MADISON, Wis.-Whether it's illegally accessing member accounts, approving fraudulent loans and diverting the proceeds, or just plain stealing cash, internal fraud continues to be an issue for credit unions; in fact, the average claim has increased fourfold in recent years.
It's among the oldest of risks to credit unions, common sense safeguards are well-known, and yet it continues to grow. Among recent examples: an employee approving $182,000 in fraudulent loans for family and friends, a loan officer approving $4 million in fraudulent auto loans in exchange for kickbacks, and a CEO barred from the industry for stealing $500,000 from a member-and that's only the last few months.
Why do CUs even with rigorous controls continue to be victimized by internal fraud?
Joette Collets, regional manager, risk management, for CUNA Mutual Group, reported that the company has seen an upswing in the average internal fraud claim in recent years, from just over $50,000 in 2006 to about $200,000 in 2010. Average claims since that time have remained approximately the same. CUNA Mutual representatives have previously told Credit Union Journal that there is no average recovery, with amounts varying widely from case to case.
Collets and others interviewed for this story noted that while dollar amounts related to instances of fraud have risen, the overall number of fraud claims remains relatively steady. Despite the rise correlating well with the financial crisis, every source interviewed for this story said this issue is largely separated from the economic downturn.
'Just Always There'
"At a high level it's pretty consistent," said Colletts. "It doesn't have the real big ups and downs that maybe some of the other things might have, like check fraud or forgery. That appears to always be more on an upswing. But employee dishonesty is just always there, and it appears like it's always going to be there.
What a recession does do, suggested analysts, especially when there is a job loss in the family, is give employees a rationalization to defraud the institution.
Joseph Zito, a shareholder at Troy, Mich.-based auditing firm Doeren Mayhew, agreed that the economy is not a driving factor in the current run of fraud claims, it is a contributor. He pointed out that in the past employees stole from their CU employer to supplement their lifestyles; in recent years it has been more the result of economic pressures. "This is an item more from a survival standpoint, rather than just to enhance their current lifestyle," he said.
Economic pressures may not be driving fraud, but they aren't helping, either. Jeroen Dekker, senior product manager at Fiserv, observed that the high number of mergers and acquisitions in the CU space during the last decade has lent a larger scale to internal theft.
Analysts interviewed for this story were consistent in their view that internal fraud claims are unlikely to decrease as the economy continues to recover. And those larger losses mean more in the current economy, as CUs deal with thinner margins.
Thin Margins A Contributor
Those thinner margins, in fact, may be contributing to instances of fraud, as some credit unions reduce budgets for audits while also reducing the number of employees, allowing individuals to perpetrate fraud more easily by eliminating certain dual controls.
That's especially critical for small shops, said Dekker, which are less likely to be able to devote resources to layering their defenses and having the same depth of protection as larger institutions.
Among the most fundamental of best practices in fighting internal fraud is requiring all employees to take some time off. But even that is often not put into practice, especially at those smaller credit unions where one person is involved in nearly all functions. Orla Beth Peck, NASCUS chair and supervisor of Utah's CUs, noted that many FIs used to require all employees to take at least one full week of vacation each year as a way to spot any potential aberrations while staff was out of the office.
"I don't believe it was ever a law, but it was a standard practice," she said. "That was an internal control feature that I don't think is used anymore."
Peck added that in addition to helping spot fraudulent activities, requiring time off also serves to help cross-train other staff.
But auditor Joseph Zito said that mobile technology has made that tactic less effective than it once was.
"In the age of electronics and access levels, I could potentially access things through a VPN on my phone even if I'm on vacation," said Zito. "Any time you remove the individual from the control it does help, but I think there are things that could be discounted or watered down based on other controls that employees might have."
Time For 'Skepticism'
He added that employees committing fraud are most likely going to put their own controls in place to ensure the fraud isn't spotted during their time out of the office.
Zito and others noted that one of the most important controls a CU can put in place is a watchful eye.
"You have to have very good professional skepticism," he said. "If something doesn't look right, it's probably not right. ... You have to be very objective as a manager. That's not to say that you distrust everybody, but you get the facts, and you can't use relationships or friendships and what you feel about the person to cloud your judgment. If you do that, then I think you're going to really, really improve the chances of identifying these things."