Great internal controls and then it happens – fraud


Financier Worldwide Magazine

February 2017 Issue

February 2017 Issue

Even the most comprehensive internal control structure cannot guarantee fraud prevention. All internal control structures have certain fundamental limitations; judgment considerations, breakdowns, management override, materiality, point-in-time evaluations and cost/benefit considerations. Yet, internal control is not one event or circumstance, but a dynamic process that requires constant review and modifications. When any one or more of these instances occurs, even the best internal control systems will have an opening that allows the possibility of fraudulent activity. The best fraud preventive technique that management can consistently practice is monitoring and reviewing the activities of the organisation. This activity creates the perception of detection, and discourages fraudulent activity.

Financial institutions in particular are at risk of fraudulent activity when cracks occur in their internal control structure. With the 1st Circuit of Appeals decision in the Patco v. Ocean Bank case, financial institutions realised that they were at risk of fraudulent activity occurring in one of their customer accounts. The Court cited that the Federal Financial Institutions Examination Council standards were relevant and comparable standards of care for financial institutions.

Then in Choice Escrow and Title vs. BancorpSouth Bank, the 8th Circuit of Appeals found in favour of BancorpSouth Bank, citing when a customer insists, declines and signs a waiver declining the bank’s recommended practice for security, the bank cannot be held liable when fraudulent activity occurs. While most consider this case a ‘win’ for financial institutions, the underlying issue of this verdict is the client’s insistence on using a higher-risk procedure because it was more convenient or cheaper. Many do not believe that financial institutions really ‘won’ with this verdict.

South State Bank is currently a defendant in several lawsuits in a high-profile embezzlement case in Chatham County, Georgia where the plaintiffs state, “South State Bank improperly monitored the accounts under the control of Birge, Probate Court Clerk”. Accounts were set up and funds held in trust by the Probate Court totalling over $800,000. Over time, the Probate Court Clerk embezzled these funds using various methods, one of which was writing multiple cheques made payable to ‘cash’. In many instances, the same tellers were used to process these cheques and quite often, the teller stamped ‘well-known’ customer on the back of these cheques. The last court filing was 22 September 2016 and the outcome of this case remains to be seen.

Financial institutions face several fraud risks that are unique to their organisations, including loan fraud, real estate fraud, mortgage fraud, new accounts fraud, money transfer fraud and ATM fraud. Additionally, they are susceptible to embezzlement, technology issues, money laundering and other associated white-collar crimes that other types of organisations face. In the ACFE’s 2016 Report to the Nations report, 16.8 percent of banking and financial services organisations were victims of fraudulent activity with an average median loss of $192,000.

Loan fraud consists of loans to non-existent borrowers, sham loans with kickbacks and diversion, double pledging of collateral, ‘daisy chains’, linked financing, false applications with false credit information or credit data blocking, single-family housing loan fraud, construction loans and loan collateral sold ‘out of trust’. These are just some of the schemes related to loan fraud. Loan fraud represents the highest area of risk for financial institutions.

‘Daisy-chains’ mask or hide bad loans by making them look like the loans are recent. A financial institution buys, sells and swaps its bad loans for the bad loans of another institution. While this method is generally used externally between financial institutions, it can be used internally by covering up bad loans by paying off the bad loans with new loans thus preventing the loan from becoming a non-performing loan.

Sham loans with kickbacks, reciprocal loan arrangements, external ‘daisy chains’ and linked financing are types of fraudulent activities related to the area of corruption. According to the ACFE, over 35 percent of fraudulent activity related to banking and financial services was linked to corruption activity. Employees within different banks set up reciprocal loan arrangements by lending funds or selling loans with an agreement to buy back their own loans for the purpose of concealing loans and sales.

With linked financing, large deposits are offered to a financial institution on the condition that loans are made to particular individuals from the institution offering the deposits. The deposits offer a high rate of return, but the loans extend past the term of the deposits.

Credit data blocking is a method used by borrowers in an attempt to receive loan funds that they otherwise would not receive. Often the borrower will claim that delinquent loans on his or her credit report were instances of identity theft, thus removing them from the report until the claim of identity theft is verified. Meanwhile, the borrower will try to receive more loan funds knowing that these loans will default.

The most important ‘red flag’ or warning sign of loan fraud relates to non-performing loans. Other signs include a high turnover in a developer’s personnel for a construction loan, high turnover in tenant mix, missing documentation in the loan files, unusual loan increases or extensions just below the lending limits of the lenders, replacement loans, evergreen loans, disguised transactions and cash flow deficiencies for commercial lending.

Wire fraud is a forerunner for using technology as its weapon since it is very simple to conduct anonymously using fictitious names and IP addresses. For wire fraud to be successful there must be a contact within the target company by the perpetrator with the perpetrator being aggressive in carrying out the theft, dishonest employees, misrepresentation of identity, penetration of system password security, forged authorisations, or unauthorised entry and interception.

Red flags for embezzlement activity include: missing source documents; unusual amount of out-of-sequence cheque numbers; payees on cheques do not match entries in general ledger; receipts or invoices lack professional quality; duplicate payment documentation; payee identification information matches an employee’s information or that of his relatives; apparent signs of alterations to source documents or lack of source documents; excessive voids or credits; abnormal increase in reconciling items; and payee missing on cashier’s checks or cashier’s cheques made payable to ‘cash’.

Dimensional testing for employee networks as vendors is an excellent way to determine that the vendor is not associated with an employee. This type of testing not only includes direct relatives, such as a spouse or significant other, but also sisters, brothers, emergency contacts and any other dependents.

To determine the existence of possible conflicts of interest, testing should include inter-relationships between the financial institution, its directors and the directors’ roles in other organisations that may also be a customer of the financial institution.

Today, a financial institution must educate itself not only on the various types of fraudulent schemes mentioned above, but it must also ensure that its employees receive appropriate fraud awareness training. Secondly, a financial institution must be aware of possible legal implications, such as in the case of South State Bank when external fraud occurs within its depositor accounts.


Pamela S. Mantone is a director at Elliott Davis Decosimo. She can be contacted on +1 (423) 308 0651 or by email:

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.