Insider Fraud: What Banks Are MissingExperts Say Institutions Focused on Wrong Targets
Three new bank fraud schemes investigated by federal authorities showcase just how prevalent insider fraud actually is - and why banking institutions have such a difficult time thwarting it.
See Also: How to Defend Your Attack Surface
On July 15, federal authorities in Texas arrested a former employee of the National Bank of McAllen for an alleged $230,000 scheme that began in January 2006. On July 16, federal prosecutors in Mississippi sentenced the former CEO of People's Bank of the South, based in Bude, to 78 months in prison for the role he played in a money laundering and fraud scheme that ran eight years. And last week, a former Bank of America employee in Massachusetts pleaded not guilty to charges in connection with an alleged $2 million Ponzi-like scheme that defrauded relatives and elderly accountholders at her BofA branch in Reading.
Experts say a top fraud-prevention challenge is keeping tabs on fraud perpetrated by middle-managers and top-level executives because of the access they have to data and their knowledge of internal systems and controls.
The final results of Information Security Media Group's 2013 Faces of Fraud survey show that 27 percent of participating financial institutions suffered financial losses within the last year because of insider fraud. While 40 percent say they believe they are well-prepared to detect insider schemes, 58 percent report they saw no decrease in insider fraud incidents in the last 12 months.
Some 44 percent of institutions say they rely on internal whistleblowers for the detection of insider fraud, while 42 percent rely on behavioral monitoring and 38 percent rely on quarterly employee-activity reviews.
"Insider fraud is still not getting the attention it needs," says Tom Wills, an independent financial fraud consultant. Banking institutions are aware of the risks, but less than half are well prepared to detect it, he adds.
Shirley Inscoe, an insider financial fraud expert and analyst with consultancy Aite Group, says most institutions are investing in tools to detect insider fraud, but the tools are only partially effective.
"Most banks that deploy insider fraud prevention tools target them toward their largest populations of employees, and typically lower-level employees such as tellers, customer service reps, lenders, call center reps," she says. "Rarely do they focus as much on middle-managers and higher-level employees, who have much more authority and can steal much more money if they choose to."
Ongoing economic struggles have fueled upticks in insider fraud, Inscoe adds. "According to both your survey and bankers I am talking with, one result of this ongoing poor economy has been the continued rise in employee fraud," Inscoe says. "People in desperate financial situations, or who fear they may lose their jobs, do things they normally would not do. And desperate people more easily rationalize doing things they know are wrong."
Cases Reveal Typical Trends
Inscoe says all three of the recent insider fraud cases hinged on schemes that are relatively easy for insiders to master.
In the Texas case, Edna Edith Sepulveda, allegedly placed funds into bank accounts in her parents' names. She then withdrew the funds for fraudulent means, court records claim.
"It is common for thieves ... to hide stolen money in an account of a parent or sibling or to open a completely fictitious account they have control over to avoid placing stolen funds in their own accounts," Inscoe says.
In the Mississippi case, Larry Barnette Hill's position as CEO likely shielded his scheme from detection, she adds. "Few employees ever question anything the CEO does; after all, he has the power to fire anyone who upsets him."
Even banking institutions that rely on anomaly detection to identify insider schemes often fail to catch fraud at the executive level, Inscoe says. "[It] is ineffective, since there is no class of employees in these senior level positions to compare to, to determine what is 'normal,'" she says. "If you can't define normal, you can't detect anomalies."
And in the Massachusetts case, according to news reports, former BofA employee Elaina Patterson allegedly convinced bank accountholders she knew that they could earn up to 15 percent interest by investing in certificates of deposit typically reserved for large companies and wealthy customers. In reality, they could not, court records claim.
Inscoe says the deceit of a trusted employee who targets the elderly is all too common in insider schemes. "They consider the employee as someone they can rely on and usually will wait for that employee instead of dealing with others," she says. "This actually makes it much easier for such employees to hide their theft."
But also keep an eye out for the full survey results report coming soon.