Blog article
See all stories »


Insider fraud – a crime committed by members of staff – is now one of the biggest security threats posed to businesses in the UK.

I estimate the cost to UK financial institutions is astronomical. Mortgage lenders and building societies lost more than £500 million in 2009 to this growing menance – and all the signs are this figure will rise in 2010 and beyond.

What the cost is to the wider financial services sector is anyone's guess – but the cost to lenders certainly puts things into perspective!

Recently it has been revealed that women pose a growing threat to companies – as females committed twice as many insider frauds in 2009 than their male counterparts. However, males are still responsible for committing most high value frauds, while the growing proportion of women focused on opportunist and relatively low value theft.

To help finance companies start tackling the issue – and give themselves far greater levels of protection – they can follow a simple, 10-point blueprint. It covers everything from vigorously checking job applicants’ CVs to installing appropriate monitoring tools that flag and track unusual activities. 

The insider and employee fraud blueprint:

1 A business must put in place clear and consistent internal procedures designed to combat internal fraud. This enables all members of staff to know what they’re doing – and what is expected of them;

2 Create a suite of tools and processes that ensures members of staff adhere to the rules – and alerts management to any breaches;

Appoint a team to review and learn from historical frauds that may have occurred within the organisation – and the wider mortgage and lending sectors;

Use IT-based monitoring tools to flag unusual activities at an early stage;

Use IT-generated statistics to identify any transactions that don’t fit normal trading and lending patterns

6 Undertake vigorous reference checking – and ensure your HR teams check out someone’s CV for inconsistency before they start working for you;

7 Regularly review your internal fraud management practices – ideally on a quarterly basis;

8 Gear internal training programs to educate staff, so they are aware of what internal fraud looks like and the damage it does to a corporate reputation;

9 Encourage whistle-blowing – emphasising there will be absolute anonymity for anyone who identifies potential wrong-doing;

10 Whenever possible, share best practice and learning experiences with peers, thereby keeping yourself in-tune with the latest fraud trends – and proven measures that have countered insider crime.

Companies that take on-board some, or all, of this advice will increasingly find they are able to minimise potential insider fraud threats before an individual, or organisation, has an opportunity to inflict any serious financial and reputation damage.

Tackling fraud – particularly crimes that are committed by someone on the inside – isn’t as difficult as it might seem. Like a lot of business activities, the key is in the planning and then the execution. Organisations that get these two critical areas right will find they become successful at neutralising the overwhelming majority of insider fraud attempts.

And that's got to be good news for everyone!




Comments: (1)

A Finextra member
A Finextra member 04 October, 2010, 14:40Be the first to give this comment the thumbs up 0 likes

Think there may be a couple of point missing here:


Firstly implement corporate Identity Management systems that ensures authentication of each individual!

Related to this make it clear that the technology will make sure YOU will be caught with implementation of Log Analaysis (logical and physical - door access telephones and IT)

Implement data classification and monitor Data Loss (DLP) fire a few people that ignore rules ....

The above will act a a deterant for most staff other than those who are working as paid insiders ... other measures are required to deter the "professional" cyber criminal ...

Now hiring