5
September/October 2014 www.ibat.org ★ 3
22 Back to the Future: 29th Leadership Conference
28 Bank Fraud: Unusual Suspects By Bruce Zaret, Carolyn Bremer, James Mihills, and Neha Patel
30 The Increasing Problem of Inadvertent S Corporation Terminations: Six Ways To Protect Your Bank's S Election
By Jacque Kruppa
34 Unclaimed Property Requirements: How to Retain Customers & Assets While Maintaining Compliance
By Valerie Jundt
38 What's on the Minds of Bank Boards Today?
By S. Scott MacDonald, Ph.D.
INDEPENDENT BANKERVOLUME XL NO. 5
SEPTEMBER/OCTOBER 2014
Quote: Henny Youngman
DEPARTMENTS
4 Up Front
6 Foundation Footprints
8 Services Solutions
10 Frontline Leadership
12 General Counsel’s Corner
14 Interest Rates
IBAT’s bi-monthly magazine, The Texas Independent Banker, welcomes letters from readers. The Texas Independent Banker, September/October, Volume XL, Issue 5. Published bi-monthly by the Independent Bankers Association of Texas, 1700 Rio Grande Street, Suite 100, Austin, TX 78701, 512/474-6889, FAX 512/322-9004. Inquiries should be sent to the Editor. Editorial guidelines are available upon request. Advertising rates may be obtained by contacting Advertising Sales at 800/749-4228 or 512/474-6889. Advertisements do not imply sponsorship by IBAT. ©2014 by the Independent Bankers Association of Texas. No part of this publication may be reproduced in any form without written permission of the publisher. Opinions expressed in this publication do not necessarily reflect official policy of the Independent Bankers Association of Texas.
Bonnie Kankel / Editor in Chief
Mary E. Lange / Contributing Editor
Darlene Revers / Advertising Manager
Lauren Sellers / Advertising Assistant
John Wilson / Cover Design/Illustration
Barbara Jezek / Design/Production
16 Personnel Update
18 Association News
42 IBAT Calendar
42 IBAT Around the State
45 Advertising Directory
46 Compliance Guy
THE TEXAS
IBAT ad September-October 2014_OL.pdf 1 7/24/14 8:09 AM
28 ★ The Texas Independent Banker September/October 2014
In February 1999, the movie “Office Space” portrayed a comedic tale of company workers who hate their jobs and decide to rebel against their boss. The workers band together to alter the company’s accounting applica-tion and route small amounts to a
bank account they control. The film dem-onstrated that employees committing the fraud were “average Joes” who found a way to circumvent the system.
In June 2014, a former officer with a Texas financial institution was ordered to federal prison for defrauding her former employer. Using her position as branch manager from 1998 to 2010, the bank offi-cer used the names and personal informa-tion of several individuals, without their permission, to create more than 58 ficti-tious loans. She was able to defraud the bank of approximately $2.4 million.
Who were the “suspects” in each of the instances above? They were long-term employees familiar with the pro-cesses, who understood where the inter-nal control weaknesses existed. Employee fraud, or occupational fraud, according to the Association of Certified Fraud Exam-iners (ACFE), is “using one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets.”
With banks heavily regulated, they tend to have more internal controls than
most industries. Yet, banking has the highest incidences of occupational fraud. When considering the enormous num-ber of internal controls banks require, individuals may think it is difficult to commit internal fraud. Add to the equa-tion that a bank’s internal controls are reviewed by regulators, internal auditors and financial statement auditors and it leads one to question, “How can fraud exist after all these highly-skilled profes-sionals have reviewed the bank’s internal controls?”
But aren’t these trusted employees?
Overwhelming data supports that internal controls alone are not enough to prevent and/or detect fraud. While internal controls only provide reasonable assurance, any control can be overridden or circumvented by people with the right knowledge and motivation.
Research also supports that internal fraud is often committed by long-term employees who are faithful and dedicated to their organization. These are often the individuals no one suspects.
Motivation for long-term employ-ees to commit fraud includes: (a) feeling unfairly treated, (b) having been emotion-ally hurt by a colleague with the desire to seek revenge, (c) having financial difficul-ties which cause added stress, or (d) just because they can.
A 2014 REPORT TO THE NATIONS FROM THE ACFE INDICATES:
• Bankingandfinancialserviceswas the industry group with the highest reported fraud cases at 17.8%.
• Forthecasesreported,themedian duration from the time the fraud commenced until it was detected was 18 months.
• Themedianfraudlosswas$145,000, with 22% of the cases having losses of at least $1 million.
• Morethan40%offraudcaseswere detected by a tip – twice the rate of any other detection method. Employees account-ed for nearly half of all tips.
• Organizationswithhotlineswere much more likely to identify fraud by a tip. These organizations experienced frauds that were 41% less costly and detected frauds 50% more quickly.
Bank Fraud Unusual Suspects
By Bruce Zaret, Carolyn Bremer, James Mihills and Neha Patel
September/October 2014 www.ibat.org ★ 29
Areas Typically Common Fraud Scheme Possible Control Vulnerable (Prevent / Detect)
Cash
Loans
Wires
AccountsPayable
• Takingcashfromatellerdrawer or vault over a period of time and adjusting recon-ciliation to cover
• Creatingfictitiousloanswiththe ability to disburse funds
• Advancingfundstoselforrelated party on an existing customer loan
• Processingofafraudulentwire from a customer account
• Creatingafictitiousvendortoreceive disbursements
• Changeaddressforfundsdiversion
• Surprisecashaudits• Reviewover/shortaccountactivityand
reconciling items
• Fundingreviewedbyanindependentemployee
• Reviewpastduereportsbyloanofficersandmanagement
• Automaticmailingofpastduenoticesbythird party
• Systemparametersrequiringtwoemployeesto process and release wires
• Callbacksperformedbyoneemployee, separate from the employee receiving the wire request
• Dailyreconciliationofcorrespondentbank/wire clearing accounts by an independent person
• Reviewsystem-generatedvendormainte-nance reports by an independent employee
• Providesystem-generatedcheckregister to officer signing checks to verify all disbursements are included
without oversight or monitoring.•Employeeshavebeeninthesamerole
for a number of years and their duties are not performed when they go on vacation.
Where to start: fraud identification, prevention and detection
Most banks are probably burned out on conducting risk assessments. Be of good cheer because the following is not a typical risk assessment. Here, bank management can put on their sleuth hats and get cre-ative. The objective is to start by looking at various areas of the bank and identify-ing scenarios or possible fraud schemes. These represent the risks. Although the risks seldom focus on trusted, long-term employees, these employees tend be in the best position to manipulate or work around the system. Because of their ten-ure, they can often give instructions and not be questioned. This is why they repre-sent a greater occupational fraud risk.
Things to consider when evaluating internal fraud schemes or “red flags”: •Managementcompensationisclosely
tied to company value, profitability or key performance indicators.
•Managementteamisdominatedbyasingle person or small group.
•EmployeesarepermittedtosetupGLaccounts and/or post journal entries without oversight.
•Employeesregularlyoverridecontrols,such as having the ability to process transactions without following estab-lished protocols.
•Employeeshavebroadaccesstomul-tiple applications and physcal locations
The following depicts common inter-nal fraud schemes committed by long-term employees along with possible controls to mitigate the fraud risk:
(Continued on page 32)
32 ★ The Texas Independent Banker September/October 2014
The following can help bank man-agement in developing a fraud risk mitiga-tion strategy:•Establishwrittenguidelinesforethics
and codes of conduct. Ensure employees receive fraud and ethics training at least annually. This helps management and board communicate expectations and establish a strong tone from the top.
independent, qualified employees or by a third party.
•Requiremandatoryfive-dayvacationsannually, with monitoring conducted by Human Resources.
•Periodicallyrotateassignmentsofrou-tine duties.
•Beawareof“redflags”suchasemploy-ees living beyond their means, experi-encing financial difficulties, having a close association with a vendor (poten-tial kickbacks), exhibiting control issues, displaying a reckless attitude with money, or experiencing a major life event such as divorce, major illness or addiction problems.
How to handle those “unusual suspects”
Fraud is increasing at a dramatic rate and most banks are not aware of the risk until an event occurs. The risk is often compounded by human nature to trust, especially tenured employees. A good rule of thumb to consider is the adage Presi-dent Reagan used: “Trust, but verify.”
Fraud risk can be mitigated by devel-oping a culture of fraud awareness coupled with employee training, and establishing appropriate internal and technology con-trols. If someone becomes suspicious or aware of employee fraud, a qualified foren-sics professional should be used to confirm whether or not fraud has occurred, and to ensure a proper protocol is followed to gather evidence for legal proceed-ings. Fraud investigations require certain expertise and skills, and the bank should ensure those performing investigations possess the proper forensic training and credentials. N
Bruce Zaret, CPA is a partner in financial institutions consulting and advisory services at Weaver, the largest independent account-ing firm in the Southwest. Carolyn Bremer, CPA is a senior manager in Weaver’s forensic and litigation services; James Mihills, CPA is a senior manager in Weaver’s financial institu-tions consulting and Neha Patel, CPA, CISA is a senior manager in Weaver’s IT advisory services. They can be reached at: Bruce: 972.448.9232, [email protected]; Car-olyn: 972.448.6951, [email protected]; James: 817.882.736, [email protected]; and Neha: 972.448.9804, [email protected].
•Establishanemployeehotlinetoreport suspicious activity to the audit committee or to another independent party.
•Performreconciliationofkeybalancesheet and internal DDA accounts (including secondary review). This aids in detecting suspicious transactions.
•Conducttargetedinternalauditsby
Information technology considerations
Information technology controls specific to fraud prevention and detection include:
Fraud Prevention
• Restrict system access by limiting the ability to authorize, approve and override transactions to the fewest number of indi-viduals who require the function for their job responsibilities.
• Develop segregated roles in the system. This will prevent an individual from being able to bypass controls built into the system/application. Separate any one user’s ability to initiate and approve (or override) within the system.
• Use application controls. Some sys-tems have automated controls that can be configured to require a second approval before proceeding, or triggering a supervi-sor approval for transactions above estab-lished thresholds
Fraud Detection
• Review the setup of new clients, ven-dors, employees. A monthly or quarterly review of newly established master data files will help organizations identify if something requires further follow up.
• Perform data analytics over specific transactions. This may include transactions that are initiated outside of normal business hours; or by individuals who do not typically perform a function.
• Establish logs and actively review for specific events; those activities that relate to abnormal events, like overriding a step/approval.
Bank Fraud cont’d
