Internal Fraud Value Paradox

September 10, 2009 by Shirley Inscoe

4 comment(s)

As most bankers know, a business case with a strong return on investment is crucial when implementing a new fraud prevention strategy or system. With most types of fraud, this is fairly straight forward but not when you consider insider fraud.

As other posts on Bank Fraud Forum have pointed out, many institutions don't do a good job of admitting they have an internal fraud problem. One of the major problems is that many internal frauds are classified as external because institutions are unable to identify the insider collusion. The result is that insider fraud losses are underestimated, so the business case is tough from the outset. Projecting costs is still fairly straight forward, but the biggest challenge is yet to come - the "value paradox".

Once you've implemented an insider fraud solution, the next step is to measure the results and ensure you are achieving the forecast in your original business case. This is where the "value paradox" raises its ugly head. One of the keys to successfully mitigating insider fraud is to catch it early. The goal is to detect the fraud much earlier in the cycle to prevent incurring an extremely large loss. Once you've implemented a solution, you can achieve that goal. But, at that point, how do you quantify the loss avoidance associated with that early detection? How do you validate you are achieving the results you originally forecasted? There are many opinions on this topic, but no industry standards currently exist to quantify loss avoidance for insider fraud, so there is little consistency. If you insist that the value of the system is limited to the small amount stolen (due to early detection), the solution may appear to be doing an extremely poor job.

Let's say pre-solution, you had a number of employees who were refunding fees to accounts they controlled (whether or not the fees were actually incurred). It was not unusual for some employees to steal hundreds or thousands of dollars from the bank before being caught. After implementing the solution, employees are routinely detected after only one or two fraudulent refund occurrences. So, what is the value of the detection? Many will argue it is $25, $39, $90 or whatever the amount of the fee that was refunded. Using this logic, it is clear you could never justify continuing to use a very successful solution because no value is assigned to the timely detection of the dishonest employee. In other words, no value is awarded to recognize that the behavior that was quickly shut down would have continued without the solution. What a paradox!

Here's another shocker from institutions with whom I've worked; some bankers seem to honestly believe there is no value in detecting employees who are surfing customer data and confess to providing the data to external fraud rings. Granted, there may not be an immediate, quantifiable dollar loss associated with this activity, but to say there is no value in detecting and stopping this behavior? I am amazed" Certainly, losses will result at some point in the future due to the fraud rings having this data, although it is admittedly difficult to agree upon a precise measurement. Again, the value paradox raises its ugly head as one more challenge fraud professionals must manage in their efforts to fight fraud on behalf of their financial institution.

The value paradox must be addressed in order to justify fighting insider fraud and to measure the results you achieve in a logical, meaningful, way. The good news is that the American Bankers Association has agreed to work with a committee of bankers to define standard industry measurements for various types of insider fraud. It is critical this group understand and address the value paradox if they are to be successful.

What is your reaction? Is the value paradox an issue within your institution or does management fully understand and appreciate this challenge?

Make a Comment

* = Required

* Name:

* Email:

Website:

* Comment:

Fill in the code shown on the left

Recent Comments:

Nittany
September 11, 2009 - 9:17 AM

"I am dumbfounded by the statement that some FI's do not see the value in detecting employees selling customer data to external fraud networks. Disregard the customer runoff should that information get released to the media, forget the financial impact on fraud losses, forget the reputational risk, but do they not understand with all of the hypersensitivity around elder fraud and exploitation and identity theft that by doing nothing could cost them dearly should a Financial Regulatory Agency or US Attorney's Office decide to make them their whipping post to prove some point. Easily a Regulatory Agency could make a case that the FI was willfully negligent by turning a blind eye to this type fraud that is rampant across the industry as well as recognized by FI's to be an issue they have to deal with. As many FI's understand this problem and have implemented tools and systems to help mitigate this risk, opting out for an â€˜ignorance claim/we were not aware of it' argument will not work. I can only imagine what fines and reputational hit the FI would incur (could not even come close to the cost by implementing a fraud solution to detect and deal with this activity) and how any good Regulatory Investigator or Attorney would have a field day with them not only in court but in the media. Boy I would not want to be that FI. Internal fraud is inherent and should be recognized that it has to be dealt with. Yes it is the prickly pear and no one wants to publically acknowledge it exists or what the losses are related to internal fraud. Yes it is a paradox if you try to justify funding a system based on a narrow set of parameters such as dollars. But in this case, it is a dollar well spent. "

