The most surprising element of the recent news concerning alleged fraud at a New York City-based credit union may not have been the theft itself, but the size of the institution associated with it.
Municipal Credit Union CEO Kam Wong was charged with a slew of financial crimes, including embezzlement, fraud and other offenses in connection with the theft of millions of dollars through a multitude of long-term criminal schemes since at least 2013. That has certainly happened to credit unions before, but usually at much smaller institutions, not a nearly $3 billion-asset shop like Municipal.
Wong is alleged to have used the funds to pay for everything from millions of dollars in lottery tickets to repairs on a luxury vehicle, and while the credit union’s board has placed Wong on leave and apologized to members, the saga raises a variety of questions, both for Municipal itself and for the movement as a whole. How was Wong able to steal so much? Why did the credit union’s anti-fraud policies fail so spectacularly? How could this happen in a large credit union which presumably has a variety of checks and balances in place precisely to prevent this sort of thing? And what will the long-term impact be in terms of board oversight and how regulators approach fraud prevention at institutions of all sizes?
‘Enormous and shocking’
So how exactly could something like this happen – especially with a board in place to oversee the chief executive and presumably separation of employees’ duties to limit such opportunities?
John Buzzard, industry fraud specialist at CO-OP Financial Services in Rancho Cucamonga, Calif., a provider of payments and financial technology to credit unions, described the size and scope the Municipal incident as “pretty enormous and shocking.”
“As the investigation unfolds we may discover that the loss resulted from the suspect having too much privileged access and oversight,” he said. “Given the right circumstances, that would inhibit routine best practices. The sheer length of this case spans about five years – that's a very long, protracted period of time to evade detection or raise suspicion at any-sized financial institution."
Steve Williams, a founder and partner at Cornerstone Advisors, a company that provides strategic consulting services to financial institutions, said he thinks the recent development at MCU represents an “isolated incident” and that internal controls at large-asset institutions are generally in strong shape.
Emphasizing that Wong has not been convicted of anything and that he is not privy to MCU’s culture, Williams does not view this scenario as a failure in corporate governance, but rather a systematic failure of internal controls at one particular credit union.
Buzzard noted that chances of such fraud and embezzlement could be greater at smaller credit unions where one executive may have several different jobs and duties – and less oversight.
"The chances [of fraud] are often greater [in smaller institutions] because it places the initiator of the embezzlement into access roles that allow them to steal,” he explained. “This often means that they are also clouding the audit trail due to a lack of oversight."
Best practices for fraud prevention
What can credit unions do now in the wake of the allegations at MCU?
Buzzard recommended credit unions always have “as many authorization levels as possible.”
“There are standard best practices that are to be followed as set forth by regulators -- these aren't a surprise to anyone, but they do have to be adhered to in order to minimize loss," he added.
But, given the early stages of this investigation, Buzzard was not ready to blame the MCU board for Wong’s alleged crimes.
“It's impossible to cast doubt pending the outcome of what promises to be a long forensic investigation," he said.
Williams said that, going forward, MCU and other credit unions must upgrade and tighten their internal controls, namely the areas of internal accounting, audits (both internal and external), regulatory exams and internal whistleblower capabilities.
“It’s a multilayered program and should always be monitored,” he noted. “It’s also crucial to implement separation of control among top-level executives.”
Wong was also a long-tenured employee at the credit union, noted Williams, and one who had worked his way up in the ranks.
“He climbed up the ladder there and perhaps after gaining some familiarity with the inside workings of the company, yielded to opportunity and temptation,” he said. “But you can’t possibly identify criminal tendencies during the hiring process.”
So will there be any wider fallout beyond the impact at Municipal?
For his part, Williams said he does not expect the rest of the movement to feel much impact.
”I think most people realize that fraud can occur anywhere and that these acts do not reflect the culture at either MCU or credit unions in general,” he said. “But I do think it could lead to credit unions strengthening the rigor and scrutiny of their internal controls and operations.”
And there could even be an upside, Buzzard said.
“Adversity makes us all stronger,” he said. “Each time a professional member of the community commits an illegal act it reminds us that we need to be vigilant in following protocol and basic audits. This won't hurt the credit union movement, but it will absolutely be a call to order that spurs credit union executives to lean in and learn from this incredible story."