23 September 2017


Retired Member

3,111Posts 11,074,598Views 3,387Comments
A post relating to this item from Finextra:

HSBC clerk gets nine years for attempted £72m fraud

09 July 2008  |  14280 views  |  0
A former HSBC clerk who tried to steal £72 million from the bank in a massive electronic fraud has been sentenced to nine years in jail.

The Enemy Within!

10 July 2008  |  2031 views  |  0
All too often with fraud there is a dishonest employee involved somewhere along the line. Although every check on an employees background may show them to be a paragon of virtue, there is no guarantee that they will remain a faithful servant to the bank forever. Indeed “sleepers” may be planted within a bank by criminal organisations who gain the trust of the management over a period of time (even up to as much as 5 years), becoming a trusted employee who is just awaiting the opportunity, on the word of their conspirators on the outside, to perpetrate a huge fraud. I read somewhere recently that employee fraud in the UK is estimated to have increased by 200% since 2003. That being the case, what can be done to identify an “at risk” employee once they have passed the screening processes employed by the recruiting bank? Certainly the last thing honest employees want is to not feel trusted  by their employer; therefore any surveillance system need to be covert. An employee fraud identification system also needs to be able to draw upon data from a wide spectrum of sources including access data, internet data, email usage and content, current account activity, transactions performance and telephone systems – to name but a few. Normal patterns of behaviour need to be established initially. We are creatures of habit, parking in the same space in the company car park, arriving and leaving at similar times each day etc... Having established “the norm”, changes in behavioural patterns can be detected and these anomalies can be further investigated since they may indicate fraudulent activity. The rigorous approach that the banks take in recruitment is the first line of defence. Employee circumstances can change through time however; they may develop a gambling addiction for example and need money to pay off their debts, or may fall prey to a criminal gang intent on fraud and act in collaboration with them, or they may just want to live out a Walter Mitty lifestyle. A second, and third line of defence is necessary. The second line is the putting in place of rigorously monitored policies and procedures, setting thresholds and counter signatory processes to mitigate the risk. The third is achievable by the deployment of employee fraud prevention and detection systems capable of analysing data from a wide variety of sources based upon behavioural patterns. There is of course the fourth line - and that is the deterrent of long-term imprisonment – by which time it's too late. The fraud has been committed, and possibly money lost, and the bank suffers in terms of its reputation  - a situation that could have been avoided with earlier intervention. 

Comments: (1)

A Finextra member
A Finextra member | 11 July, 2008, 04:16

Another solution might have been to use mobile authentication. This simple fraud would have been prevented and you wouldn't need all that behavioural analysis to tell you about it after the fact. Of course the behavioural analysis should be applied at the trader/broker/dealer/overseer(s) balance and transaction level, otherwise you wouldn't understand the risks and therefore the value of real fraud prevention.

Telling you about it afterwards might be useful, but it doesn't really qualify as 'prevention', at best it's a chance for 'loss minimisation'. It doesn't prevent those unpleasant feelings when you find out or the harm to your reputation either.

As people become more fiscally challenged the likelhood of such attempts increases.
I suspect we are entering a long period of substantial fiscal challenge, and that the easy pickings will be picked more often.

'An ounce of prevention costs less than a gallon of cure'. There are obviously various definitions of 'prevention' - I prefer the one where you actually stop it before it happens.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3071 posts3,387 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Charmaine Oak
Francis Chlarie
Raymond Lee
Deepthi Rajan
Melvin Haskins
João Bohner
Bob Lyddon
Urs Meier
Steven Hatton
Ahmed Saleh