Employee Fraud Schemes Costly for Financial Institutions, ACUC Speaker Says
Financial institution employee fraud schemes last a median of 18 months before detection, with a median loss of $140,000, said CUNA Mutual Senior Risk Management Consultant Roger Nettie during a breakout session Wednesday morning at CUNA’s America’s Credit Union Conference in New York.
According to the 2012 Global Fraud Study conducted by the Association of Certified Fraud Examiners, more than one-fifth of these caused losses of at least $1 million.
“The longer a perpetrator works for an organization, the higher fraud losses tend to be,” Nettie said. “CUNA Mutual Group claims records show that over a five-year period, employee dishonesty represented just 13% of fraud claims, but 45% of fraud losses.”
Many credit unions believe their employees are all trustworthy and that they have strong enough internal controls to prevent internal theft from occurring, he said.
Yet, it still occurs.
“Fraud does not discriminate. There is no immunity to this exposure based on geography, asset size, employee tenure, or past experience,” Nettie said.
Another growing area of direct losses is wire fraud, especially from HELOC accounts, with credit unions reporting more than $25 million in losses from 2007 to 2012, he said. The average reported loss in 2012 was $175,000, with some approaching $1 million. “Credit unions experiencing losses generally had inadequate security for large-dollar transfers, enabling crooks to easily defeat callback security measures,” Nettie said.
Consequently, CUNA Mutual Group implemented new terms with its funds transfer coverage to encourage additional controls for remote requests, and discourage the practice of accepting large-dollar remote requests.
Nettie offered a number of recommendations to limit wire fraud, such as spotting fraud red flags and using layered levels of security.
In addition, electronic crime continues to cause direct losses through computer malware and money mules that illegally transfer money on behalf of scam operators, typically in another country.
Nettie said prevention measures such as cookies, device recognition, Internet protocol and challenge/response questions have limited effectiveness. As alternatives, he suggested out-of-band authentication, hardware tokens, digital certificates and biometrics.
Liability losses for credit unions continue to be led by employment practices liability claims and subsequent litigation.
“EPL losses make up nearly two-thirds of all of CUNA Mutual Group Management and Professional Liability losses, with the most common allegations being wrongful termination, retaliation, and race and gender discrimination,” he said.
Nettie suggested credit unions have updated policies and procedures reviewed by legal counsel and provide regular staff training.
Finally, Nettie discussed the growing incidence of costly lender liability claims, which generally allege the credit union failed to follow state law requirements in their Notices of Intent to sell repossessed property and Notices of Deficiency letters.
“Usually, this is a case of you getting sued by your worst borrower and then having it mushroom into a class action lawsuit,” Nettie said. “It’s vitally important to have your forms reviewed and approved by legal counsel for each applicable state, and train employees on how to properly complete the forms.”
The conference wrapped up Wednesday at the New York Hilton.