4 ways your financial institution can fight fraud now
FINANCIAL INSTITUTIONS INSIGHTS |
Report to the Nations on Occupational Fraud and Abuse, a 2014 global fraud survey conducted by the Association of Certified Fraud Examiners, found that banking and financial services companies face the highest risk of fraud of any industry, accounting for 17.8 percent of the cases reported. By comparison, government and public administration and manufacturing, the next two most affected industries, accounted for 10.3 and 8.5 percent of reported cases.
For financial institutions, these are dire findings. Yet, by focusing on controls in just a few key areas, financial institutions can significantly reduce odds of the most common fraud schemes you face. As we investigate financial institution frauds, we continually find that, with appropriate controls and segregation of duties, most of them could have been avoided.
First, consider some of the most common financial institution frauds.
- Branch fraud—Branch fraud involves theft of cash, either from the teller drawer or the vault. Because of tight restrictions on cash shortages, close surveillance and quick discipline, thefts from teller drawers are usually small and discovered quickly. Thefts from the vault, however, can be significant, as there is more cash available and usually less surveillance. Smart vault tellers can often tell when a cash count is imminent and will move money into the vault from another teller drawer or, more frequently, kite funds from a general ledger or demand deposit account (DDA), only to reverse the transaction when the count is over.
- Loan fraud—Loan frauds involve either creation of fictitious loans or the misappropriation of advances from existing loans. Because of the potential amounts involved, especially on commercial loans, loan fraud can be especially damaging. Whether the fraud involves a fake loan or a misappropriated advance, the fraudster must keep the customer from learning of the activity by intercepting or misrouting statements and other communications. The fraudster also must keep payments on the loan current, usually by kiting from general ledger or DDA accounts.
- Trust fraud—Trust department employees have access to a wide range of customer assets, from investments and retirement accounts to real estate and DDAs and have many legitimate reasons to make disbursements. Trust fraud involves misappropriating those disbursements and then covering the transaction through the same methods used in loan fraud.
All three types of fraud involve recurring themes—using access to DDA and general ledger accounts to shift funds to hide fraud. By focusing on internal controls in the following four areas, your financial institution can significantly reduce the risk of fraud.
- Segregate control of DDAs from the ability to make disbursements from those accounts. It seems intuitive that employees with day-to-day control over DDAs should not be able to make unsupervised disbursements from those accounts, but this is too often not the case. Review your controls to ensure that the ability to make disbursements is segregated from day-to-day control. In addition, consider requiring secondary approval for disbursements over certain limits. When establishing and adjusting your controls over DDAs, remember to consider both customer accounts and accounts that your institution has set up as clearing vehicles for transactions. Too often, those internal accounts remain open long after they have served their purpose. We've seen banks with hundreds of dormant DDAs. Identify them and close them. As we'll discuss in a minute, dormant accounts increase your risk for fraud.
- Ensure reviews of all transfers between general ledger and customer accounts in your loan or deposit subledgers. Many frauds hinge on an employee's ability to move money between these accounts to kite payments or otherwise cover their tracks. Ensuring that transfers between these accounts are reviewed in a timely manner is vital to controlling fraud.
- Watch your dormant accounts. Fraudsters know that dormant accounts are often not closely monitored by the account holders. That makes them tempting targets. Establish a process for identifying and monitoring your dormant accounts, with particular attention paid to dormant accounts that start to show activity. Often, dormant accounts have very low balances and offer little value to your institution. Consider working to close such accounts.
- Establish solid file maintenance controls. As systems become more integrated, employees throughout your institution often gain access to a wide variety of file maintenance functions. The ability to manipulate critical file attributes, such as customer information, due dates or interest rates, can be a bonanza to a fraudster. Start by conducting a full review to determine who currently has access to which capabilities and then narrow that access as appropriate to each employee's job. Run regular system access reports to check which employees are using which capabilities. Ensure that seasoned members of your staff with the experience to recognize suspicious activity periodically review these reports. Finally, consider periodically conducting a thorough review of a random sample of file maintenance activities—and make sure your employees know that sampling is taking place.
Fraud does not discriminate. It can affect any organization, regardless of the size or compliance and internal control structures in place. Smaller institutions are more susceptible to fraud and therefore need to be hypervigilant in focusing on their internal controls. For a real-world example of the struggles and success of one financial institution, read Helping a credit union uncover a $300,000 fraud.
For more information on fraud prevention and detection, please contact Shalene Jacobsen or Al Kohl.