In recent years, fraud committed by insiders has exposed insured financial institutions and the deposit insurance funds to significant potential or actual losses. Fraud proved particularly costly to a few institutions, as evidenced by one failure and one near-failure. The FDIC, through its examination program, promotes sound internal control structures that help banks detect and prevent fraud. However, the FDIC recognizes that insider fraud will always present a risk to financial institutions.
Banks can mitigate exposure to fraud loss by discovering schemes early, taking aggressive corrective actions, and carrying adequate fidelity insurance. In addition, the FDIC, through the efforts of its Division of Supervision and Consumer Protection (DSC), can minimize exposure by pursing appropriate enforcement actions. The importance that the FDIC places on combating fraud is underscored by the fact that of the 65 removal/prohibition actions issued during 2004, 61 (94 percent) involved fraud against a financial institution.
This article is the first in a series relating to fraud and other misconduct by insiders that resulted in FDIC enforcement actions. It reviews the enforcement action process, identifies recent trends in the number and type of actions, describes the most prevalent types of insider fraud, and summarizes insured institution weaknesses that contribute to the perpetration of fraud. The box at the conclusion of the article provides an overview of the statutory authority and policies that form the basis for FDIC enforcement actions.
The Enforcement Action Process
Often the FDIC learns of insider misconduct during an examination. In other instances, the misconduct is brought to the FDIC's attention by bank management or through the filing of a Suspicious Activity Report.1 After learning of misconduct, DSC examiners conduct an extensive review of the alleged activities to determine if grounds exist to pursue an enforcement action and obtain evidence to support the action. The FDIC's Legal Division will become involved during the investigation to help focus the examiners' inquiries and identify necessary documentation.
The FDIC and other Federal banking agencies have broad discretion in determining the appropriate enforcement remedy to address fraud and other misconduct committed by insiders against insured depository institutions. In determining whether and what kind of enforcement action(s) is appropriate, the FDIC has traditionally considered whether the proposed remedy is likely to achieve the particular supervisory objective. Because cases are fact-specific and present unique circumstances, the administrative remedies are determined on a case-by-case basis. The FDIC Board of Directors has delegated authority to the DSC to issue Notices or Orders against institution-affiliated parties (IAPs) for removal/prohibition actions, for assessments of civil money penalties (CMPs), and for restitution. The use of the full range of enforcement tools is particularly appropriate in cases involving insider fraud.
A common remedy is action under Section 8(e) of the Federal Deposit Insurance Act (FDI Act). A prohibition order issued under Section 8(e) has been interpreted to impose an industry-wide ban, preventing the individual from moving on to another institution and repeating the same or other forms of fraud.2 A CMP removes the incentive for financial gain from an individual's misconduct. It punishes the particular offense, deters similar abuses by the individual being penalized, and, by its public nature, deters others in the banking industry. Remedial action by the institution may be warranted to address internal control weaknesses. In addition, reimbursement of losses or disgorgement of unjust gains by the individual may be appropriate.
The Investigation Phase
When examiners believe that matters are being misrepresented or documentation is inadequate, especially where evidence is in the possession of third parties outside the bank, the FDIC may initiate an investigation under the powers conferred by Section 10(c) of the FDI Act. These powers include the ability to subpoena witnesses, administer oaths, take and preserve testimony under oath, and require the production of records.
The investigation may be conducted simultaneously with a criminal investigation by the U.S. Department of Justice (DOJ) or State criminal authorities. In the case of a parallel criminal proceeding, the FDIC will coordinate with the respective criminal authority and seek to obtain a stipulation to a prohibition action (and to a CMP or restitution when appropriate) as part of any criminal plea agreement. Where the criminal prosecutor has made no formal request to defer administrative action, the FDIC will determine which enforcement action(s) to pursue and the timing of the case after evaluating a variety of factors, including what criminal penalties might likely be imposed. It is FDIC policy to cooperate fully with the criminal authorities. The FDIC normally will delay its enforcement action in favor of the criminal action if the DOJ formally requests it.
Supervisory and Legal Division staff in the FDIC's Regional Offices review the findings of the investigation and decide whether to proceed with an action. When a case is to be pursued, Regional Office staff forward a recommendation memorandum to the Washington Office for review and action. Under current delegations of authority, generally only the Washington Office may issue enforcement actions against individuals.3 As shown in the next section, enforcement action activity has been ratcheting upward in recent years.
Enforcement Action Activity Continues to Increase
The number of administrative actions issued by the FDIC has increased since fourth quarter 2002, almost doubling between 2003 and 2004 (see Table 1).
Table 1. FDIC Enforcement Actions | |||
---|---|---|---|
2004 | 2003 | 2002 | |
Removal/Prohibition Actions Issued | 65 | 35 | 21 |
Civil Money Penalty Actions (number/amount) | 40/$457,000 | 42/$1,892,737 | 29/$5,411,500 |
Restitution Actions (number/amount) | 1/$22,142 | 1/$1,400,000 | 2/$34,000,000 |
Of the 40 CMP actions issued during 2004, 22, involving penalties totaling $290,000, were associated with a companion removal/prohibition action. Of the 18 cases not associated with a companion removal/prohibition action, none principally involved fraud. Half the actions not associated with a companion removal/prohibition action were against members of an institution's board of directors who failed to provide proper oversight of individuals involved in misconduct. The remainder involved regulatory violations where no fraud was involved-typically, violations of regulations governing insider lending or legal lending limits.
