Giving'em "the right stuff' to fight fraud: an interview with Michael Collins
Charles TaylorLike many cities, Philadelphia is a blend of the historic and the modern--in architecture, in values and principles, and in thought. Just a few blocks from Independence Hall and the Liberty Bell sits the streamlined headquarters of the Third District of the Federal Reserve Bank. The Fed remains true to its 1913 mandate to provide the nation with a safer, more flexible, and more stable monetary and financial system. But in 2003 the Fed is investing heavily in technology and training to further strengthen its people and to broaden its understanding of products in a rapidly changing industry. Charles Taylor and Beverly Foster spoke with Michael Collins, SVP and lending officer at the Bank, about examiner training and the Fed's role in helping banks to outsmart the bad guys.
RMA Associate Michael Collins is SVP and lending officer at the Federal Reserve Bank of Philadelphia. He provides administration and oversight of the discount window and oversees the supervision of financial holding companies, bank holding companies, and state member banks in the third district. He also chairs the Staff Development, Utilization, and System Performance Subcommittee for the Federal Reserve System's supervision function. He ensures that the Fed's training remains current and relevant and that examiners have the technical and behavioral skills to do their jobs. It takes three to five years of a core curriculum plus on-the-job training to be commissioned by the Board of Governors as an examiner.
Getting the Right Stuff
The core curriculum's 10 courses include training in internal controls and fraud, both by type of activity and by exposure. "Our trainees gain an understanding of these activities early on, and then we expect them to continue to progress in their comprehension and application of analysis, synthesis, and evaluation," says Collins. "That's where critical thinking and judgment skills come into play, and we expect our people to be able to apply them at that level."
Training does not end there. After commissioning, continuing professional development supports examiners as they take a more self-directed approach to their learning. "Of course, supply and demand play a part, and career consultations do point out opportunities--those areas where skill gaps exist in the Fed System," says Collins. Still, examiners can chose a wide variety of specializations and, for example, can pursue deeper knowledge of credit or market risk management, work toward becoming capital market experts, or seek to become certified fraud examiners.
Tools of the Trade
Alongside more traditional teaching methods, online learning has taken hold in the Fed System through a tool developed by the Federal Reserve Bank of St. Louis. "It's a modular approach in which examiners learn initially to identify red flags for poor governance and internal controls," says Collins. "It helps them identify possible weaknesses and to test whether the weaknesses are more apparent than real in the context of a particular organization. If there is a real problem, later training modules help them understand their options--how to expand the scope of their examinations to include additional testing and, if need be, how to build a case for a criminal investigation."
Beyond training, examiners are supported by system-wide Video conferencing, first used at the Philadelphia Federal Reserve Bank, spreads news and the expertise of specialists to others throughout the U.S. in real time. 'We don't have to wait for a trend that began, say, in San Francisco to reach Philadelphia before we prepare our local examiners to deal with it," says Michael Collins. knowledge sharing. Video conferencing, first used at the Philadelphia Federal Reserve Bank, spreads news of any new developments and brings the expertise of specialists to others throughout the U.S. in real time. "In this way, we don't have to wait for a trend that began, say, in San Francisco to reach Philadelphia before we prepare our local examiners to deal with it," says Collins.
Then there is the Fraud Information Network--coordinated out of Washington--of subject matter experts, investigators, attorneys, and policy analysts across the System. The Network has its own Web site through which they share information about trends and practices with field examiners nationwide. And this staff can be mobilized at a moment's notice to supplement specific examination teams when complex, novel, or large-scale fraud is suspected.
Finally, the Fed's examiners benefit from expertise elsewhere in the Federal government, including:
* The other banking agencies, such as the FDIC, OTS, and 0CC.
* Law enforcement agencies as members of the the Bank Fraud Working Group.
* On occasion, the Justice Department and other law enforcement agencies.
Dangerous Times
"Our infrastructure for developing and supporting examiners is especially important at this stage in the economic cycle," says Collins. "In many banks, the recent decade of economic growth masked control weaknesses exacerbated by cost-cutting and now frauds are surfacing and spreading rapidly."
The Association of Certified Fraud Examiners completed a study in 2002 estimated that 6% of revenue of all types of businesses in the U.S. would be lost to occupational fraud and abuse--$600 billion when considered as a percentage of GDP. Over half of the frauds identified caused losses of at least $100,000, and one in six frauds caused losses of in excess of $1 million.
"During past cycles, overheated real estate markets and banks flush with liquidity led to widespread appraisal and other real estate frauds," says Collins. "This time, the dot-coin expansion ended in corporate losses and accounting irregularities. New, more complex products once again got ahead of controls: thorough underwriting is hard to square with the three-minute mortgage. It has been difficult to turn away attractive but poorly understood opportunities in these hard times. But the fact is that with weak internal controls or inadequate governance, you are asking for problems."
Over the past seven years, suspicious activity reports (SARs) for check fraud, kiting, and counterfeiting on average exceed 20% a year. Credit card fraud is up 25% a year (See Figure 1). For the first five months of 2002, 108,153 SARs of all kinds were submitted to the U.S. Treasury. The top five categories for SARs in 2002 were:
1. 56%--Bank Secrecy Act, structuring, and money laundering.
