12 Nov 2018
The banking system’s vulnerability to fraud, corruption and money laundering is once again a focal point of debate in the wake of recent disclosures by the Central Bank of Nigeria that major losses have been recorded by banks from armed robbery cases and other criminal activities amounting to N12bn in six months.
According to the Central Bank of Nigeria, these criminal activities are being perpetrated by members of staff and non-staff members of lending institutions.
The actual loss by banks to fraud and forgery, however, amounted to N12.06bn, compared with the N0.78bn and $0.03m suffered in the first half of 2017.
This revelation comes after a news report by the Premium Times that a top executive at one of Nigeria’s largest banks was arrested by the Economic and Financial Crimes Commission (EFCC) over a series of transactions his bank allegedly carried out on behalf of one of Nigeria’s largest oil-producing states, Rivers.
The EFCC alleges that the transactions, at least N117 billion in value, are suspicious in nature but that the bank failed to report them according to law.
Insiders at the EFCC and the bank said the official involved was held to explain why his bank failed to document the withdrawals, allegedly done over a three-year period, as suspicious.
Where weak Know Your Employee (KYE) and internal control measures abound, corporate losses due to employee fraud and money laundering increases.
In the United Kingdom, the Crown Prosecution Service stated that an employee of a leading UK bank, who acted as a “personal bank manager” to two money launderers, was jailed for six years and four months for his role in a conspiracy to launder more than £2.5 million that had been stolen using malware.
Cyber-crime officials said a London-based man acted as the personal bank manager to two money launderers, setting up 105 sham bank accounts using false ID documents.
The launderer then managed the accounts to ensure that receipt of the stolen funds were not blocked by the bank’s security processes and that the pair could freely transfer money between the accounts.
The two men were jailed in October 2016 and the banker was arrested the following month.
During a search of the banker’s home in Edgware, officials of the National Crime Agency (NCA) recovered more than £4,000 in cash, seven luxury watches and three mobile phones.
A strong Know Your Employee (KYE) program may have prevented the above scenarios.
Know Your Employee (KYE)
A KYE program means that the institution has a program in place that allows it to understand an employee’s background, conflicts of interest and susceptibility to money laundering complicity.
Factors such as policies, procedures, internal controls, job descriptions, compliance with personnel laws and other deterrents should be firmly in place.
Money laundering regulations require that financial institutions put in place adequate policies, procedures, and controls including appropriate compliance management arrangement and adequate screening procedures to ensure high standards when hiring employees.
The rules also stipulate that that every employee’s accounts be monitored for potential signs of money laundering and be subjected to the same anti-money laundering and combating the financing of terrorism (AML/CFT) procedures as applicable to other customers’ accounts.
This has to be performed under the supervision of the Chief Compliance Officer.
An effective KYE program will include pre-employment background screening of prospective and current employees; and the monitoring of current employees for suspicious activity.
Pre-employment background screening
Background screening of prospective and current employees, especially for criminal history, is essential to keeping out unwanted employees and identifying those that need to be removed.
While some foresee legal requirements for mandatory background screening by employers, it is still a matter of employer discretion in most industries.
This process can be an effective risk-management tool by providing management with a degree of certainty that the information provided by the applicant is true and correct, and that the potential employee does not have a criminal record.
Used effectively, the pre-employment background screening process may reduce turnover by verifying that the potential employee has the requisite skills, certification, license or degree for the position; deter theft and embezzlement; and prevent litigation over hiring practices.
Institutions should verify that contractors are subject to screening procedures similar to those used by the financial institution.
There are costs associated with developing and implementing an effective screening process.
However, absent of an effective screening process, a bank may incur significant expenses from recruiting, hiring and training unqualified individuals based upon their skill sets or backgrounds.
These individuals may have to be replaced due to an inability to perform assigned duties or for other reasons.
The Federal Deposit Insurance Corporation (FDIC), a U.S. regulator, has provided guidance on employee screening in its paper “Pre-Employment Background Screening: Guidance on Developing an Effective Pre-Employment Background Screening Process”.
