How to Combat Internal Fraud in a Hybrid Work Environment 

During periods of economic crisis or contraction, financial institutions detect more fraud as hidden issues become known. Internal fraud, however, is different as it is driven by motivations or financial pressure. With the pandemic forcing a shift towards a hybrid working environment and many employees reaping the benefits of a new way of working, it has also unwittingly invited opportunities for insiders to operate. According to the Chartered Institute of Internal auditors (UK), “hybrid working created a “culture crisis” for companies by eroding staff loyalty and by making it harder to retain talented employees and easier for individuals to conceal fraud.” 

 Is the incidence and risk of internal fraud growing? Many experts believe it is.  

The Rise of Internal Fraud 

The number of internal banking fraud cases is likely to be under-reported as financial institutions are often reluctant to publicize these events. Bringing cases to prosecutors means bringing them into the public eye, which creates concerns about undermining customer trust and creating negative exposure.  

According to the ACFE Occupational Fraud 2022 report “A Report to the Nations” estimates that organizations lose ~5% of revenue to fraud each year. Also, 42% of frauds were detected by tips but in a working from home environment with less in person supervision, this places more reliance on organizations and managers to be able to effectively supervise and monitor their employees.”

Insiders pose the greatest risk to financial institutions because they have the knowledge and insight to manipulate their organization’s systems. Carnegie Mellon University’s Software Engineering Institute’s study on ‘Insider Fraud in Financial Services’ found that “insiders pose a substantial threat to financial services companies by virtue of their knowledge of and access to proprietary systems and their ability to bypass security measures through legitimate means.”  

All banks and financial institutions face this problem. No bank is exempt.  

Challenges to Combatting Internal Fraud 

One of the key challenges for those responsible for preventing internal fraud is that there is no clear profile of the “corrupt bank employee.” Age, gender, demographics, location, number of years of service — none of these factors provides a strong correlation with internal theft or fraudulent activity.  

What motivates an employee to engage in unethical and illegal activity is complex, whether it is dissatisfaction because they feel undervalued, or it is simply opportunistic. To add to this complexity, while some corrupt employees use the money they steal for personal gain or to fund their lifestyle, in many instances, employees find themselves compromised by others – such as organized crime groups — and, willingly or not, become accomplices, providing access to bank records and customer information, or taking other actions that enable these thefts to occur. And the illegal activity may not always be outright theft — it could be the facilitation of money laundering or other illegal activity.

As stated in PWC’s Global Economic Crime and Fraud Survey 2022, the collusion between internal and external actors has risen to 26% – up from 21% in 2020. This unsettling trend is likely to continue, more so with the prevalence of social media providing an easy avenue for criminals seeking to compromise or groom vulnerable bank employees. These often poorly monitored platforms have made so much personal information available at the click of a button which – in the wrong hands – can be misused and exploited. 

While the challenges to tackling internal fraud are vast and pervasive, there are now proven tools and tactics banks can use to improve their detection and prevention of fraudulent criminal activity.  

Six Best Practices for Internal Fraud Detection & Prevention 

There are several detection tools and methods which, if properly and consistently executed, can help combat insider fraud. These include:

1.  Monitoring bank employee transaction activity
2. Sphere of influence detection (personal relationships)
3. Anomaly detection re: employees’ behavior
4. Uncovering undisclosed conflicts of interest (outside business / financial interest)
5.  Monitoring logon/access to IT and security systems (including changes made in contact details)
6.  Formalizing organizational learning based on past fraud events

Successfully implementing these tactics as part of a complete fraud prevention program requires utilizing a range of data and data types; and having effective IT tools that enable the analysis of that data.  

For instance, data from Human Resources can be combined with open source and other external data sources to enable an effective system for employee “sphere of influence” monitoring. Corrupt insiders often try to avoid detection by transferring money into accounts controlled by personal associates and/or family members, but with a sphere of influence database and an effective analytic tool, any links between a corrupt employee and collaborators – including telephone numbers, addresses, social media links, family relationships, past transactions, and so on – will be flagged immediately.  

Similarly, in cases in which a corrupt insider makes improper transfers of money to or from commercial accounts, an effective analytics program can reveal links between that employee and receiving accounts.  

Another key element of an effective internal fraud prevention program is Entity Resolution, which can ensure that common obstacles to resolving entities — variations in names, spelling, dates, addresses, etc. — do not prevent the clear, accurate resolution into a single entity, be that a person or a business. The more data that can be brought into a fraud monitoring system, and from a wider variety of sources, the better.  

Data is Fundamental in Preventing Fraud 

It is encouraging that more and more banks have recognized the value of using analytic tools to prevent fraud. The same Kroll research report cited above found that in Financial Services, data analytics was rated the most effective method of detecting incidents (by 75% of respondents). 

One further challenge when working with financial institutions evaluating additional investments in their fraud prevention technology relates to cost accounting. Often, one department’s budget may be expected to absorb the full cost of the project, but in fact, benefits of an improved data analytics system are virtually always spread over a range of areas and — viewed properly — can be documented as contributing to many departmental and organizational objectives, not solely to internal fraud prevention.  

The banks that recognize this fact are guaranteed to have a strategic advantage.