The Insider Threat: A Critical Challenge for Financial Crime Prevention

Insider threats are no longer rare anomalies. They are now central to the fraud and financial crime landscape, affecting organisations across various sectors and jurisdictions. A recent joint briefing by Cifas and ACAMS, “The Threat from Within: A Growing Concern,” explored how internal actors – whether malicious, negligent or coerced – can, and do, compromise systems, processes and controls. In this piece, Joby Carpenter, Global SME, Cryptoassets and Illicit Finance at ACAMS, explores the evolving challenges of insider threats in financial crime, providing insights and analysis on several cases.

Understanding the modern insider threat

Traditionally, insider threats were associated with rogue traders or disgruntled employees. Today, the definition has expanded. Insiders may collude with organised crime groups, be embedded by state actors, or simply fail to act when witnessing suspicious behaviour. These individuals can act as facilitators, enablers or gatekeepers, often bypassing internal controls and exploiting trust.

The case studies reviewed by Cifas and ACAMS reveal that insider threats are not isolated incidents. They are often part of broader, complex fraud and money laundering schemes, with insiders playing a pivotal role in both executing and concealing the crime.

Lessons from recent breaches

Equity Bank, Kenya
An internal audit uncovered a $11.6 million fraud over just 90 days. Stolen IT credentials from a senior payroll manager enabled over 40 unauthorised transfers to external accounts. Staff at all levels were implicated, from senior managers to junior clerks. Some were directly involved, while others failed to report suspicious activity. The fallout led to over 1,200 employees being dismissed or laid off. This case highlights how insider risk can infiltrate routine transactions and underscores the need for proactive behavioural monitoring.

U.S. State Department
A budget analyst embezzled over $650,000 by manipulating vendor records and submitting false payment authorisations. Her privileged access, combined with weak segregation of duties and limited oversight, allowed the fraud to continue undetected. This case demonstrates the importance of robust internal controls, especially in procurement and vendor management.

CFA Institute
A senior executive misappropriated millions through fake expense reimbursements and fraudulent vendor payments. The fraud spanned several years and involved forged documentation and oversight failures. Warning signs included unexplained lifestyle changes, resistance to audits and a reluctance to take leave. This might have been detected earlier had the insider’s behaviour had been analysed appropriately and with an efficient whistleblower procedure.

NHS Scotland procurement fraud
Four individuals, including an insider, were jailed for manipulating procurement processes facilitated through bribes. Contracts were awarded to favoured firms, sometimes for inflated or unnecessary services. This case illustrates how procurement fraud can lead to money laundering via shell suppliers and inflated invoicing. Regular vendor audits and clear segregation of procurement authority are essential safeguards.

Coinbase insider breach
Hackers recruited rogue call agents to gain access to internal systems. These insiders provided credentials or facilitated backdoor access in exchange for cash. This hybrid threat – where external actors exploit internal vulnerabilities – shows how digital asset firms are increasingly targeted. A single compromised employee can trigger systemic failures in anti-money laundering and sanctions compliance.

North Korean laundering networks
A civil forfeiture case revealed how North Korean-linked actors laundered over $7.74 million using shell companies, compromised exchanges and fake identities. Insiders placed in digital exchanges and regional banks played a key role. Remote work and spoofed job roles allowed state driven actors to embed themselves within financial workflows. This case highlights the need for rigorous recruitment due diligence and vendor management.

Common themes and control gaps

Across these cases, several patterns emerge:

• Collusion with external actors: Insiders are often motivated by personal grievances, financial pressure or external coercion.
• Long-term activity: Many schemes lasted months or years, enabled by weak audit functions and override-prone cultures.
• Interconnected risks: Insider threats intersect with cybercrime, sanctions evasion, procurement fraud and crypto-enabled laundering.

Recommendations for anti-fraud professionals

To address insider threats effectively, organisations should consider the following measures:

• Red team exercises: Simulate internal breaches to identify weak access points and test system resilience.
• Cross-department collaboration: Insider threats span HR, cybersecurity, anti-money laundering (AML) and compliance. Interdisciplinary teams can improve detection and response.
• Employee risk scoring: Assess staff risk based on access levels, financial pressures and behavioural anomalies, similar to customer risk scoring in AML.
• Whistleblower protections: Encourage safe and anonymous reporting. Many insider threats are uncovered internally, and timely reporting can prevent escalation.
• Typology libraries: Develop role-specific threat models to tailor detection systems. Risks vary between procurement officers, IT administrators and HR professionals.

Conclusion

Insider threats are a growing concern that demand systemic change. The examples presented here, from government departments to fintech firms, are not outliers. They are indicators of a broader vulnerability. By reframing insider threats as a core component of financial crime risk management, organisations can better detect, deter and defend against the threat from within.

How can ACAMS help with insider threat awareness

ACAMS equips professionals with the knowledge and tools to combat fraud and financial crime. Their collaboration with Cifas addresses fraud as a systemic risk that requires organisational response, rather than a personnel problem.

ACAMS offers globally recognised certifications, training programmes and thought leadership that support the development of robust internal controls and fraud prevention strategies. One such programme is the Certified Anti-Fraud Specialist (CAFS) certification, which provides a comprehensive learning framework tailored to banks and non-bank financial institutions to prevent, detect, and respond to fraud.

For professionals working in AML, sanctions, or fraud, ACAMS offers excellent resources for staying ahead of emerging threats and building resilient organisations.