The Cost of ‘Looking the Other Way’

Cifas Fraudscape Report 2022 revealed that 41% of cases recorded to their Internal Fraud Database were in relation to dishonest actions carried out by employees, with the majority of filings concerning the theft of cash from an employer.

We know that increases in any of the Fraud Triangle’s three components - opportunity, incentive and rationalization can drive an increase in the likelihood of an individual committing fraud. This is especially important as the financial pressures of the cost-of-living crisis weigh on employees and the risk of insider threat increases for many organisations.

Aside from offering support to anyone in your organisation who is struggling amid the cost of living crisis - and there are some great support ideas in this Cifas blog - what else can you do to help mitigate the insider threat?

What tools do you already have at your disposal?

While your AML compliance solution will be monitoring transactions for suspicious activity, it’s beneficial to also turn this lens inward to look for instances of internal fraud.

Having a solution flexible enough to address multiple requirements gives you the benefit of dealing with a single, known vendor without the need for retraining or using multiple interfaces, all while getting more value from your solution.

Examples of potentially suspicious activity relating to internal fraud that you might consider using your transaction monitoring solution with which to alert you include:

• Unexpected Colleague Activity: Detecting unexpected activity by colleagues, such as removing an account block, processing a withdrawal from a deceased or dormant account, looking at customer records more than usual, or records you wouldn’t expect.
• Unexpected Account Activity: Monitoring changes to accounts that may suggest an attempt to circumvent controls, such as repeatedly changing an account address, particularly on either side of a withdrawal.
• Unexpected Relationships: Repeated transactions between specific colleagues and customers, specifically at different branches.
• Activity at Unusual Times: Colleagues accessing systems at unusual times, such as late at night or on weekends.

Controls to reduce the reliance on employee integrity and reporting to detect financial crime.

A very real concern with the cost of living crisis is that employee integrity may well be challenged, with the fear being that some may be driven by financial pressures to rationalise ‘looking the other way’ as being ‘ok’ and ‘not causing any real harm’ given their circumstances. ‘Looking the other way’, for example, may take the form of knowingly opening money mule accounts, or failing to raise suspicious activity reports (SARs) when unusual transactions take place. Taking it a step further, what if a colleague in a branch has a friend in the financial crime team, someone who can keep an eye out for these cases where suspicious activity has occurred, but a SAR has not been raised? When they are flagged on the transaction monitoring system, the friend can simply close that alert down.

A staff member might be subject to coercion. We have seen examples of staff being forced into passing customer data to organised crime groups, thinking of it as a one-off event - maybe to repay a debt. In these circumstances, the staff member is often subsequently blackmailed into providing more and more data, with threats to expose their activity to the employer if they refuse.

So how can these types of risks be controlled from within your organisation?

Consider how you use your existing transaction monitoring system’s capabilities to detect when someone may be ‘looking the other way’. Are you able to identify repeat instances, by the same person? Can you identify an investigator who closes cases without completing the appropriate checks? Does your transaction monitoring solution allow you to carry out adequate quality assurance across your team to ensure quality and consistency of work? If you have concerns about a scenario like the one above where two individuals might be working together to ‘look the other way’, can your transaction monitoring system provide you with data to check all the work completed by an individual member of your team, or provide information to facilitate a process of regular spot checks as a control to mitigate the risk of genuine errors or deliberately ‘looking the other way’?

Using your automated transaction monitoring solution’s audit trail of all activity by users, reports on activity can be run and decisions quality assessed. In addition to your existing Quality Assurance activity, you may wish to configure your workflow to ensure high-risk cases and their outcomes – especially those closed with no further action - are checked by a second team member before they are closed.

It’s also worthwhile making sure that the analysts working those transaction monitoring alerts, who should have raised a SAR but didn’t are, as part of ongoing training and development, given feedback.

As important as it is to identify and deal with these situations, it's also important to engage with your Human Resources team. Not only is it important to make sure that staff feel able to safely report if they are feeling threatened, it’s also vital that any monitoring of staff is reasonable and proportionate to the risk.

About the Author

Claire Rees is a Client Manager in the UK for Jade ThirdEye, a secure SaaS solution purpose-built to automate ongoing transaction monitoring, customer screening, and reporting.

Claire has over 21 year's experience working in Risk Management roles in financial services, 17 years of which were spent specialising in Financial Crime Prevention in a number of senior roles including most recently as Head of Fraud and AML with a mortgage lender and service provider. Claire has participated in many regulatory and industry Financial Crime panels including a Government AML advisory panel and the Cifas Insider Threat Advisory Board which explored ever-changing insider fraud threats.