RiskTech Forum

Clari5: The Threat Within. Spotting and Arresting Insider Fraud

Posted: 25 April 2019  |  Author: Naresh Kurup  |  Source: Clari5

Insider fraud, mostly through employee theft, is a growing, global problem and the 2 sectors most impacted are ironically 2 of the most regulated - banking/financial services and government/public administration.

Insider or occupational fraud, both offline and online, is an employee's misuse or misappropriation of an employer's resources or assets for personal gain.

About 5% of an organization's revenue is lost to insider fraud. This translates to a potential total loss approaching $3 trillion a year, according to a new report by the Association of Certified Fraud Examiners (ACFE).

Incidentally, insider fraud caused a whopping $169 million loss to financial institutions in 2018. An analysis by the American Bankers Association concluded that 65% to 70% of fraud dollar losses in banks are associated with insider fraud.

The impact of insider fraud can be severely damaging as most incidents take 18 months to uncover – long enough to put a small/ mid-sized business out of business and/ or erode a bank’s reputation and employee morale. Conventional controls to detect and combat various types of fraud, such as internal audits, are not very effective when it comes to catching insider frauds that must be detected as they are brewing.

Vital therefore to first spot the warning signs of internal fraud schemes. Also, despite generally being viewed as an act of mistrust of employees, implementing a technology solution to monitor employee and transaction activity can expose suspicious behavior.

The signs

The same qualities that help employees perform well can also help them perpetrate fraud. In four of the most common schemes (GL fraud, Identity theft, ATO and Collusion) insiders devise ways to stay under the radar for years by taking advantage of internal vulnerabilities.

True cases of incidents where employees abused their authority and access –

Organized fraud rings are highly sophisticated and plant their members in positions within a bank. A fraud ring may place its member in Human Resources, for instance, to make it easier to get members hired as loan officers, tellers or even loss prevention officers.
Knowing that the collections department has a weak background screening process and broad access to customer information, a fraud ring can place one of its members there to steal customer data.

More elaborate schemes can involve large-scale fraud across multiple departments and branches.  

Since internal fraud is not easy to detect, it is important to watch for certain behavioral and transactional indicators –

Besides being clued in to the warning signs, it is vital to monitor internal fraud risks in certain roles more closely than others and limit access to data such as Social Security numbers or PAN or Aadhar details. The more credentials and account access privileges an employee has for customer and employee accounts, the bigger the risk they pose.

For example –

Also, despite knowing that it is a risky practice, sharing of login credentials is quite common and carries the risk of suspicious activity.
Given the high-risk potential in customer or employee data theft, employees should be allowed only privileged access to view just the information they need to do their job, and their behavior must be monitored closely against the warning signs.

Monitoring and preventing

The need of the hour is a framework for timely detection of insider fraud and proactive action.
Besides internal controls and audit, staff awareness and whistle-blowing, the most vital element of identifying internal fraud is real-time knowledge. Also, distributed accountability is more efficient than having a single individual responsible for highly sensitive roles.

Restricting access to customer data can help prevent not just identity theft, but also associated fraud such as ATO. Continuous monitoring of employee behavior and transactional activity helps uncover warning signs of internal fraud.

Also, deterrence plays a key role. When staff know they are being monitored, they usually don’t attempt violations. It helps the bank send a signal that internal operations are under surveillance.

If an employee is accessing information that is not relevant to his or her job function, a good real-time technology can help link that activity to new deposit or loan activity that has been initiated by that employee. Rules can be updated frequently as the bank fine-tunes its internal fraud prevention program.

Interestingly, most insider fraud prevention solutions are targeted towards the largest population of employees and typically lower-level employees (tellers, customer service reps, lenders, call center reps, etc.). They don’t focus as much on middle/senior managers, and senior executives, who have more authority and can potentially steal much more.

Even banks that rely on anomaly detection to identify insider schemes often fail to catch fraud at the executive level, because there is no class of employees in these senior-level positions to compare to, to determine what is normal.

To increase the efficiency of monitoring efforts, a good real-time technology solution automates the time and labor-intensive process of manual fraud detection. By capturing and recording data across a network, an automated, cross-channel approach can alert a bank to threats and create an audit trail of flagged activity to streamline investigation and loss mitigation.

A critical aspect of this type of monitoring is ensuring that it is in real-time. Post-facto monitoring helps in certain cases, but it cannot prevent significant losses.

Besides accelerating the detection of suspicious activity, a good technology solution can also record internal user activity across the bank that can be used later for investigation. By prioritizing probable fraudulent activity and centralizing case management, it can also help the bank’s fraud investigation team quickly identify, gather, and close cases when an activity is flagged.

Smart AI-based real-time monitoring systems dovetail well with other banking systems such as core banking systems, CRM and HRMS to synthesize cross system intelligence and help identify suspect behaviors, target fraud at the source and enables the bank to stop fraudulent behavior before it starts.

These solutions include customizable business rules, which can be preset to automatically stop transactions or flag them for further investigation. Rules can also be set for expected employee behavior. They also have hierarchical case management capabilities for accelerating investigation and closures.

When employees (who could be potential fraudsters) operate in a manner that is inconsistent with their behavioral profile, the bank is automatically and immediately alerted. This helps pinpoint activities such as redundant account changes, excessive password changes, and demand drafts.

By watching out for internal fraud schemes as they happen, real-time technology helps banks respond to threats faster, prevent financial losses and reputational damage.

Internal fraud is becoming more complex, and implementing an intelligent technology solution as part of a bank’s enterprise-wide fraud monitoring and prevention framework helps reduce fraud risks vastly. With the capability to watch more closely and guard areas that are likely to be targeted, quickly pick up on warning signs, and strengthen internal controls, a bank can not only combat immediate threats, but also keep future internal fraud at bay.