Skip to main content

Behind Closed Doors: Building Resilience Against Insider Fraud


At financial institutions, insider threats and internal fraud are serious issues. Globally, the Association of Certified Fraud Examiners estimates that fraud costs organizations about 5% of their annual revenue, amounting to a staggering $5 trillion per year.

Insider fraud is believed to account for up to 40% of these costs around $2 trillion annually. The average cost per incident is $412,000, making this type of fraud not only widespread but also extremely damaging.

Insider fraud is defined as "the deliberate misuse or misappropriation of the employing organization’s resources or assets for personal benefit." It’s committed by a malicious insider, such as a current or former employee, contractor, or partner, who uses their authorized access to compromise sensitive systems or data. These actions pose serious risks to confidentiality, integrity, and trust.

Financial institutions are especially vulnerable due to

  • High transaction volumes, allowing malicious actions to be hidden in the noise

  • Sensitive financial operations

  • Complex application landscapes

  • Pressure to maintain compliance and avoid reputational damage

More broadly, insider threats come in many forms:

  • Negligent behavior, i.e. employees unintentionally exposing the institution to risk, e.g. reusing passwords, writing them down, using insecure devices, falling for phishing scams…​.

  • Manipulated employees, i.e. employees unintentionally tricked into thinking they’re helping the company, e.g. in CEO fraud or authorized push payment scams.

  • Malicious insiders, i.e. employees intentionally committing fraud, e.g. selling data, altering contact details, initiating unauthorized payments, colluding on approval of loans…​

This blog focuses on the third category: intentional internal fraud.

While many institutions claim insider fraud is under control or non-existent, the reality is that most face it at some point. The consequences are serious:

  • High financial losses

  • Full liability, with customers typically not at fault

  • Complex detection due to insider knowledge and ability to bypass controls

  • Reputational damage, undermining trust and credibility

  • Cultural harm, impacting morale and stakeholder confidence

This type of fraud is also highly prevalent, especially in digital environments with little physical trace. It ranges from minor infractions to full-blown criminal activity.

Examples of smaller, yet problematic infractions are

  • Offering friends or family better rates on loans

  • Using office supplies for personal reasons

  • Accessing confidential data out of curiosity

Examples of mid-level insider fraud include

  • Insider trading

  • Approving borderline loan applications

  • Overpaying insurance claims

  • Covering up bad trades or decisions

Examples of severe criminal activity include

  • Aiding in money laundering

  • Stealing funds

  • Selling sensitive data

  • Blackmail

  • Facilitating cyberattacks or ransomware

Preventing insider threats is challenging. Too many controls hurt employee autonomy and efficiency, too few open the door to catastrophic fraud, even bankruptcy.

Therefore a three step approach is required.

Step 1: Prevention - Identify & Prevent Risk Behavior

This phase focuses on preventing insider fraud through training, support, screening, and monitoring. It typically involves HR, IT, Audit, and other departments.
Important here is to make employees aware these measures exist, as a strong deterrent.

Key elements include:

  • Employee screening before and after hiring

  • Employee behavioral monitoring, e.g. social media activity, performance, emotional shifts, signs of employee having an unrealistic living standard..

  • Support employee financial wellbeing, as financial stress and hardship can lead to rationalizing fraud. Companies can mitigate this risk by offering financial wellbeing support, including confidential counseling, financial education, salary advance mechanisms, and other tools aimed at improving financial health.

  • Monitor for addictions, such as alcohol, drugs, or gambling. Research has shown that gambling addiction, in particular, is a major contributor to insider fraud.

  • Boost staff happiness, as layoffs, poor compensation, or stalled careers increase the risk of internal fraud. Companies should therefore ensure fair compensation, meaningful career development programs, regular evaluations and coaching, and effective wellbeing initiatives.

  • Mandatory leave policies, such as requiring employees to take at least two consecutive weeks off annually to help expose irregularities.

  • Risk and security awareness training should be mandatory, with attendance tracked and outcomes verified through real-world testing.