According to the FDIC, management should develop a risk-focused approach for determining when pre-employment background screening is considered appropriate or when the level of screening should be increased, based upon the position and responsibilities associated with a particular position.
The sensitivity of the position or the access level of an individual staff member may warrant additional background screening, which should include verification of references, experience, education and professional qualifications.
Furthermore, management should verify the applicant’s identity.
An on-going approach to screening should be considered for specific positions, as circumstances change, or for a comprehensive review of departmental staff over a period of time.
Management should also have a policy that addresses appropriate actions when a pre-employment or subsequent screening detects information contrary to what the applicant or employee provided.
Section 19 of the Federal Deposit Insurance Act prohibits any person who has been convicted of any criminal offence involving dishonesty, a breach of trust or money laundering from becoming or continuing as an institution-affiliated party, amongst other issues.
Note that consultants who participate in the conduct of the affairs of an insured institution may be subject to Section 19.
Therefore, a pre-employment background screening process should be established by all financial institutions that, at a minimum, uncovers information regarding a job applicant’s convictions and programs entries to ensure that only appropriate persons are employed, or that an application for FDIC consent is sought, if applicable.
Monitoring of employees
Once a business relationship has been established with an employee, banks must conduct enhanced on-going monitoring of the business relationship.
Banks may monitor their employees for suspicious activity.
The following examples are red flags that, when encountered, may warrant additional scrutiny. The mere presence of a red flag is not by itself evidence of criminal activity.
Closer scrutiny should help to determine whether the activity is suspicious or one for which there does not appear to be a reasonable business or legal purpose:
i. Employee exhibits a lavish lifestyle that cannot be supported by his or her salary;
ii. Employee fails to conform to recognised policies, procedures and processes, particularly in private banking;
iii. Employee is reluctant to take a vacation;
iv. Employee exaggerates the credentials, background or financial ability and resources of a customer in written reports the bank requires;
v. Employee frequently overrides internal controls or established approval authority or circumvents policy;
vi. Employee uses company resources to further private interests;
vii. Employee assists transactions where the identity of the ultimate beneficiary or counter party is undisclosed.
It is recommended that KYE information, such as background information, should be obtained prior to a job interview, during the job interview and just before an offer of employment.
Any serious gap observed must be documented and should form part of the basis of an offer of employment.
After acceptance of offer, but before confirmation, background screening checks must be conducted to verify the identity of employees.
All information supplied by prospective employees must be verified during probation.
Any change in such information, including marital status and additional qualifications obtained during the period must be verified against appropriate documents and issuing institutions.
Financial institutions are advised not to use the Employee Profiling methodology, to assess the risk posed by potential employees.
Employee profiling, being a one-size-fits-all assessment methodology, may not be the best option. This paper recommends a flexible approach that can adapt as risks evolve.
Since the approach used to combat money laundering is more like a flexible approach, the methodology used to assess employee risk should also be flexible.
Financial institutions should label employees in sensitive positions as high risk, just as how they label customers.
They would need to apply enhanced scrutiny to such employees.
Chief Compliance Officers, for example, should be labeled high-risk. Measures would have to be put in place to mitigate the risk (s) associated with high-risk employees.
Financial institutions must ensure that all bank accounts of employees are effectively monitored.
This would enable financial institutions to detect when an employee is aiding and abetting fraud and corruption.
About the author: Ehi Eric Esoimeme is the Deputy Editor-in-Chief of DSC Publications and also a contributor at KYC360. His published work include his books: ‘The Risk-based Approach to Combating Money Laundering and Terrorist Financing’ and ‘Deterring and Detecting Money Laundering and Terrorist Financing: A Comparative Analysis of Anti–Money Laundering and Counter-terrorism Financing Strategies.’ For more information on Ehi’s books, visit here. His articles can be downloaded here.
This article is expressing personal opinions and is meant for information purposes only. The article does not intend to replace professional or legal advice. It is recommended that readers seek independent professional or legal advice, or speak to authorised persons/organisations.
You can claim CPD minutes for this content, by signing up to our CPD WalletFREE CPD Wallet