Protecting Your Credit Union from Fraud: Insider Threats and Scams

Fraud is a constant concern for credit unions, as they are targets for both insider abuse and external scams. According to the Association for Certified Fraud Examiners' 2020 Report to the Nations on Occupational Fraud and Abuse, internal control weaknesses were responsible for nearly half of all fraudulent activity. To combat fraud and protect their members, credit unions must establish strong internal controls, detect and respond to red flags, and educate their employees and members about common scams. In this article, we will discuss the key strategies credit unions can employ to deter insider fraud and safeguard against external scams.

Deterring Insider Fraud

Insider fraud, perpetrated by employees or officials within a credit union, poses a significant risk to its financial security. To deter insider fraud, credit unions should implement a series of internal controls and policies. These measures will help establish a strong deterrent and ensure that employees are aware of the consequences of fraudulent activities. Here are some effective strategies to consider:

1. Establish a Fraud Policy

Developing a stand-alone fraud policy separate from personnel policies is crucial. This policy should clearly outline the credit union's expectations regarding fraud prevention, detection, and consequences. It should also address whistle-blowing procedures, mandatory vacation days, employee conduct, and actions the credit union will take if fraud is discovered. Regularly review and update the policy to reflect changing circumstances and provide annual training to all employees to ensure awareness and compliance.

2. Segregate Duties Properly

Clearly define roles and responsibilities for each employee to manage fraud risk effectively. Segregating duties ensures that no single individual has complete control over a transaction from initiation to completion. For smaller credit unions with limited staff, the supervisory committee or an independent third party should actively provide the necessary checks and balances.

3. Bond Employees and Perform Background Checks

Credit unions are required to purchase fraud and dishonesty bonds that cover all employees, directors, officers, supervisory committee members, and credit committee members. Additionally, conducting thorough background checks can help mitigate the potential for fraud. Credit unions should screen all new hires, board members, and supervisory committee members, and periodically update this information to ensure the ongoing integrity of their staff.

4. Adopt Proper Internal Controls

Implementing robust internal controls is crucial for preventing and detecting insider fraud. Some essential internal controls include:

Dual controls: Requiring two or more individuals to authorize and perform critical transactions, such as cash handling or fund transfers.

Computer access controls: Limiting employee access to specific systems and data based on their job responsibilities.

Member-account verification: Regularly confirming the accuracy and validity of member account information.

Surprise cash counts: Conducting unannounced cash counts to deter and detect theft.

Timely recordkeeping: Ensuring accurate and timely recording of financial transactions.

Limiting employee access to accounts: Restricting employees' access to their own accounts and family member accounts to prevent unauthorized activities.

Annual audits: Conducting comprehensive audits to assess the effectiveness of internal controls and identify potential vulnerabilities.

Compliance with NCUA regulations: Following the audit and account verification requirements outlined by the National Credit Union Administration (NCUA) to ensure compliance and transparency.

Detecting Insider Fraud

Credit union employees and officials are often the first line of defense in detecting insider fraud. By being vigilant and aware of red flags and irregular behavior, employees can identify potential fraud early on. Here are some methods credit unions can use to detect insider fraud:

1. Review File Maintenance Reports

Routinely review non-financial transaction reports for irregularities, such as changes to loan due dates, interest rates, addresses, or do-not-mail lists. These reports can provide valuable insights into potential fraudulent activities.

2. Review Employee and Employee-related Accounts for Unusual Activity

Monitor employee and employee-related accounts for any unusual or suspicious activity. This can include fictitious loans, large deposits or transfers, potential kiting (manipulating funds between accounts), and missed loan payments. Regularly review these accounts to identify any anomalies or signs of fraudulent behavior.

3. Perform Timely and Effective Audits and Member Account Verifications

Supervisory committees and the board of directors should ensure that internal controls are regularly audited and verified by appropriate staff, either internally or externally. Any suspicious items or discrepancies should be promptly reported to the supervisory committee for further investigation. The board of directors should take swift and appropriate action based on the committee's findings.

4. Follow-up on Employee Red Flags

Pay attention to any lifestyle or behavior changes in employees that may raise concerns, such as gambling habits, excessive spending, outside employment, or drug use. Additionally, take note of any employee who consistently fails to take vacation or sick leave or does not comply with the credit union's policy on minimum days off. These red flags may indicate potential financial difficulties or fraudulent activities and should be reported to superiors or the supervisory committee for further investigation.

Responding to Insider Fraud

If fraud is discovered within a credit union, it is crucial to take immediate action to safeguard the credit union and its members. Here are some proactive steps to consider in response to insider fraud:

1. Contact Legal Counsel

Notify the credit union's legal counsel as soon as fraud is suspected or detected. Legal counsel can provide guidance on the appropriate actions to take and ensure compliance with relevant laws and regulations.

2. Place the Employee(s) on Leave and Terminate Employment

Pending review and investigation, place the suspected employee(s) on leave. In consultation with legal counsel, determine if termination of employment is warranted based on the severity of the fraud. Termination may be necessary to protect the credit union and prevent further harm.

