In recent news, there have been stories about large banks committing fraudulent activities. Credit cards were issued without the customer’s consent. Accounts were set up that customers would learn about only after they were charged fees. Fake email accounts were set up to sign up customers for online banking.
Having worked in internal audit and compliance for many years, these scenarios were surprising to me. Especially when I learned that it went on for years and was so widespread throughout the organization. It is interesting because these activities occurred in bank branches which for years have been viewed as relatively lower risk compared to other areas like information security and the allowance for loan losses.
How was it possible for these activities to occur?
Overly aggressive sales goals incented employees to open fictitious accounts so it would look like the bank was growing. Internal controls in place failed to detect the fraudulent activity. These banks had risk, compliance, and internal audit professionals as well as Audit Committees, Risk Committees, and Boards of Directors, just like any other bank. The requirements put in place by Sarbanes Oxley and Dodd Frank were not able to dissuade these activities.
What can you do to prevent this from happening at your bank?
- Review controls over opening new accounts to ensure they are well designed and working properly. New account holders should receive confirmations of account openings.
- If incentive plans exist for opening new accounts, question if they are achievable. Put yourself in the personal banker’s shoes and ask yourself “Could I do this?”
- Review unusual activity in account openings, like someone opening five accounts in one day, or accounts closed in a short period of time for no apparent reason.
- Ensure a group independent of the bankers opening accounts is monitoring new account activity and following up on unusual activity.
- Review customer complaints for adverse trends or consistent themes.
- Make sure employees who call the ethics hotline are protected from retribution.
A strong internal control environment will help your bank’s reputation and attract new customers naturally. The lack of internal controls will eventually hurt your bank’s reputation and drive customers to take their business elsewhere.