Employee Fraud Risk
In organizations where the possibility of fraud exists, employee fraud risk must be highly considered. Such organizations may include financial institutions, banks, creditors, insurance companies and even government agencies such as the Social Security Administration, Internal Revenue Service, Medicare and Medicaid. In such organizations, the opportunity and incentive elements of fraud are highly present which can be exploited by both internal and external individuals, however, the opportunity element is much higher for employees because they already have access to highly critical systems and information such as weaknesses about operating and technical controls which can facilitate fraud and hide any traces left from the crime.
An employee fraud risk is a common business risk which must not be ignored when considering that most business fraud is committed by internal employees for the reasons which were just described. For example, it was reported a bank employee had opened multiple accounts with stolen identities and also withdrew money from accounts of deceased customers. This is an example of insider fraud which is often reported as a higher risk than fraud committed by outsiders in statistical fraud analysis reports.
When opportunities and incentives exist to commit fraud, some disgruntled employees who can not cope with the changes within the organization will also discover the rational to commit fraud while performing a high degree of due diligence to ensure fraud can be maximized and hidden. For example, the employee fraud risk example reported above indicates a high degree of due diligence on the part of the employee to monitor and identify account holders who have recently been reported as deceased and whose accounts remain open and vulnerable. In fact, organizations vulnerable to identity theft and related fraud, must monitor the status of their customers and deceased customer account activities which may be considered potential identity theft red flags. The main advantage of the Red Flags Rule and the organizations’ activities to perform a periodic identity theft risk assessment is to identify, detect and prevent the warning signs of an identity theft in action. However, such red flags or warning signs must also take into consideration the potential malicious activities of internal employees especially when major changes are negatively affecting employees such as lay offs, cost cutting, acquisitions and management changes.
Once red flags are identified in the risk assessment process, policies and procedures must be designed and communicated to the appropriate employees for detecting and mitigating fraud risks facing the company from outsiders as well as insiders. Some solutions may include initial and periodic employee background checks, monitoring account activities, monitoring customer status, etc.
Return to the identity theft blog after reading about employee fraud risk for other recent articles.