Great Internal Controls and Then It Happens – Fraud

Even the most comprehensive internal control structure cannot guarantee fraud prevention. All internal control structures have certain fundamental limitations; judgment considerations, breakdowns, management override, materiality, point-in-time evaluations and cost/benefit considerations. Yet, internal control is not one event or circumstance, but a dynamic process that requires constant review and modifications. When any one or more than one of these instances occurs, the best of internal control systems will have an opening that allows the possibility of fraudulent activity. The best fraud preventive technique that management can consistently practice is monitoring and reviewing activities of the organization. This activity creates the perception of detection and discourages fraudulent activity.

Particularly financial institutions are at risk for fraudulent activity when cracks occur in their internal control structure. With the 1st Circuit of Appeals decision in the Patco vs. Ocean Bank, financial institutions realized that they were at risk for any fraudulent activity occurring in one of their customer accounts. The Court cited that the Federal Financial Institutions Examination Council standards were relevant and comparable standards of care for financial institutions.

Then, in Choice Escrow and Title vs. BancorpSouth Bank, the 8th Circuit of Appeals found in favor of BancorpSouth Bank, citing when a customer insists, declines and signs a waiver declining the bank’s recommended practice for security, the bank cannot be held liable when fraudulent activity occurs. While most consider this case a “win” for financial institutions, the underlying issue of this verdict is the client’s insistence on using a higher-risk procedure because it was more convenient and/or cheaper.  Many do not believe that financial institutions really “won” with this verdict.

Unique Fraud Challenges for Banks

Financial institutions face several fraud risks that are unique to their organizations. Loan fraud, real estate fraud, mortgage fraud, new accounts fraud, money transfer fraud and ATM fraud. Additionally, they are susceptible to embezzlement, technology issues, money laundering and other associated white-collar crimes that other types of organizations face. In the ACFE’s 2016 Report to the Nations report, 16.8% of banking and financial services organizations were victims of fraudulent activity with an average median loss of $192,000.

Loan fraud consists of loans to non-existent borrowers, sham loans with kickbacks and diversion, double pledging of collateral, daisy chains, linked financing, false applications with false credit information and/or credit data blocking, single-family housing loan fraud, construction loans and loan collateral sold out of trust. These are just some of the schemes related to loan fraud. Loan fraud represents the highest area of risk for financial institutions.

Loans to non-existent borrowers can consist of external fraud or internal fraud. Both cases of loan fraud discussed below relate to internal fraud because employees of the victim institutions issued these loans. Loan officers sometimes make loans to co-conspirators and then share the proceeds. Then payments for these loans come from the funds of new fraudulent loans. Otherwise, these loans become non-performing loans and eventually written off as a bad debt.

Double-pledging collateral occurs when borrowers pledge the same collateral with different lenders before the liens are recorded. The lenders are unaware of the same collateral being used for two separate loans and the borrower does not disclose this information. However, in one of the loan cases discussed below, the employee actually pledged collateral in the form of certificates of deposits from other customers’ accounts for the fraudulent loans in order to conceal the fact that the loans were sham loans.

Daisy-chains mask or hide bad loans by making them look like the loans are recent. A financial institution buys, sells and swaps its bad loans for the bad loans of another institution. While this method is generally used externally between financial institutions, it can be used internally by covering up bad loans by paying off the bad loans with new loans, thus preventing the loan from becoming a non-performing loan.

Sham loans with kickbacks, reciprocal loan arrangements, external daisy chains and linked financing are types of fraudulent activities related to this area of corruption. According to the ACFE’s 2016 Report to the Nation, over 35% of fraudulent activity related to banking and financial services linked to corruption activity. Employees within different banks set up reciprocal loan arrangements by lending funds or selling loans with an agreement to buy back their own loans for the purpose of concealing loans and sales.

With linked financing, large deposits are offered to a financial institution on the condition that loans are made to particular individuals from the institution offering the deposits. The deposits offer a high rate of return, but the loans extend past the term of the deposits.

