When you’re trying to fight fraud at your financial institution, you cannot just look at external threats. Unfortunately, some of the most pernicious threats come from the inside, and to protect your financial institution and your customers, you need to be as vigilant about internal threats as you are about external threats.
To point you in the right direction, here is a brief look at some of the most pervasive types of internal fraud affecting banks followed by a list of the signs of internal fraud.
What Is Internal Fraud?
Internal fraud is fraud carried out by an organization’s employees. They may work on their own, with other employees, or in collaboration with external actors. At banks, credit unions, and other financial institutions, internal fraud can include account manipulation, cashing fraudulent checks, facilitating loan fraud, and helping thieves open new accounts for fraud. Employees may also work with criminals who are committing wire fraud or money laundering.
Unscrupulous employees may also engage in the same types of fraud that affect other businesses. Rather than targeting bank accounts or loan products, employees may steal data, issue payments to fraudulent vendors, add fake employees to the payroll register, or carry out countless other types of internal fraud.
Because banks face multiple risks, they must take a multi-pronged approach that addresses all types of internal fraud. They should have fraud detection and prevention tools that monitor account activity for signs of fraud – for example, checks cashed on dormant accounts or transactions that fall outside of an account holder’s usual patterns. They should also employ the traditional strategies that other businesses use to look for internal fraud.
Types of Internal Bank Fraud
Bank fraud committed internally can take a number of different forms. It can range in severity from reversing insufficient funds fees for friends to helping criminals with money laundering, securities fraud, or loan fraud. Here are some of the main types of internal fraud that affect financial institutions:
- Transaction reversals: A teller accepts a deposit from a customer and then reverses the deposit and pockets the funds.
- Account manipulation: A banking professional removes fees or charges from their own account or from a friend or relative’s accounts.
- Insider transactions: Employees fail to disclose when their businesses/interests are borrowing from the bank, and/or when employees accept bribes or abuse their position of trust to approve questionable transactions for their friends, relatives, or business associates.
- Loan participation fraud: Insiders rely on informal loan repurchase agreements to get around lending limitations and hide delinquencies.
- Real estate lending fraud: Employees may approve fraudulent loans for their associates or themselves. This scam may involve inflated appraisals, fraudulent sales contracts, forged title documents, financing non-existent properties, and using trusts or holding companies to hide the identity of the borrower.
- Data theft: Banking employees steal personal data from customers, and then, they open accounts or apply for loans in their names.
- Internal collusion: Two or more bank employees work together to bypass internal controls and steal money from the bank.
- IT changes: Someone in the IT department temporarily grants administrator rights to an unauthorized employee so they can approve a fraudulent transaction.
Internal bank fraud can also take the same form as fraud committed at other organizations. For instance, someone in the payroll department could start generating checks for a fake employee. Or someone in the accounting department could start issuing payments to a fraudulent vendor.
10 Red Flags of Internal Bank Fraud
To protect your financial institution from internal fraud, you need a corporate culture of trust and accountability. Governance plays a key role – you must lead by example and recognize that the tone you take comes from the top. You also need risk management strategies like employee background checks and strong system controls.
Beyond that, you should be aware of the signs of internal fraud. Although the signs vary based on the type of fraud being committed, there are several issues you should look out for in general. If you see any of the following red flags, you may need to investigate further to determine if fraud is occurring.
1. Multiple customer complaints about incorrect balances
If you receive an increased volume of customer complaints about issues such as incorrect balances or deposits not being credited, an employee may be the culprit. As indicated above, employees may take deposits from the customer, reverse the transaction, and pocket the funds. Or, they may make other unauthorized changes to customer accounts.
2. Unusual activity that suggests insider abuse
Signs of insider abuse include an employee lending personal funds to customers or borrowing money from customers. Sometimes, the relationship may be more subtle, and the employee may receive special favors from the customers or they may sell assets to a borrower from the bank. Also, watch for signs of special relationships between your employees and other financial institutions.
