Money and Data Can Tempt Insider Thieves
The unsettling headlines pile up.
In Grand Rapids, Mich., a former assistant branch manager at Case Credit Union pleaded guilty to embezzling $236,000 over a span of nearly two years.
In Missoula, Mont. a teller at the Whitefish Credit Union pleaded guilty to embezzling $676,000 over a dozen years.
In Chesterfield County, Va., a woman was arrested for allegedly embezzling $40,000 over a nearly two-year period from the $445,000 in assets St. Paul’s Baptist FCU.
Those are just recent stories, and so the questions stack up. Is credit union insider theft and fraud increasing? Have credit unions been forced into conservatorship because of it?
As for the latter, the answer is a fast yes. In Albany, Ind., in 2008, for instance, head teller Patricia H. Sherman was arrested for stealing $7 million from the $47 million-asset Obelisk Federal Credit Union with the cash stolen by “secreting it on her person,” according to the U.S. Attorney’s filing.
The cash was used to fund gambling at Ohio River casinos. And an upshot was that the NCUA first conserved Obelisk, then merged the remains into Centra CU in Jeffersonville, Ind.
Obelisk is not alone. However, industry sources are adamant that insider fraud, big as the problem may be, is in fact rarely a cause of credit union failure. According to information provided by the NCUA to Credit Union Times, “Since the mid-1980s, 46 credit union failures were directly related to fraud. Two of the 28 credit union failures in 2010 were fraud related, and there are no fraud related failures so far this year.”
That still leaves key questions. Is insider fraud increasing? Is the form of the crime changing?
“In a bad economy, insider fraud goes up,” said Jack Knight, a CPA with Barfield Murphy Shank & Smith in Birmingham, Ala., who is involved in credit union audits.
Knight has worse news for the record keepers. “There are often lots of pressures internally to cover up insider theft because the institution does not want the reputational hit.”
“No one wants to talk about insider fraud and theft at financial institutions,” agreed Phil Bank, a consultant with Javelin Strategy and Research. “With small amounts, the institution just sends the employee away.” And that makes the count of cases of insider theft suspect.
Even the count of credit union failures due to insider theft may be incomplete, suggested Norm Cecil, a principal with Southern California auditors Mainsail Consulting. “I know mergers that have occurred because of an insider issue. The board said, let’s just merge and end this. They lose confidence in their ability as a board.”
So just how bad has insider theft and fraud gotten? The reported numbers are mixed, with case counts down, but losses up. At CUNA Mutual, which insures 90% of the nation’s credit unions against losses, Senior Risk Manager Brad Mundine said that over the past five years, “We are actually seeing fewer claims of losses from insider theft. What has changed is that the loss claims are for much higher amounts, an average of $190,000 in 2010 compared to $50,000 in 2006.”
“This has become a big problem for us,” said Mundine. "Claims losses have increased significantly.” In 2006, $12 million was paid out by CUNA Mutual. In 2010, that number vaulted to $38 million.
Mundine also cautioned that his organization might not hear about instances of theft where the amounts involved fall below an institution’s deductible, so the CUNA Mutual count (200 cases logged in 2010) cannot be assumed to be complete.
Add in the institutional reticence and 200 emerges as an opening number. The true number, suggest the experts, is far higher.
What has spawned this epidemic of insider theft?
“I believe there is much more opportunity today,” said E. Michael Thomas, an Atlanta-based instructor with the Association of Certified Fraud Examiners. Thomas pointed to institutional cost-cutting and staff reductions. In many cases, staffs that feel overworked are prime breeding grounds for insider thefts, and this also is a key factor in why today’s claims are larger. “I just uncovered an insider fraud that cost the institution $250,000 over 18 months. It was very simple. It should have been detected within the first month and cost no more than $10,000.”
And there just is no quick solution to pressures to cut costs and staffing, admitted Thomas.
But there is still a more worrisome kind of insider theft emerging, and it is conduct that may escape detection by traditional fraud detection programs because no money disappears, at least not at first.
“We are seeing more cases of large-scale theft of data,” said Erik Stein, a vice president of risk management at Fiserv. This, added Stein, is the fresh face of identity theft, which has shifted from scraps of paper acquired via Dumpster diving into acquisition of thousands of customer files, with names, Social Security numbers, addresses and possibly account numbers.
With a click, suddenly, mountains of files can be transferred to a thumb drive. “It is much easier to insert a co-conspirator into a financial institution,” said Stein. With files in hand, criminals can steal at will and that specter is beginning to raise concern levels in many institutions, suggested Stein.
Numbers of such cases are unknown, said the experts. What is known is that law enforcement in certain metros, New York and Los Angeles are commonly cited, have been warning financial institutions, including credit unions, to be watchful of employee information gathering because, suggested law enforcement, organized criminal gangs have put a priority on this data.
Potentially good news in that latter regard is that even though audits, a common line of defense against internal theft, won’t uncover information theft, what may be the single biggest factor in breaking most insider cases are tips.
“Tips lead investigators to over 40% of the insider cases that are detected,” said Stein. If one employee notices another spending an inordinate amount of time sniffing in credit files, or perhaps notes an upgrade to a very pricey car, that can be the beginning of unraveling data theft cases.
And then there is the second most common way insider theft is uncovered. “By accident,” said Thomas. “That still uncovers a lot more cases than audits do.”