Adding Insult to Injury: FINRA Slaps Big Bank with Big Fine
0 comment(s)
"Tamara Moon used her knowledge of Citigroup's lax supervisory practices at the branch to take advantage of some of the firm's most vulnerable customers, including the elderly. Citigroup had reason to know what she was doing and could have stopped her."
- Brad Bennett, Executive Vice President and Chief of Enforcement, FINRA
Failing to supervise employees appropriately is a recipe for disaster. In a case involving Citigroup Global Markets, that failure not only resulted in the embezzlement of nearly $750,000, it also attracted the attention of the Financial Industry Regulatory Authority (FINRA) and a fine of $500,000 for “lax supervisory practices”.
What can banks learn from FINRA’s investigation and resulting fine? Will FINRA fine other banks for similar lapses? Will FINRA’s actions trigger more aggressive enforcement by bank regulators? It’s too early to tell, but let’s take a look at the particulars of this fraud.
Moon’s fraud scheme targeted vulnerable customers. No surprise there. Accounts that are owned by the elderly are often targeted by bank employees. Moon also transferred funds to a second, unrelated account, then to her personal account. Again, not an unusual approach to account fraud. Employees will often “layer” the funds by moving between accounts. Finally, FINRA found that Citigroup failed to appropriately investigate “red flags” regarding new account applications, account transfers to apparently unrelated accounts and that Citibank’s supervisory review was “deficient”. Unfortunately, fraud often goes undetected when exception reports are ignored, not reviewed correctly, or not used effectively when confronting the employee. FINRA noted that even when Citigroup did question Moon about an address discrepancy, they accepted an explanation even though it did not seem “reasonable”.
Certainly fraud detection on the traditional banking side is far from perfect, but they normally have much more experience dealing with employee fraud. There are certainly best practices regarding the monitoring of employee activity that can be leveraged across any line of business (LOB). Consider the following:
- If they haven’t done so already, lines of business that fall under FINRA supervision should consider taking the time to meet with fraud professionals on the commercial banking side. From a people, process and technology perspective, there is conceivably much to be learned about how best to prevent, detect, and investigate account fraud no matter which LOB owns the account.
- Regardless of which area of the bank a customer account in housed, it must be subject to review by fraud detection technology. As I pointed out, Moon’s fraud is far from unusual. If your bank has a fraud detection engine in place on the commercial side of the house, or plans to put such an engine in place, now is the time to consider including the investment LOB.
- Exception reports are only effective if they are subject to a robust review. Failing to appropriately challenge an employee’s response to an exception may actually look worse in the eyes of regulators than never having challenged the employee at all. A sloppy or ineffective review of exception reports at best characterizes the bank as disinterested and merely following a check-the-box approach to fraud.
FINRA is obviously focused on fraud detection within investment accounts; I would recommend that your bank be just as focused.