“It is no exaggeration to say that the greatest fraud risk that banks face walks through their doors every morning and sits down to work.” ……. NETGUARDIANS https://netguardians.ch/internal-banking-fraud.
Courtesy Donald Cressey, an American Criminologist
Internal fraud is a familiar subject that I have handled over the years. This canker continues to rear its ugly head regularly because fraud is no respecter of persons. In my training programmes, I have seen many managers and supervisors drop their jaws in awe when they see how little things and activities which they under-estimated can lead to their downfall.
This week, I will start another series to refresh your memories on the little things that matter in preventing this threat within financial institutions. In the current wave of recapitalising banks, mergers and consolidations, the changing-over of systems is a very vulnerable period for both the banks and their staff, and all eyes should be focussed on preventing internal fraud.
What is Internal Fraud?
The UK’s Fraud Prevention Service defines internal fraud as: “When a member of staff dishonestly makes false representation, or wrongfully fails to disclose information, or abuses a position of trust for personal gain, or causes loss to others. Fraudulent activity perpetrated by members of staff and insiders can range from compromising customer or payroll data to straightforward theft or the submission of inflated expenses. Internal fraud can be opportunistic – i.e., it can be a completely unplanned attack purely for personal financial gain. However, internal fraud can also be linked to a serious and organised criminal network or terrorist financing”.
Internal fraud is gradually gaining ground among the main operational risk categories in banking. It can be detected in a wide variety of ways:
- informal tip-offs from other staff or customers
- whistle-blowing hotlines
- Management reviews and internal audits
- Accidental detection
Movement of Fraudsters
Moreover, it is well-known that staff dismissed for (or who resigned before being identified as involved in) a fraudulent activity move freely from one employer to another, possibly perpetrating further frauds. In addition, CIFAS – in its research entitled Employee Fraud: The enemy within warned: “The lack of employee recruitment checks and controls in some organisations lies at the heart of the employee-fraud problem. They are the first line of defence in stopping the criminals placing individuals inside your organisation”.
How do you identify the banker who is causing losses?
Let us study this information provided by the FBI in the USA:
“A study completed by the Federal Bureau of Investigation in the USA describes the female embezzler in a financial institution to be between 19 and 30 years old, low or mid-level of management or below, who is either divorced or who has a husband who is not working. She often starts out ‘borrowing’ with intentions of putting the money back. Losses are frequently between US$1000 and US$2500. Women account for about 40% of all embezzlement arrests.
“A male embezzler in a financial institution is described as being an executive or administrator between 25 and 30 years of age. He often wants to maintain a certain lifestyle or has a habit to support – either gambling or drugs. Sometimes he is challenged by the ‘system’ and tries to beat it. Statistically, men embezzle funds at a rate averaging almost ten times that of women – US$10,000 to US$25,000.”
Interesting, isn’t it? This statistic was as far back as 1992! What is the position in the US today? As organisations rely more on technology, they increasingly do business in a ‘borderless economy’ where they are more susceptible to threats from all sides. While companies need to remain wary of the external perpetrator, they certainly should not lose sight of the internal perpetrator of fraud.
According to the Global Economic Crime Survey 2014 by PricewaterhouseCoopers:
“The external perpetrator of fraud is closing the gap on the internal perpetrator of fraud, with U.S. organisations reporting that economic crime is committed by external actors (44% of the time), almost as often as it’s committed by internal actors (50% of the time). According to PwC, most internal frauds are now perpetrated by middle management: 54% of internal frauds were committed by middle management, compared to 45% in 2011.
Both U.S. and global respondents most frequently identified internal fraudsters as male (77% U.S., 77% global), 31 to 40 years old (39% U.S., 40% global), employed between three and five years (27% U.S., 29% global) and college graduates (35% U.S., 35% global).
The ‘People’ Factor
There are many employees with great attitudes and performing good service to the public. However, financial losses are mostly caused by a handful of bad-nuts in the system, and these people-risks associated with fraud are among the most significant risks that financial institutions of today face.
