The AML Monitoring Gap—Insider Complicity

Is your bank or credit union ignoring one of its greatest money laundering risks—insider complicity? Such an oversight may not be surprising given the general lack of discourse about how insider activities can facilitate money laundering. Combine this reality with the inability of money laundering detection systems to monitor insider activities and you have significant risks to be addressed by all financial institutions.

In fact, the OCC's Comptroller's Handbook states that "tests for insider complicity must be incorporated into a bank's internal control systems." Further, in a 2007 "Interagency Statement on Enforcement of BSA/AML Requirements" the FDIC, OCC, OTS, NCUA and FRB emphasized that insider complicity is an "aggravating factor" that can lead to cease and desist orders if it has lowered the effectiveness of a financial institution's Bank Secrecy Act (BSA) compliance program.

The OCC defines insider complicity in their Comptroller's Handbook as "the state of being an accomplice, partnership or involvement in wrong doing." It may be interpreted as an intentional effort by an insider to assist money launderers or perpetrate money laundering activities themselves.

It has been demonstrated often that in financial institutions of all sizes there is a large gap between the monitoring capabilities of the BSA team compared to what needs to be monitored to identify insider fraud activities. It is this "monitoring gap" that makes it highly likely that money laundering activities perpetrated by employees/insiders will remain undetected for extended periods of time. Many red flags of insider fraud are not monitored at all! For example, does your institution monitor for re-activation of inactive accounts after a statement address change; rollover and replacements loans; employee transactions not commensurate with their job description; out-of-pattern daily cash transaction totals by teller?

Discovering employees in the early stages of their complicit acts is crucial to avoidance or mitigation of serious impact on the financial institution such as:

  • Reputational damage.
  • Fines and penalties.
  • Significant internal turmoil.
  • Possible loan charge-offs due to asset
  • Regulator consideration for the issuance of a Cease & Desist Order.

Examples of Insider Complicity

There are many insider fraud schemes and related scenarios that can be perpetrated against your institution in an attempt to hide money laundering (ML) activities. How many of these schemes described below could happen at your institution without detection for an extended period of time?

  1. Retail Insider Schemes
  2. Your "front line of defense" can be compromised by schemes such as:

    The OCC's Comptroller's Handbook states that "tests for insider complicity must be incorporated into a bank's internal control systems"

    • Fraudulent Account Opening — An insider could easily make it appear that a customer, without acceptable identification, provided acceptable identification. Obtaining proper identification is a key component required by BSA/USA Patriot Act Know Your Customer standards.
    • Structuring — An insider assists a customer to structure deposits or looks the other way when the same customer makes frequent cash deposits into seemingly unrelated accounts. Insiders are popping up on money launderers' payrolls much more frequently in today's times!
    • Fictitious accounts — An insider can conduct their own money laundering scheme, or work with an accomplice by opening fictitious deposit accounts and/or actually taking over inactive accounts.

    For example, if just $2,500 cash per month was run through each of ten accounts, one insider could launder more than $300,000 annually. The monthly cash amounts deposited would most likely be chosen expressly to fall below the institution's monitoring threshold.

  3. Back Office Insider Schemes
  4. Making unwarranted changes to the automated ML detection system also opens up a huge area of risk. Controls and monitoring over the automated ML detection system would need to be extremely tight to catch these events, especially since system logs can be manipulated.

    • Dollar threshold parameters — Insiders involved with monitoring ML activity can change the dollar thresholds on the ML system for a temporary period of time to allow certain transactions to remain undetected.
    • Unqualified exemptions — Insiders classifying unqualified customers as "exempt" directly into the ML detection system to bypass reporting, then "flip" them back to "non-exempt."
    • Transaction parameters — Insiders set the ML system parameters to ignore certain cash related transactions for a period of time, then "flip" them back to the correct setting. Regulators expect financial institutions to perform a cash settlement to prove that the system is picking up all cash transactions. Is your institution doing this?

  5. Lending Insider Schemes
  6. Loans are often involved with money laundering:

    • Fraudulent loans — These loans made by insiders very often lead to money laundering charges by law enforcement agencies. Once the insider attempts to disguise the origins of the illegally-obtained fraudulent loan proceeds, usually through straw borrowers or third-party conduits, the crime also becomes money laundering. Sometimes, "front" companies are used in these schemes, and it is not uncommon for a bank to write off millions of dollars in losses from these schemes.
    • Loans with "quick pay downs" — These are a potential indicator of loans related to money laundering activities. However, automated ML detection systems do not normally have the capability of identifying loan repayment anomalies, which may be non-cash, and their source of funds.

  7. Management Insider Schemes
  8. A level of awareness regarding the ability of management to override existing controls should always be maintained:

    According to the Association of Certified Fraud Examiners in their internal audits and internal controls are very limited for detecting and preventing fraud

    • Management Override of Existing Internal Controls — Management may pressure employees to violate any number of BSA policies and procedures. For example, they could exempt from Currency Transaction Report (CTR) reporting certain businesses owned by friends and associates that normally would not qualify for exemptions or provide fraudulent financial statements to support such requests. Since management is in a position to approve such exemptions there is a compelling need to monitor for inappropriate action.

What should you do?

According to the OCC's Comptroller's Handbook, your financial institution must take these steps to prevent and detect insider complicity:

  • Implement a stringent employee screening process.
  • Review accounts and lifestyle activities of key employees, especially those assigned to higher risk areas and accounts.
  • Ensure that internal controls address insider complicity on an ongoing basis.
  • Test for insider complicity as part of the internal auditing program.

To ensure that internal controls address insider complicity on an ongoing basis, you should consider performing a fraud risk assessment to identify the specific schemes that you may be at most risk for, then implement an appropriate level of controls and/or increase monitoring.

How to Detect—Monitoring is the Key

According to the Association of Certified Fraud Examiners in their 2010 "Report to the Nations on Occupational Fraud and Abuse," internal audits and internal controls are very limited for detecting and preventing fraud. Therefore, the key to combating insider complicity is to not rely on internal controls, but rather create a strong independent insider fraud monitoring program. Without such a program the integrity of an institution's BSA program could be called into question. The program should be comprised of both manual and automated processes and designed to find all types of suspicious activity.

There are a handful of insider fraud analytics software programs available, also known as computer assisted audit tools (CAAT's). They contain data analytics routines and data mining capabilities able to detect many of the red flags that are a by product of insider complicity schemes.

The most effective tools contain analytics that are mapped directly to the financial institution's core banking system. These tools are in many cases able to detect fictitious accounts, account takeover, fraudulent loans, customer identification anomalies, unusual deposit activity in employee accounts, cash reporting anomalies, as well as a host of other red flags. They would be able to detect many of the examples of insider complicity cited in this article.


Money launderers are always looking for the path of least resistance. That path may well be inside your institution! No matter how you monitor insider fraud, just remember that it needs to be managed effectively, and with an eye toward money laundering.

Since many institutions have made a compelling case for combining their AML and external fraud functions, they should also consider adding insider fraud monitoring. It would provide a comprehensive view of all suspicious activities on an enterprise-wide basis and undoubtedly reveal more linked, high-risk events, thus closing the critical AML monitoring gap!

Robert P. Jones, CFE, principal, Risk Consultants Group, LLC, Dracut, MA, USA,

Stephen O. Friend, CAMS, vice president, Sales, Focus Technology Group, Danvers, MA, USA,

Leave a Reply