Have you always heard about fraud, but never actually witnessed it happen?
The following is a real-life case study of a midsize community bank with branches in urban, suburban, and rural areas. Most of the employees have been with the bank throughout its growth, mergers, and acquisitions. In one particular branch in a rural area, the Branch Manager (BM) and Assistant Branch Manager (ABM) have been working together for a long time.
Discrepancy in Signing Authority
In any bank, a wire transfer that exceeds a certain threshold of money would typically require additional approvals from senior management in addition to those of the BM and the AMB. In this case, the wire transfer would need approval from the bank’s head of security, or the Bank Secrecy Act Officer (BSAO). The BSAO of this midsized bank happened to be friends with the BM. One day, he noticed that the BM had approved a wire transfer, but he had knowledge that the BM was away on vacation. The BSAO then contacted the Director of Internal Audit, or the Chief Audit Executive (CAE). Not wanting to jump the gun before having the answers, the CAE directed his internal audit staff to perform a branch audit and specifically examine wire transfers that were initiated at that particular branch. The BM also had accounts with the bank, so the internal audit staff then compared the signature cards for the accounts to the signatures on the wire transfer approvals. Lo and behold, they were different.
The obvious question became, “Who’s signing the BM’s signature on wires?” The ABM had some indicating behaviors that might lead a seasoned fraud examiner to believe she could be involved. She sent her children to private school, drove a luxury car and consistently passed on promotions to BM. Typically, ABMs are not paid a salary that would normally be commensurate with sending your children to private school and driving expensive cars. It’s also typically abnormal to pass on a promotion.
When the CAE confronted the BM about the discrepancy in signatures, she attempted to cover for the ABM; after all, they had been working together for about 20 years. Eventually, the BM admitted that she knew the ABM had been signing wire transfers and official checks that were outside her signing authority.
The ABM was confronted about the wires, and she eventually admitted that she had been signing wires and official checks outside of her signing authority. The CAE, as required, reported the issue to the Chief Risk Officer and the Audit Committee Chairperson, and the ABM was terminated. Now, you may be thinking, “Okay this story is interesting, but it’s not very exciting.” You’d be correct, but the termination was only the “thread being pulled” as is commonly said in the fraud examination world.
Pulling the Thread – “Assisting” Customers and Phony Bank Accounts
Shortly after the ABM was terminated, an elderly couple came to this same branch for assistance. The ABM had been assisting them with reconciling their accounts on a monthly basis. As an associate was assisting them, the couple failed to recognize several of the withdrawals from their account via telephone transfers, whereby employees could transfer money between accounts at the bank by taking a call from a customer. It was discovered that the ABM had been “assisting” approximately half a dozen elderly or disabled customers with their accounts, transferring money from their accounts to accounts that she controlled at the bank. These accounts were in the names of her brother, children and ex-husband, none of whom knew they had these accounts in their names (the bank statements were marked as “hold statements at the branch,” which means they were never mailed to the customers). Over the course of three years, the ABM stole approximately $270,000 from the bank’s customers, targeting elderly and disabled customers by offering to “assist” them with their accounts.
Three Lines of Defense – Is Internal Audit Responsible?
You may now be asking, “How could this happen? Why didn’t the internal audit staff catch this?” Contrary to common perception, it was not their job to root out this fraud. The frequently implemented Three Lines of Defense model was in place at this particular bank, and internal audit is the third line of defense. The first two lines of defense broke down due to a myriad of control failures and circumventions. This brings us back to telephone transfers, which functioned as a method to commit fraud. The reality is that fraud via telephone transfers is a significantly risky process, allowing employees to transfer money between accounts with little verification. In fact, an internal audit for the bank identified this process as risky in their audits, but management had decided to accept the risk, citing customer service as the motivating factor.
Windham Brannon Can Help
Windham Brannon’s team of professionals is well-versed in fraud examination, risk management and internal audit. For more information about how we can help you strengthen your defense against fraud and other risks, contact your Windham Brannon advisor, or reach out to Paul Zavitz.
