In late December, Kenneth E. Yaroch, a former loan officer with Signature Bank ($254 million in assets) of Bad Axe, Mich., reached a plea agreement in U.S. District court after being indicted on 18 counts of bank fraud stemming from his employment at Signature. According to the Department of Justice, Yaroch falsified loan documents between 2004 and 2005. He reportedly faces up to 41 months in a federal prison.
Internal fraud such as that committed by Yaroch occurs every day at banks across the world. The typical U.S. organization loses 5 percent of its annual revenue to internal fraud, and the banking industry is the hardest hit, according to the 2006 Report to the Nation on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners. The ACFE reports that 14.3 percent of all internal fraud cases occur at banks, with a median loss of $258,000 per case.
Still, "[Banks] continue to focus most of their investment dollars and attention on external fraud applications, despite the fact that internal fraud is the larger problem," contends Christine Barry, an analyst with Boston-based Aite Group, who says 60 percent of bank fraud cases are committed by employees. "Internal fraud is a serious problem, and one which they are not paying enough attention to. Many continue to rely on personnel training and background checks but do not have technology in place to monitor activities."
According to a recent whitepaper from the Santa Fe Group (Santa Fe, N.M.), a consulting firm headed by former BITS CEO Catherine Allen, internal fraud-detection technologies allow banks to identify suspicious employee behavior by monitoring their online activity, customer inquiries, flash drive usage, E-mail activity and telephone use. Solutions also can restrict employee access to systems and information.
In its report, "Mitigating Internal Fraud: A Case Study on Washington Trust Bank," Aite forecasts that financial institutions will spend $254 million with vendors of fraud detection software in 2008, up from $174 million in 2005. It also predicts that spending on internal fraud-detection solutions will increase 230 percent over the same period.
Early Detection Is Key
"Technology in this space helps to alert banks of potentially fraudulent activities before the damage is done and large losses are encountered," Aite's Barry says. According to the Santa Fe Group, it typically takes 18 months before a company detects an internal fraud scheme.
Many threats start small and grow over time, adds Mike Williams, VP business development, with Memento Security, a Concord, Mass.-based provider of fraud, risk and compliance solutions for financial institutions. "The challenge has been monitoring for suspicious behavior," he says. "Banks need to move from being reactionary to being more proactive when it comes to internal fraud."
Such was the case with Spokane, Wash.-based Washington Trust ($3.6 billion in assets). According to the Aite case study, the bank's preemployment screening process was sufficient, but its post-hiring employee monitoring was not. The bank worked with NextSentry (Spokane) to develop and deploy ActiveSentry, a product designed to "better protect customer privacy by reducing and preventing opportunities for account information to be printed, stolen and used," Aite reports.
The ACFE says internal, or occupational, fraud falls into three major categories: asset misappropriation, corruption and fraudulent statements. Asset misappropriation -- which includes fraudulent invoicing, skimming and payroll fraud -- makes up 91.5 percent of all internal fraud cases.Related stories: