Article by Marius Porceanu, Founder CEO SPIA – Secret Private Investigations Agency
Frauds that take place in the banking & financial industry benefit from increased media attention and not only. The reasons for that are easy to understand. But, although it is one of the most targeted by fraudsters, whether we are talking about our own employees or about external organized crime groups, the financial-banking field is also one of the best protected.
We need to look at bank fraud from 3 perspectives:
- Internal fraud is committed by employees, regardless of their level of authority.
In most cases of corporate anti-fraud investigations that we have conducted over the years, we have identified illegal acts individually executed rather than complex fraud schemes. But even so, their number is not very high.
The most common are frauds committed by employees who have a certain level of access to banks’ IT platforms and who have diverted various amounts of money from customers’ accounts to other accounts and beneficiaries.
If the employees of the banking-financial institution who commit internal fraud are system administrators, the situation is aggravated, because their access level allows them to change the security conditions of the accounts or the limits established on the electronic means of payment. Thus, they can commit fraud including by deleting specific process logs.
Among other ways of fraud that SPIA specialists faced in the investigated cases were the malicious approval of non-performing loans, either to meet their performance indicators or by conditioning the approval of some loans by the return of a share to the bank employee who approved the loan.
Lately, in Romania, as a result of digitalization and increase of the security degree within the banking-financial institutions, the share of internal frauds compared to the external ones is decreasing. In addition, internal fraud is discouraged by the easy traceability of the bank’s employees’ operations.
2. External fraud is committed by persons or groups of persons outside banks.
External fraud, although more pronounced, is not so common compared to other types of fraud. Perhaps because the success rate in terms of identifying and holding authors accountable is quite high, and the cases in which they have been discovered and brought to justice have been heavily publicized.
The spectrum of fraud types is wide, but most of the anti-fraud investigations we conducted were aimed at documenting the activities carried out by groups specialized in the recruitment of homeless people.
Companies were set up in their name or their financial history was invented and even modified. For example, false documents proving seniority in employment for companies outside Romania were created. These homeless people have only one assigned role: to lend various amounts of money with the intention of not paying them back.
During our corporate anti-fraud investigations, we also faced the simultaneous loans method. The type of people described above applied to several banking institutions for low value loans, on the same day. Although there are communication and collaboration platforms between banks, the dissemination of information was done with a small delay, which coordinators of illegal groups took advantage of. Their main purpose? To obtain as many loans from as many financial-banking institutions as possible at the same time.
After fulfilling the mission they were recruited for, the people used by organized crime groups in the fraud process are sent back to the initial homeless environment. Identifying and prosecuting them and the coordinators of criminal groups is thus difficult.
- Mixed fraud is that type of fraud in which external fraudsters, such as organized crime groups, recruit employees in key positions, who have access to the system and/or management rights.
Due to the automation and digitalisation of the internal banking security processes, we have noticed a significant decrease in the organized crime groups’ desire to recruit and act in complicity with internal fraudsters, the employees. It is equally true, however, that the latter are no longer as receptive to being drawn into fraudulent collaborations.
This does not mean that organized crime groups have not adapted their strategy and action plans to attacks on the banking system. They continue to target banks with a lower level of security, which allow, without detailed control, the approval of non-performing loans or the withdrawal of certain amounts of money from accounts fed with fraudulent money, from illegal operations.
But even if it is not the most fraudulent, the banking& financial industry is certainly extremely exposed to the risk of bearing negative consequences in terms of reputation, especially if the case is publicised.
In the event of a major incident involving a banking institution, the law prohibits its appointment by name and not only for reasons related to the bank’s reputation. In this field, the clients’ trust in the institution is fundamental. Once lost, major difficulties can arise in running the business, which can lead to imbalances in the economy.
Just imagine what effects there would be for a reputable bank if most customers decided to transfer or liquidate their deposits at the same time.
In most of the cases, SPIA investigators worked closely with banks’ anti-fraud departments and took action on two levels at the same time. They identified and gathered evidence of the external factors’ illegal activity and performed background-check integrity tests on some of the banking institutions’ employees.
The fact that the internal fraud’s proportion is low does not mean that it does not exist. In order to document the causes that generate it, a private investigator has to overcome an important number of obstacles, including those of the legislative nature regarding access to data.
At the same time, fraud caused by external factors has a high level of difficulty in the investigation process, depending on the particularities of the modus-operandi. When establishing our investigative approach and the specific methods we’re going to use, we take several aspects into account:
- the typology of corporate fraud
- the environment in which the attack is initiated: virtual, real or combined
- the type of fraud: phishing, identity cloning etc.
- the way fraudsters will take possession of the money: through bank branches or offshore accounts, the identity of the recipient account’s owner, the places and environments where the money is extracted, how the money are transported and who is the final beneficiary.
As a conclusion, I might say that not only that frauds are taking place in the banking & financial system, but they are complex, regardless of which of the 3 perspectives we are talking about: internal, external or mixed fraud.
