prohibitive cost of implementing and maintaining a system capable of delivering this service, the potential for security breaches in the data system storing private records of citizens, and the associated infringements upon civil liberties and human rights likely to be raised in opposition to the proposal (Grant, 2008). Industry driven cost-benefit analysis is thereof a vital component of appropriate CRM design.There are innumerous benefits to implementing a CRM process within an organisation, regardless of the environment in which it is applied, in either the public or private sphere, which is why this approach has steadily grown in practice (McLaughlin and Muncie, 2006 363-364). It is the essentially proactive nature of the approach taken in CRM, allowing for th e mitigation and prevention of potentially disastrous outcomes, that explains why it is so well favoured. The banking industry is not alone in its vulnerability to losses through fraudulent practices indeed according to calculations published by the United Kingdom (UK) Home Office Identity Fraud Steering Committee (IFSC), it is estimated that identity fraud represents an yearbook cost of 1.7 billion to the UK economy (Home Office, 2006).The significance of this threat is a partial motivating factor behind the financial services sector adopting an industry-wide approach to CRM shared out regulatory practices. The address Industry Fraud Avoidance System (CIFAS) is representative of this trend, working in conjunction with institutions across the entire financial sector and in the general interest of the banking fraternity. These cooperative systems are then linked to the broader national security management infrastructure, and though ongoing consultations and data share-out, a compl ex relationship has been established to combat pervasive and costly crimes, including plastic fraud (CIFAS, 2007). This level of cooperation was recently formalised in the UK through Royal Assent to the Serious Crimes enactment 2007 for the prevention of fraud through shared information with anti-fraud organisations (Office of PSI, 2007 Part 3, Chapter 1, section 68). Thereby the CRM approach of individual institutions informs industry standards to national policing activities, all working cooperatively in a sophisticated network dedicated to crime management.This cooperative approach by the banking industry to CRM processes has a cascading effect. The shared CRM network enables participants to access a continuous risk assessment feedback mechanism, allowing the entire industry to maintain a collective pool of knowledge easily referenced to assess the potential risks associated with a specific action, either not previously anticipated or as part of a new initiative by an individua l institution, creating unprecedented levels of cost-benefit sharing and exemplifying the potential of widespread best-practice implementation (CIFAS, 2007 and FSA, 2008). Regulative bodies such as the Financial service Authority (FSA), constituted with statutory powers through the Financial Services and Markets Act 2000 (Office of PSI, 2000 Part 1, section 1), provide a form of protection for the industry against both inseparable and external fraud, by monitoring, evaluating and reporting practices across the sector. The endorsement is an industry funded, non-governmental organisation, empowered to enforce its recommendations (FSA, 2008). Alongside the membership requirement to voluntarily commit to full disclosure regulative authorities such as this further enable the industry to self-regulate, mitigate against threats and further spread the cost of CRM across the sector.The systemic level of commitment exemplified by the banking industrys approach to CRM of threats such as plas tic fraud, and the broader commitment to combating identity related fraud in the United Kingdom, demonstrate the high level of cooperative action required to efficaciously combat specific crimes and realise the full potential of CRM processes at large. Both Gill, through his three foci for risk management decision-making (199815), and Youngs 1992 theory of the square of crime (Department of Criminology, 20031-15) call for multi-sectoral simultaneous high-level intervention for effective crime prevention outcomes. The combinations of institutions and their customers, advocating for changes in public and private policy to mitigate specific threats, aroused by administrators and legislators alike, must be in alignment with factors such as Gills means to change offenders (199816), where appropriate punishment is meted against identified perpetrators to emergence the risk of offending, in concert with a palpable level of public opprobrium (Department of Criminology, 20031-21).Whilst a consideration of the plastic fraud approach has illustrated the high level of cooperation required between all impacted by crime, in order to more effectively prevent losses, a brief reflection of the United Nations system further reveals the evolution of CRM at work. CRM processes are performed in two simultaneous approaches within the UN system. CRM practices are now more closely assimilated into the Security Risk assessment (SRA) processes of the organisation to more effectively combat risk from both internal and external threats (Australian crown Territory Insurance Authority, 2004 4-10). CRM and SRA processes are continually reviewed, evaluated, reassessed and adapted as necessary especially in light of recent attacks