Connecting Internal and External Fraud
2 comment(s)
We all know that banks are victims of both internal and external fraud. However, the amount of internal fraud that a bank typically reports, at least in my opinion, is often understated. In general, banks do not have the technology to identify an employee's involvement in external fraud schemes.
The economy has been in free fall for months and employees are facing tremendous financial pressures. Given the vast amount of data available to bank employees, can anyone say with a straight face that internal fraud has not increased dramatically in the last eighteen months? Let me be clear, the acceptance of artificially low internal fraud losses is not just a banking industry problem. Many other industries suffer from the same underreporting. Unfortunately, accepting low internal fraud numbers actually allows "external†fraud to grow.
Granted, it is possible that a terminated employee could continue to commit fraud against the bank once fired. They may have had the forethought to email the information that they stole from the bank to their personal email account for example. However, eventually, they will run out of account information and their fraud will grind to a halt. That is assuming one of their friends that remains employed with the bank is not involved in the same scheme.
As this brief scenario indicates, employee fraud is difficult to stop, but certainly not impossible. Accepting artificially low internal fraud numbers is just not smart business. The decision to redouble efforts to uncover internal fraud and reclassify external fraud losses, may not be immediately well received, or make you popular with senior management. However, "this too shall pass", especially when external fraud losses drop to a lower run rate!
To illustrate the point, consider the following example of external fraud that was really an internal fraud. The bank involved shall remain nameless, but they are a reasonably sized bank based in the US. Within a period of about two years, the banks experienced a 20% increase in external check fraud. All assumed that the bank's recent acquisition of a smaller competitor was contributing to the increase.
After about eighteen months, the bank noticed that the victims were disproportionally high net worth individuals. A curious fraud investigator asked the bank's IT department for a report of bank employees that accessed the victim's checking accounts. Unfortunately, or fortunately (depending on your perspective), all of the victim accounts had been accessed by a branch employee in the newly acquired competitor. The employee printed as well as emailed the account information to members of an organized crime syndicate that brokered the information to the criminal community. If the bank had been appropriately focused on monitoring employee activity, surely this employee fraud would have been detected far sooner.
Accepting low internal fraud losses may be politically expedient but will not help the bank in the long term. Changing the bank's focus and securing the appropriate investment to combat internal fraud will not be easy. However, the short term cost will translate in to long term gains in the form of lower internal and external fraud losses.
Were you able to convince your bank that external fraud included undiscovered internal fraud?