Combatting insider fraud requires a combination of great technology and smart low-tech governance policies. Shirley Inscoe, Fraud Management Consultant, Shirley Inscoe Consulting, is very knowledgeable about both, so she gave a presentation at BAI Payments Connect Conference & Expo about who the insiders are, what some contributing factors might be, and how to mitigate the fraud with a few high- and low-tech best practices.
Insider fraud, or occupational fraud, is defined by the ACFE (Association of Certified Fraud Examiners) as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.”
There are probably as many types of insider fraud as there are employee personalities. Inscoe’s brief list included falsifying loan documents, selling bank or customer information, misuse of assets or position, taking money from cash drawers, identity theft and mortgage theft. “Probably the most pervasive – and least understood by employees – is leaking bank information,” she said.
Who commits fraud?
According to Inscoe, all employees are financial institution insiders and have the potential for fraud – contract, suppliers, those working remotely, people who were inherited during a merger and even outsource employees.
She pointed out that financial institutions may be able to control some internal, contributing factors that create vulnerabilities: This is about creating a culture that helps protect the bank from fraud. Some examples that Inscoe gave include creating a more secure HR screening process and stopping idle chatter about mergers or the possibility that the bank won’t make its goals for the year.
Another crucial contributing factor may be access; Inscoe said that employees may not realize the risks associated with some of the technology and data that they deal with. “Employees often have access to more information than is needed to do their job – this is not uncommon,” she said. “It’s amazing how hard it is to take access from someone! They can change jobs within the bank, and if you talk to them and say that you want to delete a system access, it is like you have insulted them or accused them of something. But it is something that I think, frankly, that banks do a very poor job of.”
Inscoe says that you may not be able to spot a fraudster on the street, but there are definitely signs that you can watch for when there is a possibility that you are working with one. Here are some red flags:
- Never takes a vacation.
- Very possessive of responsibilities.
- Insists on waiting on certain customers.
- Volunteers to work after hours.
- Angry over a demotion.
- Lifestyle change; living beyond means.
- Evidence of addiction.
These behaviors are not evidence of a fraud, but they may be an indication of trouble. Inscoe reiterated that early detection of fraud helps reduce losses, so these clues many help managers and co-workers spot a problem early.
It’s important to maintain a record of all employee and customer activity. This documentation will be needed during the investigation. Inscoe says to retain all email, phone and computer data. She also says that all cases must be investigated on a timely basis.
When selecting a technology to detect insider fraud, Inscoe advises firms to choose a product that addresses multiple business areas and utilizes many analytic capabilities including anomaly detection, peer group analysis, pattern detection and sequential act detection. Make sure that the product produces low false positives so that you can review all cases generated. It should also provide documentation to be used for employee interviews.
Stay tuned for my next post from BAI Payments Connect, which will be about Jodi Pratt’s presentation on creating an anit-fraud culture in your organization. Follow all of the posts on BAI.