Case In Point

Better together

Written by: Raina Verma, CFE
Date: January 1, 2023
Read Time: 6 mins
Fraud Investigation and Examination Money Laundering

When sailing, mariners must always know the wind’s direction and mind their points of sail — a boat’s course relative to the wind. Sails can’t catch the wind in what is known as the no-go zone, approximately 45 degrees on either side of the wind’s direction. But sailing close-hauled, or as close to the wind as possible, mobilizes sails. (See “What is Sailing Close to the Wind?” Life of Sailing.) Indeed, sailing requires working with the wind to move ahead. Managing fraud risk and investigations is a similar process: Just as the mariner works with the wind, collaboration among teams of experts is the best way to propel forward. When people come together and share their expertise, they can truly succeed.

My team and I learned the importance of collaboration when we worked on a money-laundering probe at my former employer, a financial institution. The investigation revealed gaps in my organization’s processes and controls, but perhaps more important, it redefined how we operated and managed cases. Ultimately, we were able to do right by our customers, shareholders, peer banks and regulators because we decided to work together. We also strengthened our organization’s fraud-fighting efforts after breaking down the siloes we worked in. Here’s what happened.

A case of money laundering

Someone had been wiring millions of U.S. dollars to different accounts outside the country without the appropriate approvals from the account owner. And as an investigator, I identified suspicious patterns in the transactions, which the anti-money laundering (AML) unit had reviewed. But, unbeknownst to me, our fraud-risk analyst, who worked in a different department, had also spotted similar troubling trends associated with the same account through the company’s alert management system. We’d both spotted significant issues but had failed to share the information with each other.

This proved to be just one of many instances in the investigation that showed how vital information went unnoticed among teams that are trained to spot fraud and money laundering in different ways but for whatever reason decided not to communicate their findings across the organization.

When people come together and share their expertise, they can truly succeed.

Another blind spot revolved around so-called threshold triggers. Depending on the risk profile of the customer, banks will raise red flags if transaction sizes hit or exceed certain thresholds. The client under suspicion was receiving 157,000 Emirati dirham every other day — about $43,000 at the current exchange rate. But that failed to alert the analyst who based his threshold trigger on single-day transactions. Velocity and volume reports, which measure the pace of transactions and the amounts over a longer period, would’ve told a different story and alerted us to potential suspicious activity. We could’ve then contacted the client for clarification and raised suspicious reports if we received an unsatisfactory response.
 
Suspicious internet banking activity also wasn’t immediately flagged. The client failed to report that someone had debited his account from abroad. This was strange as the client would have received a text message on his mobile phone confirming this kind of activity. The account owner told us he was in the country when the transactions were made, but it wasn’t until later that our investigation revealed he’d shared his credentials with other parties.
 
That someone with an IP address from another country was wiring funds from the account should’ve raised red flags, especially if the account owner had been banking on the internet just a few hours earlier. This was clearly suspicious and, as we found out later, indicated that he’d been sharing his credentials. The national origin of these types of communications are important indicators in cases like this, not to mention the correct matching of static and dynamic data. Static data refers to information that doesn’t change, such as date of birth, nationality and past education. Dynamic data, on the other hand, may eventually change such as passport number (upon expiry), visa residency number, current residence and place of work, etc.
 
Indeed, this case raised red flags galore across our organization such as the suspicious usage of the internet-banking account, odd transaction volumes, and how the customer’s risk category did not align with behavior he displayed when using the account. But this information was dispersed across separate units in the company, and no one had shared what they knew or connected the dots. That is until our investigation revealed that the account was being used for money laundering.
 
I feared our organization would suffer unless we radically revised our policies and procedures. Our investigation of the account holder lasted for more than a year, even with immense support from regulators and law enforcement. And while our internal process needed a facelift and created obstacles, we eventually proved that the clear intent for opening this account with us was to defraud millions and hide the origin of wired funds. We quickly flagged this to regulators. And with possible litigation threats looming over our organization, I immediately devised a plan to engage with our in-house legal counsel, law enforcement, regulators and our corporate lawyers.
 
Thankfully the blind spots we discovered in our internal controls presented an opportunity to revamp our systems to better serve our customers, improve employee training and awareness, and fine-tune working relations with regulators and law enforcement. Here are some of the lessons we learned about collaboration.

Breaking down siloes

Fraud-risk managers and AML experts approach investigations with different perspectives. But both skill sets go hand-in-hand, and regulators see them as critical functions at financial institutions. Each group may garner information that the other could use, and together they’re more likely to see an entire scheme taking placing under their noses. With collaboration, we can avoid overlapping reports as occurred above, and help anti-fraud and AML teams build on what’s already known about a customer profile.

To ensure that they’re adequately covering the AML and fraud-risk ground, organizations should maintain separate transaction-monitoring systems but educate the different teams on how to identify the red flags that each team seeks.

If an AML analyst reviews an alert and doesn’t find anything suspicious from an AML perspective, they should pass those alerts along to a fraud risk analyst for their review. This information sharing enables the fraud investigation team to dig deeper into the matter. While financial crimes analysts cut their teeth in a wholly different area of expertise, sharing their information can also greatly aid in AML and terrorist-financing investigations. In our case, it was clear that there had been no collaboration between the AML and fraud team, each keeping alerts and reviews within their respective units.

Leveraging in-house data

It’s important to leverage readily available in-house data. Some companies often think that hiring a data analyst to create reports is enough. But it’s often better to bring in a financial crimes analyst with the skills to review reports and identify whether it’s necessary to investigate further or escalate a suspicious activity report (SAR) to regulators.

Remember that financial institutions use know-your-customer and know-your-customer’s-customer processes (KYC and KYCC) to monitor transactions, and that this readily available data can be used to spot suspicious cases and trade-based money laundering triggers.

It’s also critical that organizations reach out to regulators because information sharing helps identify global criminal infrastructures.

Identifying unusual relationships in nonfinancial data using demographic details of employees, customers, vendors, contract workers’ attendance records, etc. is critical for any organization in the race to curb bribery, corruption and the use of insider information.

Fraudsters work together, so must fraud fighters

Fraudsters know that the keys to success are collaboration and sharing information, so fraud examiners must pool their resources and work together to fight back.
Fraud examiners must work collaboratively because that’s what fraudsters are doing. ACFE’s Occupational Fraud 2022: A Report to the Nations shows fraudsters are increasingly working together and successful because of it. Frauds involving two or more perpetrators comprised 58% of cases in 2022 versus 42% in 2012. The median loss to fraud committed by two or more perpetrators is $145,000 compared to a $57,000 median loss when fraudsters go solo.

Fraudsters know that the keys to success are collaboration and sharing information, so fraud examiners must pool their resources and work together to fight back. (See “Why fraud fighters should team up for success,” by Nicholas White, BAI, Banking Strategies, Oct. 24, 2022.)

You can’t overreact and roll out a fraud risk management program without understanding what your business requires — that’s like sailing directly into the wind. However, finding the right degree of wind is like finding your degree of collaboration during a fraud investigation. Collaboration ensures that when fraud happens, the impact is minimal. No fraud risk assessment or any program can save an organization alone but collaboration with stakeholders can.

Raina Verma, CFE, is an internal audit and fraud risk management professional specializing in financial crimes investigations, regulatory compliance and anti-money laundering. Contact her at Raina@windowslive.com.

Ad

Begin Your Free 30-Day Trial

Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.

Learn More Already a member? Sign In

You May Also Like