Mark
September 17, 2009 - 8:36 AM

"Hi Shirley, Great topic! Your article will hopefully open up some eyes. Internal fraud hurts the positive image that the every Firm wants to maintain. I have seen that when a financial institution addresses internal fraud, from the top-down and bottom-up, this is one of the major keys to their organizational success. A main attribute is to establish and internally broadcast a zero tolerance approach to internal fraud. The Firm's support of criminal prosecution and civil action also sends a clear message. This entails an ongoing orgainzation-wide training program for managers and employees. An internal fraud confidential hotline also helps greatly. In my experience, most employees want to be productive and honest members of the organization. When internal audits are overlooked or not considered important, internal fraud is likely. It's the role of the top senior managers to keep the organizational culture on track and advocate employee partnerships to prevent internal fraud. It's really everyone's job. "

Peter
September 17, 2009 - 8:36 AM

"There is a paradox within the paradox: Shirley's description of the "value paradox" is absolutely on target. As James aptly points out, fraud eats away at the trust that is so crucial to long-term business success...and that "we should also calculate the ROI in terms of achieving corporate values." Therein lies the second paradox: How do FI executives rationalize devaluing their corporate ethics and value system at a time when so many banks are lucky to still be in business and when having gobbled up billions of taxpayer bailout dollars has earned them the reputation of being poorly managed by excessively greedy C-suite occupants? Again it is all about short term results. If employees steal a few customer account records, executives figure, who cares... chances are I won't even be around by the time any losses are incurred let along blamed on my bank. The real fraud solution needed now is one of a complete overhaul of FI executive priorities and values "

James
September 17, 2009 - 8:44 AM

"Shirley, I really enjoyed your post. The issue, or opportunity, that you pose is a legacy concern for those of us that also work on the anti-money laundering side of the house. Typically, there is no immediate or apparent financial loss to a bank that has been host to a money laundering scheme. Prior to the increase in enforcement actions taken against banks (~2002-2003) resulting in civil penalties and cease and desist orders (and in some cases non-prosecution agreements) for lack of thoroughly compliant Bank Secrecy Act Programs, many banks could not justify(monetarily) the development and implementation of anti-money laundering solutions. The regulatory actions helped build the business case by introducing a real cost of not having a good solution. Time has since passed, and many institution's AML programs have matured to see beyond dollars and cents. What I have both seen and experienced within the anti-money laundering realm, is that banks have begun recognizing that financial crime, including fraud and money laundering, is not just about dollars and cents, operational risks, reputation risks, etc, it is also about protecting the core values of an organization, community, and society. When we think about money laundering fraud, and other financial crimes that may or may not result in dollar loss to a financial institution, it's important to remember the social impact that these crimes have on people and the greater community. All good relationships are built on trust, whether they are person to person, company and client, or bank and customer. Financial crimes eat away at that trust over extensive periods of time, sometimes culminating in a boil-over-effect, which we saw about a year ago as many customers of even well positioned banks made runs on deposits. Although I undoubtedly agree that there is an ROI paradox with implementing an anti-fraud solution, those of us seeking to implement such a solution should not only carefully forecast what losses may have been avoided, but we should also calculate the ROI in terms of achieving corporate values. If there is ever a time to leverage that side of the equation, it's now. "

Search:

RECENT NEWS

MOST POPULAR

Blog Authors

Internal Fraud Value Paradox

Make a Comment

Recent Comments: