Shirley Inscoe is the Director of Financial Services Solutions at Memento. Before this, she worked at Wachovia Bank for 29 years. Shirley co-authored the book “Insidious: How Trusted Employees Steal Millions and Why It Is So Hard for Banks to Stop Them”. In this interview she discusses insider bank fraud and illustrates how it happens and what we can do to mitigate it.
How big of a problem is insider bank fraud?
It is impossible to say for sure – in large part because banks don’t have established industry standards for measuring these losses, don’t report this kind of information to any external governing body, and a great deal of employee fraud goes undetected.
Plus, the financial damage can be difficult to quantify. There are direct remediation costs from fraud incidents – reimbursing customers’ stolen funds, closing accounts and opening new ones, issuing new debit and credit cards, etc. – but there are also indirect costs from damaged reputation, reduced shareholder value and so on. What’s clear and undeniable is that each and every year billions of dollars disappear due to internal bank fraud.
What can be done to mitigate it?
As is always the case, the first step toward a solution is to admit that there is a problem. Once they’ve gotten past the denial stage, and have defined the problem, banks need to look at fraud detection processes and solutions that can help them solve the problem. A strong system of internal controls that is actually observed in day-to-day operations is key, but is not enough to prevent all internal fraud. Due to the very nature of banking, employees must be entrusted with access to various systems and the information necessary to do their jobs. A weak system of controls can actually foster internal fraud by lulling management into a false sense of security while insidious employees clearly see the opportunities to steal with a low risk of being caught.
As in many other areas of financial services, technology has made great strides in the ability to detect specific employee behaviors indicative of internal fraud as well as providing the tools to perform a thorough investigation and the facts to confront the employee to obtain a confession during the interview process. Internal fraud no longer has to be considered a cost of doing business with strong solutions available.
What are some of the ways that employees commit fraud?
There are many ways bank employees can commit fraud. But, in simple terms there are four primary avenues for insiders to commit fraud. Insiders can:
- Steal money from the bank,
- Steal money from the bank’s customers,
- Steal information from the bank, or
- Steal information from the bank’s customers.
That being said, the method often depends on the employee’s position inside the institution and their level of access to accounts and systems. Some of the more common approaches are well known, but difficult to detect, such as thefts from general ledger, loan lapping, selling confidential customer data, collusion, etc. Employees also can work directly with organized external crime rings to enable identity theft, check fraud, new account fraud, credit card fraud, ACH fraud, deposit or payment fraud, debit card fraud, loan and/or mortgage fraud, online account hijacking, and various types of cross channel fraud. In addition, typically, the higher level the employee is, the larger the losses are because higher level employees have greater access, authorization and approval levels.
Do fraud losses get passed on to customers?
They certainly do. Losses get passed on in the form of higher interest rates charged on loans and credit cards, lower interest rates paid on savings, and higher fees overall. The other way consumers “pay” is in the case of stolen information. When your personal information is stolen due to internal fraud, there is no way to restore the confidentiality if that data, and as anyone who has been the victim of identity theft knows, the cost in time and aggravation – not to mention real dollars – is very high. In addition, statistics show that once an individual has become an identity theft victim, they are more likely to be re-victimized because their confidential personal information (Social Security number, date of birth, driver’s license number, etc.) has been permanently compromised.
Is there a personality profile of the employees that commit fraud?
This is one of the most fascinating aspects about this crime. We devote a lot of space in our book – Insidious – addressing exactly this topic. The personality profile of a typical employee that commits this fraud is ironically the type of person banks want to hire. That is why the crimes are often so shocking. It is often committed by the popular senior vice president, the trusted branch manager, the customer service representative who never missed a day at work or the dependable administrative assistant. It’s a fact that fraudsters are often some of the institution’s top performers. That is because the same creativity, attention to detail, and intelligence that helps them succeed at their jobs also helps them succeed at fraud. And to compound the problem, as employees rise in the organization, they’re often given more trust while, at the same time, their opportunity to commit major fraud increases.