the enemy within: best practices for identifying and...
TRANSCRIPT
The Enemy Within: Best Practices for Identifying and Terminating Rogue Employees
Monday, April 3 | 4:50 PM
Moderator:
Nancy J. Saur, CAMS, FICA, Compliance Officer, Private Trust Company
Speakers:
Jason Frantz, Director, FIU, Discover Financial Services
Lester J. Bain CSO, CFE, CCS, Director of Security and AML Operations, Principal Vice President, Burke and Herbert Bank
William J. Voorhees; MFA, C.F.E., CAMS, Senior Vice President | BSA/AML Financial Intelligence Unit Manager, BB&T
2
Outline•4 real cases
• Rogue RM• Backpack Man• Horrible Bosses• Out of Control Investigator
• Internal Controls
• Red Flags
Questions? Ask during any of the cases
3
Case 1 – Rogue RM - Background• Internal referral-
• Elder abuse in the branch
• Client came in with a cell phone texting
• Needed to deposit cash into another’s account
• Wanted to send money to his girlfriend in Germany for travel
• Transaction escalated to the FIU for review
• Seeing multiple cash deposits all over the bank’s footprint• Client was supposed to be a travel agent (fly-fishing and
vineyard tours)
4
Case 1 - The Rogue RM• Spoke with RM –
• Assured that everything was above board and that he knew the client personally
• Vouched for the client, must be a big misunderstanding
• Volunteered additional info • Never fully materialized & what was received didn’t make sense
• Enhanced Due Diligence (EDD) Team• Previous issues with RM• Concerns re other clients serviced by that RM
5
Case 1 – Rogue RM – Deeper Look• Several accounts had the same Registered
Agent referring clients• Single agent referral source
• Set up business like US companies, but were LLC shells• Used the address of registered agent
• Used the bank’s phone number in the profile
• Many internal policy violations discovered (after the fact)
• History at the bank• Always pushing the boundaries
• Bullying behavior with regional associates
• Very complimentary of EDD team analyst
6
Case 1 – Rogue RM – Deeper Look• Reviewed RM’s portfolio
• Several SARs across the portfolio
• Closed accounts for EDD issues
• Numerous fraud accounts
• Link analysis showed several accounts connected by address, phone numbers, ownership and referral source.
• Claimed knowledge of owners - all ok
• Resigned during interview on policy violations
7
Case 1 – Rogue RM –Red Flags
• Turned a failing region around “overnight”
• Single referral partner/source• Could be an indicator of shady dealings
• EDD team’s history with his accounts
•Bully behavior with own staff and associates
•Overly nice to compliance!
8
Case 2: Backpack Man - Scene
•Walked into branch, carrying his backpack
• Asked how to deposit funds under IRS reporting threshold
(though staff knew he meant CTR threshold)
• Deposited Cash – 9,000
9
Case 2: Backpack Man –Preliminary Investigation
• Backpack Man + 25 others have same address
• Total # Accounts = 200
• Total # Loans across the accounts = 125
10
Case 2: Backpack Man –Deeper Investigation
• Loans:• All given by an Mr. ZZZ, an EVP at the Bank
• EVP well known in the community
• Millions of dollars passing through the bank
• Bank’s KYC:• Little to none
• Illogical: ABC Inc. paying XYZ’s loan
11
Case 2: Backpack Man –Even Deeper Investigation
•Major Case Investigations alerted
• Board gave full authority to investigate
•Mr. ZZZ (Bank’s EVP) had very close relationship with Mr. S (Kingpin):• Business partners• Hunting Trips & Overseas Vacations
12
Case 2: Backpack Man –What’s Mr. ZZZ like?
• Bullied both branch & lending staff to• Open personal account(s) with no ID’s• Perform transactions authorized by Mr. S, but
for accounts on which Mr. S wasn’t authorized
•Mr. ZZZ moved $1mm from a relative’s account, but he was not a signatory on the account• Paid it back after receiving an overseas wire
13
Case 2: Backpack Man –End Result
•Mr. ZZZ terminated
• FDIC Alerted
• All identified accounts associated with Mr. ZZZ and Mr. S closed
• Involved Federal Law Enforcement• Questions about completely different case• Networking• Still under investigation
14
Case 2: Backpack Man – Red Flags
• Culture of Fear & Bullying
• 26 people used same address
• Millions of dollars moving through the bank
• Relationships between individuals & entities not clear
• Individuals conducting transactions on accounts over which they were not authorized
• Close personal relationship between principals (EVP + Mr. S)
15
Case 3 – Horrible Bosses
• Larry – Team Manager for NY, TX, CA• Located in CA, favors CA employees• Bullied TX and NY• Tired of dealing with NY team – he’ll fix them!
• Manipulated data to make NY Team fail – justifying terminations
• Helped CA team exceed their SLA’s
• Known to manipulate SAR dates• Built controls around failures to protect himself
16
Case 3 – Horrible Bosses –Ending Larry’s Reign of Terror
• New Director audited program
• Identified inconsistencies in how teams were managed• Identified broken controls to cover broken processes• Identified collusion with CA based investigators and
supporting managers
• Engaged Human Resources and Legal
• “Ducks in a row”- Documentation• Internal Investigation
• Terminated Rogue Employees
17
Case 3 – Horrible Bosses-Red Flags
• Systemic inconsistencies in production/quality
• Controls out of alignment with a strong AML Program
• Larry unwilling to share with new Manager
• Systemic bullying:• Staff interviews identified consistent theme of
Bullying
• Larry’s close friends were other bullying managers
18
Case 4 – Out of Control Investigator
• Charles – AML Analyst • Hothead - Long-tenured employee, history of
confrontation with management
• Doesn’t take responsibility for Quality / Timeliness
•Uses templates, copy, paste to enrich SARs• Into wrong case• Has deleted cases containing SARs if he
exceeded the SLA
19
Case 4 – Out of Control Investigator-Reign Him In
• 30 Day Action Plan Implemented• 100% reviews
• Partnered with a “coach
• Elevated to Performance Improvement Plan• Internal Investigation of Charles’ work
• Daily 1:1s to review progress
• Physical Security placed Charles’ on paid-leave due to his threats
• Ultimately, Charles resigns
20
Case 4 – Out of Control Investigator-Red Flags
• Charles was verbally abusive to anyone lending help
• Threatened to harm himself
•Manipulated work in an effort to avoid detection for under-performing
21
Take Aways• Culture
• Executive Management Support• Ethics – Nobody is above the law
• Policies• Whistleblower hotlines• No repercussions
• Processes• Gather facts• Execute plan to remove threat quickly
22
Take Aways
• Training• Staff recognition & reporting• Beware overly complimentary colleagues• Smaller institutions may be larger target
• Audits (or worse, Investigations after the fact)• Follow the $• Keep Master copies
23
Contacts
• Lester J. Bain [email protected]
• Jason Frantz [email protected]
• William J. Voorhees [email protected]
• Nancy J. Saur [email protected]