Types of employee fraud
The operations manager for a $56 million bank controlled the suspense accounts entirely on her own. She reviewed the unposted report on a daily basis, clearing out items in the bank’s accounts. She manipulated entries through a series of suspense accounts to prevent the posting of debits for checks drawn on her family’s checking accounts. Ultimately she debited accounts and embezzled more than $3 million. She worked for the bank for 18 years.
An executive vice president with complete funding authority at a $52 million rural bank built a pyramid of unapproved and fraudulent auto dealership loans to unworthy customers for kickbacks in return. Further leveraging his scam by misappropriating payments, he caused a $2.3 million write-off to the bank for bad loans.
Take these two examples of actual claims from the files of Progressive Insurance and insert any name of any bank in the United States. Employee dishonesty is the number one cause of fidelity losses for U.S. banks.
While large international banks deal with reputational risk and other serious and costly fallouts from Enron, Worldcom and other scandals, the nation’s community banks face scandals of their own. Much like independent insurance agencies, community banks are part of the heart and soul of “Main Street America.” Like any small business, these local, neighborhood banks encounter risks with potentially crippling financial effects. None is as great as the threat of employee theft, embezzlement and employee fraud.
Community banks have been making claims for employee dishonesty since fidelity insurance began in the 1920s. “The problem is omnipresent,” said Craig Collins, business development manager for Progressive Insurance. No bank is exempt from the threat of defalcations by bank insiders whose chief limitations are often only their own innovation and ingenuity. “It’s simply human nature and given the opportunity, there are many people out there who would attempt to do it,” Collins said.
According to Progressive, employee dishonesty is behind more than half of the financial institution bond claims paid during the last 18 years. Progressive Casualty Insurance Company underwrites the American Bankers Association-sponsored insurance program that offers directors and officers liability, financial institution bond, Internet banking liability, employment practices liability and other related insurance products for community banks.
The Surety Association of America reported that from 2000-2004, 47.1 percent of losses under financial institution bonds for commercial banks were due to employee dishonesty by regular bank employees. Dishonest employees caused 39.5 percent of losses at savings banks, while at savings and loan associations, they accounted for 69.9 percent of losses.
According to the SAA, the loss ratio for fidelity under financial institutions bonds in 2004 was 50.3, but the ratio is fragile since one large loss can move the results in any given year.
“It’s such a small line of insurance you can’t really look at a loss ratio in a given year; it jumps around,” said Edward Gallagher, general counsel of SAA. “No one auto accident is going to affect the ratio for auto but a single large loss can affect the ratio for fidelity.”
Bob Jones, principal of RW Jones LLC, a consultant and expert witness with more than 30 years experience leading fraud risk management programs, is all too familiar with the circumstances surrounding inside jobs at banks.
“What we are talking about here is the ‘fraud triangle’ or the ‘fraud equation.’ A need, plus opportunity, divided by personal integrity, equals one’s propensity,” Jones explained.
In other words, the greater someone needs money, the more likely they are to steal when presented with an opportunity. And when more opportunities to steal exist, the greater the temptation.
“The important thing is to not put undue temptation in front of that employee,” Jones said. “Nobody knows what demons that employee is facing. The only thing the bank can control is opportunity.”
The schemes and manipulations employees use to steal money from banks have remained fairly constant, although there are more electronic as opposed to written transactions today.
“The perpetrators can now transfer money electronically from their computer screen; maybe write themselves a draft or print out a check draft and cash it,” Collins said. While the methods may have been modernized, the old-fashioned intent to deceive is still present.
“In some cases technology has helped employee fraud in banks, in other cases it’s hindered it,” according to Jones, who cited the example of harvesting customer information for sale to identity thieves. “If everything is computerized, it’s a lot easier to harvest on a wholesale basis. I remember getting into the banking business in the late ’70s and we still out-sorted checks and rendered statements at the branch. I don’t know if anybody does that now. In fact many community banks don’t do that function at all. They’ve outsourced that to service bureaus.”
Experts generally agree the Internet has not had a major impact on employee fraud. The Internet has caused some problems for banks, but only externally in terms of the velocity and volume of transactions that can be run through electronically.
The amount and type of loss is usually proportional to the numbers of employees, and the type of dishonesty typically coincides with the type of employee.
Vic Stewman, banking sector manager for Chubb Specialty Insurance, said most of the employee dishonesty claims he sees are loan related. “They are generally in collusion with another party and are situations where the lending officer fraudulently constructs a loan,” he said. Chubb has offered specialized insurance policies to financial institutions for more than 40 years and is among the top top writers of financial institutions, as measured by written premium.
Other emblematic crimes from a lending perspective occur in a variety of ways including: a forged or fictitious note, a loan to an insider or fake customer, embezzlement of escrow accounts, stolen commissions or kickbacks, diversion of recoveries on charged-off loans or loans secured by phony collateral. But, most commonly, a loan officer will create a fake customer or loan and then take the proceeds from it out of the bank.