Any human institution is always plagued by the people risk. This is especially a very big problem for Human Resource Managers. Fraud and human error are considered the two main aspects of HR risks. As Shakespeare said: “There is no art to find the mind’s construction on the face”. How can they ensure that they identify people with integrity during the recruitment process?
Even though the panel of interviewers uses several tools to identify good talent, it is virtually impossible to know someone within a thirty-minute conversation! Appearances really deceive. Sometimes the ‘smooth-talker’ happens to eventually become the biggest ‘people risk’ in the bank. The employee most likely to commit internal fraud in a bank frequently holds a position of trust, has greatest opportunity, is least suspected, and has little or no supervision!
Why do employees commit fraud?
Most of them truly believe they won’t get caught. They may feel that the financial institution has such lax internal controls that there is no way anyone will find out what they are doing. They sometimes believe that the act is a temporary solution to solve some financial commitments, and they hope to reverse or ‘repay’ before being caught. Another reason is societal pressures – like financial pressure from friends and family, gambling, use of drugs, and so on.
There are various methods of committing internal fraud, but the method often depends on the employee’s position inside the institution and their level of access to accounts and systems.
Some employees commit fraud with so much audacity and effrontery that you wonder whether the bank belongs to them or their parents. There is a general belief that the more you get, the more you want. So true!
How do you spot a possible fraudster?
Since fraud can be perpetuated by anyone in a financial institution, let us examine certain personality red-flags that smart employees and employers can spot:
- They may be heavily in debt.
- They may have significant behaviour changes.
- They may be living an unexplained lavish lifestyle.
- They may appear to be harder-working than most others in the bank, perhaps putting in a lot of overtime.
- They sometimes even avoid going on leave, or even attending training programmes!
- They may override internal controls or assume responsibilities that are not normally theirs in order to control a certain area or function.
In his book ‘Business Fraud’, Jack L Hayes writes: “As for the ‘profile’ of a fraudster, do not be fooled by appearances. Those who commit internal fraud are most likely college graduates, may live in fine homes and have delightful families. They are generally dedicated workers, rarely complain about workloads and thrive on additional responsibilities. Management generally views these people as dependable, respectable and loyal—trustworthy beyond doubt. To company owners, such a work ethic is appreciated and rightfully so; that is, if the individual is honest. However, if this employee is dishonest, the first step in the process of Betrayal is in place”.
Causes of Internal Fraud
- Non-segregation of functions: How can a person handling a front-office role be allowed to continue to exercise a back-office function? Most banking transactions are end-to- end. Whatever transaction that is started ought to be finished by another functionary. Tellers handling vault keys in addition to their own should be a no-no. I am sure you have heard about stories involving connivance of vault custodians who were found giving themselves overnight or week-end loans to do business. A sudden snap-check or a visit to the vault eventually lets the cat out of the bag.
- Over-ruling the Four-Eyes Principle: This principle requires staff to obtain validation from a supervisor to over-ride or authorise certain actions, such as payments above a specified amount. There are instances in the banking hall where this system is over-ruled due to sharing of passwords or negligence in keeping passwords safely. Can you imagine that certain employees sometimes leave their systems open to enable them attend to other matters?
This is always an easy way for the internal fraudsters to sign in and impersonate the other staff to complete a fraudulent transaction. Some experienced staff also evade the four-eyes principle by allowing several smaller amounts of a transaction to go through, to avoid the four-eyes principle. There should be systems in place to trigger such cumulative transactions. Do supervisors even appreciate the reports that show the back-end of these transactions?
- Reversal Entries: Do supervisors understand the reason why transactions are reversed? Does it even show in the software that a transaction has been reversed? Imagine how a Teller can reverse a cash deposit transaction after the customer has gone! The credit figure is altered, but who cares or knows?
Please stay tuned for more revelations next week
TO BE CONTINUED…
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of two books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story”. She uses her experience and practical case studies for training young bankers in operational risk management, sales, customer service, banking operations and fraud.