2. 11%--check fraud.
3. 11%--other.
4. 5%--credit card fraud.
5. 5%--counterfeit checks.
Of course, some of this increase may reflect more complete reporting, especially since SARs have been used in the war on terrorism. But the growth rate is high enough to underline the fact that times are indeed challenging for banks.
Detecting Fraud
Of the 11 bank failures nationwide in 2002, five were attributable to fraud: Hamilton Bank, where there were fictitious loans and money laundering; Bank of Sierra Blanca and Oakwood Deposit Bank, both of which were crippled by large embezzlements; and Connecticut Bank of Commerce and Farmers Bank and Trust, which were brought down by loan fraud. The typical perpetrator was a first-time offender, according to the ACFE 2002 study, and the average scheme lasted 18 months.
Fraud detection by the regulators begins with a bank license application, although it is unusual to detect fraud at that stage. Evidence of misleading information does occasionally prevent an application from moving forward but most people who might think of opening a bank know that they will undergo an exhaustive background check first, and crooks usually think twice about subjecting themselves to detailed federal investigation.
Fraud, misrepresentation, or irregularities are more commonly unearthed during surveillance or on-site examinations. Examiners look for the weaknesses in the internal control environment that create the opportunity for problems. "There have been some public enforcement actions recently that show the effectiveness of examinations assessments related to strong risk management practices, corporate governance, and internal controls," says Collins. "In the PNC action, the bank got the sign-off from its accounting firm to take things off-balance-sheet but were obliged by Fed action to put them back on to more accurately reflect risk. The risk management infrastructure was a key issue in the Fifth Third action. And, in the AllFirst case, there was fraud and a more egregious shortfall of governance and control. We didn't have a bank fail in any of these instances, but we did see a lack of management thoughtfulness and critical thinking that we think our examiners helped unearth.
"Still, you can't legislate integrity," he continues. "Senior management has to set the tone. They must understand their fiduciary responsibility to shareholders, employees, their communities, and the broader financial markets. They must establish a culture of openness that welcomes penetrating questions and challenges--from the board and from their employees, too. They need to recognize and reward those whose vigilance protects the interests of all the bank's stakeholders."
The ACFE 2002 study showed that the most common sources of information about fraud in progress were employee tips, anonymous sources, whistle blowers, and hotlines. Openness pays.
Mitigating Fraud
If you look at the statistics, it's the fat-tail events--low frequency but huge impact--that can cost the franchise and create systemic risk. A single trader brought down a 200-year-old bank. (1)
"It's the small-volume but more frequent gray areas, however, that can have long-term debilitating effects on a company's performance and reputation," says Collins. "You certainly don't want a culture where people think it's okay to hedge a little here and take a little there. There must be checks and balances, good processes, and assurance that the people you hire understand the mission you've envisioned. There is a cost attached to something as small as employees taking six tablets for their kids to use at school or pens for themselves. Such feelings of entitlement are a cultural issue that must be addressed."
Mitigating fraud within an institution, then, begins with the right environment. A strong board of directors will understand the risk and the fiduciary responsibility around operations and ensure that the bank sets appropriate policies, has the right structure, and creates a culture in which all activity--internal or outsourced--can be conducted with confidence.
Internal controls should ensure regular reviews, independent reporting lines, and accurate, timely, and relevant information reporting up to senior management and the board. Employees should take a full two weeks of vacation to lessen the opportunity for fraud. Internal audit must review and test many aspects of the bank's affairs including out-sourced and other third-party arrangements. "So while there is a technical component involved in these controls," says Collins, "there also must be a cultural component that creates the conditions for integrity in operations. When examiners go into banks, we of course look to see that the internal control environment is sound and effective."
The USA PATRIOT Act also helps banks fight fraud. The banking industry had a leg up over mutual funds, brokerage firms, and insurance companies in implementing this Act because of its precursor, the Bank Secrecy Act. Now banks are investing to stay ahead. For example, the Office of Foreign Assets Control (OFAC), a division of the U.S. Treasury Department, administers and enforces sanction programs primarily against countries and groups of individuals, such as terrorists and narcotic traffickers. OFAC periodically distributes lists of such countries and individuals, and many banks are now incorporating this information into their own internal databases to more effectively monitor their customer base. "I am aware of only one recent enforcement action where the PATRIOT Act was cited," says Collins. "However, failures of bank secrecy have led to enforcement actions repeatedly. Banks would be well served to pay attention to this area."
The new requirements in the Sarbanes-Oxley Act of 2002--curtailing loans to insiders and requiring attestation to the quality of controls in the audited accounts of publicly traded companies--are not that new for banks. Collins feels that Sarbanes-Oxley recodifies Section 36 of FDICIA (2), which governs such activities as independent audits and certifying statements. "Banks already had many of those practices in place," Collins says, referring also to Regulation 0, which governs loans to insiders, implements section 22 of the Federal Reserve Act, and has been enhanced many times over the years. "The real impact of Sarbanes-Oxley is likely to be more in rethinking the quality aspect," says Collins. "My advice to banks, then, is that in complying with the technical aspects of the law, focus on the quality of each aspect. How does the board actually operate? Is the corporate governance really sound?"
