Banking institutions are becoming more and more susceptible to fraud over the years, although various control measures have been put in place. Fraudsters are now more versatile in designing their modus operandi to circumvent the control. The fraudsters could originate from both internal (employees) and external sources (customers, suppliers, contractors and lawyers). As banking institutions are engaged in a wide range of activities, fraud could potentially affect many parties, including shareholders, depositors, borrowers, staff as well as the banking institution itself.
It is no exaggeration to say that, the greatest fraud risk that banks face walks through their doors every morning and sits down to work. Fraud carried out by bank employees are a huge global problem. According to the Association of Certified Fraud Examiners (ACFE) 2020 report, the Association assessed 2,504 cases of internal fraud from 125 countries which estimated losses of $3.6 billion. Banking and financial services accounted for the largest share of internal fraud cases examined by ACFE. No organization is immune from fraud. Fraudulent activities in banking can be especially very hard to detect amid a huge number of authentic transactions carried out each day.
Despite the best attempts by the top management to eliminate fraud, there is no silver bullet for fraud other than creating awareness among employees on the activities that can be considered as fraud. Hence, all the components of deterrence, prevention, detection, mitigation, analysis, policy, investigation and prosecution must be simultaneously implemented in order to effectively prevent and detect fraud within banks.
WHAT IS FRAUD
Fraud can be defined as any behaviour by which one person intends to gain a dishonest advantage over another. In other words, fraud is an act or omission which is intended to cause wrongful gain to one person and wrongful loss to the other, either by way of concealment of facts or otherwise (Source: Action Fraud )
WHAT IS INTERNAL BANK FRAUD
Internal fraud occurs when an employee of a bank makes a false representation, fails to disclose information, or abuses a position of trust either for personal gain or to cause losses to others. Internal fraud is often referred to as occupational fraud (Source: Fraud.net).
In other words, it is a dishonest or fraudulent acts committed by an employee of a bank whether acting alone or in collusion with any other natural person(s) with the intent to cause the insured to sustain such a loss or to obtain an improper financial gain for the employee or any other natural person(s) acting in collusion with such employee (Source: Law Insider). In many instances, bank fraud is a criminal offence sometimes considered as white-collar crime.
WHY FRAUD IS COMMITTED
Fraud is committed due to the following reasons:-
- Perceived pressure
- Perceived opportunity
These three elements or basic concepts were adopted from the “Fraud Triangle Theory” by a renowned Criminologist – Donald R. Cressey. Fraud commonly happens due to financial stress and difficulty which give rise to pressure or motive for one to commit fraud regardless of the risk involved.
The second reason is that, opportunities will present itself as an employee claims the corporate hierarchy simultaneously being entrusted to wider responsibility while at the same time a weak internal control will provide opportunities for the perpetrators to defraud their respective organizations.
Rationalization which is the third reason, refers to an individual’s justification for committing fraud. Examples of common rationalizations that fraud committers use include:
- “They treated me wrongly”
An individual may be spiteful towards his/her manager or employer and believe that committing fraud is a way of getting payback.
- “There is no other solution”
An individual may believe that he/she might lose everything (for example, losing a job) unless he/she commits fraud.
- “Upper management is doing it as well”
A poor tone at the top may cause an individual to follow in the footsteps of those higher in the corporate hierarchy.
WARNING SIGNS OF INTERNAL BANK FRAUD
The same qualities that help employees work well can also help them perpetrate fraud. Interestingly, the highest profile cases of internal fraud are committed by employees that hold positions of trust, have greatest opportunity, and are least suspected and have little or no supervision. The signs of internal fraud vary based on the type of fraud being committed. However, if you see any of the following red flags, you may need to investigate.
- ACTIVITY IN DORMANT ACCOUNTS
Unscrupulous employees may be tempted to steal funds from a dormant account. They may assume that they won’t get caught if the accountholders have forgotten about the accounts. In this case, you can’t rely on customer complaining, you need to monitor activity on dormant accounts.
