THE TEXAS VOLUME XL NO. 5 SEPTEMBER/OCTOBER 2014
INDEPENDENT BANKER 22
Back to the Future: 29th Leadership Conference
28
Bank Fraud: Unusual Suspects By Bruce Zaret, Carolyn Bremer, James Mihills, and Neha Patel
30
The Increasing Problem of Inadvertent S Corporation Terminations: Six Ways To Protect Your Bank's S Election By Jacque Kruppa
34
Unclaimed Property Requirements: How to Retain Customers & Assets While Maintaining Compliance By Valerie Jundt
38
What's on the Minds of Bank Boards Today? By S. Scott MacDonald, Ph.D.
Bonnie Kankel / Editor in Chief Mary E. Lange / Contributing Editor Darlene Revers / Advertising Manager Lauren Sellers / Advertising Assistant John Wilson / Cover Design/Illustration Barbara Jezek / Design/Production
IBAT’s bi-monthly magazine, The Texas Independent Banker, welcomes letters from readers. The Texas Independent Banker, September/October, Volume XL, Issue 5. Published bi-monthly by the Independent Bankers Association of Texas, 1700 Rio Grande Street, Suite 100, Austin, TX 78701, 512/474-6889, FAX 512/322-9004. Inquiries should be sent to the Editor. Editorial guidelines are available upon request. Advertising rates may be obtained by contacting Advertising Sales at 800/7494228 or 512/474-6889. Advertisements do not imply sponsorship by IBAT. ©2014 by the Independent Bankers Association of Texas. No part of this publication may be reproduced in any form without written permission of the publisher. Opinions expressed in this publication do not necessarily reflect official policy of the Independent Bankers Association of Texas.
DEPARTMENTS
4 6 8 10 12 14
Up Front Foundation Footprints Services Solutions Frontline Leadership General Counsel’s Corner Interest Rates
16 18 42 42 45 46
Personnel Update Association News IBAT Calendar IBAT Around the State Advertising Directory Compliance Guy
Quote: Henny Youngman
September/October 2014
www.ibat.org ★ 3
Bank Fraud
Unusual Suspects
By Bruce Zaret, Carolyn Bremer, James Mihills and Neha Patel
I
n February 1999, the movie “Office Space” portrayed a comedic tale of company workers who hate their jobs and decide to rebel against their boss. The workers band together to alter the company’s accounting application and route small amounts to a bank account they control. The film demonstrated that employees committing the fraud were “average Joes” who found a way to circumvent the system. In June 2014, a former officer with a Texas financial institution was ordered to federal prison for defrauding her former employer. Using her position as branch manager from 1998 to 2010, the bank officer used the names and personal information of several individuals, without their permission, to create more than 58 fictitious loans. She was able to defraud the bank of approximately $2.4 million. Who were the “suspects” in each of the instances above? They were longterm employees familiar with the processes, who understood where the internal control weaknesses existed. Employee fraud, or occupational fraud, according to the Association of Certified Fraud Examiners (ACFE), is “using one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets.” With banks heavily regulated, they tend to have more internal controls than
A 2014 REPORT TO THE NATIONS FROM THE ACFE INDICATES: • Banking and financial services was the industry group with the highest reported fraud cases at 17.8%. • For the cases reported, the median duration from the time the fraud commenced until it was detected was 18 months. • The median fraud loss was $145,000, with 22% of the cases having losses of at least $1 million. • More than 40% of fraud cases were detected by a tip – twice the rate of any other detection method. Employees accounted for nearly half of all tips. • Organizations with hotlines were much more likely to identify fraud by a tip. These organizations experienced frauds that were 41% less costly and detected frauds 50% more quickly.
28 ★ The Texas Independent Banker September/October 2014
most industries. Yet, banking has the highest incidences of occupational fraud. When considering the enormous number of internal controls banks require, individuals may think it is difficult to commit internal fraud. Add to the equation that a bank’s internal controls are reviewed by regulators, internal auditors and financial statement auditors and it leads one to question, “How can fraud exist after all these highly-skilled professionals have reviewed the bank’s internal controls?” But aren’t these trusted employees? Overwhelming data supports that internal controls alone are not enough to prevent and/or detect fraud. While internal controls only provide reasonable assurance, any control can be overridden or circumvented by people with the right knowledge and motivation. Research also supports that internal fraud is often committed by long-term employees who are faithful and dedicated to their organization. These are often the individuals no one suspects. Motivation for long-term employees to commit fraud includes: (a) feeling unfairly treated, (b) having been emotionally hurt by a colleague with the desire to seek revenge, (c) having financial difficulties which cause added stress, or (d) just because they can.
