CAIIB ABM Module D UNIT 32 MCQ – Fraud and Vigilance in Banks

Correct Answer: C. Fraudulent activity. An intentional deception aimed at securing unfair or unlawful monetary gain is fundamentally characterised as fraud.

Correct Answer: C. Through either direct or indirect means. Intentional deception for unfair monetary gain can involve obtaining the money directly or indirectly.

Correct Answer: C. Extremely prevalent. In highly financialised societies, intentional deception for financial gain is a very common issue.

Correct Answer: C. Either a civil matter or a criminal offence. Intentional deception for unfair gain can be categorised legally as either a civil wrongdoing or a criminal offence based on context and severity.

Correct Answer: C. Contract law. Intentional acts of deception or concealment to induce entry into a contract are typically defined as fraud within the scope of contract law.

Correct Answer: B. Hiding a fact deliberately while having knowledge of it. Deliberately concealing a known fact is recognised as an act of deception in contract law.

Correct Answer: C. Only when there is a legal or situational obligation to disclose, or when silence itself implies consent or information. Silence constitutes deception only in specific circumstances where disclosure is required or silence is misleading.

Correct Answer: C. Corporate fraud. Actions involving intentional deception, omission, concealment, or abuse of position to gain undue advantage or harm corporate interests fall under the definition of corporate fraud.

Correct Answer: D. Acquiring property not legally due to oneself through unlawful means. Wrongful gain refers to obtaining property via unlawful methods when one has no legal entitlement to it.

Correct Answer: B. Losing property legally due to oneself through unlawful means. Wrongful loss refers to being deprived of property legally due to oneself via unlawful methods.

Correct Answer: D. Intent to defraud, and for no other reason. An action is considered fraudulently performed if the sole intention behind it was to defraud.

Correct Answer: C. The intention behind the action to defraud. The primary factor determining if an action is fraudulently done is the presence of an intent to defraud.

Correct Answer: B. Misappropriation and betrayal of trust. Acts involving misappropriation of funds and criminal breach of trust are typically classified as fraudulent activities causing loss to financial institutions.

Correct Answer: B. Manipulating financial records or using false accounts. Dishonest acts involving the manipulation of financial records or operating through fictitious accounts are a recognised cause of financial loss for institutions.

Correct Answer: B. If there is a suspicion or proof of deceptive intent. Cases of cash shortages or foreign exchange irregularities are reported as intentional deception causing loss only when deceptive intent is suspected or proven.

Correct Answer: B. Amounts greater than ₹10,000. Cash shortages exceeding a certain amount, often ₹10,000, are typically reported as intentional deception causing loss even without immediate proof of intent.

Correct Answer: B. The cash handler failed to report it on the same day of occurrence. A cash shortage exceeding a certain amount, if detected by management or audit and not reported by the cash handler on the day it occurred, is treated as intentional deception causing loss.

Correct Answer: C. Forgery. Forgery, involving the creation or alteration of documents, is a historically common method for perpetrating intentional deception.

Correct Answer: C. Creating a false written document or altering a genuine one with the aim to deceive. Forgery fundamentally involves making false documents or changing genuine ones with a deceptive purpose.

Correct Answer: B. The intent to commit deception when creating the document. The offence of creating a false document is complete as soon as the document is made with the intention to deceive.

Correct Answer: B. No, a fictitious or deceased person’s name can be used. A false document can be created using the name of someone who is not real or is deceased.

Correct Answer: B. Yes, they are all considered culpable despite dividing the tasks. When multiple individuals combine efforts, each contributing a part to a forgery, they are all held responsible.

Correct Answer: C. Yes, if the date is a significant element of the deception. Altering a document’s date can be considered forgery if the date is a material factor in the intended deception.

Correct Answer: B. No, altering a document only to hide negligence does not constitute forgery in this context. Falsification done purely to conceal a prior negligent act is not considered forgery.

Correct Answer: B. Triangulation or site cloning. Customers providing card details on fraudulent sites that misuse this information is an example of triangulation or site cloning fraud.