- MULTIPLE CUSTOMER COMPLAINTS ABOUT INCORRECT BALANCE
When a bank receives an increased volume of customer complaints about issues such as incorrect balances or deposits not being credited, an employee may be the culprit. Employees may take deposits from the customer, reverse the transactions and pocket the funds or may make other unauthorized changes to customer accounts.
- EMPLOYEES WHO REFUSE TO GO ON LEAVE OR TAKE TIME OFF
An employee who works all the time and puts in extra hours on the weekend may seem like an asset to the bank, but they can be a liability. When employees refuse to take time off, they may not want anyone to step into their role, and if they are stealing, this can have disastrous effects on the bank.
- EMPLOYEES UNDER PRESSURE
Most internal fraud does not happen in a vacuum. Thieves typically require three elements to commit a crime – pressure, opportunity and rationalization. Ideally, the internal controls should reduce the opportunity for crime. However, if an employee is known to be under pressure, the bank should keep an eye on the person. He may rationalize the idea of stealing and take an opportunity that presents itself.
- BYPASS OF VALIDATION CONTROLS
When it is observed that internal controls are being bypassed, the bank may be the victim of internal fraud. Internal controls are designed to reduce the risk of fraud, but they can be bypassed in different ways. For example, someone in the IT department may grant additional privileges to another employee so they can bypass a control. It should be noted that, breaches of rule-based controls are often discovered in audits.
However, this creates an unfortunate delay between the crime and detection. Ideally, the bank should have some type of fraud detection tool working in real-time in the background.
- UNEXPLAINED INCREASES IN EXPENSES
Unexplained increases in expenses may indicate an employee is drafting payments to a fake vendor and pocketing the money. To find this type of fraud, there should be regular checks for new vendors to ensure they are authorized. The bank should also look for issues such as a vendor with the same address as an employee.
- UNUSUAL INVOICE PATTERNS
Unusual patterns with invoices can also be a sign of internal bank fraud. For example, if a vendor’s invoices are all in sequential order, you are either their only client, or they may be a fake vendor created by an employee stealing from the bank.
Additionally, the bank needs to keep an eye out for payments issued under the threshold that requires manager approval. Employee who commit fraud intentionally often know which payment amounts require additional approval, and they may draft invoices or issue payments under those thresholds.
EXAMPLES OF INTERNAL FRAUD IN BANKING
Broadly, the frauds reported by banks can be divided into three main sub-groups which are:-
- KYC related ( mainly in deposit accounts)
- Technology related
- Advances related
Below are some of the most pervasive types of internal fraud affecting banks:-
- ACCOUNT MANIPULATION
A bank employee might alter charges, interest rates on loans or even increase credit limits. This is a classic case of stealing from the bank’s profits for personal benefit.
- TRANSACTION REVERSAL BY TELLERS
This is where a teller accepts deposit from a customer and then reverses the deposit and pockets the funds. This type of fraud usually targeted towards vulnerable accounts like elderly customers or dormant accounts.
- ACCOUNT TAKEOVER
With regards to this type of fraud, a fraudulent employee might gain access to a dormant account and carry out unauthorized transactions by changing the account details.
- LOAN APPLICATIONS
In such cases, employees borrow loans using stolen customer IDs. In the aftermath of this fraud, the customer refuses to repay the loan (since he did not issue it in the first place). Hence, the bank suffers a loss.
- GENERAL LEDGER FRAUD
An employee might create a fake company (vendor for the bank) and its bills. He may then cash the amount payable to the company from the bank by adding it to the general ledger.
- INTERNAL COLLUSION
Driven by the motivation of making quick money, two or more employees might jointly commit fraud within the system. Multi-people fraud is difficult to detect as it might involve important stakeholders from different departments covering up for each other.
- DATA THEFT
A customer’s data including PINS and account details, can be sold in the market or used to commit fraud. Bank employees deal with such data on a day-to-day basis. Consequently, the bank must have a strong internal control system to safeguard customers’ data.
- IT CHANGES AT THE BACK-END
IT administrators are the backbone of a bank’s operations. However, they may also temporary grant the system’s access to a non-IT employee who can then approve a fraudulent transaction.
- CREDIT ABUSE
This is where a bank employee uses his knowledge and position to sanction credits for himself or his close ones. This might result in banks’ lending more amounts than the borrower is capable of paying.
