“According to our database there is no such thing as a ‘typical’ internal fraudster. Length of service ranges from less than a month to over 30 years, and although the overall gender split is 63% male and 37% female, ages recorded in 2015 range from 18 to 67 years”….. CIFAS
Dear Readers, my last two articles continued to show that fraud is no respecter of persons. It has no barrier such as gender, age, race, ethnicity, grade in the institution, religious or cultural background. In fact, fraud can be perpetuated at every desk in the bank! From the Chairman of the Board of Directors to the messenger or security guard at the gate.
Types of Internal Fraud (continued)
- IT Procurement fraud is a typical fraud area that can be initiated at the board level through collusion with the vendors to inflate prices or purchase unsuitable software. When this system is unable to generate certain reports which would have highlighted red flags caused by data-entry staff, then it becomes a double-edged sword. “Chop-chop” from top to bottom!
- Various delivery channels such as online banking, mobile banking, SWIFT transactions may be hampered by legacy systems that make IT security difficult to monitor.
- According to Temenos, “The most alarming statistic in bank fraud relates to insider fraud: in 70 percent of cases, the crime was perpetrated by a bank employee. Those with the highest levels of access to IT systems, such as systems and database administrators, are well-placed to commit or facilitate it – and erase all evidence of their actions”.
- Wire transfer networks such as the international SWIFT interbank fund transfer system are targets for fraud. Once the transfer is made, it is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace.
- While banks have put checks and balances in place, there is a risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor’s money be wired to another bank – often an offshore account in some distant, foreign country. I have seen and heard of forged e-mail electronic requests. Some SME customers who import items from abroad find their computers hacked and fraudulent messages sent on their behalf for transfers abroad.
Inadequate Monitoring of Employees
- Bank employees have a duty to protect customers’ accounts and transactions from being exposed to third-parties. There are some exceptions to this rule of secrecy, however. In the same way, employees’ affairs are also private to them. However, so far as employees use the bank’s system to work, they are guided by rules and regulations which should ensure fairness and transparency. It is the bank’s duty to empower authorised personnel to check on the accounts of staff to prevent them abusing the cheque system. Can you imagine a head of department whose accounts becomes overdrawn or whose cheque is returned due to insufficient funds? This is a no-no in banking.
- Bank systems are usually designed to prevent internal fraud. Employees are therefore monitored through controls which require staff to have certain actions validated by colleagues, or use technology that observes and records each individual’s activities on the bank’s IT systems and flags any behaviour that is suspicious or unusual.
Employee monitoring is permitted, and the bank’s e-mail policy alerts users that its usage should not be abused. Covert monitoring is normally permitted only in very limited circumstances involving the investigation and detection of crimes. Making staff aware that their use of the organisation’s IT systems will be monitored is likely to deter many potential cases of internal fraud. During investigations, computers and laptops are ‘grounded’ for scrutiny of mails and other data saved.
Unethical Employee BehaviourIn the western world, to minimise the abuse of systems, behavioural profiling – which is a technology-based anti-fraud system and represents a major recent advance in fraud detection that is being advanced through big data analytics – has been introduced. This is an interesting phenomenon. Profiling and monitoring employee behaviour is now being introduced to profile staff, based on how their accounts are used. It involves how, when, and where they access it; who they usually make payments to; the sums normally involved, and so on. The system then compares each action that takes place on the account against the profile and scores it against a range of risk indicators to estimate the probability that the transaction is a result of internal or external fraud.
- There are reports which prompt when significant amounts are transacted on staff accounts. Sometimes profiling will highlight cases wherein an account is accessed from an unfamiliar IP address; or when money is transferred for the first time to a new recipient, particularly an overseas account. The system flags transactions that are sufficiently unusual to warrant further investigation, enabling suspect transactions to be blocked and losses prevented. Profiling can equally be used to flag unusual behaviour by members of staff using the bank’s systems as part of their everyday jobs, such as suspicious activity among members of an investment bank’s trading teams.
- Weak controls are the single most important factor behind internal fraud and play a central role in more than 70 percent of internal frauds uncovered in Europe and more than 60 percent globally, according to recent research. Weak controls therefore represent a major management challenge for financial-services firms, as well as an opportunity to benefit from improved practices.
- Poorly-designed controls and/or a weak workplace culture of compliance create the most attractive opportunities for internal fraudsters, and the problem appears to be getting worse. Researchers found that in 2013, 18 percent of the fraudsters it interviewed committed their offence because such an opportunity presented itself. By 2016, that proportion had risen to 27 percent.
- Weak controls are a serious problem – not only because they make it more probable that a company will be targetted by internal fraudsters, but also because regulators are more likely to impose fines and other sanctions on organisations which suffer frauds that can be attributed to negligence in this area.
Frauds commonly perpetuated by Youth
- Although most surveys indicate that around two-thirds of internal fraudsters tend to be aged between 36 and 55, youth is an important factor in a significant number of cases. There are numerous cases of young staff who use fictitious details to open an account and obtain loans which are withdrawn from the bogus accounts.
- The UK anti-fraud organisation CIFAS found that among the 409 cases of internal fraud reported by its members in 2016, 53 percent of the perpetrators were aged between 21 and 30 – a far higher proportion than in larger, international studies. There is also evidence that younger employees are more likely than older fraudsters to use technology to perpetrate a fraud.
- Studies show that up to 60 percent of perpetrators in technology-enabled frauds are aged between 26 and 45 – a much higher concentration of younger staff than in cases that do not depend on technology. The signs are that as younger, more tech-savvy employees climb through the ranks, the incidence of technology-related fraud is likely to rise. Tech-enabled frauds are also much more likely to be discovered by accident (24 percent) than overall cases of internal fraud (11 percent), suggesting that controls are more easily evaded in cases where technology is exploited.
Frauds by Short-Term Employees and Contractors
- Employees with shorter tenure at banks have a much higher rate of fraud. Banks can expect about 1 fraud case per 300 short-tenured employees or contractors. The fraud rate of short-term employees is approximately 10 times higher than for long-tenured employees. The reason for this is simple: short-term employees have less loyalty to the company and less to lose by losing their jobs, so some of these persons seek revenge for low salaries by ‘extracting their pound of flesh’ through stealing or pilfering.
I will pause here for my concluding session next week. We will also refresh ourselves on best practices in internal fraud prevention. We cannot use the same methods to fight the problems. Meanwhile, please continue to ‘shine’ your eyes.
To be continued…..
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of two books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story”. She uses her experience and practical case studies for training young bankers in operational risk management, sales, customer service, banking operations and fraud.