Prison Sentence for Insider Crimes6 Years for Employee Who Obtained Loans for Family, Friends
On Sept. 7, the U.S. Attorney for the District of Maryland issued a statement about the six-year sentence handed down to Latesha Brown.
Brown pleaded guilty to a bank fraud conspiracy and identity theft scheme she orchestrated while employed with multiple credit unions.
Brown exploited her employee access to personal information about members that she later used to falsify loan applications for family and friends. She has been ordered by the court to pay $124,000 for restitution.
The story sounds all too familiar.
Also on Sept. 7, Gary Foster, a former vice president in Citigroup Inc.'s treasury finance department, pleaded guilty to the role he played in a bank fraud scheme that allowed him to embezzle of more than $22 million from Citigroup and its customers. [See Citi Case Exposes Insider Risks.]
According to the U.S. Attorney's Office for the Eastern District of New York, the charges against Foster stemmed from fraud he committed between September 2003 and June 2011.
Given the current state of the economy, Julie McNelley, a financial fraud analyst at Aite, says insider compromises are likely to escalate.
"In the wake of the financial crisis, financial institutions face severely constrained budgets," she says. "While the reputation risk and potential for hard-dollar losses associated with insider fraud has many FIs concerned, it can be hard to make a business case for the technology that can help uncover the patterns, particularly if the institution has no understanding of the scope of the issue."
Under the RadarIt's a bit of a chicken-and-egg scenario, McNelley says. It's difficult for an institution to justify investments in detection technology until a costly insider breach occurs.
In the Brown case, like the Foster case, the fraud went undetected for years. From September 2004 to August 2010, Brown's conspiracy involved fraudulent loans that were based on stolen identities. In her roles with various credit unions, she used her privileges to then accept and submit forged birth certificates and pay stubs, as well as false driver's licenses, employment letters and vehicle invoices, ultimately verifying herself the legitimacy of the fraudulent loans she provided.
Brown's scheme involved misappropriated Social Security numbers and stolen notary stamp seals. She then processed falsified loan applications in a deficient manner and assisted her co-conspirators with quick access to ill-gotten loan funds as a way to avoid detection.
From March 26, 2007 until Aug 5, 2010, Brown, often used stolen identities to even apply for jobs and membership at credit unions. In total, she sought employment at 33 credit unions and applied for membership at 29, often reapplying to the same institution multiple times using new false identities.
Her scam, though widespread, is not so complicated. Yet Brown, like so many others was able to fly under the radar for several years.
Back to BasicsInternal fraud detection does not have to be overly technical or expensive. Basic precautionary steps could thwart most breaches and scams, experts say.
Erin Morasch, an internal audit manager for fraud-loss prevention at San Francisco-based Patelco Credit Union, $3.75 billion in assets, says more division between departments and duties, as well as firm policies regarding job employment, might have helped pick up on suspicious activity in the Brown case sooner.
"Screening criteria should include credit, debit and criminal history," Morasch says, "to determine if fraud factors or criminal history is or are present. If fraud or a criminal background is present, a hiring offer shouldn't be made."
When it comes to confirming the authenticity of members and borrowers, however, the checks and balances are more complicated, but not unmanageable. "For us, screening new-member applicants for membership through a debit bureau saves us from a lot of loan fraud," Morasch says.
Passing a debit bureau screening to qualify for an account is an extra layer of scrutiny that helps Patelco weed out potentially bad borrowers. The credit union also has more than one department review membership applicants, and those who review the applicants are trained to pick out high-risk applications. "If the membership applicant concurrently applies for a loan, she is subject to greater scrutiny and authentication," Morasch says.
Just that added layer of scrutiny may have foiled Brown's scheme years and several credit unions sooner.
"Paying attention to data discrepancies, ID theft alerts, ghost borrowers, those who have no credit or debit history, all serve to reduce our exposure, post-opening, of the new account," Morasch says.
The more eyes and departments a banking institution has reviewing individual and risky loan applications, the less likely fraud will get overlooked.
"There are multiple operational and lending departments involved, and, because of that, our process may act as a deterrent for insider fraud," Morasch says. "On the lending side, we have the relatively standard proviso that the person who processes the loan cannot fund it - a counter-party has to be involved if the loan is funded. And if problems come to light or blow-up, or if we think there's too much smoke in the air, we're going to investigate to determine the extent of our potential problem, establish any patterns, like applicant geo-location, branch locations, car dealerships, and really scrutinize the problem. If there was insider fraud, all that attention and post-mortem review, hopefully, would serve to choke off any further abuse."