Willie Sutton, when asked why he robbed banks, famously replied, “Because that’s where the money is.” So, it’s no surprise that banks are prime targets for fraud. According to the Association of Certified Fraud Examiners (ACFE), the banking and financial services industry consistently tops the list of industries most frequently affected by occupational fraud.

ACFE conducts a biennial survey and publishes the results in its reports on occupational fraud. Survey participants include certified fraud examiners (CFEs), internal auditors, accounting and finance professionals, compliance and ethics professionals, law enforcement, and other fraud investigators around the world. In the most recent edition, Occupational Fraud 2022: A Report to the Nations, banking and financial services again had the most occupational fraud cases (351 of the 2,110 cases studied). The average loss was approximately $1.74 million and the median loss was $100,000.

Important caveat: A high number of fraud cases may or may not mean that the banking and financial services industry experiences more fraud than other industries. It also might indicate that the industry employs more fraud investigators than other industries do — or it’s more heavily regulated. Either way, fraud is a significant problem.

Categories of fraud

ACFE classifies occupational frauds into the following three categories:

1. Asset misappropriation. These schemes involve employees who steal or misuse the employing organization’s resources. Examples include theft of company cash, false billing schemes or inflated expense reports.

2. Corruption. These schemes involve employees who misuse influence in a business transaction in a way that violates their duty to the employer in order to gain a direct or indirect benefit. Examples are schemes involving bribery or conflicts of interest.

3. Financial statement fraud. This happens if an employee intentionally causes a misstatement or omits material information in the organization’s financial reports. For example, a dishonest employee might file a fraudulent expense report claiming personal travel or nonexistent meals.

In the banking and financial services industry, the majority of occupational frauds (84%) involve asset misappropriation, while corruption occurs in 46% of cases and financial statement fraud happens in 11% of cases. Note that while financial statement fraud is relatively infrequent, it tends to produce the largest losses.

Common schemes

The most common asset misappropriation schemes in banking and financial services are:

• Check and payment tampering (14% of cases),
• Theft of cash on hand (14%),
• Cash larceny, where an employee steals an incoming payment after it’s recorded on the bank’s books and records (11%),
• Noncash misappropriation, including theft or misuse of confidential customer information (11%),
• Skimming, where an employee steals an incoming payment before it’s recorded on the bank’s books and records (10%), and
• Billing schemes, which happen when an employee creates a shell company, bills the bank for fictitious services or personal items, and then submits a false invoice to the bank for payment (10%).

Keep in mind that these are only the most common occupational fraud schemes. Banks also may be victimized by a variety of external fraud schemes, such as check fraud, vendor fraud and cybercrimes.

Internal controls

A strong system of internal controls is an excellent fraud prevention measure. For example, background checks, segregation of duties, dual authorization and management review are some of the most effective tools for preventing fraud.

Indeed, ACFE’s survey found that many frauds occur because of the lack of internal controls (29%), the override of existing controls (20%) or the lack of management review (16%). Although deterring fraud is the best strategy, despite your best efforts, fraud may still occur. Have controls in place to detect fraud and put a stop to it before it gets out of hand. (See “Antifraud controls and percentage of fraud reduction,” below.)

Detection methods

According to the ACFE, the most common way frauds are initially detected is through tips (42%). Most often, tips are from employees, but they also may come from customers, vendors and others. It’s a good idea for banks to set up hotlines where people can report suspected fraud via phone, email or online forms (preferably all three).

Regardless of which mechanisms your bank uses, you should allow for anonymous reporting. The ACFE reports that around 16% of tips were anonymous. In addition, frauds are commonly detected through internal audits (16%), management review (12%) and document examination (6%).

Evaluate your risk

Each institution is different, so it’s a good idea to conduct a formal risk assessment to identify your bank’s specific vulnerabilities to fraud. Such an assessment will help you develop an antifraud program designed to mitigate those vulnerabilities and protect your bank from fraud.

Sidebar: Antifraud controls and percentage of fraud reduction

The following table summarizes the antifraud controls that were most effective in terms of reducing fraud losses and duration, according to Occupational Fraud 2022: A Report to the Nations.

If you have any questions, don’t hesitate to contact us.

© 2023