Banks need to guard against fraud

Northwestern Financial Review, Feb 1-Feb 14, 2003 by Bengtson, Tom

[interview: Thomas Buckhoff]

Q

How prevalent is fraud in community banks?

It is very prevalent. The average fraud loss per incident is $200,000 for banks with 100 or fewer employees.

Are frauds generally perpetrated over a long period of time, or are they more likely to be a one-shot deal?

Most frauds are on-going frauds. The people being caught tend to be in these fraud schemes for the long term. They tend to go on for an extended period of time, an average of about 18 months.

Is there a way to identify employees who might be more prone to commit fraud than others?

Offenders have three common characteristics that we call the fraud triangle. These three elements are always present in cases we have investigated. First, there has to be an opportunity to commit the fraud by the employee. And usually the employee will somehow exploit their job responsibility in order to commit the fraud. The second element is what we call financial pressure. Or it is sometimes called an unshareable financial problem - a financial problem people bring upon themselves that they are kind of embarrassed about and are not very comfortable talking to other people about. Examples would be debts from gambling, drug habits, alcoholism or having high credit card balances. The third element of the fraud triangle is rationalization. The person has to somehow be able to justify the act as being okay. The people say to themselves: "Well, you know, everyone else is doing it," or "I'm only borrowing the money, I'll pay it back later," or "I deserve to be paid more than what they are paying me, they can offord it." Those are rationalizations. And people of lower integrity tend to have an easier time rationalizing things. So if you have somebody who has opportunity, and they have high financial pressure, and they have low integrity, that is your high fraud risk employee.

What are the things a bank can do to reduce their chances of being victimized by fraud?

The most effective thing is to have a good system of internal controls. This begins with making sure that certain responsibilities are segregated. For example, there are three main responsibilities within a company. One is called the custody of asset responsibility, the second is called an authorization function, and the third is known as a record-keeping function. You don't want one person to be able to do two or more of those things.

Has technology made it easier for some people in banks to commit fraud?

Yes. At one bank, the controller was calling a correspondent bank and having a payment made to his own personal credit card account. By being able to make that phone call, he had an authorization function. He was able to authorize a correspondent bank to wire a payment on a credit card balance, something banks do all the time. But where he had an incompatible responsibility was he also had a record keeping function. He had to go to the accounting records and explain where the money from the correspondent bank went. So he lied about what the cash was used for. He created fake expenditures to cover up this cash that was wired to pay off his personal credit card amount.

What might indicate to a bank president that fraud is taking place?

Discrepancies in the records would be a big thing. Tips and complaints from customers is another thing. Customers who are calling in with complaints about their account balances not reconciling or they don't understand some entries on their accounts ... that would be a red flag. Also, if a certain employee has a change in lifestyle, you might become suspicious.

If a bank president suspects someone is committing fraud is it best for the bank president to handle it himself or should he just call the police right away?

If you call law enforcement and say: "I think I have an employee who is stealing money from me," the response you will get is: "when you know you have an employee who is stealing from you and you have evidence to substantiate that, then give us a call." The police do not have the time nor the resources to look into every single suspicion of fraudulent activity.