Kevin Malicki keeps financial institutions up-to-date on Governance, Risk, and Compliance (GRC) as Director of Product Management at Harland Clarke.
Most financial institutions have installed proper controls at the branch to minimize the risk of robbery. They ensure limited access to money, mandatory two weeks off in a row for branch personnel, dual control procedures, bullet-proof glass, security systems and guards.
But what about internal risks?
It’s actually a much bigger problem. Consider that internal bank fraud accounts for more than $1 million in annual losses. And this doesn’t include account holder information that’s stolen or the cost of reputational damages to financial institutions. Combine those with the fact that data is so hard to obtain since institutions aren’t usually open to sharing this information — and you can see that the losses are actually a lot higher.
Compare that to the average bank robbery, which is just a few thousand dollars.
Fortunately, there are several steps that banks and credit unions can take to limit internal fraud:
- Establish a governance model surrounding an internal fraud solution—this is critical and tends to be overlooked, especially when it involves senior executives
- Create monitored controls that are tighter and more consistent—remember, prevention is better than consequences; this may mean enforced segregation of duties, better controls and restricted access rights, and providing better visibility to management
- Ensure you have a dedicated team in place committed to the prevention and detection of internal fraud
- Conduct thorough risk assessments that consider any and all risks that can negatively impact your institution’s products, services or processes. The fraud risk assessment portion should include a cost-benefit analysis of implementing possible controls — allowing you to monetarily quantify the risk of loss as well as note what’s saved. These assessments will also allow you to implement the proper controls, which can detect fraud more quickly, reducing occurrences and amounts of losses
- Address both the proactive and reactive processes dealing with fraud—these are critical, especially in the long run, as they are legal proof of evidence
- Ensure you have a strong whistleblower policy; remember, most internal fraud is detected by a coworker, so a strong whistleblower policy will help identify and resolve fraud quickly
- Establish segregation of duties—not just important at the teller level, but also at higher levels of the organization, using a reviewer and approver model
Institutions that can take these steps will go a long way in bringing their internal fraud controls in line with branch-level theft.
And if you’re still not convinced that internal fraud is a significant problem, do a Google search for “bank fraud” and you may be surprised by the results.
>>Ready to improve your institutions’ risk and compliance efforts? Click here to get the 40 question checklist, “Questions Institutions Should Ask When Assessing Data Breach Risk.