such as those on UN staff members in Iraq and Algeria. Updated recommendations are communicated broadly to mainstream their approach across all activities and in order to achieve the aims of comprehensive security management across their global operations. The mission of the UN Security Management System (UNSMS) boilers suit is to enable the effective and efficient conduct of UN activities while ensuring the security, safety and well being of staff as a high priority (United Nations, 20022, Part II, para 3).To achieve this delegate the UNSM system requires maximum coordination and cooperation at all levels to facilitate workable funds and programmes so they are enabled to perform their primary objective of delivering aid as appropriate. The management techniques discussed by Gill (1998 14-15) are increasingly being curbd to general UN practices for example in the manner of staff and management recruitment practices which emphasise security as the responsibility of all staff employed under the auspices of the UN (United Nations, 20064-2). In order to fully integrate this approach, from the ground up and across earth programs, a Security Management Team is allocated to meet regularly at the head of mission level.These elderberry bush l evel fora are guided by the senior country representative of the UN Department of Safety and Security (DSS), who are responsible for providing leadership, operational support and oversight of the security management system to enable the safest and most efficient conduct of the programmes and activities of the United Nations (United Nations, 20062-1, para 2.5). The UNSMS framework exemplifies Gills risk management recommendations whereby the mandate of security managers is to be a stakeholder in program operational objectives, enabling their effective fulfilment, and conversely, the managers and staff of each program are a stakeholder in the security of their own operations (199814-15). This cultural shift from the traditional perception of security as working in isolation allows for an increased level of protection to permeate the organisation and for all staff to enjoy the prospered achievement of operational objectives in a safe and secure environment.Although the UNSM system pr ovides one positive example, the reality is that changing internal traditional operational cultures, to incorporate risk prevention as a perceived responsibility for all managers, remains a significant challenge (Handy, 1993 209). Closer inspection of the plastic fraud approach to the CRM process also exposes a number other difficulties faced by the security manager when implementing procedures to prevent exposure to risk. The crime risk manager may be criticised for displaying a disposition to crime displacement, which results in a transfer of risk rather than absolute dissolution. Crime displacement occurs when security measures are effective in preventing crime, where they are in place, and forces the criminal to go elsewhereto commit their crimes, where there may be less security infrastructure. fault could be represented by a shift in time (temporal), shift in target venue (spatial), tactics, or perpetrator (Vellani, 2006169).As intimated above, the high level of cross-sectora l cooperation required to truly spotlight and diminish specific crimes is often beyond the means of small-scale security managers to influence. Even in the case of confederated cooperation illustrated by the banking industry to mitigate plastic fraud, the crime still exists. Where the perpetrator commits isolated instances of plastic fraud there may be a low risk of detection, incidents may not be recorded or reported and therefore there is a perceived lack of punishment associated with the offence, which can contribute to the overall seriousness of the problem (Department of Criminology, 2003 1-21). Indeed the CIFAS prevention service lists the three documents most frequently utilised to commit identity related fraud offences as non-UK passports, profit bills and then UK passports (CIFAS, 2008). As CRM policy shifts its attention toward the greater risk area a gap is left behind for small-scale, undetected perpetrators that nonetheless contribute to an area of fraudulent activity that still represents major losses for credit providers.The major challenge in taking the CRM process approach is in designing the system based on real threats and with enough flexibility to adapt to a constantly changing environment. CRM processes require constant review, evaluation, reassessment and adaptation, and even then there is no guarantee that risk will always be averted (Gill, 1998 17). There may be those whose commitment to the process waivers, governments and their policies may change, societal reactions to certain risk may be attenuated, criminals evolve to increasingly sophisticated methods as their use of technology improves and victim organisations may change their directions, reforming appropriately as they go (Department of Criminology, 2003 1-22). Therefore, implementation of a CRM process requires a scrupulous cost-benefit examination, credible and quality information from which the risk assessment is drawn, and a wholesale commitment by the organisation in orde r to derive maximum worth (Gill, 1998 16-17). If the approach is too conservative the risk may be that tangible business opportunities are unnecessarily miss whilst simultaneously failing to address the risks involved. Finally, the security manager