All too often with fraud there is a dishonest employee involved somewhere along the line. Although every check on an employees background may show them to be a paragon of virtue, there is no guarantee that they will remain a faithful servant to the bank forever. Indeed “sleepers” may be planted within a bank by criminal organisations who gain the trust of the management over a period of time (even up to as much as 5 years), becoming a trusted employee who is just awaiting the opportunity, on the word of their conspirators on the outside, to perpetrate a huge fraud. I read somewhere recently that employee fraud in the UK is estimated to have increased by 200% since 2003. That being the case, what can be done to identify an “at risk” employee once they have passed the screening processes employed by the recruiting bank? Certainly the last thing honest employees want is to not feel trusted  by their employer; therefore any surveillance system need to be covert. An employee fraud identification system also needs to be able to draw upon data from a wide spectrum of sources including access data, internet data, email usage and content, current account activity, transactions performance and telephone systems – to name but a few. Normal patterns of behaviour need to be established initially. We are creatures of habit, parking in the same space in the company car park, arriving and leaving at similar times each day etc... Having established “the norm”, changes in behavioural patterns can be detected and these anomalies can be further investigated since they may indicate fraudulent activity. The rigorous approach that the banks take in recruitment is the first line of defence. Employee circumstances can change through time however; they may develop a gambling addiction for example and need money to pay off their debts, or may fall prey to a criminal gang intent on fraud and act in collaboration with them, or they may just want to live out a Walter Mitty lifestyle. A second, and third line of defence is necessary. The second line is the putting in place of rigorously monitored policies and procedures, setting thresholds and counter signatory processes to mitigate the risk. The third is achievable by the deployment of employee fraud prevention and detection systems capable of analysing data from a wide variety of sources based upon behavioural patterns. There is of course the fourth line - and that is the deterrent of long-term imprisonment – by which time it's too late. The fraud has been committed, and possibly money lost, and the bank suffers in terms of its reputation  - a situation that could have been avoided with earlier intervention.