When a credit union catches an employee embezzling funds or committing other fraud, it must investigate and implement procedures to close the security breach.
Don’t wait for an incident to occur. Take steps now to prevent a security breach—and don’t let a good track record make you complacent.
According to 2013 CUNA Mutual Group data, a dishonest employee’s actions often are not discovered until upwards of $140,000 has been stolen over the course of 18 or more months. Furthermore, more than 20% of these cases involved losses of at least $1 million.
While it’s good that many credit unions often go years without an employee dishonesty loss, this good fortune can keep a thorough review of security procedures off the radar screens of busy executives and directors. More frequent losses involving check fraud and plastic card theft often get more attention.
With employee fraud, however, the chief danger isn’t frequency. It’s severity.
Just one undetected employee theft can siphon more from your bottom line than hundreds of more common losses. Even if the crime is detected, the perpetrator is prosecuted, and the loss is covered by insurance, your credit union’s reputation among members and the community can take a costly hit.
Your workplace culture can also be damaged, especially if employees perceive new security measures as an over-reaction.
Here are four steps to establish strong internal controls against employee fraud:
1. Lead from the top with a written policy
With legal counsel, write your credit union’s employee dishonesty policy. Top executives should present it to employees, emphasizing that every employee will read and sign a fraud policy agreement annually.
This establishes accountability and reminds employees the credit union is serious about following its security policies and procedures.
2. Create a system of checks and balances, including a clear segregation of duties
Three examples from claim files illustrate how giving one person too much control opens the door to fraud:
• A loan officer had the authority to originate, approve, and disburse funds for the same loan. She created fraudulent loans for her minor grandchildren (who had different last names than she) and kept the money.
• A collection manager who received an incentive for low delinquency was also responsible for reviewing the file maintenance report. He advanced the next payment due dates on loans to create the appearance of lower delinquency.
• A credit union manager had both a key and the combination to the vault, violating the credit union’s “dual control” policy. She disabled the security camera and stole a large amount of cash, which was discovered only after she was fired for performance issues.
3. Thoroughly check job candidates
At a minimum, require background and credit checks in addition to checking all references prior to making a job offer to any applicant. (CUNA Mutual Group policyholders should always use the company’s Bondability Verification service [PDF].)
4. Review cash-handling procedures and refresh staff training
Strict cash-handling procedures sometimes makes transactions less convenient for staff and members. It’s easy for discipline to occasionally slip, but shortcuts can quickly become habit.
Thoroughly review cash-handling procedures and conduct refresher training as necessary.
THERAN COLWELL is CUNA Mutual Group’s director of risk management. Contact him at 800-356-2644, ext. 6658541. For more information, visit CUNA Mutual Group’s Protection Resource Center, call 800-637-2676, or e-mail firstname.lastname@example.org.