Usually executed by employees at higher levels, the intent of this fraud isn’t to defraud banks, but to use the power which comes with the job.
CAUSES OF INTERNAL BANK FRAUD
Internal fraud perpetrated by bank employees is costing billions of dollars in the banking industry the world over. The causes of bank fraud can be classified into two namely institutional factors, lapses or inadequacies and environmental/societal factors or lapses as detailed below:-
- INSTITUTIONAL FACTORS
- Poor Management
This comes in a form of inadequate supervision. A junior staff with fraudulent tendencies that is not adequately supervised would get the impression that the environment is safe for the perpetration of fraud. Poor management would also manifest in ineffective policies and procedures, which a fraudulent minded operator in the system will capitalize on. Even where there are effective policies and procedures in place, fraud could still occur with sometimes deliberate skipping of these tested policies and procedures.
- Inexperienced Personnel
Inexperienced personnel are susceptible to committing unintentional fraud by falling for numerous tricks of fraudsters. Inexperienced personnel are unlikely to notice any fraud attempts and the necessary precautional measures to checkmate the fraudster or set the detection process in motion.
Overstretching is another reflection of poor management. This can aid perpetration of fraud to a large extent. A staff who is overstretched is not likely to perform at optimum level of efficiency.
- Job Rotation
Ordinarily, the longer a person stays on a job, the more proficient he is likely to be. An operator who has spent so long on a particular job may be encouraged to think that no one else can uncover his fraud. The existence of this kind of situation in a bank is clear evidence of poor management and such situations encourage fraudulent practices.
- Poor Remuneration
Poor salaries and poor conditions of service can also cause and encourage fraud. Employees that are poorly paid are often tempted to fraudulently convert some of the employer’s money to their personal and social needs. This temptation is even stronger on bank employees who on daily basis have to deal with cash and near cash instruments.
In our society, it is argued that greed rather than poor working conditions or poor salaries is what lures most people into fraudulent acts.
Frustration could also lead to fraud. Where an employee feels short-changed in terms of promotion and other financial rewards, they become frustrated and such frustration could lead to fraud as such employee would attempt to compensate himself in his own way.
- Inadequate Training and Re-training
Lack of adequate training and re-training of human resources both on the practical and theoretical aspects of banking activities and operations more often than not leads to poor performance. Such inefficient performance creates a loophole which can be very easily exploited by fraudsters.
- Access to IT Systems
Access is one of the most important ingredients in any bank fraud. This means access to the IT systems that run the bank’s day-to-day operations and enable its customers to manage their accounts. Gaining uncontrolled access to the bank’s IT systems enables a fraudster to steal or alter sensitive information, execute illicit transactions and remove evidence of their activities.
It’s of course possible for fraudsters to break into a bank’s IT systems from outside if they are able to exploit any weakness in its security. However, in practice it is much more likely that a bank will experience fraud that originate within the organization due to the high level of access to sensitive data that must be granted to some number of staff to enable them do their jobs. As a result, these staff are able to see sensitive customer information in the course of their work. They will therefore have a much higher degree of access to the system and ability to change and update it without necessarily attracting any scrutiny.
In particular, the role of IT systems administrators and database administrators both require that they have a very high level of access to the bank’s critical systems. The activities of these administrators should attract special attention within a bank’s security monitoring.
- Poor Book-Keeping
Inability to maintain appropriate books of accounts together with failure to reconcile the various accounts of the bank on daily, weekly or monthly basis more often than not will attract fraud. This loophole can very easily be exploited by bank employee who is fraudulent. The prevalence of fraud and forgeries are an indication of weakness in a bank’s internal control systems.
Aside the above-mentioned causes of fraud, the following factors greatly contribute to fraud:-
- Refusal to comply with laid-down procedures without any penalty or sanction.
- Conspiracy between interacting agents charged with the responsibility of protecting the assets and other interest of the bank.
- Poverty and infidelity of employees.
