The longer fraud goes undetected, the more it costs and the more damage it creates. To protect your financial institution, you need strong detective controls. Here are nine critical controls that you should be using to detect bank fraud.
1. Look for aberrant behavior.
Fraudulent incidents deviate from a customer’s usual patterns. To detect fraud, you need a solution that looks for these types of deviations. This may be an unusually large check, a purchase in a different country, a wire from an account that doesn’t usually send wires, or any activity on a dormant account.
If your fraud detection solution only looks for transactions over a certain amount or red flags that are outside of other static parameters, it will miss subtle signals of fraud. In this environment, victimized accounts may undergo a substantial amount of losses before you detect the fraud. To avoid that happening, you need a fraud solution that looks for aberrations in behavior.
2. Monitor all aspects of customer interactions.
Bank fraud happens across all of your payment channels, throughout all business functions, and at every stage in the customer journey. To detect fraud, you need to monitor everything.
To give you an example, imagine that your fraud detection system spots an unusually large check written from a dormant account. You caught the check because it was over a certain threshold, but by the time you spot this check, several smaller fraudulent checks had already been cashed on the account.
However, if you were monitoring the account for signs of account takeover, you would have noticed a sign-in from a foreign IP address followed by an address change and a request for new checks. These early signs of fraud would have allowed you to detect the fraud before you lost any money.
3. Pay attention to exception reports.
Exception reports help to reduce loan default, but they can also play a critical role in detecting loan fraud. If your exception report lists expired identification documents on a pending loan application, for example, that may be a sign of fraud.
You can also use exception reporting to identify potential signs of employee fraud. Make sure your reports are set up to identify common signs of fraud. Then, follow up on the reports.
4. Implement data-driven employee surveillance programs.
Unfortunately, a lot of fraud comes from the inside. To protect your financial institution, you need to monitor employee activity. You should have data analytics in place that let you look for suspicious activity associated with system access patterns, overrides, fee waivers, forgiven interest, charge-offs, and consumer complaints.
5. Schedule exit interviews for departing employees.
Exit interviews can help you uncover valuable information about fraud and fraud threats. Dishonest behavior or risky practices can make many employees uncomfortable, but while they’re actively working for an organization, they may not want to say anything because they don’t want to alienate their co-workers.
During an exit interview, employees are often more willing to be open, but you have to ask or they’ll stay quiet. In addition to the routine questions about why they’re leaving or how they felt about working for your bank, you may also want to ask the following types of questions:
- Did you feel well trained about the bank’s anti-fraud policies?
- Do you think your department’s culture supported the anti-fraud policy?
- Did your managers and co-workers follow the anti-fraud policies?
- Did you understand how to report fraud or other misconduct?
- Would you describe the culture as open and honest?
- Were you comfortable talking with your manager or supervisor about suspected fraud?
- Do you have any ethical or legal concerns?
- Do you know about any potential fraud that occurred while you were working for us?
As you can see, the questions are a mixture of very pointed queries and more subtle questions. By asking these types of questions, you can get insight into how your managers are handling fraud. You also see areas where you can improve practices related to reporting fraud or training new employees.
6. Set up a whistleblower hotline.
That said, you want employees to be able to report suspected fraud while they’re working for you, not just if they’re leaving the company. To make this possible, set up an anonymous whistleblower hotline.
Make sure employees know how to report issues. Also, work to create a culture where they feel comfortable doing so and aren’t worried about repercussions.
7. Create a complaint resolution process.
In some cases, your first sign of internal fraud may be a customer complaint. To ensure you don’t accidentally overlook a fraud incident, you need a dedicated process for investigating and resolving customer complaints.
This requires duty segregation. You don’t want the same people who are in a position to commit fraud to answer the phone when customers call. You also need to ensure that you respond to every complaint. If you sweep a couple of small issues under the rug, you may end up ignoring the symptoms and then learning that this fraud is widespread throughout your organization.
8. Analyze subpoenas and information requests.
When other banks are the victim of fraud, they may request information from you under the terms of Section 314 of the USA Patriot Act. In addition to responding to these requests, analyze the situation to see if your bank has been affected by fraud related to these situations.
Similarly, if the courts subpoena information from you for a civil or criminal lawsuit, also make sure that you monitor your own risk.
9. Monitor accounts after filing Suspicious Activity Reports.
You have to file Suspicious Activity Reports (SAR) about certain transactions, and if you don’t, you risk facing significant compliance issues. In most cases, these reports don’t indicate a crime. However, in about 5% of cases, they are linked to fraudulent or criminal activity.
Because this number is so low, you certainly cannot close all of the accounts where suspicious activities occur. In some cases, you may be contractually obligated to keep them open. Remember, the activities that trigger a SAR aren’t all illegal. But to be on the safe side, you need to have a system in place that allows you to monitor these accounts.
10. Monitor the news about civil and criminal fraud cases.
Ideally, you should stay on top of the news about civil and criminal fraud cases. If one of your banking customers is involved in a scandal at another bank, they may have also committed fraud at your institution. Monitoring the news can also help you stay on top of the ever-evolving fraud threats.
At SQN Banking Systems, we provide fraud detection that our clients can trust. However, rather than just detecting fraud, our tools aim to prevent fraud. We can help you implement a holistic anti-fraud system that detects and prevents. To learn more, contact us today.