must also control the level of expectation associated with their anticipated levels of success, since it is unlikely for even the most veritable system to remain unscathed.In conclusion, almost every act in business involves an element of risk customer habits change, new competitors appear, and factors outside the sphere of control could delay a project. However thorough risk analysis and management can help to inform decision making and minimize potential disruptions, especially where there is a sufficient balance between mitigating the risk and the cost associated in doing so. Evolving CRM processes that utilise decentralised risk management techniques in combination with a centralised coordination approach are becoming accepted best practice, with the result that individual firms are able to adapt the framework to best suit their preferences and internal conditions. It would therefore appear that the discipline is coming of age which is evidenced through the prevalence of its practice in the mainstream. However the combination of the ever-present elements of change and the unanticipated represent the greatest challenges to the security manager in mitigating risk. The reality is that they can only apply their experience, offer their informed advice to key stakeholders, and manage the outcomes, whatever they may be.ReferencesAhlefeld, H. von. and Gaston, J. (2005) Lessons in Danger, OECD Online Bookshop.Air Force Material Command Pamphlet (1997) Acquisition Risk Management, AFMC Pamphlet 63-101,http//www.e-publishing.af.mil/shared/media/epubs/AFMCPAM63-101.pdf, (accessed 1 environ 2008).Australian Capital Territory (ACT) Insurance Authority (2004) Guide to Risk Management, Risk Management Guide Toolkit, ACT Ins urance Authority, http//www.treasury.act.gov.au/actia/Guide.doc (Accessed 1 March 2008).Bridgeman, C. (1996) Crime Risk Management Making it work, Crime Detection and Prevention Series Paper 70, Police Research Group, London Home Office.Clarke, R.V. and Cornish, D.B. (1985) Modelling Offenders Decisions A framework for Research and Policy, Crime and Justice, 6 147-185.Cohen, L.E. and Felson, M. (1979) Social Change and Crime rate trends, American Sociological Review, 44 588-608.Cox, L. A. (2005) Quantitative Health Risk Analysis Methods, Springer.Credit Industry Fraud Avoidance System (CIFAS). (2007) New Fraud Prevention Power Will Save Millions, Press Centre, 30 October 2007, http//www.cifas.org.uk/default.asp?edit_id=786-57, (accessed 1 March 2008).Credit Industry Fraud Avoidance System (CIFAS). (2008) 2007 Fraud Trends, Press Centre, 28 January 2008, http//www.cifas.org.uk/default.asp?edit_id=790-57, (accessed 1 March 2008).Culp, C. L. (2001) The Risk Management Process, John Wil ey and Sons.DePersia, A.T. and Pennella, J.J. (1998) Enforcement and Security Technologies, SPIE.Decker, R.J. (2001) mother country Security Key Elements of a Risk Management Approach, Testimony Before the Subcommittee on National Security, Veteran Affairs and International Relations rear Committee on Government Reform, GAO-02-150T, United States General Accounting Office.Department of Criminology (2003) Unit 1 Crime Risk Management, Module 2 employ Crime Management, Department of Criminology, 1-5 to 1-23.Fennelly, L.J. (2003) Handbook of Loss Prevention and Crime Prevention, Butterworth-Heinemann.Financial Services Authority (FSA). (2008) Who are we, http//www.fsa.gov.uk/Pages/About/Who/index.shtml, (accessed 1 March 2008).Finch, E. (2002) What a tangled web we weave identity theft and the Internet, in Yvonne Jewkes (ed.) Dot.cons Crime, deviance and identity on the Internet, Willan Publishing, 86-104.Fischer, R. J. and Green, G. (2004) Introduction to Security (7th Edn), Butte rworth-Heinemann.Gill, M. (1998) Chapter 1 Introduction, in Martin Gill (ed.) Crime at Work Volume II Increasing the Risk to Offenders, Leicester Perpetuity Press Ltd, 11-23.Grabosky, P.N. and Smith, R.G. (1998) Crime in the Digital Age Controlling Telecommunications and profits Illegalities, Transaction Publishers.Grant. I. (2008) Wave of criticism hits government ID card relaunch in ComputerWeekly.com, http//www.computerweekly.com/Articles/2008/03/07/229773/wave-of-criticism-hits-government-id-card-relaunch.htm, (accessed 9 March 2008).Handy, C. (1993) Understanding Organizations (4th edn), Harmondsworth Penguin.Home Office (2006) Identity Fraud puts 1.7bn Hole in Britains Pocket, Press Releases, 2 February 2006, http//press.homeoffice.gov.uk/press-releases/identity-fraud-puts-1.7bn-hole?version=1, accessed 1 March 2008).Horan, D.J. (1996) The Retailers Guide to Loss Prevention and Security, CRC Press.Hoare, J. (2007) Deceptive Evidence Challenges in mensuration Fraud in J.M. Ho ugh, and M.G. Maxfield (eds) Surveying Crime in the 21st Century, Criminal Justice Press.Kovacich, G. L. and Boni, W. C. (1999) High Technology Crime Investigators Handbook, Elsevier.Leonard, R. and Lamb J. (2007) Credit Repair (8th Edn),Nolo.McLaughlin, E. and Muncie, J. (2006) The Sage Dictionary of Criminology, Sage Publications.Montague, D.A. (2004) Fraud Prevention Techniques for Credit Card Fraud, Trafford Publishing.Munro, M., Ford, J., Leishman, C. and Kofi Karley, N. (2005) Lending to higher risk borrowers Sub-prime credit and sustainable home ownership, Joseph Rowntree Foundation, http//www.jrf.org.uk/ bookstore/eBooks/1859353355.pdf, (accessed 1 March 2008).Nalla, M. and Newman, G

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.