The Association of Superannuation Funds of Australia (ASFA) is urging registrable superannuation entities (RSE) to undertake greater scrutiny when selecting outsourced service providers to avoid fraud risk.
In its submission to the Australian Prudential Regulation Authority's Prudential Practice Guide SPG 223 — Fraud Risk Management released last year, ASFA suggested this section of the paper requires more guidance to RSE licensees.
It said RSEs should require full disclosure of fraud management and history, think about organisational culture and executive support, including factors like average service period of staff, staff turnover rates, training program capabilities.
The RSEs should also check the provider's IT systems, make frequent site visits of the outsourced provider, assess the external party's audit reports, ensure financial stability, and check varying legal jurisdictions, particularly if the service is being performed in a foreign jurisdictions.
ASFA also called for RSE licensees to make sure they document all outsourced arrangements in contracts that detail the provider requirements to deliver reports on their risk management controls performance and any suspected or actual cases of fraud involving any client.
"The RSE licensee should review what information is required, how often it is required and when, in order to confirm that the arrangements will ensure these requirements are achievable," the submission said.
"There should be provision to make reasonable requests for ad hoc reports and to agree on changes and additions to reporting from time to time."
RSEs also need to monitor and supervise outsourced providers on an ongoing basis to make sure fraud risk management controls are efficient, ASFA said.