Correct Answer: B. Government and policy focus on digital banking as a convenient and affordable option. The push by government and policymakers towards digital banking, seen as convenient and affordable, led to a large increase in digital transactions.

Correct Answer: B. Fraudsters have adapted and cyber-based deceptions are more common. As technology has advanced, fraudsters have also evolved their methods, leading to an increase in cyber-based deceptions.

Correct Answer: B. The risk of experiencing a cyberattack. Cyber security threats indicate the likelihood or risk of encountering a malicious cyberattack.

Correct Answer: B. A cyber-attack. A cyber-attack is defined as a deliberate and harmful action by an individual or organisation to breach another’s systems.

Correct Answer: B. Information theft, financial gain, espionage, or sabotage. Attackers conducting cyber-attacks may be motivated by stealing information, obtaining money, conducting espionage, or causing damage (sabotage).

Correct Answer: C. Distributed denial of service (DDoS) attack. The goal of a Distributed denial of service (DDoS) attack is to flood a system’s resources, preventing legitimate users from accessing it.

Correct Answer: B. Social engineering. Social engineering attacks utilise psychological tactics to trick users into taking desired actions or giving up confidential details.

Correct Answer: C. Social engineering attacks. Phishing, spear phishing, and homograph attacks are all specific methods employed within social engineering.

Correct Answer: C. Man-in-the-middle (MitM) attack. A Man-in-the-middle (MitM) attack occurs when an attacker intercepts and potentially alters communication between two parties who believe they are communicating directly.

Correct Answer: B. Compromise user credentials, steal sensitive data, or return different responses. By intercepting communication in a MitM attack, an attacker can potentially steal login details, sensitive information, or manipulate the messages exchanged.

Correct Answer: C. Man-in-the-middle (MitM) attacks. These specific attack types are listed as examples of Man-in-the-middle attacks.

Correct Answer: C. Malware and spyware. Malicious software intended to harm or compromise computer systems is generally referred to as malware and spyware.

Correct Answer: B. Exploiting vulnerabilities in browsers or operating systems. Malware can often install itself by taking advantage of weaknesses present in web browsers or operating systems.

Correct Answer: B. Trojan virus. A Trojan virus is a type of malicious software disguised as something harmless to gain access and potentially cause harm or create backdoors.

Correct Answer: C. Ransomware. Ransomware is malicious software that encrypts a victim’s data and demands a ransom for its release.

Correct Answer: C. Malvertising. Malvertising refers to malicious code embedded within online advertisements that can infect users’ devices.

Correct Answer: C. Password attacks. Obtaining password information through methods like sniffing, social engineering, guessing, or database access is categorised as a password attack.

Correct Answer: B. Advanced persistent threat (APT). An Advanced Persistent Threat (APT) involves gaining and maintaining unauthorised access to a network for an extended period to steal data stealthily.

Correct Answer: C. Black hat hackers. Black hat hackers are cybercriminals who unlawfully breach networks with malicious intent towards data and resources.

Correct Answer: C. White hat hackers. White hat hackers are security professionals who ethically breach systems to identify and fix vulnerabilities.

Correct Answer: B. Malware. Malicious software designed to target systems like those holding credit card data, often by infecting servers, is a specific application of malware.

Correct Answer: B. Crypto ransomware. Crypto ransomware is a specific type of ransomware that works by encrypting files and demanding a ransom.

Correct Answer: B. Identity theft. Using another person’s personal and financial information without permission for fraudulent activities is termed identity theft.

Correct Answer: C. A Central Payment Fraud Information Registry and related reporting guidelines. A Central Payment Fraud Information Registry and its associated guidelines provide a formal system for reporting payment-related intentional deceptions.

Correct Answer: C. Rapid sharing of information to help build safeguards. Reducing reporting timelines to near real-time facilitates quick information sharing, enabling entities to develop necessary defences against intentional payment deceptions.

Correct Answer: C. Central Fraud Registry. A Central Fraud Registry serves as a central database for information regarding reported cases of intentional deception in financial institutions.

Correct Answer: B. User-specific identification and security credentials. Access to a Central Fraud Registry is usually granted through specific user IDs and passwords for authorised institutions.

Correct Answer: B. Paper-based caution advice. The practice of issuing paper-based Caution Advice has largely been discontinued and replaced by digital systems like the Central Fraud Registry.

Correct Answer: C. When the deception, including attempted ones, has implications for the wider financial system. Caution Advice may still be issued for intentional deceptions, including attempts, that have systemic implications.

Correct Answer: B. For timely identification, control, reporting, and mitigation of deception risk. Institutions should use the information from fraud databases and caution advice to help in the timely management and reduction of deception risk.

Correct Answer: B. Fraud Monitoring Return (FMR). A Fraud Monitoring Return (FMR) is commonly required to be submitted electronically for individual cases of intentional deception.

Correct Answer: C. Within three weeks (21 calendar days). The electronic return for individual deception cases must typically be submitted within three weeks (21 calendar days) of detection or customer reporting.

Correct Answer: C. A Flash Report within a week. For intentional deceptions involving large sums, a Flash Report is generally required within a week of the head office becoming aware.

Correct Answer: B. Amount, nature, brief method, branch name, parties involved, and names of officials involved. An immediate report for large-value deceptions should include key details like the amount, nature, method, location, and involved parties/officials.

Correct Answer: C. Developments in the deception case through an update application. Institutions are typically required to provide updates on the progress and developments of ongoing deception cases through a dedicated application.

Correct Answer: C. It is complete, accurate, and up-to-date. Submitted data regarding intentional deceptions must be complete, accurate, and current for effective monitoring and information dissemination.

Correct Answer: B. No, cases of attempted deception above a certain value typically do not need to be reported to the central body. Attempted deceptions above a specified amount are generally not required to be reported to the central regulatory body.

Correct Answer: C. Before the Audit Committee of the Board. A report on individual cases of attempted intentional deception exceeding a certain amount must still be placed before the Audit Committee of the Board.

Correct Answer: B. The method of the attempted deception and how it was prevented or failed. The report on attempted deceptions should detail the method used and how the attempt was unsuccessful or foiled.

Correct Answer: B. Protect the documents involved. Immediately securing and protecting the documents related to a discovered instance of intentional deception is a necessary step.

Correct Answer: C. The controlling authority. Branches should contact the controlling authority for guidance on registering an official report with law enforcement upon detecting intentional deception.

Correct Answer: B. The institution’s Chief Vigilance Officer (CVO). Consultation with the Chief Vigilance Officer (CVO) is generally required when lodging a complaint about intentional deception with a major investigating agency like the CBI.

Correct Answer: B. The particulars of the case, leaving the investigation of culpability to the agency. The formal communication should briefly provide case details but leave the determination of guilt to the investigating agency.

Correct Answer: B. The fact that they are due to retire within a year should be brought to the agency’s notice. If employees named in the official report are due to retire within a year, this fact should be communicated to the investigating agency.

Correct Answer: B. Proper liaison and follow-up with the agencies. Maintaining proper communication and follow-up with police and investigation agencies is essential for timely case resolution.

Correct Answer: B. Fix staff accountability for reporting delays. Holding staff responsible for delays in reporting intentional deception cases is necessary to streamline the process.

Correct Answer: B. Similar deceptions being carried out elsewhere. Delayed reporting and information sharing about deception methods can result in the same types of incidents occurring in other institutions.

Correct Answer: C. The Joint Director (Policy) at headquarters. For very large value intentional deceptions, the complaint is typically lodged with the Joint Director (Policy) at the headquarters of a major investigation agency like the CBI.

Correct Answer: B. To detect danger. Vigilance is defined as being watchful and cautious to identify potential dangers.

Correct Answer: B. To ensure public money is not misused and is available on demand. Vigilance is crucial in finance to safeguard public funds, ensuring they are not misused and are accessible when needed.

