Banking and Financial Services account for the largest share of internal fraud cases examined by the ACFE, with 15.4% of the total.
You and I aren’t strangers to internal fraud in banks. But, it is a pressing issue now more than ever. With new types of fraud surfacing each day, banks must take appropriate measures to understand and prevent them.
So let’s dive into it starting with the types of internal fraud in banking.
Examples of internal fraud in banking
- Transaction reversal by tellers
Imagine you deposit a certain amount of money in your bank account. But someone from the bank staff reverses this transaction and steals your money.
Committed using transaction reversal, this type of fraud is usually targeted toward vulnerable accounts (like elderly customers or dormant accounts).
- Account manipulation
Your bank employee might alter charges, interest rates on loans, or even increase credit limits. A classic case of stealing from the bank’s profits for personal benefit.
- Account takeover
A fraudulent bank employee might gain access to a dormant account and carry out unauthorized transactions by changing the account details.
- General ledger fraud
An employee might create a fake company (vendor for the bank) and its bills. He may then encash the amount payable to the company from the bank by adding it to the general ledger.
- Loan applications
In such cases, employees borrow loans using stolen customer IDs.
In the aftermath of this fraud, the customer refuses to repay the loan (since he did not issue it in the first place). Hence, the bank suffers a loss.
- Four eyes violation in private banking
Imagine that an employee enters a transaction (on behalf of a client) in the bank’s private portfolio management system. The system then sends this transaction to the compliance team for validation. The team checks the transaction and approves it if it is authorized. But the compliance employee could be anyone. It could also be the one who has initiated the transaction. This way, one person can do both – initiate and approve the transaction – completely violating the four-eyes policy. Banks must have a system in place to check for such cases.
- Internal collusion
Driven by the motivation of making quick money, two or more employees might jointly commit fraud within the system. Multi-people fraud is difficult to detect as it might involve important stakeholders from different departments covering up for each other.
- Data theft
A customer’s data, including PINs and account details, can be sold in the market or used to commit fraud. Bank employees deal with such data on a day-to-day basis. Hence, they must have a strong internal control system to safeguard customers’ data.
- IT changes at the back-end
IT administrators are the backbone of a bank’s operations. But they may also temporarily grant the system’s access to a non-IT employee, who can then approve a fraudulent transaction.
- Credit abuse
Here, a bank employee uses his knowledge and position to sanction credits for himself or his close ones. This might result in banks lending more amounts than the borrower is capable of paying.
Usually executed by employees at higher levels, the intent of this fraud isn’t to defraud banks. But to use the power which comes with the job.
How to prevent internal fraud
To prevent fraud, it’s important to understand the conditions that nourish it. Let’s quickly dive into the ‘fraud triangle’ for the same.
The fraud triangle
Back in the 1970s, Donald R. Cressey (a criminologist) investigated occupational fraud and found 3 key conditions that lead to it. He named it the ‘fraud triangle’. The 3 conditions are:
Pressure from superiors, personal financial issues, and working under unethical management can serve as motivation. While opportunity pertains to weak internal control and accounting policies. These, when topped with the ability of an employee to rationalize cheating, create a perfect setup for fraud.
Rationalization refers to an individual justifying his act of crime by backing it with a cause. For example, the bank didn’t pay me well, didn’t treat me well, it’s a victimless crime etc.
- Background verification
The banking industry has 70% of its employees involved in direct cash transactions. The more the people involved, the more are the risks.
Banks do conduct thorough background verifications (BGV) on the people they hire. However, due to the lengthy ‘full and final’ employee exit process in Banks, the hiring bank has to wait for 3 months or more to get the final verification report. During these months, the bank is vulnerable to a fraudulent employee.
Verifying new employees before onboarding them can help reduce these risks significantly. This can be done through a host of digital pre-onboarding checks that are fast and efficient.
BGV checks for the banking industry:
- Identity check (Aadhaar, PAN, & driving license)
- Address check
- Education check
- Past employment check
- Court record check
- Police Clearance certificate check
- Reference check
Unfavourable court record check results are responsible for the majority (46%) of red BGV cases in the banking industry.
It’s fair to say that candidates with a red BGV are a potential threat to your bank. Someone with an adverse court record check, fake education documents, or fake past employment cannot be trusted with handling your customer’s money. But BGV helps you tackle and prevent potential threats at the source.
We recently released our ‘BGV insights report 2021-22’ which is based on 3.5 Million BGV cases from 14 different industries. Find out what it says about the banking industry here.
- Strengthening internal controls
There is a list of systems that banks must install to prevent internal fraud. They are:
- Limit system controls
Mandate IT administers system login using their own credentials only. Keep a check on the profiles accessed by the users and who gains temporary access to the system. Watch out for employees who have access to more in the system than they should have.
- Mandate system log out after working hours
Employees who intend to commit fraud tend to access the system when no one’s watching. The best time for this is post-working hours. It’s important for employees with access to sensitive information to log out and prevent misusage of the data.
- Monitor employees & educate them about signs of fraud
Using technology to watch employee activity is a must in today’s age of internal fraud. To do so, software that can help you track real-time data are preferable. Real-time tracking enables you to spot the trail of red flags and helps in the further investigation if required.
- Use relationship discovery
This will help you avoid fraud that involves employees colluding with outsiders. If an employee is found guilty, this system also helps make an informed case against the suspected fraud.
- Regularise internal audits
Instead of being dependent on account audits, execute an internal audit. It helps surface fraudulent activities that might have sneaked from right under your nose. A safer approach would be to prefer audits by expert fraud examiners.
- Establish a channel of employees who report the red flags they notice at work
Having trustable sources to tip you off can help you move quickly and save the damage that comes with the fraud.