Credit data blocking is a method used by borrowers in an attempt to receive loan funds that they otherwise would not receive. Often the borrower will claim that delinquent loans on his or her credit report were instances of identity theft, thus removing them from the report until the claim of identity theft is verified. Meanwhile, the borrower will try to receive more loan funds knowing that these loans will default.

Single-family housing loan fraud occurs when the borrowers misrepresent their personal credit worthiness and overstate the ability to pay. Typical activities include reporting inflated income or moving debt to a dependent, inflating the square footage of the housing and even bribing an appraiser to value the housing at a higher amount than market value.

Construction loan fraud offers multiple opportunities for fraudulent activity, including estimates of completion costs, overhead costs, inappropriate draw requests and the release of final funds upon completion of the project. Inadequate supervision by the loan officer increases the opportunities for fraudulent activity, including collusion between the borrower and developer.

Loan collateral sold out of trust simply means that the borrower has sold the collateral without telling the lender and then defaults on the loan. Once the lender tries to recover the collateral, the financial institution discovers that it is missing and previously sold. This type of loan fraud is especially common for financial institutions whose loans involve rental equipment.

Be on the Lookout for Warning Signs of Loan Fraud

The most important red flag or warning sign of loan fraud relates to non-performing loans. Other signs include a high turnover in a developer’s personnel for a construction loan, high turnover in tenant mix, missing documentation in the loan files, unusual loan increases, or extensions just below the lending limits of the lenders, replacement loans (as seen in the case study discussed below), evergreen loans, disguised transactions and cash flow deficiencies for commercial lending.

Red flags for embezzlement activity include the following:

  • Missing source documents
  • Unusual amount of out-of-sequence check numbers
  • Payees on checks to not match entries in general ledger
  • Receipts or invoices lack professional quality
  • Duplicate payment documentation
  • Payee identification information matches an employee’s information or that of his relatives
  • Apparent signs of alterations to source documents or lack of source documents
  • Excessive voids or credits
  • Abnormal increase in reconciling items
  • Payee missing on cashier’s checks, or cashier’s checks made payable to “Cash”

Dimensional testing for employee networks as vendors is an excellent way to determine that the vendor is not associated with an employee. This type of testing not only includes direct relatives, such as a spouse or significant other, but also sisters, brothers, emergency contacts and any other dependents.

To determine the existence of possible conflicts of interest, testing should include inter-relationships between the financial institution, its directors and the directors’ roles in other organizations that may also be a customer of the financial institution.

Loan Fraud Case Study

The first case study for loan fraud covers the embezzlement activity of a loan officer that took over $176,000 in about 18 months. There were new accounts set up for different customers using fictitious names and addresses that allowed new loans to be issued with money transferred to pay personal debt and expenses. Additionally, the loan officer would pay-off customer loans by issuing new loans with a cash withdrawal generally occurring at the same time. The loan officer destroyed the cash tickets and corrected the payments of the new loans to equal the payments of the older loans so that the customers would be unaware of the transaction.

For the existing customers whose loans were paid off and new loans issued, the loan officer performed maintenance changes to the loans to make sure that next payment due and last payment dates were consistent with the older loan information. In order to make the fictitious loans appear that payments were being made timely, these loans would be paid off with new loans. The loan officer coded one loan as being paid in full when in fact the computer file indicated a balance due. By doing this, the loan remained off the list of loans with balances due. The loan officer changed 19 different customer accounts and loans for transferring the cash from the institution for personal use

This institution used a thirdparty vendor to set up its software and security access without much discussion between the parties. The vendor provided minimum-security access so that it was relatively easy for the loan officer to access user IDs. Then the loan officer changed passwords and logged into the computer under another employees ID to conduct transactions and file maintenance changes to both the fictitious loans and the modified loans from the institutions customers.

The financial institution reported this loan officer to the state regulatory agency to prevent future employment with financial institutions and presented the information to the state district attorney for further action.

