The average case of internal fraud in 2012 lasted a median of 18months. Eighty-seven percent of those cases were committed byfirst-time offenders with clean criminal and employmenthistories.
|How much damage could your credit union sustain in 18 months ofunchecked fraud? It's a scary question but one which requiresimmediate consideration and action. There are a number of steps acredit union can take to minimize the risk of internal fraud andmaximize the potential to quickly uncover it.
|Start at the top. The first and most important step is forleadership to enforce a zero tolerance policy for internal fraudand create a culture that neither tolerates it nor discouragesemployees from reporting it. This type of directive and commitmentis absolutely essential. Further, it's critical for employees tofeel vested in the organization and understand and embrace thevital role they play in its success. This serves as an effectivedeterrent to engaging in fraudulent activity or looking the otherway should they witness it.
|Comprehensive fraud management system. The reality is that fraudcan occur no matter how motivated and dedicated most of youremployees are. It takes only one bad apple. That's where the secondstep comes in with the development of a comprehensive internalfraud prevention system. It begins with clearly defined anddocumented policies and procedures that govern access to areaswhere potentially sensitive information such as Social Securitynumbers and account details are stored.
|Regulators also want to see step-by-step instructions on howsuch information is accessed and used. A comprehensive trainingprogram should instruct employees how to incorporate policies intoday-to-day activities so that there is no gray area about who canlook up private customer data and how it has to be done.
|Limits on access. Entrusting one employee to handle multipleroles is one of the biggest risks for internal fraud. It'simportant to segregate tasks among team members and setrestrictions on who can perform each activity. Define a formal workflow which lays out each required step in a process. The work flowneeds to include required approvals from the appropriate managersto access sensitive information. If it's not part of their regularduties, the team member should not be able to do it.
|Enforce policies and procedures. It's not enough to simplydefine roles and put procedures in writing. Standards must beenforced through properly set and maintained system parameters andsecurity authorizations.
|Drew McMullen is a partner and financial servicessegment lead for Sense Corp. He can be reached at 214-206-8724 or [email protected].
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
