“When I stand before God at the end of my life, I would hope that I would not have a single bit of talent left and could say, I used everything you gave me.” Erma Bombeck.
For several weeks, I have been sharing extracts of my book on the key roles that branch managers of today, should imbibe to be in tandem with the new banking environment. The Fourth Industrial Revolution, engineered mostly by artificial intelligence, should make managers sit up and be agile, learning new trends and be on top of things. The Bank of Ghana, Cybersecurity Authority, The Police CID and several state institutions continue to caution both members of the public and bankers to be aware of the high spate of robbery, now perpetuated through digital means, targeted mostly at illiterates or non-IT savvy public who operate bank accounts, mobile money transactions etc. A manager should be aware of several fraud types and trends and their modus operandi. Managers should understand the business of banking, the key risk areas mostly from the processes, systems, people and from external events. Most of all, managers must understand that there is a difference between fraud and mistakes/errors.
What is Fraud?
Fraud and related misconduct involve a wilful or deliberate act or failure to act, with the intention of obtaining an unauthorized benefit.
Fraud is Different from Mistakes
Mistakes are sometimes the pathway to great ideas and innovation. Mistakes are the stepping stones to moving outside the comfort zone to the growing zone where new discoveries are made and great lessons are learned. Mistakes are not failures, nor fraud. They are simply the process of eliminating ways that won’t work in order to come closer to the ways that will. The distinction between mistakes and fraud is very critical.
When the system is unable to generate certain reports which should have highlighted red flags perpetuated by data entry staff, then it is a red flag. Various delivery channels such as online banking, mobile banking, SWIFT transactions may be hampered by legacy systems that make IT security difficult to monitor.
According to Temenos, “The most alarming statistic in bank fraud relates to insider fraud: in 70 per cent of cases, the crime was perpetrated by a bank employee. Those with the highest levels of access to IT systems, such as systems and database administrators, are well placed to commit or facilitate it – and erase all evidence of their actions”.
Wire transfer networks such as the international SWIFT, interbank fund transfer system are targets for fraud. Once the transfer is made, it is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace.
While banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor’s money be wired to another bank, often an offshore account in a distant foreign country. I have seen and heard of forged e-mail electronic requests. Some SME customers who import items from abroad find their computers hacked and fraudulent messages sent on their behalf for transfers abroad.
Monitoring of Staff
Bank employees have a duty to protect customers’ accounts and transactions from being exposed to third parties. There are some exceptions to this rule of secrecy however. In the same way employees’ affairs are also private to them. However so far as employees use the bank’s system to work, they are guided by rules and regulations which should ensure fairness and transparency. It is the bank’s duty to empower authorized personnel to check on the accounts of staff to prevent them from abusing the system. Can you imagine a head of department whose accounts become overdrawn or whose cheque is returned for insufficient funds?
Bank systems are usually designed to prevent internal fraud. Employees should therefore be monitored through controls that require them to have certain actions validated by colleagues, or use technology that observes and records each individual’s activities on the bank’s IT systems.
Managers should be aware of such controls which helps to flag any behaviour that is suspicious or unusual. Employee monitoring is permitted and the bank’s e-mail policy alerts users that, its usage should not be abused. Covert monitoring is normally permitted only in very limited circumstances involving the investigation and detection of crimes. Making staff aware that their use of the organization’s IT systems will be monitored is likely to deter many potential cases of internal fraud. During investigations, computers and laptops are “grounded” for scrutiny of mails and other data saved.
Unethical Employee Behaviour
In the western world, to minimize the abuse of systems, behavioural profiling, which is a technology-based anti-fraud system represents a major recent advance in fraud detection. It is being advanced through big data analytics. This is an interesting phenomenon. Profiling and monitoring employee behaviour is now being introduced to profile staff based on how their accounts are used. It involves how, when and where they access them who they usually make payments to; the sums normally involved; and so on. The system then compares each action that takes place on an account against the profile, and scores it against a range of risk indicators to estimate the probability that the transaction is a result of internal or external fraud.
There are reports which prompt when significant amounts are transacted on staff accounts. Sometimes profiling will highlight cases where an account is accessed from an unfamiliar IP address or where money is transferred for the first time to a new recipient, particularly an overseas account. The system flags transactions that are sufficiently unusual to warrant further investigation, enabling suspect transactions to be blocked and losses prevented. Profiling can equally be used to flag unusual behaviour by members of staff using the bank’s systems as part of their everyday jobs. For example, suspicious activity among members of an investment bank’s trading teams.
Weak controls are the single most important factor behind internal fraud and play a central role in more than 70 percent of internal frauds uncovered in Europe and more than 60 percent globally, according to a recent research. Weak controls therefore represent a major management challenge for financial-services firms, as well as an opportunity to benefit from improved practices.
Poorly designed controls and or a weak workplace culture of compliance create the most attractive opportunities for internal fraudsters, and the problem appears to be getting worse.
Frauds Commonly Perpetuated by the Youth
Although most surveys indicate that around two-thirds of internal fraudsters tend to be aged between 36 and 55, the youth are an important factor in a significant number of cases. There are numerous cases of young staff who use fictitious details to open an account and obtain loans which are withdrawn from the bogus accounts.
The UK anti-fraud organization CIFAS (Credit Industry Fraud Avoidance System), found that among the 409 cases of internal fraud reported by its members in 2016, 53 percent of the perpetrators aged between 21 and 30, a far higher proportion than in larger, international studies. There is also evidence that younger employees are more likely than older fraudsters to use technology to perpetrate fraud.
Other studies also show that up to 60 percent of perpetrators in technology-enabled frauds are aged between 26 and 45 – a much higher concentration of younger staff than in cases that do not depend on technology. The signs are that, as younger and more tech-savvy employees climb through the ranks, the incidence of technology-related fraud is likely to rise. Tech-enabled frauds are also much more likely to be discovered by accident (24 percent) than overall cases of internal fraud (11 percent), suggesting that controls are more easily evaded in cases where technology is exploited.
On this note, Managers are recommended to shine their eyes in this digital banking world, treat all staff fairly and expect loyalty in return for the brand.
For more insights please book a copy of my new book, “THE MODERN BRANCH MANAGER’S COMPANION” which involves the adoption of a multi-disciplinary approach in the practice of today’s branch management. It also shares invaluable insights on the mindset needed to navigate and make a difference in the changing dynamics of the banking industry. Call 0244333051 for your copy.
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.