In Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners (ACFE) report that employee fraud, or occupational fraud, “is likely the largest and most prevalent threat” faced by organizations. When employees abuse their position for personal gain, exploiting assets such as identifying information or confidential data to commit illicit activities, they are committing employee fraud. This “fraud committed against the organization by its own officers, directors, or employees—constitutes an attack against the organization from within, by the very people who were entrusted to protect its assets and resources.”
In the banking and financial services industry, from January 2016 to October 2017, the median loss to organizations globally was $110,000 USD across 366 employee fraud cases. The banking and financial services industry suffered the highest number of employee fraud cases of the 24 industries studied by ACFE.
The potential for loss from employee fraud cannot be understated. One scheme that made headlines was the case from Punjab National Bank that involved two employees who assisted criminals in defrauding the bank of almost $2 billion over a seven-year period.
How Internal Fraudsters Strike
Financial institutions are especially vulnerable to employee fraud, as fraudsters within the organization have access to large amounts of personal identification information and financial transactional data, along with access to customer accounts.
Employees are intimately aware of financial service controls, and can circumvent regulations to commit fraud, such as committing illicit activities with small, hard-to-detect amounts of money.
Employee fraudsters can steal small amounts from a large number of customers, building up their own bank accounts or transferring funds to the bank accounts of family members or associates.
Here are five tactics employees may use to commit fraud against financial institutions:
- Monitoring customer accounts for activity, and skimming funds from inactive or less active accounts
- Skimming funds from unmonitored accounts, such as elderly customer accounts
- Reversing non-sufficient funds (NSF) fees, and transferring the refunded charges to their own personal accounts
- Opening fraudulent accounts with stolen or fictitious information, collecting the employee sales rewards, and closing the accounts
- Manually modifying sales numbers to increase employee sales rewards
Beyond Financial Loss
In 2018, PwC noted in the Financial Crimes Observer that “…cases of internal fraud have resulted in major financial losses and reputational harm to financial institutions over the past year, and regulators have responded with increased scrutiny.”
While these schemes can add up to significant fraud losses for financial institutions and their customers, they can also enable money laundering and other illicit activity.
The 2018 National Money Laundering Risk Assessment, published by the U.S. Department of the Treasury, warns “the most significant money laundering risks in the United States include misuse of cash, complicit individuals and financial services employees, and lax compliance at financial institutions.” The Treasury Department explains that “criminals seek out complicit merchants, professional, and financial services employees” who may turn a blind eye or become partner to illicit activities.
Detecting & Monitoring Internal Threats
In order to protect themselves from evolving external threats, financial institutions continue to strengthen their fraud controls by deploying fraud detection solutions across a variety of channels.
However, when establishing fraud controls, it is imperative that financial institutions do not overlook the threat from within.
Appropriate monitoring of both employee access logs and transactional activity can alert institutions to fraudulent activity by employees, including, but not limited to:
- Cash theft such as skimming customers’ cash deposits and force balancing the drawer
- Unauthorized cash or cashier’s check withdrawals from customer accounts
- Refunding customer charges or fees to the employee’s personal account, including manually posting transactions to an employee’s personal account
- Sharing confidential information, such as personal identification information, transactional information, or account information, with third parties
- Abuse of a deceased or disabled customer’s account
Financial institutions may have internal controls, processes, or procedures in place to monitor employees for unusual behavior. However, institutions should consider how automated fraud detection solutions that continuously monitor employee accounts and customer account access could proactively uncover unusual employee activity — ultimately reducing the reputational and financial risks of fraud and illicit activity from internal bad actors.