- ENVIROMENTAL/EXTERNAL FACTORS
Environmental factors are those that can be traced to the banks immediate and remote environment. If the whole society of which the bank is a part is morally bankrupt it will be difficult if not impossible to expect the banks to be insulated from the effects of such moral bankruptcy.
The banking industry is not immune from the goings on in its external environment. Our present society is morally corrupt. Little or no premium is put on things like honesty, integrity and good character. The society does not question the source of wealth. Any person who stumbles into wealth is instantly recognized and honoured. It is a fact of our time that fraud has its root firmly entrenched in the society which to a large extent encourages fraud. The desire to be with the high and mighty caliber of the society, extreme want that is often charactized by need, cultural demands or the cultivation of a life too expensive for the legitimate income of the individual.
Our societies have debased the entire old moral standards and appear to be unconcerned with probity, honesty, integrity and “good name”. The family friends, the religious houses and society at large seem not to care how you come about your riches but accepts, accommodates and even respects you for your wealth, however, dishonestly it has been acquired.
All these encourage fraud as the end seems to justify the means and no means seems to be morally unacceptable. With reference to fraud, criminal motivation is said to be pathological when the state of mind of the criminal disposes and impels him to commit fraud even though he is not in dire need of the resources.
EFFECTS OF INTERNAL BANK FRAUD
Fraud inflicts severe financial difficulty on banks, customers and the economy in the following ways:-
- Loss of Public Confidence in Banks
Fraud is perhaps the most fatal of all risks confronting banks. The enormity of bank frauds can be inferred from its value, volume and actual loss. A good number of banks’ frauds never get reported to the appropriate authorities, rather they are suppressed partly because of the personalities involved or because of concern over the negative image effect that disclosure may cause if information is leaked to the banking public. The banks customers may lose confidence in the bank and this could cause a setback in the growth of the bank in particular.
- Loss of Money
Fraud leads to loss of money which belong to either the bank or customers. Such losses may be absorbed by the profits for the affected trading period and this consequently reduces the amount of profit, which would have been available for distribution to shareholders.
Losses from fraud which are absorbed to equity capital of the bank impairs the bank’s financial health and constraints operations. In extreme cases rampant and large incidents of fraud could lead to a bank’s failure.
- Increased Operating Cost
Fraud can increase the operating cost of a bank because of the added cost of installing the necessary machinery for its prevention, detection and protection of assets. Moreover, devoting valuable time to safeguarding its asset from fraudulent people distracts management. Overall, this unproductive diversion of resources always reduces outputs and lowers profits which in turn could retard the growth of the bank.
- Low Asset Quality
It also leads to a diminishing effect on the asset quality of banks. The problem is more dangerous when compounded by insider loan abuses. It should be noted that some banks are liquidated as a result of this situation.
The same way in which fraud leads to loss of money to the bank, applies to the customer. This is so because it is the customer who has deposited the money at the bank. The interest that the banks pay on customers deposits is determined by the level of the banks’ profits. Therefore, when greater part of the banks profit is used to defray loss due to fraud, it will affect the amount of interests that will be paid on deposits.
Furthermore, most customers are shareholders of their banks therefore, the negative impact of internal fraud on the banks’ profits, affects the dividend payments as well. Internal fraud also affects bank’s liquidity thus making it difficult for customers to secure the amount of credit facility they would need for their businesses.
The loss in funds affects the economy and it reduces the amount of money available to SMEs to cushion their businesses. Since the private sector of every economy is the engine of growth, lack of financial support for this sector affects the development of a nation since it will increase unemployment rate, reduce Gross Domestic Product (GDP) and Per Capita Income of the country.
The costs of fraud are always passed on to the society in the form of increased customer conveniences, opportunity costs, unnecessary high prices of goods and services and lack of infrastructure facilities that will aid the economy. Fraud can undermine national defence and security as well as damage international standing and affect the ability of nations to get international support.
To protect your bank or financial institution from fraud, you must be vigilant in your fraud detection and prevention efforts. In addition to considering external threats, you also need to think about threats from within.
Below are the strategies a bank can use to minimize, prevent or control the risk of becoming a victim of internal fraud:-
- Background Verification
Banks do conduct thorough background verifications (BGV) on the people they hire. However, due to the lengthy “fall and final” employee exit process in banks, the hiring bank has to wait for some months to get the final verification report. During these months, the bank is vulnerable to a fraudulent employee.
