“Internal fraud often reflects what we have come to call a fraud triangle,” ACL Services Ltd Vice President of Product Dan Zitting explained.

Based in Vancouver, Canada, ACL Services has written software that monitors financial institutions and other corporate computer and financial systems for signs of fraud.

Pressure comprises the base of the triangle that Zitting described. This might refer to some sort of financial trouble or an addiction issue that would cause an otherwise trusted employee to need money, he explained.

The triangle's left side represents the opportunity to commit fraud, he said. Fraud opportunities might arise from a set of too-lax internal controls or a failure to implement procedures that exist on paper but not in day-to-day practice.

The triangle's right side, Zitting described, stands for rationalization or motivation. The rationalization part of fraud is where the employee – who might be a long-term, highly trusted staff member – explains his actions to himself.

“Rationalization could be anything from, 'I am not stealing the money because I am going to put it back when I can,' to, 'They shouldn't have passed over me for that promotion or treated me so unfairly,'” Zitting said.

Countering internal fraud often comes down to the measures a credit union has in place to break up that triangle, if it already exists, or keep it from forming in the first place, he said, adding that opportunity is usually the easiest side of the triangle to attack first.

1. Change the vacation rules for key employees.

One of the easiest things credit unions can do to limit the opportunity for fraud is to make sure employees who regularly handle money or approve loans take at least two weeks of vacation outside the credit union each year, Zitting said.

“This is one of the single, best and simplest things credit unions can do to counter some types of internal fraud,” Zitting said, explaining that taking the person away from their station means they will not be able to hide ongoing fraud.

2. Rotate employees.

Opportunities for fraud often appear when employees are very familiar with the procedures, layout and personnel in a given branch or work location. Zitting suggested credit unions adopt a policy of rotating employees between different branches or work locations to keep too much familiarity from developing.

Knowing another employee always runs late on Thursdays or that security cameras have a given blind spot is the kind of thing that can give an employee an opportunity to steal or falsify documents in order to hide theft, Zitting explained. Moving an employee who is committing fraud or thinking about doing so to another location can disrupt fraud; moving someone else into a space can also keep fraud from continuing.

3. Remember that two is safer than one.

Another way to shut down a theft opportunity, Zitting said, is to make sure more than one employee is involved key tasks such as counting cash or approving loans, and to expand the definition of key tasks.

Many credit unions understand the wisdom behind having one person take a loan application and another approve it, Zitting pointed out, but not as many recognize this principle can apply to other processes as well, such as adding new vendors.

“The person who requests to hire a vendor should not be the same person who approves that hire or the same person who brings them on board with a credit union's system,” Zitting said.

He related the following story that took place when he consulted with a bank on internal fraud prevention: While assisting the bank with launching a program that compared the addresses of the bank's vendors with the addresses of its employees, he flagged instances where the addresses were almost the same. Just doing that, he said, had revealed a couple of situations that raised fraud concerns, and a couple of others where the bank had hired an employee or family member as a consultant, which led to conflict of interest risk.

“Every case wasn't fraud,” he said. “But just looking and checking up about it let everyone know the bank was looking out for fraud.”

4. Update employee checks.

Zitting also suggested credit unions adopt a policy of updating credit checks or background checks on key employees and completing those checks on employment anniversaries.

“Particularly in the cases of high level people such as chief information officer or CFO,” he said. “It makes sense to update their checks from time to time to make sure nothing has happened that could make them a bigger fraud risk,” he said.

Zitting also recommended updating background checks on employees that have enterprise-wide responsibilities and controls. Even if there is a policy in place that requires employees to report arrests or other encounters with law enforcement, Zitting said updating background checks can ensure employees with high degrees of responsibility and authority have not been hiding sources of financial pressure.

5. Tell employees that you check.

Zitting said it's completely acceptable for a credit union to be up front with employees about having these policies in place and to let them know the credit union has, as part of its standard operations, procedures in place for detecting fraud.

“Just the knowledge that someone cared and was looking out for fraud provided a key deterrent,” he added.

Alma Angotti, managing director for global investigations for the Chicago-based Navigant Consulting, advised that credit unions often didn't need to set up entirely new sets of procedures for monitoring internal fraud, and that many of the rules set up for detecting money laundering and other types of external fraud can be adapted for internal fraud protection.

“It's important to be sure to have someone at the credit union who is responsible for looking, and that they know what they are looking for,” she said.

She suggested credit unions routinely look for “outliers” or accounts that have stopped acting in predictable ways. Likewise, she said to keep an eye out for patterns and ask whether there have been a significant number of loan losses stemming from a certain branch or loans that are tied to a specific appraiser. It might not be significant, but such a pattern could be a sign of kickbacks or other irregularities, she warned.

Moreover, she agreed with Zitting in that credit unions should be open about putting a fraud detection office or officer in place, and that these individuals regularly check data and information.

6. Monitor for changes in attitude.

Greg Mancusi-Ungaro, Chief Marketing Officer for the Toronto, Canada-based firm BrandProtect, argued credit unions should also be aware of the rationalization side of the fraud triangle.

“Typically, when employees decide to 'go rogue' and use their insider status to take illegal actions to defraud their employer, the situation is triggered by some event: A transfer, a change in responsibilities, being passed over for a promotion, or losing out on an expected raise or bonus,” Mancusi-Ungara wrote in an email.

“Whatever the cause of the situation, the employees find themselves under emotional or financial pressure,” he continued. “But, long before such an event occurs – particularly in a financial institution – HR, IT and security teams should consider their options to monitoring internal and external online actions, including printer use, network access, building access and external activities (public postings on social media sites) to create a behavioral baseline for their employees. Following a triggering event, the credit union or bank should watch those same forums for the telltale changes in behavior, as changes in online behavior are often indicators of an imminent insider threat.”