1 / 46

Trends in Credit Union Fraud – Detection, Prevention, & Improving Your Risk Management

Trends in Credit Union Fraud – Detection, Prevention, & Improving Your Risk Management. Prepared for the National CU Collector Association Conference March 16 2017, Las Vegas, NV. Agenda Fraud Categories & Schemes Emerging – Card Not Present (NCP) Fraud Red Flags of Fraud

spowers
Download Presentation

Trends in Credit Union Fraud – Detection, Prevention, & Improving Your Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trends in Credit Union Fraud – Detection, Prevention, & Improving Your Risk Management Prepared for the National CU Collector Association Conference March 16 2017, Las Vegas, NV

  2. Agenda • Fraud Categories & Schemes • Emerging – Card Not Present (NCP) Fraud • Red Flags of Fraud • Conducting a Fraud Risk Assessment • Anti-Fraud Control • Booster Payment

  3. Fraud Definitions Violation of trust The use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets.

  4. Summary of Fraud Findings • Typical organization loses 5% of annual revenue to fraud – applied to 2013 Gross World Product translates to potential fraud loss of more than $3.7 trillion annually • Median loss in the study was $145,000 with more than 22% of the cases involving losses over $1 million • Fraud lasted a median of 18 months from ACFE (Association of Certified Fraud Examiners)

  5. Asset misappropriation schemes (fraudulent disbursements, theft of cash receipts, other asset misappropriations) were the most common form of fraud, representing 85% of the cases and least costly at a median loss of $130,000. • Financial statement fraud schemes were the least common form of fraud, representing 9% of the cases and most costly at a median loss at $1 million. Summary of Fraud Findings, cont

  6. Summary of Fraud Findings, cont. • Corruption schemes fell in the middle, comprising just over 37% of cases and causing a median loss of $200,000. • Occupational frauds are most likely to be detected by tips (40%) followed by management review (15%) and Internal Audit (14%). • Small organizations are disproportionately victimized by occupational fraud.

  7. Summary of Fraud Findings, cont. • Public Sector was one of the most commonly victimized industries. • Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. • High-level perpetrators cause the greatest damage to their organizations.

  8. Summary of Fraud Findings, cont. • 77% of frauds were committed by individuals in one of six departments: • Accounting/Finance • Operations • Sales • Executive/upper management • Customer service • Purchasing • More than 85% of fraudsters had never been previously charged or convicted for a fraud-related offense

  9. Summary of Fraud Findings, cont. • Fraud perpetrators often display warning signs – most common behavioral red flag reported in the survey were perpetrators living beyond their means (36%) and experiencing financial difficulty (27%). • Nearly half of victim organizations do not recover any losses that they suffer due to fraud.

  10. How Are Frauds Detected?

  11. How Are Frauds Detected?

  12. Card Not Present (CNP) Fraud Trends Starts with theft of Personally Identifiable Information (PII) or payment dataTesting of stolen data (e.g. BOTS, scripted, high velocity brute force attacks, small value or zero dollar transactions, gas pumps, small charitable donations, vending machines)Email lists to detect existing accounts to target for takeover, using scripted attacks Stolen data is used for account takeover (ATO)High risk merchandise: delivered quickly (e.g. digital), easy to sell/monetize, and/or high resale valueTriangulation: fraudster is set up as a merchant on Amazon/EBay/Craig’s List etc., filling orders with goods fraudulently obtained from merchant and then receiving funds from Amazon/EBay etc.

  13. Fall 2016 Survey - Card Not Present (CNP) Fraud

  14. Fraud Categories & Schemes

  15. Fraud Tree

  16. Asset Misappropriation Employee steals or misuses an organization’s resources. • Most common category of occupational fraud – over 85% of cases reported • Least costly – median loss of $130,000 • Median duration – 12 to 26 months

  17. Asset Misappropriation Schemes • Check Tampering - Steal employer funds by intercepting, forging or altering a check drawn on employer bank account. • Billing - Cause employer to issue payment for fictitious goods or services, inflated invoices or invoices for personal purchases. • Non-Cash - Employee steals or misuses any non-cash assets of the organization. • Payroll - Employee causes employer to issue a payment by making false claims for compensation. • Skimming - Employee steals an incoming payment from an organization before it is recorded on the organization’s books and records.

  18. Asset Misappropriation Schemes • Expense Reimbursements - Employee makes a claim for reimbursement of fictitious or inflated business expenses. • Cash Larceny - Employee steals cash receipts from an organization after it has been recorded on the organization’s books and records. • Cash on Hand - Employee steals cash kept on hand at organization.

  19. Corruption Employee’s use of influence in business transactions in a way that violates duty to the employer for the purpose of obtaining benefit for self or someone else. • 37% of cases reported • Median loss of $200,000 • Median duration – 18 months • Most common area – Purchasing • Employees acting alone or in collusion with vendors/contractors

  20. Corruption Schemes • Kickbacks • Bribery - Improper, undisclosed payments made to obtain favorable treatment. • Diverting Business - Employee receives kickback for directing business to a vendor. • Overbilling - Vendor submits false invoices that either overstate the cost of goods/services or reflect fictitious sales. Employee approves and receives kickback. • Other - External party seeks fraudulent assistance from employees of victim organization.

  21. Corruption Schemes • Illegal Gratuities - Giving or receiving something of value to reward a business decision. • Conflicts of Interest - Employee/agent has an undisclosed personal or economic interest in a matter that influences decisions and undermines their responsibility to their organization.

  22. Red Flags of Fraud

  23. Fraud Triangle

  24. Red Flags

  25. Conducting A Fraud Risk Assessment

  26. Assess Fraud Risks Conduct an annual fraud risk assessment • Assists management in identifying where and how fraud may occur and who may be in a position to commit fraud. • Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.

  27. Assess Fraud Risks • Mitigate Fraud Risks • Make changes to activities and/or processes = transfer or eliminate the risks. • Improve anti-fraud controls. • Monitor Fraud Risks • Develop data analytics for management to use to monitor fraud risks. • Utilize Internal Audit to conduct audits of risk areas.

  28. Example Summary

  29. Anti-Fraud Controls

  30. Check Tampering Controls • Properly secure unused checks and equipment • Utilize security features on checks • Prohibit hand written checks • Require two signatures on checks over a certain amount • Segregate check preparation from signing • Immediately mail checks after signing

  31. Billing Controls • Segregate purchasing from accounting and receiving departments • Require management approval of purchase requisitions/orders • Maintain a master vendor file • Require competitive bids • 3 way match by accounting of vendor invoice, receiving report and purchase order

  32. Non-Cash Controls • Asset policy and procedure manual • Tag assets • Maintain asset, supply and inventory records • Conduct independent periodic inventories of assets, supplies and inventories • Reconcile the physical inventory to asset, supply and inventory records

  33. Payroll Controls • Maintain personnel records independent of payroll and timekeeping • Utilize electronic payroll deposit • Periodically review employee payroll list • Review paid time off for compliance with policy • Periodically compare payroll with personnel records • Issue pre-numbered payroll checks in sequential order

  34. Skimming Controls • Periodic review of accounts receivable for write-offs • Periodic review of cash accounts for irregular entries • Segregate receipt of cash and checks from deposit and recording functions • Restrict tellers from accounts receivable and customer records • Immediately restrictively endorse all checks when received

  35. Expense Reimbursement Controls • Expense reimbursement policy • Require detailed expense reports • Supervisory review and approval of expense reimbursement claims • Place limits on expenses • Require original and detailed receipts • Detailed review of expense reimbursement claims

  36. Cash Larceny Controls • Independently reconcile teller drawer tape totals daily to the cash drawer • Limit and monitor access to cash and safe • Properly supervise Tellers • Utilize cameras in teller areas • Segregate cash receipts, bank deposit, reconciliation, posting/accounting and cash disbursement duties

  37. Cash On Hand Controls • Limit and monitor access: • Safe • Cash handling areas • Cash drawer • Petty cash • Properly supervise cashiers • Utilize cameras in cash handling areas

  38. Anti-Corruption Controls • Conflict of interest policy • Policy addressing employee receipt of gifts, discounts, and services offered by suppliers and customers • Established procurement/bidding process • Pre-Bid solicitation documents reviewed for restrictions on competition • Bid solicitation packages numbered and controlled • All bids kept confidential

  39. Anti-Corruption Controls • Proper segregation of duties in purchasing & accounts payable • Purchasing account assignments rotated • Periodic comparison of vendor information with employee information • Vendors who employ former employees under increased scrutiny • Reporting procedure for personnel and other vendors to report concerns about vendors receiving favored treatment

  40. Booster Payments How? • Most payments are being made via ACH. Can also be mailed overnight to the CU. • Typically for an amount greater than the minimum payment required • As soon as line is available, member immediately runs the line up to the max through purchases or cash advances

  41. Booster Payments Result • Payments are being returned creating a negative balance • Member must submit a larger payment to cover the negative balance and increase the line • This too is eventually returned The member is essentially ‘kiting’ the card payments.

  42. Booster Payments Result • Losses in excessive of the originally approved line of credit have occurred (Balance owed $80-$100K, member defaults)

  43. Booster Payments Mitigation • Request and review an “excessive payments” report from your card vendor • Review the ACH Daily Payments & Returns report • Delay availability of credit • Cap available balance to the approved credit limit • Identify accounts where the payment activity has changed • Check to ACH • Minimum payment to balance owed • Single monthly payment to multiple payments

  44. Questions?

  45. Thank you for your time and attention Norm Cecil Mainsail Trim, Inc. NormCecil@MainSailTrim.com 619-306-2087

  46. Mainsail Trim Services for Credit Unions

More Related