Defending Against the Latest Fraud Trends

Transcription

1 Defending Against the Latest Fraud Trends Joni Lovingood, CRM, CFE Corporate Property & Casualty Sales Specialist CUNA Mutual Group CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited 2014 CUNA Mutual Group, All Rights Reserved.

2 Internal Fraud 2

3 The Top Victimized Industry According to ACFE Financial Services Industry Highest number of cases Highest percentage 17.8% Median Loss - $200,000 1 out of every 5 losses exceeds $1 million Source: 2014 Report to the Nation on Occupational Fraud and Abuse, Association of Certified Fraud Examiner, Inc. 3

4 Internal Fraud Statistics CUMIS claims data over a five-year period Employee dishonesty and faithful performance losses account for more than 55% of Bond claims dollars paid Association of Certified Fraud Examiners, Inc. Median loss is $150,000 Nearly one out of four losses exceeds $1,000,000 4

5 Internal Fraud 5

6 Famous Last Words It could never happen to us We trust our employees All of our employees are long-term Our controls can t be circumvented We don t employ thieves We live in a smaller community and don t see that type of activity We are a small credit union 6

7 Recipe for an Embezzlement Traits that create a powerful temptation: Need (perceived financial need) Opportunity (weak or non-existent controls) Rationalization ( just this once is a way of life) 7

8 Common Findings Average embezzlement loss typically lasts 18+ months before discovery Employee warning signs can include Control issues Close relationships with vendors / members Overly nervous or defensive Living beyond their means Increase in frequency of vault cash theft Unreported prior acts by employee lead to claim denial More cases of evading detection by side-stepping surprise cash counts Allowing general cash in / cash out ledger entries to sell cash between tellers or drawers to balance Conscious disregard for established and enforced policies 8

9 Who Typically Uncovers Embezzlements? Co-Workers External Auditors Credit Union Management Internal Auditors Regulators Risk Management Supervisory Committee Co-worker / employee tips are the most common detection method The overwhelming majority of employees are honest They are a critically important component of minimizing dishonest acts by others 9

10 Fraud Case Study 1: Perpetrator: Amount: Action: Vault Teller $80,000 Over Two Years Theft of vault and teller cash Vault teller stole $60,000 from vault cash and $20,000 from her cash drawer Theft discovered in Q during a surprise cash count The last surprise cash count was in Q

11 Fraud Case Study 2: Theft of Teller & Vault Cash Perpetrator: Amount: Action: Vault Teller $120,000 Over Two Years Theft of vault and teller cash Stole $100,000 from her cash drawer. Evaded detection during surprise cash counts on drawer by making entries to sell cash to other tellers Entries were reversed afterwards Stole $20,000 in vault cash by taking bait money Vault bait money was never included in surprise vault cash counts 11

12 Fraud Case Study 3: Theft of Vault Cash Perpetrator: Amount: Action: AVP/Vault Teller $826,000 Over Ten Years Theft of vault cash Evaded detection during surprise cash counts on the vault cash by making entries to sell cash to other tellers Moved funds to the ATM general ledger account Entries were reversed afterwards 12

13 Fraud Case Study 4: Theft of Vault Cash Perpetrator: Amount: Action: Manager $2 million over 13 years Theft of vault cash Manager-- knew when surprise cash counts were going to take place Evaded detection during surprise cash counts on the vault cash by making entries to sell cash to a nonexistent cash drawer Reversed the entries to the non-existent cash drawer after the surprise cash counts were completed transferring the balance to a suspense account Was responsible for reconciling general ledger accounts, including suspense accounts 13

14 Relevant Internal Controls - Cash Cash controls that may have prevented the theft or lessened the severity Frequent surprise cash counts At least quarterly (monthly is better) Random days and times (avoid patterns) Include bait money Reconcile count to system totals (not a manually prepared record) Prohibit tellers from: Selling/buying cash to/from each other Making general ledger entries reflecting buying/selling cash from/to vault Block these transactions on system Review transactions initiated by teller or vault teller shortly before start of surprise cash audit Selling cash to other tellers or the vault (if not blocked on system) Transferring funds to the ATM/teller cash dispenser/teller cash recycler Cash withdrawals from member accounts 14

15 Fraud Case Study 5: Fictitious Loans Perpetrator: Amount: Action: VP of Lending $250,000 Over Three Years Fictitious Loans VP of Lending created 3 fictitious loans Opened the fraudulent accounts on the system Disbursed the loan proceeds. Advanced due dates to prevent the loans from appearing on the delinquency report 15

16 Fraud Case Study 6: Unauthorized Loans Perpetrator: Amount: Action: Loan Officer $250,000 Over Two Years Unauthorized Loans Unauthorized shared secured loans created on a dormant account Account was flagged as Do Not Mail Activities were uncovered several months later when the member called to see why statements were not being mailed 16

