– is it an obstacle in modern banking?
The ultimate dream of every financial institution is to climb the global corporate ladder to be one of the best if not the best already. To achieve this, there is a need for the banks’ strategic plans to include a more balanced risk management approach to secure the bottom-line through adequate staff levels to ensure that checks and balances are in place. No employee is all-knowing and indispensable. In the absence of deliberate fraud, the human errors will be detected and corrected by neutral parties.
Having adequate separation of duties in a financial institution means properly assigning the handling of financial processes or control procedures among two or more competent and qualified individuals. This in a way provides reasonable assurance that transactions will comply with the internal controls or standards.
Best Practices to resolve Segregation of Duties conflicts
Internal Audit would need to work collaboratively with the business and the IT teams to segregate these duties wherever possible and assign an appropriate mitigation control in cases wherein it is not feasible to do so. In addition, these controls would need to be monitored on a regular basis and the results reported to senior management.
Standardisation of Branch Procedures
Whatever the size of your financial institution, from the smallest microfinance company, to the savings and loans company, or even the biggest universal bank, the SoD principle is still a necessary evil that should be adopted, and not done away with, even during cost reduction programs. As a manager of a one-unit bank, your eyes may be everywhere and you may be in control of affairs, but for how long can this be done? Branch expansion, therefore, becomes a real test of the structures of the systems in place. If there is a loss of control and the systems vary among the branch network, it becomes an avenue for disaster. Virtual monitoring of the systems is key to risk management. Even if your eyes are not everywhere, the risk triggers should track down any lapses in the system, for easy correction. The absence of control in some outstation branches of some banks, breeds indiscipline and lapses for misappropriation of assets. The success of branch expansion programs depends closely on the success of the head office systems.
The Colorado Bank Teller Fraud case (Traditional Banking Set-up)
Let us look back at the publication of the case of the Operations Officer of the Bank of Colorado, USA and examine the causes of the massive fraud by this “trusted” worker. I wonder what the bank thought about her prior to the detection of the fraud. Obviously, she would have been a star worker and a darling of the bank; playing the part of the utility player in the branch, doing everything from A to Z with very little supervision. Once again, I quote William Shakespeare: “There is no art to find the mind’s construction in the face”.
Fraud is no “respecter” of persons. Anybody can, and has the ability to commit fraud. The lady in question had been promoted from the head book-keeper to the operations officer. Did you also notice the length of time it took for the fraud to be detected? Four solid years!
Let us examine some of the red flags in the case, which illustrates a good example of the lack of segregation of duty in the branch concerned, leading to a loss of $565,000. We shall take some extracts from the case and question the structures in place:
- She performed unauthorized electronic transfers by means of block entries from customers’ accounts into her own accounts as well as accounts of family members and other customers.
What measures were there in the branch to cross check transactions being executed? Whom did she report to? Was she too “big” to be checked? In these days of “voucher-less” transactions, how are electronic transactions effected and checked? Are there any electronic built-in systems to ensure block entries are checked before being posted into the accounts and its effect on the general ledger. How do these appear on the general ledger in the system? Were there no reports to check when an officialconducts transactions on his/her account? Is it even allowed? Were there no triggers in the system?
- The woman avoided detection by developing elaborate means of re-crediting those accounts before the end of their statement cycles, Concealing the unauthorised transfers, and creating and distributing false monthly statements.
The same questions apply here too. What elaborate means can one create to re-credit accounts? Who is checking who? Are there no snap checks by Internal Control staff? Were there no suspicious transactions seen during the four years?
What is the process of printing and distributing statement like? Who has the rights to print statements? Is there no segregation? How can one person print and distribute? Of course, statements can be suppressed or diverted by internal fraudsters. Does your bank receive occasional complaints from customers about non-receipt of statements? If your company uses e-statements, what controls are there to prevent manipulation and suppression of these e-statements? Do the personnel who receive cash and cheques (Marketing and Sales staff, Tellers, etc) also have system rights to print and send statements? Who controls the statement printing and the dispatch process?
- She was in charge of customer inquiries, and bank employees were instructed to direct complaints to her.
Is there a central pool for complaint management in your bank? Who is in charge? Is it automated and logged for monitoring purposes and for the avoidance of suppression of customer complaints? What are the benchmarks for complaint handling and resolution? Is there a segregation of roles to ensure that complaint resolution is dually owned by both the front and back offices? Is it monitored centrally from the Service Quality/Assurance department? Does the complaint management system not generate reports indicating the trends in complaints investigated to know the sources and hot spots? Are there departments/branches registering many complaints? If yes, ask the Internal Control to check up on them and run snap checks. For all you know it could be a leadership problem in the branch leading to cracks in discipline and a target for fraudsters (both internal and external)
Segregation of Duties in Cash Transactions
Since the banks’ stock-in-trade is cash, the segregation of cash duties is a policy to reduce the risk of accidental and intentional money loss by employees. Proper segregation of duties in a cash business requires authorization, custody, recording and reconciliation. A good combination of all these steps involved in dividing and overlapping duties is a great way to reduce the chances of human error and fraud.
I will pause here. Next week, I will examine the segregation of duties involving certain unique transactions such as cheque books, ATMs, account opening, cash management the journey of cash in banks, digital banking on-boarding, etc.
For more insights on this topic, please book a copy of my new book, “THE MODERN BRANCH MANAGER’S COMPANION” which involves the adoption of a multi-disciplinary approach in the practice of today’s branch management. It also shares invaluable insights on the mindset needed to navigate and make a difference in the changing dynamics of the banking industry. Call 0244333051 for your copy.
TO BE CONTINUED
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.