Where to start: fraud identification, prevention and detection Most banks are probably burned out on conducting risk assessments. Be of good cheer because the following is not a typical risk assessment. Here, bank management can put on their sleuth hats and get creative. The objective is to start by looking at various areas of the bank and identifying scenarios or possible fraud schemes. These represent the risks. Although the risks seldom focus on trusted, long-term employees, these employees tend be in the best position to manipulate or work around the system. Because of their tenure, they can often give instructions and not be questioned. This is why they represent a greater occupational fraud risk. Things to consider when evaluating internal fraud schemes or “red flags”: • Management compensation is closely tied to company value, profitability or key performance indicators. • Management team is dominated by a single person or small group. • Employees are permitted to set up GL accounts and/or post journal entries without oversight. • Employees regularly override controls, such as having the ability to process transactions without following established protocols. • Employees have broad access to multiple applications and physcal locations
The following depicts common internal fraud schemes committed by long-term employees along with possible controls to mitigate the fraud risk:
without oversight or monitoring. • Employees have been in the same role for a number of years and their duties are not performed when they go on vacation.
Areas Typically Vulnerable Cash
Loans
Wires
Accounts Payable
(Continued on page 32)
Common Fraud Scheme
Possible Control (Prevent / Detect)
• Taking cash from a teller drawer or vault over a period of time and adjusting reconciliation to cover
• Surprise cash audits • Review over/short account activity and reconciling items
• Creating fictitious loans with the ability to disburse funds • Advancing funds to self or related party on an existing customer loan
• Funding reviewed by an independent employee • Review past due reports by loan officers and management • Automatic mailing of past due notices by third party • System parameters requiring two employees to process and release wires • Callbacks performed by one employee, separate from the employee receiving the wire request • Daily reconciliation of correspondent bank/ wire clearing accounts by an independent person
• Processing of a fraudulent wire from a customer account
• Creating a fictitious vendor to receive disbursements • Change address for funds diversion
• Review system-generated vendor maintenance reports by an independent employee • Provide system-generated check register to officer signing checks to verify all disbursements are included
September/October 2014
www.ibat.org ★ 29
Bank Fraud cont’d Information technology considerations Information technology controls specific to fraud prevention and detection include: Fraud Prevention
Fraud Detection
• Restrict system access by limiting the ability to authorize, approve and override transactions to the fewest number of individuals who require the function for their job responsibilities. • Develop segregated roles in the system. This will prevent an individual from being able to bypass controls built into the system/application. Separate any one user’s ability to initiate and approve (or override) within the system. • Use application controls. Some systems have automated controls that can be configured to require a second approval before proceeding, or triggering a supervisor approval for transactions above established thresholds
• Review the setup of new clients, vendors, employees. A monthly or quarterly review of newly established master data files will help organizations identify if something requires further follow up. • Perform data analytics over specific transactions. This may include transactions that are initiated outside of normal business hours; or by individuals who do not typically perform a function.
The following can help bank management in developing a fraud risk mitigation strategy: • Establish written guidelines for ethics and codes of conduct. Ensure employees receive fraud and ethics training at least annually. This helps management and board communicate expectations and establish a strong tone from the top.
• Establish logs and actively review for specific events; those activities that relate to abnormal events, like overriding a step/ approval.
• Establish an employee hotline to report suspicious activity to the audit committee or to another independent party. • Perform reconciliation of key balance sheet and internal DDA accounts (including secondary review). This aids in detecting suspicious transactions. • Conduct targeted internal audits by
independent, qualified employees or by a third party. • Require mandatory five-day vacations annually, with monitoring conducted by Human Resources. • Periodically rotate assignments of routine duties. • Be aware of “red flags” such as employees living beyond their means, experiencing financial difficulties, having a close association with a vendor (potential kickbacks), exhibiting control issues, displaying a reckless attitude with money, or experiencing a major life event such as divorce, major illness or addiction problems. How to handle those “unusual suspects” Fraud is increasing at a dramatic rate and most banks are not aware of the risk until an event occurs. The risk is often compounded by human nature to trust, especially tenured employees. A good rule of thumb to consider is the adage President Reagan used: “Trust, but verify.” Fraud risk can be mitigated by developing a culture of fraud awareness coupled with employee training, and establishing appropriate internal and technology controls. If someone becomes suspicious or aware of employee fraud, a qualified forensics professional should be used to confirm whether or not fraud has occurred, and to ensure a proper protocol is followed to gather evidence for legal proceedings. Fraud investigations require certain expertise and skills, and the bank should ensure those performing investigations possess the proper forensic training and credentials. N Bruce Zaret, CPA is a partner in financial institutions consulting and advisory services at Weaver, the largest independent accounting firm in the Southwest. Carolyn Bremer, CPA is a senior manager in Weaver’s forensic and litigation services; James Mihills, CPA is a senior manager in Weaver’s financial institutions consulting and Neha Patel, CPA, CISA is a senior manager in Weaver’s IT advisory services. They can be reached at: Bruce: 972.448.9232, Bruce.Zaret@Weaver.com; Carolyn: 972.448.6951, Carolyn.Bremer@Weaver. com; James: 817.882.736, James.Mihills@ Weaver.com; and Neha: 972.448.9804, Neha. Patel@Weaver.com.
32 ★ The Texas Independent Banker September/October 2014