Internal Fraud Risks Rise

CUNA's eScan
April 25, 2012 | COMMENTS

Vigilance and internal controls are the keys to thwarting internal fraud. And heightened vigilance is the watchword in a down economy, according to The RMA Journal, published by the Risk Management Association (RMA).

Fraudsters have seen opportunity in the economic situation. CUNA Mutual Group reports that between 2006 and 2010, the dollars paid to cover employee dishonesty claims more than tripled, reaching $38 million in 2010.

Perpetrators can be found at any level, whether an unscrupulous teller, loan officer, branch manager, or someone in the higher ranks.

The fraudster's opportunities include check fraud, misuse of ATM cards, improper loan procedures, or theft of confidential information.

Check fraud

Check fraud is one of the most common fraud schemes and, generally, one of the least costly. Technology now makes it increasingly easy for criminals to create realistic counterfeit checks and use them to defraud financial institutions.

In a depressed economy, individuals may turn to check fraud since it is easy to understand and, without sufficient controls, easy to commit.

The controls used to prevent and detect check-fraud schemes include periodic monitoring of certain employees. Even with a clean criminal record at the time of hire, a change in circumstances could lead them to become desperate.

Concerning check fraud—or a variety of other internal situations—the time-honored practice of separating duties continues to be the best line of defense.

ATM cards

ATM cards create many opportunities for the internal fraudster.

In one scenario, the sales team responsible for sending ATM cards to customers makes illegitimate copies of the embedded magnetic codes and uses them to produce duplicate cards. These employees are also responsible for dispatching the PIN codes for these cards. With both the duplicate card and the PIN code, they’re able to make fraudulent withdrawals.

Other risky circumstances include the use of the same dedicated courier to dispatch ATM cards and PIN codes.

The key to prevention, once again, is segregation of duties between personnel issuing ATM cards and those issuing PIN codes. Also, implement and monitor encryption systems for all member information stored in-house.

Mishandling loans

The mishandling or misappropriation of loans typically involves an employee who uses the information provided on members’ loan applications to commit fraud.

These frauds often are committed in collusion and with an individual who’s outside of the financial institution. For instance, using forged or fabricated documents, an employee could arrange with a member to have loans sanctioned for higher amounts than the member is eligible for.

While mortgage fraud schemes are generally thought to be committed by third parties or customers, an employee or trusted third party could be looking to exploit certain control gaps as well.

A common mortgage-fraud scheme involves a loan origination officer knowingly misrepresenting a borrower's ability to repay or altering documentation. Employees might be tempted to tweak the numbers so that an otherwise unqualified borrower meets certain lending limits.

Under certain circumstances, the RMA recommends Increased due diligence, such as requiring that documents submitted as income proofs be attested by notaries for authenticity before mortgages of a significant amount are disbursed.

Information theft

Most of a financial institution’s information is confidential or subject to intellectual property or legal rights. That can be a powerful temptation to dishonest employees.

Given the highly competitive nature of today's business world and a more fluid work force, employment attorneys say that corporate espionage has become a growing threat to employers.

Employees might be enticed to steal confidential information for personal profit. Bank employees, for example, have been known to steal and sell a bank's confidential research reports, business or marketing plans, or earnings and other financial data.

Also at risk of theft is confidential client information, such as names, addresses, telephone numbers, income sources and amounts, and security-related information—all of which could be sold to an accomplice who could misuse them for other financial frauds such as identity theft.

A culture of vigilance

Executives need to acknowledge that a certain percentage of employees will likely be tempted into committing unethical and illegal acts. But for each potential fraud, specific safeguards can help uncover or even prevent such acts. The RMA recommends:

• An overall culture of vigilance. Establish a code of conduct built around the organization's core values and acceptable business practices. This code will give employees guidance for identifying fraud and misconduct risks.
• A formal procedure for employees to report (anonymously, if necessary) suspected wrongdoing. Most firms now have whistleblower hotlines or other misconduct-reporting mechanisms. Besides responding to specific allegations, management should periodically monitor the volume and types of calls. Low call volume could indicate that employees are either unaware of the reporting mechanism, or fearful of retribution.
• Comprehensive training and communications programs for employees at all levels. These programs should be repeated periodically to ensure ongoing employee awareness.

A well-designed system of checks and balances to prevent, detect, and respond to wrongdoing can go a long way to address the continuing challenge of internal fraud.