17 Relevant Internal Controls - Lending Controls that may have prevented the loan officers from embezzling or lessened the severity Segregation of duties in the loan department Review file maintenance reports daily Changing payment due dates Periodic confirmation of member loans by telephone Protect/monitor dormant accounts - Supervisory override - Review transactions on dormant accounts report Do not mail & bad address controls Require a supervisory override to add these flags Generate report of accounts flagged as do not mail Confirm do not mail flag Bankrupt accounts Bad addresses Audit transactions occurring on these accounts Statements mailed to branch offices Generate report of accounts mailed to branch offices Why mail to branch? Audit Transactions 17

18 Fraud Case Study 7: Visa Payments The Den of Thieves Perpetrator: Amount: Action: This was part of a $1 million plus claim. The employees also Approved loans to themselves and family members Exceeded policy limits Some didn t even qualify. Advanced due dates on the loans 280 times Three employees $750,000 Over Two Years Visa payments Used credit card terminal to enter Visa payments on their credit union-issued credit cards reducing their balances Payments were never made Created out-of-balance situation for Visa loans outstanding between general ledger and card processor s records One of the employees was responsible for reconciling the monthly report from the card processor showing the total credit card balance outstanding 18

19 Relevant Internal Controls Card Department Card department controls that may have prevented the theft or lessened the severity Deploy lockout feature on credit card terminal to block card department employees from processing transactions on their own credit card account and accounts belonging to their family members Review monthly report of employees and their family members with credit union-issued credit cards Audit card department employees and their family members credit card accounts Credit limit agrees with approved limit Waiving fees (e.g., late, over-limit and cash advance fees) Unauthorized account reaging (advancing due dates) Monthly credit card report showing the total balance outstanding should be reconciled to the general ledger by someone not involved with card operations and who does not have access to the credit card terminal 19

20 What Can Credit Unions Do? Implement dual control over vault cash, verifying currency shipments and replenishing ATMs/teller cash dispensers/teller cash recyclers Control access to data, information, checks, and cash Maintain an active Supervisory Committee Conduct frequent surprise cash audits (at least quarterly monthly is better) Establish sound controls over expenses File maintenance report reviews Management/internal audit review of internal controls Mandate employee time-off Maintain complete and comprehensive fraud policy Provide fraud training for employees and volunteers Emphasize fraud prevention and maintain a comfortable whistleblower policy Perform Bondability verification and background checks 20

21 Self-Assessment Questions Are you checking and verifying previous employers, references and performing criminal background and Bondability checks for new hires and volunteers? Do you have Zero Tolerance in a Fraud Policy Statement? How are you proactively monitoring employee warning signals? Have you implemented dual control over vault cash, currency shipments, ATM/teller cash replenishments and cash dispensers Are vault cash, cash drawers and ATMs subject to frequent surprise audits? Are you verifying transactions initiated by tellers or vault teller before and after a surprise cash audit? Are sound controls used to monitor expenses and general ledger accounts? Is a whistleblower policy in place to encourage staff to report incidents? 21

22 Bondability Verification & Background Checks Today s job market can require quick hiring decisions. Bondability and background checks can help ensure job candidates will be an ideal employee or volunteer. CUNA Mutual Group s Bondability Verification database is only accessible to Bond Policyholders (must have username and password to access online services) - Contains over 40,000 individuals who lost their bondability under CUNA Mutual s Bond Also, conduct background checks 22

23 Discovery of Employee Dishonest Act Report employee wrongdoing to CUNA Mutual Group Bondability Underwriting regardless of any loss The Fidelity Bond, underwritten by CUMIS Insurance Society, Inc. contains a provision (Condition 9, Subsection 1) that stipulates coverage for an employee terminates automatically when any officer, director, or supervisory staff of the credit union becomes aware of any dishonest or fraudulent acts committed by the employee, or any intentional violations of established and enforced share, deposit, or lending policies by the employee Problems arise when a credit union fails to notify CUNA Mutual Group and elects to retain an employee who committed a dishonest or fraudulent act If the employee subsequently causes a loss and it is discovered during the investigation that the employee committed a prior act, the claim may be denied 23

24 External Fraud 24

25 ACH Booster Payment Fraud Members or fraudsters make fraudulent online payments toward credit card accounts May be in excess of credit card limit Inflates available balance ACH debit transaction created to pull funds from an account at another institution Credit union is usually considered the Originating Depository Financial Institution (ODFI) Responsible for providing a warranty that ACH debit is properly authorized Responsible for any returns by the Receiving Depository Financial Institution (RDFI) Credit union normally still responsible to indemnify vendors for losses caused by credit union members if a card or payment processor is used. 25

26 CASE STUDY 1 ACH Booster PaymentFraud Examples $1B+ credit union Scenario Numerous ACH credit card payments made over three week time period Credit card was used to make additional purchases ACHs returned Mitigation Discuss the exposure and loss control options with your card processor Consider a probationary period before allowing new members to make online credit card payments Review and implement transaction controls from your processor Limit payment amount to balance due or card limit Limit payment frequency to once per month Cap the available balance to the credit limit of the card Consider delaying availability of funds Reg Z credit union must post payment on date received, but no requirement to provide immediate availability of credit Generate and review large payment reports and credit card balance reports on a daily basis 26

