Fraud taking place in the financial sector is receiving increased attention from stakeholders, and the reasons for why this is happening are easy to understand. But, although it is one of the most targeted by fraudsters, whether we are talking about its own employees or about external organized crime groups, the financial-banking industry is also one of the best defended.
We need to look at bank fraud from 3 perspectives:
- Internal fraud is committed by employees, regardless of their level of authority.
In most corporate anti-fraud investigations we have conducted over the years, we’ve identified rather individually performed illegal acts than complex fraud schemes. But even so, their number is not very large.
The most common are frauds committed by employees who have a certain level of access to the banks’ IT platforms and who can divert various amounts of money from customers’ accounts to other accounts or beneficiaries.
If the employees of the banking financial institution who commit internal fraud are system administrators, the situation worsens. This quality allows them to change the accounts ‘ security settings or modify the limits set on the electronic means of payment. They can thus commit fraud including by deleting specific process logs and other metadata.
Among other ways of fraud that SPIA specialists faced in the investigated cases were the malicious approval of non-performing loans, either to meet the employees’ performance indicators, or the loan’s approval if a share was returned to the bank employee who approved the loan.
Lately, in Romania, as a result of digitalization and increase of the security within the banking financial institutions, the share of internal frauds compared to the external ones is decreasing. In addition, internal fraud is discouraged by the easy traceability of the bank’s employees’ operations.
- External fraud is committed by persons or groups of persons outside banks.
External fraud, even if it is more pronounced, is not so common compared to other types of fraud. Perhaps also because the success rate in terms of identifying and holding authors accountable is quite high, and the cases in which they have been discovered and brought to justice have been heavily publicized.
The spectrum of fraud modalities is wide, but most of the anti-fraud investigations we conducted aimed at identifying and documenting the activities carried out by groups specializing in the recruitment of homeless people.
Companies were set up in their name or their financial history was invented and even modified. Such an example would be false documents proving seniority in employment for employers outside Romania. The role assigned to these homeless people is only one: to lend various amounts of money with the intention of not repaying them.
During the corporate anti-fraud investigations, we also unveiled the simultaneous loans method. The above typology of people applied on the same day to several banking institutions for low value loans. Although banks have platforms for collaboration and communication between them, the dissemination of information was done with a small delay, which the coordinators of illegal groups took advantage of. Their purpose? To obtain as many loans from as many financial-banking institutions as possible, at the same time.
After fulfilling the mission they were recruited for, people used by the organized crime groups in the fraud process are sent back to the homeless environment. Identifying and prosecuting them and the coordinators of criminal groups is thus difficult.
- Mixed fraud is the type of fraud in which external fraudsters, the organized crime groups, internally recruit employees in key positions, who have access to the system and/or with management rights.
We have noticed a significant decrease in the appetite of the organized crime groups in recruiting and acting in complicity with internal employees, due to automation and digitization of internal banking security processes. It is equally true, however, that the latter are no longer as receptive to being drawn into fraudulent collaborations.
But this doesn’t mean that organized crime groups have not adapted their strategy and action plans of attacks on the banking system. They continue to target banks with a lower level of security, which allow the approval of non-performing loans or the withdrawal of certain amounts of money from funded accounts, without very detailed control measures.
Even if it’s not the most fraudulent, the financial-banking field is definitely very exposed to the risk of bearing negative consequences in terms of reputational risk, especially if the case touches the media.
In the event of a major incident involving a banking institution, the law prohibits its appointment by name and not only for reasons related to the bank’s reputation. In this domain, the clients’ trust in the institution is fundamental. Once lost, major difficulties can arise in running the business, which can lead to imbalances in the economy.
Just imagine the effects on a reputable bank if most of its customers decided to transfer or liquidate their deposits simultaneously. That is why we offer our clients ,for whom we carry out economic and financial investigations and not only, crisis communication services.
In most cases, SPIA investigators worked closely with banks’ anti-fraud departments and acted on two levels at the same time. We gathered evidence of the external factors’ illegal activity and then we performed background check integrity tests on some of the banking institutions’ employees.
The fact that the incidence of internal fraud is low does not mean that it doesn’t exist. In order to document the cause that generates it, a private investigator has to overcome a number of obstacles, including those of a legislative nature regarding access to data.
Equally, fraud caused by external factors has a high level of difficulty in the investigation, depending on the particularities of the modus operandi. When establishing the investigative approach and specific methods, we take into account all of the following aspects:
– the typologies of corporate fraud manifestation;
– the environment in which the attack is initiated: virtual, physical or combined;
– type of the attack: phishing, identity cloning etc;
– how the fraudsters will take possession of the money: bank branches or offshore accounts, identity of the recipient account’s holders, the places and environments where the money is extracted, how they are transported and who is the final beneficiary.
Whether we are talking about the internal, external or mixed perspective of fraud, its existence and complexity in the financial system are undeniable and need an approach based on the private investigators’ experience and expertise.