Correct Answer: B. They are not mis-utilised and are put to gainful use or are available on demand. Institutions handling public money must apply high safeguards to ensure funds are used appropriately and can be returned on demand.

Correct Answer: B. It is not allowed to be misused by dishonest individuals. The vigilance function enforces watchfulness to prevent the misuse of public funds by dishonest persons.

Correct Answer: C. To establish procedures and systems that restrain acts of wrongdoing and misconduct. Preventive vigilance focuses on setting up systems and procedures to prevent wrongdoings and misconduct from occurring.

Correct Answer: C. Detective Vigilance. Detective vigilance uses various reports and surveillance to identify instances of corruption, malpractice, and negligence.

Correct Answer: C. To conduct investigations and take deterrent action against culprits. Punitive vigilance aims at investigating incidents and implementing deterrent actions against those responsible.

Correct Answer: C. Setting up systems and procedures to stop the lapse from happening. Preventive vigilance seeks to reduce lapses by putting in place systems and procedures that prevent them.

Correct Answer: B. Identifying and confirming that a lapse has occurred. Detective vigilance is focused on discovering and verifying instances where a lapse has taken place.

Correct Answer: C. Discouraging the future occurrence of a lapse. Punitive vigilance aims to deter future lapses by taking action against those responsible.

Correct Answer: D. Preventive vigilance. Preventive vigilance is often highlighted as having a central role in the vigilance framework of a central bank.

Correct Answer: C. Promote honesty and integrity and improve vigilance administration. Vigilance guidelines are intended to enhance transparency, integrity, and the overall management of vigilance activities.

Correct Answer: B. Adopting measures to improve systems and procedures. Preventive vigilance involves taking steps to enhance systems and procedures to minimise opportunities for corruption.

Correct Answer: B. Financial standing or reputation. Preventive vigilance aims to ensure employee watchfulness to prevent incidents that could harm the institution’s finances or reputation.

Correct Answer: B. So that the institution’s interests are safeguarded. Ensuring employee adherence to integrity and policies is an objective of preventive vigilance to protect the institution’s interests.

Correct Answer: D. Preventive vigilance. Preventive vigilance is concerned with setting up systems and processes to restrict acts of wrongdoing and misconduct.

Correct Answer: C. Planning and enforcing regular inspections and audits. Conducting regular inspections and audits is a measure used to support preventive vigilance objectives.

Correct Answer: D. Preventive vigilance. Identifying corruption-prone areas and posting trusted staff there is a preventive vigilance measure.

Correct Answer: C. Preventive vigilance. Regular staff transfers and job rotation are methods used to enhance preventive vigilance.

Correct Answer: C. Preventive vigilance. Monitoring staff accounts and keeping surveillance on employees of doubtful integrity are preventive vigilance measures.

Correct Answer: B. Phishing attack. A phishing attack is a social engineering technique where an attacker pretends to be a trusted entity to deceive users into revealing sensitive information via electronic means.

Correct Answer: B. It can lead to malware installation or revelation of sensitive information. Clicking a malicious link in a phishing attempt can result in harmful software being installed or confidential details being exposed.

Correct Answer: C. Spear phishing. Spear phishing is a targeted form of phishing that focuses on a specific individual or organisation, often using tailored information.

Correct Answer: C. Implementing two-factor authentication (2FA). Two-factor authentication (2FA) is considered a very effective method to counter phishing by adding an additional layer of security during the login process.

Correct Answer: C. Enforcing strict password management policies, including frequent changes and no reuse. Organisations should enforce policies requiring strong passwords, frequent changes, and no reuse across applications to reduce phishing vulnerability.

Correct Answer: C. Not clicking on external email links and being cautious about unsolicited messages. Educating employees about not clicking suspicious links and being wary of unsolicited messages helps reduce phishing risks.

Correct Answer: C. Managerial function. Vigilance activity is described as an essential component of the overall managerial function.