One of the most worrying kinds of fraud that financial institutions face today is related to dormant accounts. As background, accounts are classified as dormant when there is no financial activity for a long period of time (normally 12 or 18 months) and there is no communication with the account holder.
Because dormant accounts are almost unreachable by outside hackers, fraud in dormant accounts normally involves someone inside the financial institutions, and often a large sum of money. This kind of insider fraud is particularly disturbing.
How does the fraud take place?
The first step is that someone inside the bank purposely changes the status of the account from dormant to active. Though changing the status of dormant accounts needs to be documented, because it is an internal, non-financial transaction, it can go unnoticed if the proper paperwork isn’t filed as required. Once that’s done, the person within the bank makes an internal transfer to another account. The owner of the account receiving the funds is usually an accomplice, fully aware of the scheme and willing to play their part. The cashing phase of the fraud is completed when the accomplice and account holder makes a wire transfer to another bank, often located in another country.
Why does it go undetected?
The first, most obvious reason is that the dormant account holder has no contact with the bank and it can take years for them to realize that funds are missing. However, the bigger, more systemic reason is that banks don’t have enough controls and programs over internal transactions and non-financial actions. For instance, there are no flags raised when the status of an account is changed from dormant to active, and because money isn’t leaving the bank, internal transfers are not flagged for review.
In this case, the change in status and the internal transfer were precursors for the fraud to take place.
What can financial institutions do?
For starters, internal financial and non-financial activities need to be closely monitored. Banks have been relying on rule-based transaction monitoring for a very long time, but these systems are hardly effective. A rule-based monitoring system will flag every action if the rule is violated, creating a large volume of transactions that need to be monitored. Often times, managing a large number of alerts is a burden for financial institutions.
To combat this kind of fraud, banks must shift from a rule-based monitoring system to an intelligent, behavioral-based one. Intelligent transaction monitoring solutions have the ability to generate alerts that violate compound rules, including actions that don’t involve the transfer of funds.
As you have heard us say many times, fraud cannot be looked at in silos, and that’s the way many financial institutions operate today – as a result, mostly losing the battle against fraud. Things like internal transactions, dormant accounts, changes in account status, to name a few are monitored in a compartmentalized way, when, in reality, they have everything to do with each other. Fraud is never a one-step operation and FIs need to shift the way they protect their clients and brand from fraud if they want to remain in business.