Although the NCUA recently announced it is developing new exam procedures to improve the identification of fraud risk indicators, especially at small institutions, experts agree that fighting fraud requires a team effort that includes active boards, strong supervisory committees and stiff internal controls.
“Weak internal controls provide a breeding ground for substantial losses or even failure,” C. Keith Morton, NCUA Region IV director, wrote in an article for Cornerstone Credit Union League earlier this year. “Record-keeping problems, out-of-balance conditions, overdue audits or member account verifications, and manipulated records create a dangerous environment for fraud to take root and go undiscovered. It may be only one person who commits the fraud, but lax management oversight, along with a failure of the supervisory committee to perform its vital functions, may allow this individual to embezzle for months, if not years.”
In its Supervisory Committee Guide, the NCUA cautions credit unions to remain alert for common risk factors such as a lack of board approved policies for areas such as lending, investing, borrowing, and operating expenses; lack of segregation of duties; lack of mandatory vacation policy; failure to maintain adequate audit trails; incomplete or inadequate audits or verifications; inactive supervisory committees; repeated record keeping problems; and manipulated bank reconcilements.
CUNA Mutual Groups and the NCUA’s Office of Small Credit Union Initiatives gave Credit Union Times a preview of its upcoming webinar entitled Deterring Employee Fraud. The webinar will take place at 2 p.m. EST on Nov. 14.
“There are many steps that credit unions can take to help deter and detect fraud,” said Joette Colletts, senior manager of risk management for CUNA Mutual. For example, Colletts said, credit unions need to implement a fraud policy, board members need to ask more questions, and supervisory committees need to conduct surprise audits.
Colletts said another important fraud prevention task is to complete cash counts in the appropriate way.
All cash items should be included, she said, noting that all cash counts don’t have to be done in one day. Teller funds, travelers’ checks and ATMs counts could be conducted on separate days. Credit union management should also count cash in the presence of the employee responsible for maintain the funds in the event of a shortage. Cash bundles should also be broken down and cash totals should be verified with the general ledger.
“It’s important to break down the bundles because there have been cases where someone has replaced $100 bills in the center of a bundle with $1 bills,” Colletts said.
The NCUA also encourages supervisory committees to review employee and director accounts as well as related family member accounts, bank statements and reconciliations. Employees should not be performing transactions on their own or family member accounts, the NCUA said.
It’s also important to keep an eye on dormant and closed accounts, which are frequently used to perform unauthorized transactions, the NCUA said.
In many prior cases involving CEO fraud, the credit union’s performance has often been poor for many years before the fraud occurred, according to Tom Glatt Jr., a credit union consultant in Wilmington, N.C., who wrote an article earlier this year on “Fooling the Board: The Embezzlement Bonanza.”
“Boards should not accept consistently poor performance,” Glatt said. “Board members need to develop proficiency in governing to include fully understanding the quality and scale of financial results.”
Glatt said two simple steps could have helped boards minimize losses in previous CEO fraud cases.
“First, asking detailed, informed, well-researched questions about performance would have perhaps deterred the fraud in the first place. When someone is looking over your shoulder you tend to cheat less,” he said. “Second, by asking the right questions, they would have become disappointed with the performance they were receiving versus what should have been. This would have led to leadership change and minimization of the impact of the fraud itself—simply because it would not have gone on for so long.”
Most experts agree that the war on dishonesty needs to start at the top.
“With strong leadership and training, credit unions can create an internal culture that deters dishonest acts, detects those that do occur, and follows a disciplined investigation and correction process,” said Mike Mossel, a managing director at the consulting firm McGladrey.
Experts interviewed agreed a credit union board should draft a formal fraud policy, with the assistance of legal counsel, and the policy should be updated annually and signed by all employees.
“The deterrent effect upon an employee, who is made aware of the policy on the first day of employment and periodically reminded that such a policy exists, cannot be underestimated,” the NCUA said.
Effective fraud policies should address specific items, establish guidelines for investigations and explain consequences, because credit unions can risk litigation if proper procedures are not followed during fraud investigations, the NCUA said.
In recent cases, small credit unions were looted by managers who were sole employees.
“The most important internal fraud prevention policy is separation of duties,” said Christopher Marquet, founder of Marquet International Ltd., a Wellesley, Mass., investigative, litigation support and due diligence firm that publishes an annual report on embezzlement.
“If a single individual has control over both authorization and execution of funds transfers, for example, you have a recipe for fraud to occur,” he said. “Conducting regular audits of different departments and functions at random intervals is a strong preventive and detection policy.”
Other tips include watching for “red flags” among employees include attitude changes, not taking vacations, keeping records in disarray and lifestyle changes such as excessive spending or borrowing.