Dear Readers, I re-started a series on one of the feared inside threats in financial institutions – internal fraud. I also quoted several extracts from various data analysed around the globe which proves that fraud is indeed no respecter of persons.
Fraud is different from Mistakes
Before I continue, I wish to make a clear distinction between mistakes and fraud. Mistakes are sometimes the pathway to great ideas and innovation. Mistakes are the stepping stones to moving outside the comfort zone to the growing zone where new discoveries are made and great lessons are learned. Mistakes are not failures, nor fraud. They are simply the process of eliminating ways that won’t work in order to come closer to the ways that will. A note of caution however, is the fact that some departments of financial institutions are known for their strict conventional rules and regulations. Leaving one’s comfort zone just to try new methods should be done with guidance to ensure the institution does not encounter a major catastrophe. Innovation in marketing, sales, customer service is great. Go on and try out new methods there.
Causes of Internal Fraud (continued)
In many countries, banks’ primary focus for fraud prevention & detection is only on Retail Banking while ignoring Corporate and Investment Banking and support functions like Procurement, IT and Operations. Let us look at more internal sources of fraud:
- Greed of Tellers and Vault Custodians: On a fine afternoon twenty years ago, a Teller barged into my office and stood in front of me, shivering as she uttered: “Manager, I have committed a sin!”. What had happened? She broke down in front of me saying that a customer was on his way to see the Operations Manager to collect a statement of his account. This was a normal occurrence but with this case, she knew the outcome would make her receive the marching orders. Apparently she had been suppressing the customer’s deposits and crediting the deposits as and when she could refund them. Of course, she did receive the orders, but the bank suffered reputational damage. In such cases, it was pure greed. Such deeds can be difficult to detect. That is the reason why customers are advised to check their statements in case of genuine mistakes or fraud.
- Improper Management of stock of cheque books and payment orders: Where do you keep your cheque books, payment orders and other valuable documents like Fixed deposit receipts? Is it under dual control or under strict monitoring conditions? There are numerous cases of fraudulent pull-outs of such banking instruments which are subsequently misused to steal from either customer accounts or the bank’s.
- Inadequate Credit Appraisal: Every financial institution’s backbone is credits and the deliberate manipulation of customers’ data and accounts to facilitate approval of loans has always been the bane of bank collapses.
- Monitoring & Collections/Recoveries: When sympathy replaces empathy, some loan monitoring officers become compromised and connive with customers to give wrong information on call reports to benefit the customer, much against the bank’s interest.
- Incomplete Account Opening processes: Deliberately shutting one’s eyes to the obvious during account opening, is the window to bank fraud. Supervisors of account opening should ensure the “boarding pass” into the bank’s space is fool-proof.
- Technology Vendor Selection: This sensitive issue about poor selection of computer software providers can cause financial loss to the bank when the system proves unfriendly and unreliable.
- Bad Procurement Practices: Collusion between staff and service providers also results in financial losses when goods supplied are shoddy and of low quality. Sometimes over-stocking of some supplies causes them to be obsolete or unusable.
- Inadequate Monitoring of General ledger: Access to the general ledger and suspense accounts used to hold funds temporarily, such as loans dormant accounts, or funds awaiting transfer, can be tampered with by very knowledgeable staff who can cover their tracks. Investment banking staff can manipulate suspense accounts or create ficticious accounts to benefit themselves. There are instances of investment bank officers diverting clients’ investment deposits into their own personal accounts, to work with it briefly before investing for the client.
- Fraudulent Changes in Customer Data: some bank staff made false changes in the system about customers’ information. These include address, telephone contacts, emails, and next of Kin. The question is: Does the system allow this without a prompt, an over-ride or authorization by a supervisor without any source document? Then, a word to the wise……
- Fraudulent IT changes: Staff with IT administrator privileges can play a key role in internal frauds, for example by granting administrator rights to non-IT staff to quickly approve a fraudulent transaction. How often is your User-access matrix reviewed? Abuse of administrator privileges is one of the key internal-fraud risks facing financial institutions. Occasionally you may come across some highly trusted IT staff with “super-user profiles” go into the live “production environment”. This high-level access inevitably creates opportunities to carry out or validate fraudulent transactions. Problems can arise when IT departments neglect to remove temporary “extended rights” from staff after a specific project finishes, leaving them with greater access to the core system than they should rightly enjoy.
- Theft of Customer data for Fraudsters: In 2010, an intern was approached by a fraudster to supply him with customers’ data to enable cheque cloning and other theft to be facilitated. He only needed to supply the gang with customer names, account numbers, signatures, cheque numbers, etc. In return, he would have been given an SUV and a stay in South Africa? Fortunately he did not accept the juicy offer.
- Unavailability of Specialist Systems Auditor: Who watches the gatekeeper? Superior IT users who are in charge of the core banking system can be very difficult to monitor without specialist software tools. They have a lot of opportunity to make changes on the system that could lead to frauds, such as inter-account transfers, logging off users, to re-set them after using their IDs. Scary, isn’t it?
The list is endless. I will pause here as you reflect on some of the new revelations.
TO BE CONTINUED
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of two books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.