Skip to content
 

Know Your Employee

There has been a lot of talk, and writing, and attention about Know Your Customer policies and procedures. Examiners, government agencies, even Congress, have been on the KYC bandwagon.

We are to check addresses, telephone numbers, social security numbers, former financial institution affiliation, negative files, credit records, and sometimes even photocopy a driver's license for the file, not only before we lend money, but also before we'll open a demand deposit account.

We've concentrated on identifying our customers. We should be doing the same with our employees. Financial crime investigators generally agree that 4% of an institution's workforce has been caught embezzling and never prosecuted. The Federal Bureau of Investigation anticipates that when the new Suspicious Activity Reports become used as they are intended to be used, that we'll discover our losses due to employee theft and embezzlements will prove to be much higher than the $l.5 billion estimated loss figure now being used.

Policies, procedures, job descriptions, internal controls, approval levels, levels of authority, compliance with personnel laws and regulations, code of conduct/ethics, accountability, dual control, and other deterrents should be firmly in place. And the auditor should be conversant with these and other requirements, and see that they are constantly and uniformly updated.

Through downsizing, combination of duties, paring to "bare bones," and other cost-cutting measures, Lisa found the signature cards for all the dormant savings accounts and the approvals for payment and audits were now all her responsibilities. If a deposit or withdrawal was made on these accounts, she had to go pull the ticket and compare the signature and contact the customer. With no dual control it was an easy step to start preparing the withdrawal tickets herself, for transfer to her account. If a withdrawal came in on an account she had already used, she just transferred funds from another dormant account to cover it. She finally left when her financial institution was bought by another. The loss discovered under due diligence audit was $186,000.

Dual Control
Many times there are adequate policies and procedures in place, but in practice they are ignored. Nowhere is this more evident than in the areas of required dual control.

Auditors and security experts know the one, and only one dual control that is most often adhered to is that of vault opening. It takes two people to open the vault in almost all of the over 54,000 financial institution offices in this country.

Almost all.

Doesn't it?

Wouldn't it be foolish-and dangerous-to do otherwise?

What of the other areas where dual control is required? The Expedited Funds Availability Act says you have to have those night bags in today's work. It's Monday morning, the third of the month-customers are lined up out the door and down the walk, and also lined up at the drive-up-you're a teller short-you've a big CD drive going and there are five people waiting to buy, and there are 27 bags in the night drop. Let's talk about dual control under those circumstances! Dual control is not always practiced where it is required.

When asked in a confidential survey at a national conference, "How would you steal from your bank?", one person wrote an interesting reply. "I'd take all the change from our mall bags that come in with blank deposit tickets, count the change in the machine, and then short the deposit ticket by $50 every day." The respondent finished with a note at the bottom that read-"This has been done every day for years by one of our tellers-but she's the bank president's daughter."

Who writes them?

Dana Turner pointed out, in a workshop he was instructing for BAI recently, that internal controls are written by officers for staff. Statistics show 80% of financial institution internal crimes are committed by staff?and account for 20% of the dollar losses.

On the other hand, officers of financial institutions commit only 20% of the internal crimes?but account for 80% of the dollar losses.

Speaker after speaker at BAI's loan fraud conference bemoaned the lack of safeguards against abuses by officers and directors, where management and others are exempt from policy and procedures; where nepotism is allowed but not acknowledged; and where gratuities are common. Institutions where each position is expected to be filled by the same person daily, and where "important and special" positions exist.

Lending Authority
Sometimes an officer will be so successful in writing loans they are given lending authority up to a certain amount. And often, there is no cross check or controls exercised on their loans.

The file clerk in the loan department was filing loan applications one day when her eye caught 'P.O. Box 511.' "My birthday," she thought to herself, "May 11-5/11." About 20 applications down in the pile she was filing, she saw it again-'P.O. Box 511.' How odd! She went looking through the pile of filing she had left to do and came on two more P.O. Box 511-all written by the same loan officer-all applications with different names and details-all fraudulent.

The Super Employee
One speaker said, "Look to your most conscientious employee-the one who never misses a day, comes to work sick, refuses to take a long vacation, comes in on their own time on weekends or at night, volunteers to do other people's jobs, accepts extra jobs and responsibilities, assumes authority no one else wants, takes work home-there is your potential embezzler. That would be the one every employee would tell you there is 'no way' he/she could be the problem. Believe me-that one IS your problem!" When one of the branches needed cash, they would call Bert. He would not only fill their order from the main vault, but he also saved the bank the cost of an insured, armed runner by delivering the cash himself. He'd drop it off on his way home, or to lunch-getting the voucher signed when he delivered the currency. He would then alter the records with the simple addition of a "1" in front of the delivered amount, very effectively raising the cash $10,000. He managed to get away with almost $2 million, before being discovered. His discovery was not by thorough audit. It was because he had a serious automobile accident on his way to deliver cash one day, and the amount of the cash he was carrying did not agree with the branch office's order.

Know-Really Know Your Employee
The best way to reduce insider abuse is to stop it before it starts. It starts during the hiring process, when we should be exercising the same precautions we do when we're making a loan or opening an account. Verify the information. Accept nothing as a 'given.'

Continue by allowing audit a free hand in overseeing and correcting weaknesses in the system. In many cases our policies and procedures are completely out of date.

Lastly, ask the people in the trenches where your weaknesses are. The answers you get from them may astound you!

Copyright © 1996 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 6, No. 5, 3/96

First published on 03/01/1996

Filed under: 
Operations
Filed under operations as: 
Audit
Availability
Delinquent Accounts/loans
Employee
Expedited Funds Availability
Know Your Customer
Statistics
Suspicious Activity

Report a problem with this page

Search Topics