3. Contact the Bond Company

Notify the credit union's bond company about the fraud incident. The bond company can guide the credit union through the claims process and provide financial protection for any losses incurred due to the fraud.

4. Increase Supervisory Committee Audits and Verifications

To prevent future instances of fraud, increase the frequency and intensity of supervisory committee audits and verifications. This will help identify any weaknesses in internal controls and ensure ongoing compliance with regulations.

5. Change or Limit Access to Buildings, Data Processing Systems, and Accounts

To restrict the access of potential suspects, change access codes for buildings, vaults, and teller drawers. Remove remote access privileges, update login credentials for data processing systems, and change or delete email passwords. These actions will prevent unauthorized access and limit the opportunities for further fraudulent activities.

6. Collect Keys and Notify Law Enforcement

Collect keys from suspected employees to prevent re-access to credit union premises. Contact local law enforcement to report the fraud incident and provide any relevant information to aid in their investigation.

7. Notify the NCUA

As a regulatory requirement, notify the appropriate regional office of the National Credit Union Administration (NCUA) about the fraud incident. Promptly reporting the fraud helps protect the credit union and its members and ensures compliance with regulatory obligations.

Reporting Suspected Fraud to the NCUA

Credit union members, volunteers, and staff can play a crucial role in detecting and preventing fraud by reporting suspicious activities to the NCUA. The NCUA's toll-free Fraud Hotline (800-827-9650) provides a channel for reporting potential fraud situations. Reports can be submitted anonymously or with contact information for further discussion with agency staff. The NCUA's online fraud reporting form also allows individuals to provide detailed information to assist in the evaluation of reported concerns.

External Fraud: Types and Prevention

In addition to insider threats, credit unions must also be vigilant against external fraud. Various types of fraudulent activity can affect credit unions, including consumer fraud, cyber fraud, and fraud through third-party relationships or vendors. These types of fraud are constantly evolving, and credit unions must stay informed about current fraud trends to assess their fraud risks effectively. Here are some key points to consider:

Consumer Fraud

Consumer fraud occurs when individuals are deceived or misled in financial transactions. It can include scams involving fake products or services, identity theft, phishing, or other forms of manipulation. Credit unions can protect their members by educating them about common consumer fraud schemes and providing guidance on how to identify and avoid them.

Cyber Fraud

Cyber fraud refers to fraudulent activities that occur online or through electronic means. It includes phishing scams, malware attacks, data breaches, and other forms of cybercrime. Credit unions should invest in robust cybersecurity measures, such as firewalls, encryption, and employee training, to safeguard against cyber fraud. Regularly updating and patching software, implementing strong password policies, and conducting regular vulnerability assessments are essential steps in preventing cyber fraud.

Fraud through Third-Party Relationships or Vendors

Credit unions often rely on third-party vendors for various services, such as payment processing or data management. However, these relationships can also expose credit unions to potential fraud risks. To mitigate these risks, credit unions should perform due diligence when selecting vendors, conduct periodic audits of vendor activities, and establish clear contractual agreements that outline responsibilities and expectations regarding fraud prevention and detection.

Reducing Fraud Liability: Education and Prevention

Reducing fraud liability is crucial for credit unions to mitigate losses and maintain strong relationships with their members. Educating members about fraud risks and prevention strategies is an effective way to achieve this. Here are some steps credit unions can take to promote fraud prevention and education:

1. Provide Financial Education and Counseling

Offer financial education programs and counseling services to members to enhance their understanding of fraud risks and prevention measures. These programs can cover topics such as identity theft protection, safe online practices, and recognizing common fraud schemes.

2. Promote Credit Reporting

Encourage members to regularly review their credit reports to identify any unauthorized or suspicious activities. Provide guidance on how to dispute inaccurate information and take proactive steps to protect their credit profiles.

3. Establish Account Guidelines and Forms

Develop clear and comprehensive account guidelines to inform members about their rights and responsibilities. Provide easy-to-understand forms for account opening, transactions, and disputes to ensure transparency and reduce the potential for misunderstandings or fraudulent activities.

4. Collaborate with Law Enforcement and Regulatory Agencies

Maintain open lines of communication with local law enforcement agencies, regulatory bodies, and industry associations to stay updated on current fraud trends and prevention strategies. Sharing information and collaborating on fraud prevention initiatives can help credit unions stay one step ahead of fraudsters.

Conclusion

Fraud prevention is an ongoing challenge for credit unions, given the evolving nature of both insider threats and external scams. By implementing robust internal controls, educating employees and members about fraud risks, and staying informed about current fraud trends, credit unions can effectively deter and detect fraudulent activities. By prioritizing fraud prevention and protection, credit unions can maintain the trust and confidence of their members, ensuring a safe and secure financial environment for all.

Nudge Money helps credit unions 10x their marketing ROI by infusing hyper-personalized financial guidance into existing communications. We simplify the complex processes of marketing, financial wellness, and data, so your credit union can boost cross-sales and build loyalty.

LEARN MORE→