Verifying new employees before onboarding them, can help reduce these risks significantly. This can be done through a host of digital pre-onboarding checks that are fast and efficient. BGV checks for the banking industry covers the following aspects:-
- Identity check (eg. through Ghana card, Passport, Driving License )
- Address check
- Past employment check
- Court record check
- Reference check
- Police clearance certificate check
- Education check
- Employee Induction on the Bank’s Culture
Induction programmes are critical and ideal opportunities to promote the bank’s core values of honesty and integrity and demonstrate zero-tolerance policy. In addition, the reference to examples of reprimanded or fined employees who engaged in fraudulent activities and suffered the consequences for inadequate job performance, can also be a preventive control.
- Ethics Training
Ethics refers to the moral principles governing a person’s behaviour or the way he conduct activities. In other words, setting standards for morally right behaviour. Hence, ethics in banking refers to an awareness of how the practices of an institution affect society and the environment (Source: Corporate Finance Institute). Many employees entering the workforce wonder, “How do I interact with co-workers and customers?” Throughout our careers, most of us will have many different jobs requiring different sets of skills. No matter what the industry, they have one thing in common in order to succeed and advance, we need to demonstrate professionalism.
Being a professional means acting ethically, demonstrating integrity, treating everyone with dignity and respect, showing poise, and owning up to mistakes. Ethics training programmes raise morale so that employees work more productively and harmoniously with their co-workers and also promotes awareness of the values and benefits of the institution.
- Regularize Internal Audits
Banks should make sure that they are adequately auditing their accounts. Internal audits coupled with management reviews can be an effective way to spot signs of fraud. Besides, continuous auditing can be done once computer queries and scripts are written. In fact, tests can be programmed into live corporate systems in order to provide continuous monitoring of transactions rather than audit on historical data during normal audit process.
- Set up Communication Channels for Reporting Internal Fraud
Having a trustable sources to tip you off can help a bank more quickly and save the damage that comes with the fraud. Co-workers and even customers can often tell when someone is committing internal fraud. However, they don’t necessarily want to report the information because they may be afraid of the repercussions.
Consider setting up a communication channel such as a whistling blowing hotline or a website that allows people to report their suspicions anonymously.
- Utilize Relationship Discovery
Some internal fraud involves collusion with outsiders. Systems that can perform relationship discovery look for patterns of links between employees and outsiders. Also called entity-link analysis, these tools can help you detect fraud being committed by employees and outsiders. If an employee is found guilty, this system also helps make an informed case against the suspected fraud.
- Mandate System Log out When one Leaves the Work Station
Employees who intend to commit fraud tend to access the system when no one is watching. The best time for this is post-working hours. It is important for employees with access to sensitive information to log out and prevent misusage of the data.
Also there are instances where some people with high-level access leave their computers unattended while they have signed in. A nefarious employee could steal their credentials or initiate fraud from their computers. To avoid this threat, a bank should ensure that employees understand the relevance of logging out, even if they are stepping away from their desks for a short time.
- Password Protection Policy
Employees could abuse their authority and access to the general ledger accounts to transfer funds from one account to another. While widely recognized as bad policy, sharing of login credentials is very common and can be a signature of suspicious activity. It is one of the most devastating internal fraud schemes in which bank insiders collude with external fraudsters.
By ensuring that managers are capable of accessing into the user computer’s security and auditing features, the use of password can assist them in preventing and detecting employees’ fraud. This can be done by requiring a password before gaining access to functions that diverge from the standard procedure. To be more effective, the user password ought to be changed regularly.
- Use Behavioural Profiling when Monitoring Transactions in Real-Time
An employee who wants to commit fraud may take over inactive accounts, draft cheques from a customer’s account, transfer money or steal funds in other ways. Employees know how to get past the static rule-based fraud detection filters, and to detect fraud committed by these insiders, you need to use behavioural profiling.
