An article in the Summer 2005 issue of Supervisory Insights presented an overview of the enforcement action process as it relates to individuals and provided the statutory basis for administrative enforcement actions.1 The article focused on fraud-related cases and noted that these cases generally fall into one of two categories: embezzlement or loan fraud. Although personal financial gain often was the motivating factor, a common aspect of a number of loan fraud cases was the desire to hide delinquencies or declining credit quality. The second in this series of articles builds on this information and presents two case studies that illustrate how embezzlement or loan fraud can occur, the effect it can have on an insured depository institution, and the importance of effective controls and oversight in helping prevent internal malfeasance.
Embezzlement Facilitated by Inadequate Internal Controls
A retail institution in a small city held less than $500 million in assets. The bank was consistently profitable. During a two-year period, a senior executive officer ("the officer") exerted significant influence over the loan function as well as the bank's operations. He had an authoritarian management style and was responsible for administration of more than half of the loan portfolio. The bank's board of directors had granted authority to the officer for a very high lending limit. Furthermore, the board usually reviewed and approved loans only after the fact, and delinquent-loan reports provided to the board were manually prepared by bank staff and subject to the officer's manipulation. The effects of the bank's inadequate internal controls and ineffective internal audit program were exacerbated by the officer's intimidation of employees and the bank's level of staffing, which did not keep pace with significant asset growth. Moreover, although senior management officials began to notice irregularities in the officer's activities, they failed to notify the board of directors, regulators, or law enforcement authorities in a timely manner, allowing the misconduct to continue.
The officer engaged in unsafe and unsound practices and breached his fiduciary duty to the bank. He committed a series of improper transactions involving customer loan or deposit accounts to fund his personal assets, improve his cash flow, and conceal his improper activities. The examples below describe a few of the instances of his misconduct.
- The officer extended a new loan to an existing bank customer to refinance a legitimate debt the customer owed to the bank. The settlement statement provided at closing was inconsistent with the amounts actually disbursed; that is, the statement reflected a loan payment that exceeded the actual amount paid. The officer used this difference and others to issue a cashier's check deposited in his account. The officer later used the proceeds to pay a personal debt and expenses, fund investments, and provide a loan payment for another borrower. All this was done without the first borrower's knowledge.
- The officer established an unauthorized loan in the name of an exist-ing bank customer and apparently forged the customer's signature. The officer used the loan proceeds to make a payment on a personal debt, pay personal expenses, make deposits in his personal accounts, and obtain cash.
- The officer made unauthorized advances on customers' legitimate, existing lines of credit. He advanced the unauthorized funds to make a deposit into one of his accounts and pay other personal expenses.
- The officer misappropriated funds from customer deposit accounts by transferring funds from a customer's account or depositing customer checks into his own account. The officer later reversed the misappropriations by transferring other, illegitimately obtained funds into the customers' accounts.
Through his misconduct, the officer acquired personal benefit of more than $1,000,000. However, the officer's misconduct combined with his efforts to conceal his activities resulted in losses of nearly $5,000,000 to the insured institution. Moreover, his departure left a significant void in management. Subsequently, the bank merged with another institution and no longer exists as an independent entity. The officer pled guilty to violations of Federal law, including embezzlement and misapplication of bank funds. The FDIC issued an Order of Prohibition against the officer to help ensure he does not participate in the affairs of another insured institution.
Loan Fraud Went Undetected Due to Lax Audit Function
Another consistently profitable retail institution in a small urban area held less than $500 million in assets. For nearly three years, a management official ("the officer") was alleged to have engaged in unsafe and unsound practices and to have breached his fiduciary duty to the bank by committing a series of improper transactions involving customer loan accounts. He initiated these transactions to cover delinquencies and credit problems.
The alleged misconduct involved hundreds of instances where loan accounts received illegitimate payments from improperly obtained funds. The bank's ineffective internal controls were a key contributing factor to these irregular activities. The officer was a trusted, long-time employee of the bank with reasonable lending authority; the seriousness of the situation was compounded by lax bookkeeping and scrutiny by one customer whose accounts he targeted. The officer initiated the advances and posted payments with only his signature and was authorized to correct "accounting errors." The bank's audit function failed to detect the alleged misappropriations in a timely manner.
Although the officer targeted one legitimate borrower for most of the wrongful advances, he used more than a dozen accounts as sources of funds. His scheme worked as follows. The officer made an advance from a current, performing loan (typically for less than $1,000) and applied the proceeds as payments to delinquent credits. The officer made improper advances of more than $150,000. The officer targeted one borrower who he knew had an active line of credit and did not scrutinize his transactions closely. When the targeted borrower questioned an advance, the officer blamed it on an "accounting error." He would then draw from another borrower's line of credit to cover the questioned advance. The delinquent borrowers who had payments applied to their loans apparently had no knowledge of the officer's activities.
Although this officer did not personally benefit from his wrongdoing, other than possibly maintaining his position at the bank, the insured institution incurred credit losses and costs for investigating the misconduct. The problem credits paid off through the misappropriated funds required extensive collection efforts because the bank had previously released any collateral when the loan was fraudulently extinguished. In addition, by making improper payments on the delinquent loans, the officer prevented the bank from recognizing the borrowers' problem status and taking remedial action. These illegitimate payments also resulted in inaccurate financial statements and erroneous regulatory reports. The FDIC issued an Order of Prohibition against the officer, preventing him from moving to another institution.
The Bottom Line
These case studies illustrate what the FDIC may face as it carries out its supervisory obligations. Although the two officers' motivations differed, the effect was the same — both financial institutions suffered monetary losses and investigation costs. Long-time bank employees in a position of trust exploited internal control weaknesses to conduct improper activities. This situation was exacerbated when one employee was able to intimidate other employees into cooperating. Proper controls and oversight must be in place to help prevent internal malfeasance, and timely response by management is needed to limit the impact. An effective audit program (components of which appear below) can help identify and deter wrongdoing.
Scott S. Patterson
Review Examiner
1 Scott S. Patterson and Zachary S. Nienus, "Enforcement Actions Against Individuals in Fraud-Related Cases: An Overview," Supervisory Insights, Volume 2, No. 1 (Summer 2005).
2 12 CFR Part 364, Appendix A, FDIC Rules and Regulations, Interagency Guidelines Establishing Standards for Safety and Soundness.
3 FIL-21-2003: Financial Institution Letter, "Interagency Policy Statement on the Internal Audit Function and its Outsourcing" (March 17, 2003).
4 Depository institutions subject to Section 36 of the Federal Deposit Insurance Act and Part 363 of the FDIC's regulations must maintain independent audit committees composed of directors who are not members of management. The FDIC encourages the board of directors of each depository institution not required to do so by Section 36 to establish an audit committee consisting entirely of outside directors.