Internal Fraud - Top 10 Threats (Part 2)
2 comment(s)
Last week I published the first installment of the internal fraud top 10 threats for banks and credit unions. As promised here are the top 5. I am re-posting my initial lead in if you missed the post last week.
It goes without saying that there are many, many ways in which employees of a retail bank or credit union can commit fraud, often betraying both their employer's as well as their customers' trust. In recent months, there has been a huge uptick in news articles related to large employee thefts. While it would be impossible to write about all the ways employees can stray to the dark side, I wanted to share my top 10 most common internal frauds. These are not in any special order and exclude areas of financial services such as brokerage and insurance.
5. Loan Lapping – In this scheme, lenders make fictitious loans (usually within their loan limit to avoid scrutiny) over a period of time. As new loans are made, part of the proceeds are used to make payments on (or pay off) older loans while the lender steals the rest. If these schemes are not detected and shut down quickly, they can result in millions of dollars of losses over a period of years, similar to a kiting scheme on the deposit side.
4. Collusion with External Fraudsters – This is another type of fraud that can take many forms. In the extreme case, some employees deliberately apply for specific positions in the bank at the request of their fraudster friends. For example, a fraud ring many want one of their members placed in Loss Prevention so they can be apprised the moment the bank changes thresholds on prevention systems or puts special procedures in place to thwart their activities. They may want someone in Human Resources to make it easier to place more of their members in specific jobs. Or they may just want someone in a branch or telephone banking who has access and can supply confidential customer and account information. Fraud rings may collude with insiders in many other ways as well – as examples, they may pay a teller to disregard the system instructions to place a hold on a high dollar deposited check or they may have an employee order new or replacement debit cards on a number of high wealth accounts and turn them over to them. Employee insiders aren't the only ones to be concerned about – fraud rings may approach contractors who have access to your buildings, so beware of leaving customer data or bank reports out where they are accessible to office cleaners, maintenance people, etc.
3. Stealing Customer Data – Confidential customer information is valuable to fraudsters, and they are willing to pay! Employees may supplement their income by selling confidential data and account information to fraudsters who will use it in the future to commit fraud and/or identity theft. Fraud rings may sit on this data for months or years before using it; after all, this is their profession, and they have strategies for the future just as any business does, especially those organized crime rings which are raising money for terrorist financing. They are so patient that many bankers think the data isn't used to commit fraud.
2. Stealing From Customer Accounts – Employees can steal directly from customer accounts (DDA's, CD's, Savings) and hide the debits among all the other legitimate activity they process. In institutions where employees know their account activity is monitored, they may use a child's account or open a fictitious account they control to transfer the funds to rather than credit their own account. Employees can easily determine which accounts are dormant, have returned mail or are having statements held at the bank so they can target those, knowing they are less likely to be detected and reported by customers quickly. We've seen evidence of really smart employees who hide their ill gotten gains in customer accounts – they will credit a customer with the stolen funds, then move the funds to a series of customer accounts explaining the movement as corrections of "bank errors"; eventually the funds are taken via an official check, gift card, cash withdrawal, etc. This typically happens in banks where employees are aware their account activity is carefully monitored.
1. General Ledger Abuse – This type of fraud contains a myriad of fraud within itself. For example, employees may refund fees to an account they control (whether or not the fees were actually incurred), steal income from accounts such as check book sales, or conduct a scheme over time known as "rolling debits". Many banks use suspense accounts to post entries that are allowed a specific time period to clear due to various operational processes. One way an employee may steal from the bank may be via a debit to a suspense account. Next, the employee must move this debit from suspense account to suspense account over time to avoid detection. Often, they will steal additional funds, so the amount they are moving or "rolling†from suspense account to suspense account increases over time. Another very common example of this type of abuse are tellers who force balance their individual till or vault cash to hide missing funds.
Do you have any to add from your own personal experience?