Community Banks
"Smaller banks are getting better at fraud mitigation," says Collins. "Although larger banks still have the advantage, tools for combating fraud are becoming more affordable and effective to small banks too. And, the things that make community banks successful--knowing your customers, personal service, understanding and even having face-to-face contact with people--can help in uncovering such things as check kiting."
On the Radar Screen
"As we look ahead, accounting transparency and irregularities will continue to be points of focus until confidence is restored in the marketplace," says Collins. "Special purpose entities and securitizations--off-balance-sheet activities--and their structures will continue to be closely monitored. And corporate governance will continue as a strong issue because of Sarbanes-Oxley. We really want people to stay on top of that. Longer term, even as we develop better ways of preventing and mitigating old frauds, we can be sure that new frauds will arise. Banks are too tempting a target, and there is no doubt that fraud will provide banks and their examiners with continuing challenges."
Figure 1 Frequency Distribution of SAR Filings by Characterization of Suspicious Activity for the period April 1, 1996 through October 31, 2002-- Violation 1996 1997 1998 1999 BSA/Structuring/Money Laundering 21,655 35,625 47,223 60,983 Bribery/Gratuity 94 109 92 101 Check Fraud 9,078 13,245 13,767 16,232 Check Kiting 2,902 4,294 4,032 4,058 Commercial Loan Fraud 583 960 905 1,080 Computer Intrusion 0 0 0 0 Comsumer Loan Fraud 1,190 2,048 2,183 2,548 Counterfeit Check 2,405 4,226 5,897 7,392 Counterfeit Credit/Debit Card 391 387 182 351 Counterfeit Instrument (Other) 219 294 273 320 Credit Card Fraud 3,340 5,075 4,377 4,936 Debit Card Fraud 261 612 565 721 Defalcation/Embezzlement 3,286 5,284 5,252 5,178 False Statement 1,880 2,200 1,970 2,376 Misuse of Position or Self Dealing 952 1,532 1,640 2,064 Mortgage Loan Fraud 1,318 1,720 2,269 2,934 Mysterious Disappearance 1,216 1,765 1,855 1,854 Wire Transfer Fraud 302 509 593 771 Other 4,836 6,675 8,583 8,739 Unknown/Blanck 1,539 2,317 2,691 6,961 Violation 2000 2001 2002 BSA/Structuring/Money Laundering 90,606 108,925 126,971 Bribery/Gratuity 150 201 331 Check Fraud 19,637 26,012 26,170 Check Kiting 6,163 7,350 7,686 Commercial Loan Fraud 1,320 1,348 1,571 Computer Intrusion 65 419 1,293 Comsumer Loan Fraud 3,432 4,143 3,644 Counterfeit Check 9,033 10,139 10,198 Counterfeit Credit/Debit Card 664 1,100 1,050 Counterfeit Instrument (Other) 474 769 659 Credit Card Fraud 6,275 8,393 12,347 Debit Card Fraud 1,210 1,437 975 Defalcation/Embezzlement 6,117 6,182 5,101 False Statement 3,051 3,232 2,995 Misuse of Position or Self Dealing 2,186 2,325 2,217 Mortgage Loan Fraud 3,515 4,696 4,617 Mysterious Disappearance 2,225 2,179 1,869 Wire Transfer Fraud 972 1,527 3,293 Other 11,148 18,318 25,346 Unknown/Blanck 6,971 11,908 6,753 Source: The SAR Activity Review: Trends, Tips & Issues, Issue 5, February 2003; page 11; published under the auspices of the Bank Secrecy Act Advisory Group; available online at http://www.fincen.gov/sarreviewissue5.pdf.
Notes
(1.) A trader was supposed to be exploiting low-risk arbitrage opportunities that would leverage price differences in similar equity derivatives on the Singapore Money Exchange (Simex) and the Osaka exchange. "In fact, he was taking much riskier positions by buying and selling different amounts of the contracts on the two exchanges or buying and selling contracts of different types. Thanks to the lax attitude of senior management, Leeson was given control over both the trading and back office functions. As Leeson's losses mounted, he increased his bets. However, after an earthquake in Japan caused the Nikkei Index to drop sharply, the losses increased rapidly, with Leeson's positions going more than $1 billion into the red. This was too much for the bank to sustain; in March of 1995, it was purchased by the Dutch bank ING for just one pound sterling." www.erisk.com/portallreference/case/ref_case_barings.asp.
(2.) In 2001, the FDIC Board of Directors formalized its long-standing interpretation of the Federal Deposit Insurance Act (FDICIA) regarding what it means to be "engaged in the business of receiving deposits other than trust funds."
[c] 2003 by RMA. Charles Taylor is director of Operational Risk at RMA--The Risk Management Association; Beverly Foster is editor of The RMA Journal.
Contact Taylor at
COPYRIGHT 2003 The Risk Management Association
COPYRIGHT 2005 Gale Group