Fictitious Loan Case Study

The second case study for loan fraud includes over $500,000 in funds taken from a financial institution using fictitious loans and ACH transactions. This loan officer set up fictitious loan accounts combining information from existing customers using the certificate of deposits of other customers for the collateral of these loans. All loans were under the loan officer’s lending limits to prevent review of the files from others. The loan officer set up new checking accounts and credit cards for these fictitious customers so that anyone else reviewing the files would think the financial institution had a new customer. The funds used to set up these accounts actually came from the proceeds of the new loans. The loan officer used two separate post office box accounts to mail the monthly bank statements and credit card statements.

To prevent the fictitious loans from being past due, the loan officer issued other fictitious loans for these “customers” and used some of the proceeds to make payments for the older loans. The highly educated loan officer washed these loan proceeds multiple times before applying the funds as a loan payment. The loan officer used the proceeds from these loans for personal debt and expenses, including the payment of personal property taxes for two years.

While attempting to cover up the loan activity, the loan officer worked after hours without authorization and constantly made file maintenance changes to prevent these loans from review. The loan files contained doctored applications with some required loan documents missing from the files. Just prior to the start of the institutions annual regulatory exam, the loan officer prepared these files by changing 65 transactions the night before the start of the exam.

This loan officer pled guilty in federal court and sentenced December 2014. The Judge ordered the former loan officer to pay full restitution for funds taken, sentenced to 27 months in a minimum-security federal prison and four years of supervised release. This was the former loan officer’s first offense.

Wire Fraud Case Study

Wire fraud is a forerunner for using technology as its weapon because it is very simple to conduct anonymously using fictitious names and IP addresses. For wire fraud to be successful there must be a contact within the target company aggressive in carrying out the theft, dishonest employees, misrepresentation of identity, penetration of system password security, forged authorizations or unauthorized entry and interception.

The case study for wire fraud involves the identity theft of a shareholder of a financial institution. The “shareholder” emails the bank requesting that funds be wired to another bank while he is out of town. In following procedures, the financial institution requested that the “shareholder” call them to verify the transfer of funds. However, the true person was quite skilled in social engineering using passive aggressive techniques and gently persuaded the funds to be transferred.

While attempting to provide quality service to its customers, especially a shareholder, additional requests for wire transfers over the next three days continued and the bank honored the requests. These funds were wired to various banks in small denominations of $25,000 or less totaling over $250,000 until the balance in the bank account was very small. All of these funds ended in an off-shore bank account within 24 hours.

Embezzlement Case Study

This case study involves embezzlement of funds by the CEO of a financial institution and includes a cover-up scheme using another party and another bank by floating deposits and kiting checks for over a one-year period. Floating deposits make check kiting possible and the CEO and his partner transferred checks back and forth several times a week with some of the individual checks totaling over $50,000. Total amount of embezzled funds was more than $1.5 million dollars by using fictitious loans for the CEO’s farming operations.

The financial institution failed and the shareholders lost all of their investment. Federal Deposit Insurance Corporation (FDIC) covered the customers’ accounts for amounts allowable by FDIC requirements. For this particular case, the result of the fraudulent activity became rather tragic. The CEO committed suicide and the second individual associated with the floating and kiting activity was sued for the funds received prior to the fall of the kiting activity. Ultimately, those funds became property of the shareholders as part of their recovery costs from the collapse of the financial institution caused by the fraudulent activity of the CEO.

How We Help

These case studies represent only a small fraction of fraudulent activity that financial institutions must face. Fraudulent activity is not going to cease simply due to the nature of human behavior. Monitoring activity on a daily basis is a top priority in order to remain diligent in managing risks related to fraudulent activity.

Understanding the risk facing this industry, Elliott Davis Decosimo is ready with a team of professionals dedicated to the Banking and Financial Services well as experienced professionals focused Forensics and Fraud. For more information, contact Pam Mantone at or your Elliott Davis Decosimo advisor.

Printable Version


Resources used for this paper:

Association of Certified Fraud Examiners, 2015 US Fraud Examiners Manual

Association of Certified Fraud Examiners, 2016 Report to the Nation