Insider fraud within banks: a story as old as time.
A bank employee, because of their position and access to money, is recruited by a criminal ring intent on skimming from large accounts. Or, struggling with crushing debt, a bank employee starts stealing money by tapping into dormant accounts. Difficult economic times or disruptive world events—such as the current ongoing COVID-19 pandemic—can also create new opportunities to stimulate financial fraud. Digital technology can make it easier and more tempting. It’s no surprise that insider fraud is a stepped-up problem for banks.
Why insider fraud is on the rise
A January 2020 report by Aite Group[1] warned that financial institutions should prepare for a resurgence of insider fraud in 2020. Forty-eight percent of financial institutions (FIs) surveyed stated that the number of employee fraud incidents had increased compared to two years ago, with forty-three percent reporting an increase in employee fraud losses. Bank employees need access to customer accounts to do their jobs and they themselves are often customers, so the stage is set for intensified fraud.
Detection of fraud has gotten more challenging over the years with the built-for-speed and openness of the digital banking infrastructure and the growing digital sophistication of bad acting individuals. Yet, 39% of FIs say groups responsible for monitoring employee fraud are understaffed or underfunded, while 83% monitor all employees regardless of position. Traditional fraud prevention measures (such as network-data log reviews) and processes (such as manual audits) are often too slow, ineffective or non-scalable.
Obviously, the best way to combat insider fraud and retain targeted funds is to prevent it in the first place. But the “how” has proven elusive.
Shortening time-to-deterrent
Many banks have invested heavily in Insider and Employee Fraud operations, usually consisting of a combination of people, processes and technology, with varying degrees of success.
That’s because insider fraud is inherently difficult to combat. It occurs at the intersection of pressure, rationalization and opportunity in humans, according to early criminologist Dr. Donald Cressey (considered the father of the so-called Fraud Triangle.)
Financial institutions can’t control pressure (“I really need this money”) or rationalization (“I have no other choice” or “It’s only a little, and I’ll pay it back before anyone knows it’s missing”) But they can control the level and ease of exploiting opportunity.
Banks have responded with system security, roles-based access control, policies like separation of duties, and dedicated Insider/Employee Fraud (IEF) operations aimed at discovering, investigating and shutting down fraud. Ideally preventing incidents from ending up in the newspaper, where it can undermine the institution’s brand and/or create a loss of customer confidence.
Unfortunately, when that happens, it’s too late. Therefore, the name of the game in today’s IEF protection is reducing time-to-deterrent: how fast you can shut down opportunity. Savvy FIs are using next-generation behavioral-based technology that:
- monitors actual behavior (screen behavior vs. behavior interpreted from traditional log files)
- analyzes it in real time (vs. after the fact, generally from batch files) and
- generates irrefutable evidence that quickly identifies perpetrators, deals with them, and provides a visible deterrent to all employees for the future.
READ MORE:
AC