NASHVILLE—Of the 23 cases of internal fraud at credit unions since 2013, 17 were engineered by the CEO or manager, a clear sign that not all boards are addressing their responsibilities in overseeing employee theft, reports one analyst.
“This is probably an indication that in some of these cases the board was simply rubber stamping what the CEO or manager was doing—not asking the right questions or asking questions at all,” said Christopher Pippett, an attorney with Fox Rothschild LLP in Philadelphia. “You can trust the CEO, but don’t be afraid to verify information.”
Pippett, who has assisted many credit unions with fraud cases, shared the example of a case where one CEO had an $800,000 mortgage from the CU at 0%, and the board allowed it.
“He had told the board that was typical,” Pippett said.
Pippett acknowledged that boards, many of which have been in place for years and worked with a CEO who has also been in charge for a long time, simply trust the leader who has never shown any signs of wrongdoing.
“But bad things can happen to good people in their lives, like a gambling habit,” said Pippett. “And then suddenly things change.”
The Board’s Real Role
Pippett spoke to directors at NAFCU’s annual meeting here and not only outlined how insider fraud often occurs at the credit union, he addressed the role of the board and offered strategies for ensuring sure the CU is secure.
“As board members you cannot get involved in the daily operations of the credit union,” said Pippett. “But you sit at the top and your job is to make sure the credit union—from executives to tellers—follow policies and procedures to combat internal fraud. That is your duty.”
In addition to rubber-stamping the information the CEO provides the board, Pippett said other signs of an ineffective board are complacency and directors who have become “stale” in their performance and are easily “distracted.”
He said credit unions can avoid the “bad board” by having an active director recruiting program, and one that even looks at succession planning for directors. He said continuing education is important, as well, as the board regularly evaluating itself, or having an outside consultant do that for them.
“You need to keep directors engaged in the credit union and get in people with new ideas,” he said.
A ‘Tone of Integrity’
Pippett said that CU policies and procedures around fraud prevention must be reviewed regularly to ensure they are current and relevant, and that personal characteristics of each board member play a role in preventing internal theft as well.
“Integrity is the key. The board must set a tone of integrity throughout the credit union, letting the entire staff know that lack of integrity won’t be tolerated at any level. You can’t allow an atmosphere of gray to exist,” said Pippett, urging swift action be taken when an employee exhibits a lack of integrity. “If you tolerate lack of integrity, that’s when everything breaks down, at all levels.”
Pippett outlined key policies and procedures boards should make certain are in place to regularly monitor for fraud:
- Random verification of cash vault and teller drawer totals.
- Audit verification of elder, deceased and escheat accounts.
- Random/surprise review of employee and their family members’ accounts.
- Verification of loans.
Pippett stressed the importance of having a mandatory vacation policy, which allows someone else at the credit union step into a staffer’s role and review an employee’s performance and check for fraud.
“And, bad performance and fraud often go hand in hand,” Pippett added.
Pippett recommended reviewing vendor relationships closely.
“Are you vetting the vendors? Do you know them? Are they connected with the executives or anyone on the board? If you are seeing invoices for purchases, make sure you are actually getting the items.”
Time To Make A ‘Switch’
As many experts who have reviewed cases of CU internal fraud have stated, allowing an employee too much control over one area without having redundant duties or rotating employees on roles can lead to problems. Pippett acknowledged that these tactics to mitigate fraud can be particularly difficult to employ at small credit unions where there is limited staff and the manager controls many of the duties.
In addition to rotating staff through jobs, Pippett said the CU should do the same with audit firms—switch every five years.
“Your auditor may do a great job, but they sometimes are great in certain areas and can focus in certain areas, as well,” said Pippett. “Switch auditors. You will get a different focus, which is good.”
Periodic, random employee background and credit checks are good practice, he said.
“You do this when you hire someone, and then not again for them,” said Pippett. “I know this is controversial. But people’s lives change and their situations change. You might be surprised what you find—gambling losses, drug arrests.”
By the same token, the CU should look for marked changes among employees, both lifestyle and behavioral. Things that are more obvious are large purchases, like expensive cars. Less obvious, but often as telling, are performance and attitude changes. Pippett said to pay special attention to staff whose performance falls off significantly as well as their opinion of their job.
“Employees who are happy and like what they do are less likely to steal from you,” he said. “You should also be wary of employees who repeatedly fail to provide you with requested information. You are nice people who work in a nice industry. But if people are not getting you the information you are asking for …”
Policy Can’t Sit In A Drawer
When Pippett asked directors if they have a whistleblower policy at their credit union, many directors raised their hands. “But are your employees aware of it?” he asked. “You have to regularly make it known this policy exists. A whistleblower policy does you no good if it sits in your drawers.”
The rise in fraud at credit unions, especially at small CUs, has had many within credit unions questioning how effective boards have been at credit unions that have been hit by internal theft. And as did Pippett, they’ve suggested boards did not ask enough questions.
Interestingly, in a packed session on a topic many feel is a growing concern among credit unions, not one director asked Pippett a question when the speaker made it clear questions should be part of the presentation.