Behavioural profiling leverages large amounts of data to get to know an account holder’s typical behaviour. This technology also had an understanding of the differences between legitimate and fraudulent transactions. When you have these types of tools in place, you are more likely to detect internal threats to customers’ accounts. For example, if two employees sign in to the same computer, that may be unusual behaviour that should be flagged by the system.
- Require IT Administrators to Sign in Using their own Credentials
IT administrators historically access networks using generic logins, making it impossible to track their activities. Make these employees or contractors use their own credentials so you can create an audit trail. Also user access profiles should be checked on a regular basis. Look for red flags such as employees with higher-level access than they should have. Furthermore, you should go through records to see if anyone was temporarily given extended access that would allow them to commit fraud more easily.
- Using Modern Technology
As digitization improves the banking experience for customers, it also invites fraudsters to use technology to cheat businesses and customers in novel ways. Hence, a proactive approach to fraud detection and prevention is imperative to ensure customers trust, employee compliance, and overall improvement in operational efficiency. More advanced method based on technology, can empower the banking sector.
Below are some of the key technology systems that can be used to fight sophiscated and ever-changing frauds in banks:-
- Artificial Intelligence (AI)
Manual verification of a large volume of transactions is an error-prone and time consuming activity. Artificial Intelligence (AI) uses RPA to monitor transaction checks and flag-suspicious activity.
- Machine Learning (ML)
Machine Learning (ML) algorithms are at the heart of automated fraud analytics, which use large amounts of data to predict behaviour patterns, content anomalies, bot clicks, and other suspicious activities. ML can also detect loopholes in cybersecurity, check for system weaknesses and help fix them.
- Biometrics Data
Biometrics is the answer to verification issues and preventing credential theft. It adds another layer of protection for account security as biometric data is hard to crack and duplicate. Certain biometric techniques such as fingerprint and facial recognition software are already widely used. Voice cadence also carries a unique signature and is used by banks to add an additional security layer to prevent fraud.
- Data Integration
Consortium data within the sector provides collective intelligence on fraudulent activities. Moreover, data integration can avoid silos within the organization and create a clear picture of customer profiles and transactions to flag risky activity. For organizations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape.
- Use Real-Time Data
Enrich your database with real-time data from other sources, digital services and social networks. This creates a more comprehensive customer profile for predictive analytics. Real-time email domain verification, IP address checks, and device recognition methods can alert customers in case of suspicious activities.
The impact of frauds, on banks is more significant as their operations involve intermediation of funds. The economic cost of fraud can be huge in terms of likely disruption in the working of the markets, financial institutions, and the payment system. Besides, frauds can have a potentially debilitating effect on confidence in the banking system and may damage the integrity and stability of the economy. It can bring down banks, undermine the central bank’s supervisory role and even create social unrest, discontent and political upheavals. The vulnerability of banks to fraud has been heightened by technological advancements in recent times. I would like to emphasize that the advantages of technology, communication and accessibility of data must be leveraged to put in place a system wide fraud mitigation mission. Any house is only as strong as its foundation and as weather proof as its situation.
It is necessary therefore that, a strong foundation is built by leveraging robust IT systems, framing effective policies and procedures, laying down strict compliance processes, setting high integrity standards, developing efficient monitoring capabilities and initiating strict punitive action against the culprits in a time bound manner.
It is also imperative that we insulate ourselves from unscrupulous activities by strengthening the fraud detection mitigation and control mechanism through prompt identification, investigation and exchange of information. This is necessary not just for the safety of banks but for ensuring the stability and resilience of the overall financial system and sustaining the confidence that various stakeholders have in its strength and integrity.
To my mind, in an improved governance standards in the public sector banks and greater commitment by the board and top management in fighting the scourge of fraud, lies the “holy grail” of success.
ABOUT THE AUTHOR
Robert is a Fellow of the Chartered Institute of Bankers (Ghana). A seasoned banker with wide experience in Retail Banking, Internal Auditing, Project Management, Electronic Banking with high specialty in Internet Banking. He is also a Consultant and a Supervisor of Chartered Institute of Bankers (Ghana) examination.
E-mail address: kwa [email protected]; Tel. 0240 821597 & 0546 907904