27 CASE STUDY 2 ACH Booster Payment Fraud Examples $500 M + Fraudster was an online acquaintance Made several credit card payments over the phone via ACH Various accounts at same financial institution in six states Member sent funds to the acquaintance ACHs returned Scenario Mitigation Discuss the exposure and loss control options with your card processor Consider a probationary period before allowing new members to make online credit card payments Review and implement transaction controls from your processor Limit payment amount to balance due or card limit Limit payment frequency to once per month Cap the available balance to the credit limit of the card Consider delaying availability of funds Reg Z credit union must post payment on date received, but no requirement to provide immediate availability of credit Generate and review large payment reports and credit card balance reports on a daily basis 27

28 Consumer Payments What are the emerging types of consumer payment fraud trends in the marketplace? 28

29 Common Consumer Payment Fraud Trends Local Fraud ATMs PIN-less Debit Less than 50% of breaches are known Debit card compromises at ATMs are up 174% year-over-year PIN-less Debit volumes increased by more than 500% Source: Rippleshot Source: March 2015 LetsTalkPayments.com Source: March 2015 LetsTalkPayments.com 29

30 EMV Recap EMV is an effort to provide a more secure payment card by using dynamic authentication Why use EMV technology? Europe saw an 80% reduction in credit card fraud after completing migration to EMV during the same timeframe, the U.S. has witnessed a 47% increase Fraud liability shifted to weakest link as of October 2015 More work to do: Initial cards have come with magnetic stripes and EMV EMV does not address Card Not Present fraud ATMs and gas stations coming soon EMV Internet Payments Mobile Wallets Fraud Mgmt Source: 2013, Discover Financial Services Source: 2012, EMVCO 30

31 What Do You Think? We re past the fraud liability shift that occurred on October 1 st, What are you seeing from a fraud perspective? 31

32 Consumer Payments Credit Union Loss Scenarios 32

33 CASE STUDY 1 Consumer Payment Fraud Examples Scenario $39 million credit union Card-present fraud on debit cards with no PIN Multiple gas station purchases at the same gas station Out-of-state Transaction performed within minutes of one another Force PIN Globally Mitigation Certain geo-locations Certain BINs Reduce velocity settings Target $ transaction amounts Identify CPP Block / Reissue affected cards Place cards in a higher risk profile Join local FCI Focus on member education to monitor transactions 33

34 CASE STUDY 2 Consumer Payment Fraud Examples $2 billion credit union Scenario Card-present fraud with no signature required Debit transactions under $50 All transactions from large retailer Use PIN-Less identifier to move transactions to a higher risk profile Target retailers by MCC code and/or text field Identify CPP Block / Reissue affected cards Place cards in a higher risk profile Join local FCI Mitigation Focus on member education to monitor transactions 34

35 CASE STUDY 3 Consumer Payment Fraud Examples Scenario $948 million credit union Variety of fraud on both debit and credit Fraud superseding expected fraud rules in place Credit union recently switched card processors Mitigation Check fraud rules and parameter setting regularly to ensure alignment with risk tolerance Ensure strong authentication when removing blocks from transaction or approving overseas travel 35

36 Questions & Answers Joni Lovingood CRM, CFE Corporate Property & Casualty Sales Specialist CUNA Mutual Group 36

37 Disclaimer This presentation was created by the CUNA Mutual Group based on our experience in the credit union and insurance market. It is intended to be used only as a guide, not as legal advice. Any examples provided have been simplified to give you an overview of the importance of selecting appropriate coverage limits, insuring-to-value and implementing loss prevention techniques. No coverage is provided by this publication, nor does it replace any provisions of any insurance policy or bond. Credit Union Loss Scenarios Case Studies The credit union loss scenario claim study examples do not make any representations that coverage does or does not exist for any particular claim or loss, or type of claim or loss, under any policy. Whether or not coverage exists for any particular claim or loss under any policy depends on the facts and circumstances involved in the claim or loss and all applicable policy language. CUNA Mutual Group is the marketing name for CUNA Mutual Holding Company, a mutual insurance holding company, its subsidiaries and affiliates. Insurance products offered to financial institutions and their affiliates are underwritten by CUMIS Insurance Society, Inc. or CUMIS Specialty Insurance Company, members of the CUNA Mutual Group. Some coverages may not be available in all states. If a coverage is not available from one of our member companies, CUNA Mutual Insurance Agency, Inc., our insurance producer affiliate, may assist us in placing coverage with other insurance carriers in order to serve our customers needs. For example, the Workers Compensation Policy is underwritten by non-affiliated admitted carriers. CUMIS Specialty Insurance Company, our excess and surplus lines carrier, underwrites coverages that are not available in the admitted market. Data breach services are offered by Kroll, a member of the Altegrity family of businesses. Cyber liability may be underwritten by Beazley Insurance Group. This summary is not a contract and no coverage is provided by this publication, nor does it replace any provisions of any insurance policy or bond. Please read the actual policy for specific coverage, terms, conditions, and exclusions. CUNA Mutual Group, 2015 All Rights Reserved 37

38 38