Insurers also see adjusted trading, which usually involves collaboration between bank employees and security dealers to trade securities at inflated prices. Concealing trading losses or forging unauthorized purchases and sales of securities with the benefits accruing to the employee happen as well.
Sometimes employees will attempt unauthorized withdrawals on dormant accounts. These might involve fictitious charges for overdraft payments or checks made out to employees against customers’ accounts.
“I would highly recommend to any community bank to pay special attention to inactive or dormant accounts. And to have a process in place so that unexpected transactions can be detected,” Jones said.
Other times, crooked employees will cook up fake accounts. They have also been known to manipulate a bookkeeper’s throw-out items as well as misappropriate service charges and forge checks and money orders.
Among bank employees, bank tellers tend to steal by actually taking money directly out of the vault, mostly in small cash amounts. Sometimes tellers will produce fraudulent checks to draw on actual customers’ accounts or fake accounts or they will manipulate cash items.
Occasionally a bank teller might make a large heist from a vault but major incidents are more likely to occur in the lending department where workers deal with bigger amounts.
Typical losses
Insider fraud within banks happens at every employee level, but the embezzler who steals the most money is very often the seasoned and well-trusted employee. Often it’s the practiced employees who have been with the bank for a long period of time and have gained an ample amount of trust and control over a specific area or account that end up stealing.
According to Collins, there are red flags. A typical case usually involves a trusted employee who has a lot of responsibility within the bank and doesn’t take vacations. “They tend to be very territorial in their business because they are attempting to cover up the fact that they are taking money out of the bank,” he said.
Collins said he sees a lot of tenured employees get caught up in employee dishonesty. “It’s a problem that isn’t going to go away; it is always going to be there. You can lessen your exposure by doing certain things but you’re probably never going to be able to eliminate it.”
Policies
A financial institution bond, also known as a “blanket bond” or FIB, is designed to cover dishonesty, fraud, theft and counterfeiting by an employee. According to a survey by the American Banker’s Association in 2003, the FIB is the most common type of insurance purchased by banks. The average premium for a FIB for a community bank (up to $250 million in assets) was $10,208 in 2002. The typical aggregate limit of liability was $450,000.
The SAA reported that direct written premiums for 2004 for financial institution blanket bonds totaled $303.7 million; incurred losses were about $150 million.
A large super regional bank may well retain as much as $10 million per incident regarding these losses, insuring only against major heists. Smaller banks can’t afford to take such a big hit.
Most of these bonds are fairly standard and the insurance industry hasn’t seen any major changes in them since the inception of fidelity insurance in the 1920s. There were some changes during the 1970s when banks started to become more computerized, but the language has remained fairly consistent.
Safeguards
Although FIBs and bankers’ blanket bonds cover the majority of monetary losses associated with defalcations, community banks can suffer other types of losses as a result of these crimes. Of big concern is the damage to reputation.
“The problem you have with employee theft is the corrosive effect that it has on a community bank,” Jones said. “On the lowest level it affects employee morale; on the highest level it affects the very safety and soundness of the institution. It’s very likely to become public record because of the low threshold for federal prosecution of bank employees.”
Banks are not powerless to protect themselves against employee dishonesty.
“Banks should have an effective set of internal controls and do a good job of applicant screening,” Jones said. “Effective internal controls make sense.”
Some candidates for bank employment just don’t make sense. “It would seem to me to be unconscionable to hire someone to be a teller who is well over his head in debt or has a drug addiction,” Jones said. “Doing an effective applicant screening to verify employment, education, credit and drug screening are all very helpful. All of the fraud filters that people design both for external and internal fraud are essentially intended to identify anonymous behavior.”
He recommends that banks require employees to take vacations that extend over two consecutive weekends. Vacation time gives the bank a chance to review the employee’s transactions.
Another internal control is called “segregation of duties,” where one employee doesn’t have the ability to start and end a transaction. “We wouldn’t want a loan officer to have the ability to originate and disperse the proceeds of a loan because if they control the entire function, they’re ability to make fictitious loans increases dramatically,” Collins said.
Jones agreed. “Separation of duties is very important though difficult in a community bank environment. But separation of duties helps prevent the sort of general ledger account abuse where you’ve got people who are able to both make entries to and reconcile general ledger accounts.”
Enacting employee transfers is also an effective deterrent, but this may be tough for community banks due to their size and positions available.
Dual control is also very important. “I cannot overemphasize the need for that,” Jones said. “Have dual control … real dual control where two people actually split the combination not just one person watching another.”
The experts also stress the importance of operational audits. “Too many audit departments, particularly in the larger banks, are merely looking at the adequacy of financial statements. They are not getting down into the trenches,” Jones said.