Fraud. It’s on the mind of every credit union executive. For every control that’s put into place, a fraudster is out there trying to figure out a way to avoid or bypass it.
The National Credit Union Administration (NCUA) described the elevated fraud risks in its 2023 Supervisory Priorities letter 23-CU-01. NCUA will implement a management questionnaire this year, designed to enhance the identification of fraud red flags and other risks. Information gathered from the questionnaire will refine the scope of an examination, as appropriate.
The Association of Certified Fraud Examiner’s (ACFE) 2020 Report to the Nations on Occupational Fraud and Abuse cited that a lack of internal controls, lack of management review and an overriding of existing internal controls were present in most occupational fraud schemes. The ACFE’s study included 2,504 cases from 125 countries, resulting in total losses of more than $3.6 billion.
Credit unions can take steps to deter fraud, such as establishing strong internal controls, reviewing those controls periodically to determine they are performing as intended and enforcing the controls consistently.
While fraud will always exist, these steps can strengthen your ongoing risk mitigation efforts:
- Develop and implement a fraud policy: Consider discussing the fraud policy annually with all employees and obtaining a signed acknowledgement from each employee annually. Fraud training should be periodically provided and should include expectations about fraud prevention, the method of reporting suspected fraud and the consequences of committing fraud.
- Implement clear segregation of duties: At least two people should be involved in critical functions. For example, no employee should process, approve and disburse the proceeds of a loan. Ideally three individuals would be involved in the lending process. In smaller credit unions, or lending departments with limited staff, at least one separate individual should complete each step. Should this not be possible, a rigorous and prompt review of the loan file should be completed by a different individual as soon as possible after the loan closes.
- Implement proper internal controls: These should include dual control, computer access controls, timely reconciliations and systematic limits to employees’ own accounts and those of family members.
While preventing fraud is always preferable, detecting it can help limit losses to a credit union. When it’s discovered promptly, you’ll stop an issue from getting out of hand and deter fraudulent activities by employees by making them aware of controls in place. Below are some of those key controls:
- Review file maintenance reports on a regular basis for changes to critical fields: Fields to review include changes to payment due dates and amounts, interest rates and addresses. These changes should be reviewed by an employee without the systematic ability to make the changes. Should the reviewing employee have the systematic ability to make changes, for reasons such as limited staffing, a second person should also review the file maintenance report, with a focus on changes made by first reviewer.
- Review employee and employee-related accounts for unusual activity. This step can help identify possible fraudulent activity, but also could identify red flags that could signal pressures that may lead to fraud attempts.
- Employee red flags should not be ignored: Follow up on reports of lifestyle changes or lavish lifestyles, gambling, excessive spending and the like. Another red flag is violations of vacation or other consecutive-days-off policies, as many fraud schemes require constant attention by the fraudster.
- Be sure accounts are promptly reconciled and receive an independent review: A listing of expected reconcilements can efficiently and effectively help ensure they are all are completed. The listing should include all balance sheet-related general ledger accounts as well as credit union-owned accounts.
- Review budget to actual numbers: This can help identify unexpected deviations, which could be errors or signs of account abuse. Large deviations should be investigated, and complete explanations provided to senior management or the board.
- Be aware that disputes can also be an area of abuse: When a dispute is resolved in a member’s favor, does an independent employee credit the member’s account? If not, is an independent review of the posted credits performed (and documented)? These can be effective methods of ensuring the funds are returned to the rightful owner.
- Scrutinize clearing accounts to ensure items are clearing as intended and not recycled back into the clearing account itself: Recycling will reset the date and make an entry appear current, rather than aged. It’s also possible to take a reconciling item and split the amount into more than one entry, muddying the waters surrounding the item. Tracing large or unusual items, to proper clearing will help to prevent misuse of clearing accounts.
Preventing or detecting fraud is always in the best interest of members and the credit union. Using these tips and basic controls mechanisms can be an effective part of the internal control environment.
How Wipfli can help
Wipfli specialists can work with your financial institution to help ensure that your fraud mitigation program is working as effectively as possible. An evaluation of your current protocols can provide peace of mind. We’ll help you implement any new controls needed to strengthen your existing anti-fraud measures. Contact us to learn more.
Sign up to receive additional financial institutions content in your inbox or continue reading on: