Insider abuse: A key threat for banking institutions
Any type of suspicious activity is a bad sign for banks, but it is especially troubling when the threat comes from within. In fact, some of the most significant risks to a bank are self-serving or criminal acts carried out by business insiders; and those include employees, contractors, consultants and even trusted individuals in an oversight capacity (directors, officers, executives). Using their special access privileges and knowledge of bank operations, insiders can commit fraud, intellectual property theft and privacy breaches. When insiders use their technical knowledge to alter or disable security controls, it can be even more difficult to detect abuse. Any of the crimes that can be committed by outsiders can be committed by insiders and often, with more ease.
For these reasons, the Financial Crimes Enforcement Network (FinCEN) has targeted insider abuse for a special study. A recent report, SAR Assessment: Abuse of Insider Relationships within Depository Institutions 1 (SAR Assessment report) takes a closer look at this issue. The report examined SARs-DIs (Suspicious Activity Reports – Depository Institutions) where subjects were noted as having insider relationships from Jan. 1, 2003 to June 30, 2012. Its objective was to identify the methods and extent of insider abuse, especially in view of a finding in the recent Financial Crimes Report to the Public 2 , which concluded that economic downturns were seldom the sole cause of bank failures, and that management and insider abuse also played a significant role in the failures.
What is insider abuse?
The specific term insider abuse is not defined in the Bank Secrecy Act, though the term is used throughout SARS regulations. The General Accounting Office states that absent a universally agreed upon definition of the term fraud and insider abuse it would adopt the term as it is defined in a 1988 Federal Home Loan Bank Board Report to Congress:
. . . individuals in a position of trust in the institution or closely affiliated with it have, in general terms, breached their fiduciary duties; traded on inside information; usurped opportunities or profits; engaged in self dealing; or otherwise used the institution for personal advantage. Specific examples of insider abuse include loans to insiders in excess of that allowed by regulation; high risk speculative ventures; payment of exorbitant dividends at times when the institution is at or near insolvency; payment from the institution funds for personal vacations; automobiles, clothing and art; payment of unwarranted commissions and fees to companies owned by a shareholder; payment of consulting fees to insiders or their companies; use of insiders' companies for association business; and putting friends and relatives on the payroll of the institutions.
A key issue to understand is that the term insider abuse does not necessarily refer to illegal acts. Some acts which are reportable under SARs regulations fall short of being a criminal act. As stated in the SAR Assessment report3, insider abuse is a general term that encompasses various activities whic h may or may not be lawful. While an abusive situation usually violates one or more banking laws or regulations, legal violations are not a necessary element. Insider abuse includes the broader range of actions where an insider takes action or fails to take action; where the bank is harmed, takes on additional risk, or loses an opportunity; and where the insider or a related party somehow benefits because of his position.
Downward trend in SARS linked to insider abuse
Surprisingly perhaps, one key finding of the SAR Assessment report was a steady decline in SARs-DIs related to insider abuse since the 2008 mortgage crisis, with an unpredicted spike in volume of SARs during 2008 to 2009. Then, in 2010 and 2011, there was a moderate decrease in the volume of SARS filed. Between 2011 and 2012, there was a sharp drop in volume. These trends are seen in the chart below, which also shows that insiders as subjects of SARs rose steadily between 2003 and 2009, after which the reporting volume declined (2012 is the most recent information available).
There are several possible explanations for these trends. The decline in SARs volume since 2009 may be a consequence of the increase in insider abuse-related criminal prosecutions, as reported by FinCEN in the study. This, in turn, may be the result of a heightened focus on the problem by the financial institutions themselves.
There also appears to be a correlation between SARs volumes and the relative strength or weakness of the economy. During periods of economic distress, suspicious activities increase. The obvious explanation is that there is more incentive to commit fraud by those inclined to do so. Factors such as job loss, threat of job loss, downsizing, general job instability, reduced bonuses and reduction in hours may contribute to employee dissatisfaction. As the economy improves, these pressures lessen, and so also does the motive for fraud.
Other changes in bank security and federal regulation since 2009 could also explain the trends seen in the chart above. For example, declining SARS volume could reflect:
- Investments in monitoring tools and technologies
- Better internal control systems
- Heightened scrutiny of insider activities
- More oversight by regulators over financial institutions
- Downsized banks resulting in fewer staff, which is easier to monitor
- More willingness on the part of employees to report fraud
- Changes in tone at the top standards which improve employee conduct
Employees - the largest source of insider abuse
Employees are the largest source of insider abuse, according to the SAR Assessment report. The chart below shows the percentage breakdown of five types of insiders. At 72 percent, the employee category far surpasses any other insider type. A majority of the suspicious activities in the employee category involved tellers or those in related functions. The next highest percentage of insider subjects was other4 at 7 percent, followed by broker, officer and director, each with a very small percentage.
Some of the most common activities cited in SARs involving employee insiders were:
- Teller theft from cash drawer or vault
- Misappropriation of customer funds by tellers and other employees by altering deposits
- Accessing customer funds or using customer credit to purchase items
- Fraudulent or empty envelope deposits to the ATM, followed by cash withdrawals
- Corporate credit card fraud
- Check kiting
- Opening new accounts for non-existent customers in order to qualify for employee incentive programs
- Changing ledgers and other records to hide their own overdraft or kiting statuses
- Engaging in mortgage loan fraud by submitting misrepresentations of borrowers' income, employment, credit, etc.
Suspicious activities in other insider categories
While the total SARs filed on officers and directors appears small in comparison to those filed on employees, reports on those two insider groups increased slightly since 2009. For officers, typical suspicious activities reported involved embezzlement of funds by wire transferring funds from a general ledger to the suspect's own account, misusing a corporate credit card and attempting to pay a personal bill from general ledger funds.
Suspicious activities of directors were similar to those of officers and also involved embezzlement and corporate credit card misuse. Another activity reported was the failure of directors to disclose their interests in loans to other entities.
For the broker category, suspicious activities pertained to mortgage loan fraud and included: submission of fraudulent information, misrepresentations of occupancy or employment, or using other tactics to fraudulently obtain a mortgage for which a borrower was not qualified.
For more information
For more information or assistance with this topic, please contact Patricio Perez, partner, RSM US LLP, at 305.569.7955 or at Patricio.Perez@rsmus.com.
1 The SAR Activity Review - Trends, Tips & Issues; Issue 23, May 2013, FinCEN
2 March 2012, Federal Bureau of Investigation
3 Bank Failure – An Evaluation of the Factors Contributing to the Failure of National Banks, June 1988, Office of the Comptroller of the Currency
4 Examples in the other category include: theft or embezzlement by a former employee; misuse of position by employee (such as improper refunding of overdraft fees to relatives), loan application misrepresentations and theft of proprietary information by a temporary staffer.