Why KYE is the Key to Curbing Insider Fraud
As a means to curb fraud, Knowing Your Customer (KYC) has been made mandatory for all registered banks and financial institutions
According to a report by the Reserve Bank of India (RBI), 3,870 cases of bank frauds were reported by the public and private sector banks in 2016-17. The government’s digital push and rise in online transactions have exposed us to a larger number of threats and fraud are becoming increasingly more common. While statistics say that most frauds are committed by external entities, the report by RBI revealed that 12per cent (450 cases) of these cases were facilitated by employees or directors of the bank, apart from the cases that went undetected or unreported. Employees have an edge over external perpetrators because they know the lay of the land and are more likely to get away with their crime.
Insider facilitated fraud is a very real risk that potentially poses a substantial threat to banks and other financial institutions. Insider fraud occurs in various forms, the most common of which include embezzlement, identity theft, data theft, position abuse and account abuse, among others. The common denominator is a dubious, intentional act committed to improving one’s financial standing. Although completely eliminating all external and internal risks seems implausible, it is always possible to mitigate a threat that is internal. Here are some measures:
Know Your Employee (KYE): As a means to curb fraud, Knowing Your Customer (KYC) has been made mandatory for all registered banks and financial institutions. It is beyond a doubt that KYC is essential, but is it sufficient? The Q2 2018 trends report by First Advantage found that 46per cent of the discrepancies found during the period were from the Banking & Financial Services Industry (BFSI) sector, which implies that out of every 100 cases that were discrepant, 42 were from the BFSI sector. Depending on a predefined matrix followed by the client, either as standardized by First Advantage or a client customized matrix - a disconnect (Discrepancy) is categorized as a major or minor discrepancy, suspect, (possible suspect), etc. A “discrepancy” maybe as a minor as a mismatch on the dates of prior employment when verified at the source or as major as lacking evidence of ever working at the prior listed employer. People blindly put their trust in banks and it is the duty of the bank to ensure that their savings aren’t misappropriated. It would be good to extend the verification to all parties that banks deal with, including partners and vendors. A sound Know Your Employee (KYE) strategy helps assess an employee’s background, conflicts of interest and behavioural attributes that could make him/her susceptible to malicious activities such as embezzlement and money laundering.
Anti-fraud Policy and Monitoring: Monitoring data searches by employees for unusual activity and reconciling accounts on a regular basis are other effective means to mitigate fraud. In addition to monitoring employees and transactions, an anti-fraud policy is also essential. It defines the rules, regulations and the consequences of non-compliance is a frugal way of minimizing the damage caused by fraudulent acts. It is not only a way of showing the institution’s commitment to minimizing fraud, but it also provides the remedial course of action, that are proportional to the severity of the infraction, to counter it. While framing an anti-fraud policy, it is important to take into consideration, the intent and whether it was an ordinary misconduct or a serious one. Based on this the consequences could range from a simple caution or incident log to termination and further legal charges either civil or criminal.
Anti-fraud Hotline: In the event of the discovery of a fraud, the employee must have a provision to report it. According to a recent study, 39per cent of insider fraud tips were received via a hot-line, while 34% were delivered through an email. A multi-channel anti-fraud hotline that allows for reporting unusual activity over a number of platforms is essential to minimizing insider fraud.
Multiple-Control System: Under this system, there will be one individual who creates the transaction, the second who approves it, the third who sends it and perhaps another to audit it. In such situations where no single individual is responsible for the complete transaction, planning an insider facilitated fraud is quite complicated. Even if the employees at different levels decide to collude it could draw the attention of other employee and raise a red flag.
Whistleblower: A whistleblower is a person who informs on another person or organization who is engaging in an unlawful or immoral activity. Establishing a rewards and recognition program in banks and other organizations for whistleblowers is yet another way to curb fraud. In India, the Whistle Blowers Protection Act, 2011, provides a mechanism for investigation and safeguards the interests of anyone who exposes alleged wrongdoing in government bodies, projects and offices. For a whistleblower policy to work, the whistleblower should be supported and kept anonymous as a means to encourage people to come forward.
While investing in technology and security systems are very important, in the end, the perpetrators of fraud are people, who are within your system - employees, partners and vendors. It is critical to know who they are in order to circumvent fraud altogether. It’s time that banks and other financial institutions find a way to identify and proactively take measure to counter insider-driven fraud. One of the best ways to do this is to ensure that the right people are being absorbed into the organization. As highlighted by a report, 79per cent of perpetrators display behavioural warning signs and it is the bank’s duty to identify these signs. KYE (Know Your Employee) is as important as KYC for Indian financial institutions, as it provides information about a candidates’ past and helps institutions make an informed hiring decision.