managing-fraud-operations-banking

Structures banking fraud detection with transaction monitoring, investigation, and recovery documentation. Use when detecting banking fraud, investigating suspicious activity, or managing fraud cases.

11 stars

Best use case

managing-fraud-operations-banking is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Structures banking fraud detection with transaction monitoring, investigation, and recovery documentation. Use when detecting banking fraud, investigating suspicious activity, or managing fraud cases.

Teams using managing-fraud-operations-banking should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/managing-fraud-operations-banking/SKILL.md --create-dirs "https://raw.githubusercontent.com/CaseMark/skills/main/skills/finance/managing-fraud-operations-banking/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/managing-fraud-operations-banking/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How managing-fraud-operations-banking Compares

Feature / Agentmanaging-fraud-operations-bankingStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Structures banking fraud detection with transaction monitoring, investigation, and recovery documentation. Use when detecting banking fraud, investigating suspicious activity, or managing fraud cases.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Managing Fraud Operations Banking

## When To Use

- Structuring or reviewing a bank's fraud detection and investigation program across deposit, lending, or trade finance channels
- Building or updating transaction monitoring rule sets and alert-triage workflows
- Documenting a fraud case from initial alert through investigation, loss quantification, and recovery action
- Preparing fraud operations status reports for management, audit committees, or regulators
- Coordinating cross-functional response (operations, compliance, legal, law enforcement) on active fraud matters

## Inputs To Gather

- **Transaction data scope**: Channels monitored (wire, ACH, check, card, trade finance instruments), volume baselines, and monitoring platform(s) in use
- **Alert and case inventory**: Current alert queue depth, open case count, aging distribution, and backlog status
- **Rule/model inventory**: Active detection rules or models, last tuning date, false-positive rates, and known coverage gaps
- **Loss and recovery data**: Confirmed fraud losses (gross and net of recoveries), recovery pipeline, and insurance or indemnification positions
- **Regulatory context**: Applicable SAR filing obligations, consent orders or MRAs related to fraud operations, and upcoming exam dates [VERIFY jurisdiction-specific SAR thresholds and filing timelines]
- **Staffing and SLAs**: Investigator headcount, case-per-analyst ratios, and target SLAs for alert disposition and case closure
- **Escalation history**: Recent escalations to BSA officer, legal counsel, or law enforcement, and any pending subpoenas or information requests

## Workflow

1. **Map the detection landscape**
   - Inventory all monitoring rules/models by fraud typology (account takeover, check fraud, wire fraud, trade-based money laundering, loan fraud, synthetic identity)
   - Document detection coverage per channel and product line; flag unmonitored gaps
   - Record current alert volumes, true-positive rates, and average time-to-disposition

2. **Triage and prioritize alerts**
   - Classify alerts by risk tier (dollar amount, customer risk rating, typology severity)
   - Apply disposition decision tree: close as false positive, escalate to case, or refer for enhanced due diligence
   - Document triage rationale for audit trail — every closed alert needs a recorded basis

3. **Investigate confirmed cases**
   - Assemble case file: triggering alert(s), customer profile, transaction timeline, supporting documents (statements, images, communications)
   - Identify fraud typology, method of execution, and whether the fraud is internal, external, or collusive
   - Quantify exposure: gross loss, funds held/frozen, recoverable amounts, and insurance applicability
   - Determine SAR filing obligation and timeline [VERIFY — SAR must generally be filed within 30 days of detection, with 60-day extension if suspect not identified; confirm per FinCEN or local regulator guidance]

4. **Execute recovery and containment**
   - Initiate hold/freeze actions on affected accounts per the bank's authority and applicable regulation [VERIFY hold/freeze authority under Reg CC, UCC 4A, or local equivalent]
   - Send indemnity or recall requests for outgoing wires/ACH; track response deadlines
   - Coordinate with law enforcement: prepare criminal referral packages, respond to subpoenas, preserve evidence chain of custody
   - For trade finance fraud, issue stop-payment on letters of credit or demand return of documents from advising/confirming banks

5. **Report and optimize**
   - Compile fraud operations dashboard: alert volumes and disposition rates, open/closed cases, loss trends, recovery rates, SAR filing counts, and SLA adherence
   - Identify top loss drivers and recommend rule tuning, new detection scenarios, or control enhancements
   - Track regulatory commitments (MRA remediation, consent order milestones) and report status
   - Document lessons learned from significant cases for inclusion in training and rule refinement

## Output

The deliverable is a **Fraud Operations Management Report** containing:

- **Executive summary**: Period-over-period fraud loss trends, key case highlights, and strategic risk observations
- **Detection performance metrics**: Alert volumes by typology, false-positive rates, detection-to-case conversion rates, and rule coverage matrix
- **Case management summary**: Open/closed case counts, aging analysis, loss and recovery figures, and SAR filing statistics
- **Recovery tracker**: Pending recalls, indemnity claims, frozen funds status, insurance claims, and projected net loss
- **Action items and recommendations**: Rule tuning proposals, staffing adjustments, control gap remediation, and regulatory commitment status
- **Escalation log**: Items requiring senior management, legal, or board-level attention

## Quality Checks

- All loss figures reconcile to the general ledger fraud loss accounts and any sub-ledger recovery tracking
- SAR filing counts and timelines are cross-referenced against the case management system — no filing gaps
- Alert disposition rates account for 100% of generated alerts (no unresolved or orphaned alerts in the queue)
- Detection coverage matrix explicitly identifies any product, channel, or typology without an active rule or model
- Recovery amounts distinguish between funds actually returned and funds with pending claims — no commingling of confirmed and projected recoveries
- Report does not disclose SAR filing status to subjects of investigation or unauthorized parties [VERIFY — SAR confidentiality requirements under 31 USC § 5318(g)(2)]
- Staffing and SLA metrics are benchmarked against prior period and, where available, peer institution data

Related Skills

We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.