Competent authorities shall confirm that an institution identifies, collects and treats operational risk losses that are related to credit risk, as referred to in point (i) of Article 20(d), by verifying that the institution includes within the scope of operational risk loss, for the purposes of management of operational risk, at least the following:
frauds committed by a client of the institution on its own account, occurring in a credit product or credit process at the initial stage of the lifecycle of a credit relationship, including inducement to lending decisions based on counterfeit documents or miss-stated financial statements, such as non-existence or over-estimation of collaterals and counterfeit salary confirmation;
frauds committed by means of another, ignorant person's identity, including loan applications through electronic identity fraud using clients' data or fictitious identities or fraudulent use of clients' credit cards.
For the purposes of paragraph 1, competent authorities shall confirm that the institution takes at least the following actions:
adjusts the data collection threshold relating to the loss events described in paragraph 1 up to comparable levels as those of the other operational risk categories of the AMA framework, where appropriate;
includes within the gross loss of the events described in paragraph 1 the total outstanding amount at the time or after the discovery of the fraud, and any related expenses, including interest in arrears and legal fees.