A Focus on Fraud-Related Prohibition Actions
Of the 65 removal/prohibition Orders or Notices issued during 2004, 61 (94 percent) principally involved fraud against one or more financial institutions; however, not all of the cases involved a criminal prosecution, primarily due to the lack of substantial loss to the bank. Of the fraud-related actions, the individual committed fraud against the employing bank in 57 cases. Three individuals committed fraud against one or more insured depository institutions, and one individual was a bank employee who committed fraud against two other institutions.
Our review of the fraud-related prohibition cases during 2004 identified common trends and characteristics. The individual's specific motivation (other than apparent greed) could not be identified in every situation; however, our review did reveal situations in which individuals were motivated by the desire to conceal loan problems in a branch or portfolio, or by a financial vulnerability, such as lifestyle expenses, debts from a divorce, or gambling debts. In attempting to hide the misappropriations, the respondents (a respondent is the individual against whom the FDIC issues, or seeks to issue, one or more enforcement actions) would typically manipulate various bank records (usually general ledger accounts). In most cases, manipulation of bank records was discovered within a relatively short time, usually by internal auditors or bookkeepers but often by bank employees, including subordinates, who became suspicious of the respondent's transactions. However, several frauds were conducted over five to ten years. Our review noted some relationship between the amount of funds embezzled and the duration of the fraud; in most cases, gains to the respondent exceeding $100,000 occurred over a period of several years.
Generally, fraud-related cases fall into one of two categories-embezzlement and loan fraud. While the instances of fraud being committed by outsiders (a bank employee against a non-employing bank) were not as prevalent as insider fraud, the losses to institutions in two of the three cases (one case had two respondents) were extremely large, and in one instance contributed to the failure of the bank.
Embezzlement
The embezzlement cases involved respondents misappropriating or misapplying bank funds for personal gain. Respondents often targeted high-volume accounts or transactions, apparently in the hope that the relatively small fraction of fraudulent transfers would go unnoticed. Most respondents targeted deposit accounts from which to transfer funds and then laundered the proceeds through false entries to various accounts. Respondents made false entries to various general ledger accounts, but no particular account appeared to be more at risk than others.
In other instances, respondents attempted to misappropriate, or skim, funds due the bank by diverting fees or other income into a personal account. One respondent stole cash from the bank's vault by falsifying records concerning shipments of mutilated currency to the Federal Reserve Bank.
Loan Fraud
Loan fraud cases involved respondents originating nominee loans (a nominee loan is a loan in which the borrower named in the loan documents is not the party receiving the use or benefit of the loan proceeds), originating loans to fictitious entities or unwitting borrowers, failing to properly record collateral that allowed the transfer of the property to another party and left the bank's loan unsecured, or altering the terms of a loan. While the motives discussed previously would also apply to loan fraud, certain motives were specific to this type of fraud, including gaining access to loan funds, making existing loan terms more favorable to family or associates, or concealing poor performance at a branch or in a loan portfolio. Respondents often failed to disclose receiving an economic benefit from loans they originated to borrowers with troubled financial positions who likely would not have qualified for or been granted credit. Such loans were made outside the bank's policy requirements and were a contravention of safe and sound banking principles.
Respondents usually attempted to conceal illegitimate activity by making fraudulent account entries, including unauthorized or unrecorded advances and fictitious payments. Nominee or fictitious loans were often originated to provide funds to make payments on other illicit loans so that such loans would appear performing and legitimate. Inflated appraisals or other collateral manipulations were sometimes used to allow advances greater than justified.
Insured Institution Weaknesses
Certain financial institution weaknesses were apparent in the fraud cases, with the overarching weakness being lax internal controls. Many banks lacked proper segregation of duties, and individuals were able to process a transaction from start to finish. One individual could initiate, approve, and possibly reconcile a transaction without the involvement of another bank employee. Respondents often functioned without proper supervision, either by their immediate supervisor or by management and the bank's board of directors in general. Several of the respondents were longtime employees who, even if they had not achieved management positions, had established a level of trust that appears to have given them the leeway to commit fraud. Respondents who held senior positions may have been able to avoid oversight or misuse their authority to ensure that their subordinates unknowingly aided the fraud.
Conclusion
Is insider fraud always preventable? Probably not. However, the early detection of fraud is key to limiting risk to an insured institution and the deposit insurance funds. Prevention and detection of insider fraud are possible only through the vigilance of financial institution management and employees, examiners, and external auditors. The FDIC's zero tolerance policy toward insider fraud is evidenced by its continuing efforts to protect the industry through the use of administrative remedies to punish the perpetrators of fraud and to deter other insiders from attempting fraud.
Subsequent articles in this series will feature case studies of enforcement actions issued against individuals for misconduct that involves fraud or other violations of law. These articles will highlight the critical role that enforcement actions play in the FDIC's, and the banking industry's, continuing efforts to combat fraud.
Scott S. Patterson
Review Examiner
Zachary S. Nienus
Financial Analyst
1 A Suspicious Activity Report is a standard form used by all Federally insured financial institutions to report suspected criminal violations of Federal law or suspicious transactions potentially related to money laundering activities.
2 An IAP subject to a Section 8(e) Order can petition to lift or modify the Order.
3 Current delegations of authority to issue enforcement actions can be found at https://www.fdic.gov/resources/regulations/.