3. Problems with loan participation programs
Red flags include any signs of informal repurchase agreements on loan participations including lack of independent credit analysis, missing formal participation agreements, or placements without the purchasing institution being able to review the credit information. Other signs of abuse include a high volume of loan participation in comparison to the institution’s own lending portfolio, the selling institution making payments on the loan, incomplete loan documentation, and reliance on third-party guarantees.
Because loan participation fraud generally requires collusion, you often see this type of fraud playing out between related institutions, correspondent institutions, or different departments of the same lending institution.
4. Excessive “no doc” loans or signs of false appraisals
If your bank approves a lot of “no doc” loans or an excessive number of loans for self-employed people who don’t have proof of income, someone in the loan approval department may be pushing through fraudulent loans.
Often, real estate loan fraud relies on fraudulent appraisals. Signs include appraisers who borrow frequently from your bank, out-of-area appraisers, comps that were all appraised by the same person, borrower-submitted appraisals, and appraisal fees based on the percentage of the property’s appraised value. You may also see issues with the loan application such as applications with unusual similarities received from the same broker. If your lending officer buys a home in a project financed by the institution, that may also be a sign of real estate loan fraud.
5. Unexplained increases in expenses
Unexplained increases in expenses may indicate that an employee is drafting payments to a fake vendor and pocketing the money. To find this type of fraud, you should regularly check for new vendors and make sure they are authorized.
Also, look for issues such as a vendor with the same address as an employee or a vendor using a drop shipping address instead of a real street address.
6. Unusual invoice patterns
Unusual patterns with invoices can also be a sign of internal bank fraud. In particular, duplicate invoices may be fraudulent, and amateur embezzlers often draft invoices with even numbers such as $5,000 or $10,000.
Similarly, if a vendor’s invoices are all in sequential order, you’re either their only client, or they may be a fake vendor created by an employee stealing from your financial institution.
Additionally, you need to keep an eye out for payments issued under the threshold that requires manager approval. People who commit fraud internally often know which payment amounts require additional approval, and they may draft invoices or issue payments under those thresholds.
7. Employees who refuse to take time off
An employee who works all the time and puts in extra hours on the weekend may seem like an asset to the company, but they can be a liability. When employees refuse to take time off, they may not want anyone to step into their role, and if they are stealing, this can have disastrous effects on the bank.
For example, the collapse of French investment bank Société Générale in March 2008 was perpetrated by a trader who had not taken a day off for eight months.
8. Employees under pressure
Most internal fraud does not happen in a vacuum. Thieves typically require three elements to commit a crime: pressure, opportunity, and rationalization. Ideally, your internal controls should reduce the opportunity for crime, but if you know that an employee is under financial pressure, you should keep an eye on them. They may rationalize the idea of stealing from you and take any opportunity that presents itself.
9. Bypass of validation controls
If you see any signs that internal controls are being bypassed, your financial institution may be the victim of internal fraud. Internal controls are designed to reduce the risk of fraud, but they can be bypassed in different ways.
For example, someone in the IT department may grant additional privileges to another employee so they can bypass a control. Or two employees may collude together to bypass internal controls. In other cases, a single employee may just find a way to get expenses approved without a second layer of authentication.
Breaches of rule-based controls are often discovered in audits, but this creates an unfortunate delay between the crime and its detection. Ideally, you should have some type of fraud detection tool working in real time in the background.
10. Activity in dormant accounts
Unscrupulous employees may be tempted to steal funds from a dormant account. They may assume that they won’t get caught if the account holders have forgotten about the accounts.
In these cases, you cannot rely on the customer complaining because they may never notice the losses. As a result, the onus falls on your financial institution to monitor activity on dormant accounts.
Protect Your Financial Institution From Internal and External Threats
At SQN Banking Systems, we are committed to helping our clients fight all types of fraud at their financial institutions. We have a variety of anti-fraud tools and solutions, and we can also help you review your fraud processes to ensure you’re not missing anything. To talk about how we can help you, contact us today.