Early in my banking career during an employee orientation, a very tall, distinguished executive from corporate security walked into the meeting room. His speech to all of us was short and basic, "If you steal money from this bank you will go to jail." He then went around the room and asked each one of us if we understood how serious he was about putting thieves behind bars. One could argue his form of personalized scare tactic was effective, because I still remember his impact and tone to this day. Kudos to the bank for addressing the unspoken topic of internal fraud during employee onboarding, but fast forward to today where more attention is needed in this area as we are seeing employees with their hands in the till perhaps more now than ever.
Internal fraud is now featured high on the list of the monitoring agenda for regulators, law enforcement, bank executives and bank corporate security teams. For one of the first times in history that I can remember, regulators are issuing stern warnings to banks to improve their internal fraud controls which has resulted in further conversations at executive level which look at the problem more strategically.
These warnings from regulators have taken the form of MRA's (Matters Requiring Attention) -- and Internal Fraud certainly does need attention. Internal fraud appears in all kinds of forms, from the simple to the complex. For example, there is the case of business misconduct of gaming the sales incentive plans to collusion with outside 3rd parties. There are key buckets of employee fraud types, however, that are most prevalent. These are:
– Employees gaming an incentive program, like collections, for personal gain.
Business Misconduct Fraud – Employees opening accounts without consumer consent or knowledge, which can sometimes be combined with Incentive Fraud.
Self-Dealing Fraud – Employees reversing fees, reducing interest rates or other policy violations.
Theft – Employees taking cash at the branch, or electronically moving money from a customer bank account to their account, changing the address on a customer credit card account and then committing fraud. This list goes on. This type of theft can sometimes take the form of Elder Abuse if the theft of funds come from an account belonging to a senior citizen.
What actions can a financial institution take today to create a robust internal employee fraud program?
Focus on Policy Violations – Not all policy violations result in termination. But the adage goes, where there is smoke there is fire. Ensure you have a centralized platform with the right data integration to produce alerts to inform the corporate security teams of the most severe policy violations.
Create a Correlation with your First and Third-Party Fraud – The fraud that is reported by your customers is a good place to start to link to suspicious employee activity. Questions to ask are, "Did my employee view the fraud account too frequently?"
Data Matters Too – Ensure your internal fraud controls are not only looking for policy violations and account manipulation but theft of data, this type of internal issue can lead to serious consequences.
Flexible Detection Logic- The ability to adjust Internal Fraud detection rules and models quickly to respond to new threats is critical.
Just like many types of fraud, internal fraud is growing and it takes fast-moving solutions with sophisticated behaviorial analytics to help get to the culprits quickly without financial or reputational loss to an organization. If your organization hasn't done so recently, then it should review policies and procedures along with technology innovation that often includes breakthroughs in behaviorial analytics to keep the fraudsters away from the potential cookie jars and piggy banks at your firms.