5 minutes
For credit unions nationwide, internal fraud represents a significant and growing problem.
The financial services sector has the highest incidence of internal fraud across 23 industries, according to the Association of Certified Fraud Examiners’ 2012 Global Fraud Survey: about 17 percent of all insider fraud incidents, vs. just over 10 percent each for government/public administration and manufacturing.
The National Credit Union Administration earlier this year said that fraud contributed to the closure of more than 40 percent of the 192 credit unions that have failed in the last 10 years. In a 2014 report, CUES Supplier member CUNA Mutual Group said that almost half (46 percent) of claims paid between 2009 and 2013 under its fidelity bond coverage involved insider fraud -- and that 71 percent of claims for losses caused by employee dishonesty were submitted by credit unions that hadn’t had any employee dishonesty claims during the prior three years. Just as disturbing, the CUNA Mutual Group report said that dishonest credit union employee actions are typically not discovered until upwards of $140,000 has been stolen over the course of 18 months.
Internal threats are not easy to detect. According to the 2014 Verizon Data Breach Investigations Report, that’s because as much as 88 percent of insider fraud stems from “privilege abuse”-- taking advantage of the system access privileges granted by an employer and using them to commit fraudulent activities.
While most credit union employees are honest and law-abiding, trusting them without verification of that trust, and hoping a disgruntled or rogue employee does not turn against an organization, does not make for an effective internal fraud prevention strategy.
What does constitute an effective strategy? A combination of strengthened employment and employee policies, together with data analytics tools that can quickly process and analyze large volumes of data to detect and disrupt insider crime.
Improve Pre-employment Checks
Too often, employers rely on an element of trust alone. They frequently take job applicants at their word when they check a box declaring they have nothing to disclose.
Assuming your credit union runs background checks on recruits, ensure that yours are effective. New employees shouldn’t begin work until your human resources staff has followed up on their references. Do not place a candidate who has “references pending” into any position of trust until you’ve run a check. And be sure to cross-reference applicants against your organization’s internal records.
Address Insider Threats With Employee Communications
Credit unions should educate all new employees about fraud protection policies and individual responsibility to report suspicious behavior. Such an effort is important on two levels: it makes transparent a credit union’s anti-fraud program, and it communicates to employees that they are essential partners in ensuring the security of customer accounts and the very integrity of the credit union.
Senior management should conduct employee outreach not just during orientation sessions but through frequent updates reinforced by supportive messages – on screensavers and login pages, for example -- about the organization’s ethical standards.
According to the 2014 ACFE Report to the Nations on Occupational Fraud and Abuse, whistleblowing still accounts for the highest level of early identification of internal fraud. Credit unions can take a number of actions to encourage employees to report suspicious activity, including:
- reviewing corporate policies to put in place clear reporting lines and to ensure there are sufficient contingencies to give staff options when they have systemic concerns;
- implementing staff training programs on whistleblowing, including resilience techniques to help mitigate stress levels;
- making anonymous employee assistance programs available to staff for counseling; and
- initiating corporate communications programs to affirm that whistleblowing is encouraged when employees have real concerns.
These measures may help to improve how employees feel about reporting wrongdoing but this will count for nothing if businesses do not have adequate systems in place to manage whistleblowing complaints in a consistent and structured manner. In a small to medium-sized business, it may be possible to achieve a solid and predictable process by using Excel spreadsheets or paper-based approaches, but this is inadequate in big businesses with large workforces operating in geographically dispersed locations.
Monitor Online Activity With Data Analytics
With insider threats, it’s difficult to fully understand the threat or motivation, and even more difficult to know what to look for. Financial crime analytics software – used as part of a broader anti-fraud effort employing the support of staff through regular, transparent communications -- can help.
Financial crime analytics software allows your credit union to easily and quickly manage, integrate and analyze complex data and institutional intelligence holdings across both fraud and compliance teams, which have traditionally operated separately. It can do this to pinpoint and highlight suspicious activities, unusual relationships, and persons and events of interest. And because it can do so earlier and more accurately than other approaches, financial crime analytics software can protect credit union employees from false alerts and other problems.
Furthermore, a comprehensive detection and investigative capability, when combined with a regulatory compliance solution, will address the broader organizational policy and compliance needs associated with financial crime risk management.
By identifying and characterizing insider threats, and assessing the vulnerability of critical assets and operation, credit unions can use financial crime analytics to better identify ways to reduce those risks and prioritize risk reduction measures. They can clearly plan for the likelihood and consequences of specific types of attacks, and better manage and minimize the risk.
Insider fraud will always be a challenge for credit unions. But by adopting strict employment policies, keeping employees fully informed of anti-fraud policies and practices, and implementing financial crime analytics to keep a watchful eye on insider transactions, credit unions can more ably prevent insider fraud, mitigate potential threats, preserve data and ultimately protect their reputations.
Derek Brown is VP/Americas for Wynyard Group, which develops financial crime analytics software. Derek has more than 20 years’ experience in assisting organizations gain business value from effective use of technology, and is an expert in applying advanced crime analytics in Financial Services organizations and Government agencies. For more information, please visit: www.wynyardgroup.com.
CUES’ Credit Union Management’s online-only “HR Answers” column runs the first Tuesday of every month.