  • Robust system security, including multi-factor authentication for all applications, four-eyes or even six-eyes principles for sensitive processes (with sufficient approver rotation), and complete logging and audit trails for all system activities.

  • Protect all workstations using disk encryption, anti-malware and antivirus protection, website restrictions, and data extraction monitoring.

  • Monitor employee activity by logging actions, tracking behavioral indicators (e.g. mouse movements, file copying, screen recordings), and detecting abnormal access patterns (e.g. off-hours building entry, unusual workstation access, workstation hopping).

  • Apply strict access controls by limiting privileges to the minimum required for effective work. Regularly review access rights to prevent the accumulation of privileges over time due to project shifts, departmental changes, or evolving roles.

Step 2: Detection

Early detection of insider fraud patterns is crucial to minimize potential impact.

Detection should focus on:

  • Unusual patterns of employee behavior, such as sudden behavior changes, privilege modifications, differences in behavior compared to peers in similar roles, repeated collaboration between two users (e.g. employees continuously working together for input and approval), login anomalies (such as accessing a different workstation, logging in from an unusual location, or during abnormal hours), unusual frequency or type of transactions accessed (e.g. viewing unfamiliar customer segments or payment types), sudden increases in search activity…​

  • Data loss detection: monitoring for large or unauthorized data transfers via email, USB, file transfers, or downloads. Red flags include unusually high download volumes in a short time or the downloading of confidential/sensitive data.

  • Unusual transaction patterns: Analyze transactions introduced by an employee and the typical payment behavior of the debited customer. Look for unusual transaction volumes or values, suspicious counterparties, employees initiating payments for customers they don’t typically serve, repeated payments to the same counterparty (creditor) on behalf of multiple customers, transactions submitted just before cut-off times, payments bypassing expected controls…​

  • Monitor high-risk account activity: Monitor accounts such as dormant, silent, or blocked accounts, accounts belonging to deceased individuals or accounts where reference data was recently modified. These accounts often lack immediate customer oversight, making them more vulnerable to exploitation.

  • Integrity and Data Lineage Checks: Ensure transactions are not altered, suppressed, or injected during their lifecycle, by tracking each transactions through its life-cycle. Verify that each step in the transaction chain is consistent, logically structured, and chronologically traceable.

To support all of the above, it is essential to build behavioral baselines and trigger real-time alerts when deviations or suspicious patterns occur.

In addition, conduct regular internal audits that combine statistical controls with targeted spot checks. These not only help detect anomalies but also act as a strong deterrent against insider fraud.

Step 3. Investigation & Resolution

Financial institutions must be committed to:

  • Thoroughly investigating all insider fraud suspicions

  • Implementing an incident response plan, shared only with trained team members

  • Learning from past incidents to continuously improve fraud prevention strategies

  • Recovering losses and minimizing further exposure in ongoing cases

Insider threats pose a significant risk with potentially devastating consequences for financial institutions. Striking the right balance between employee empowerment and robust controls is essential.

Mitigating this risk requires a holistic approach, spanning prevention, cultural awareness, technical monitoring, and rapid response. With the right strategy in place, financial institutions can reduce the threat of insider fraud and safeguard their most valuable assets: trust and reputation. 

Labels:

Comments

Post a Comment

Popular posts from this blog

Transforming the insurance sector to an Open API Ecosystem

1. Introduction "Open" has recently become a new buzzword in the financial services industry, i.e.   open data, open APIs, Open Banking, Open Insurance …​, but what does this new buzzword really mean? "Open" refers to the capability of companies to expose their services to the outside world, so that   external partners or even competitors   can use these services to bring added value to their customers. This trend is made possible by the technological evolution of   open APIs (Application Programming Interfaces), which are the   digital ports making this communication possible. Together companies, interconnected through open APIs, form a true   API ecosystem , offering best-of-breed customer experience, by combining the digital services offered by multiple companies. In the   technology sector   this evolution has been ongoing for multiple years (think about the travelling sector, allowing you to book any hotel online). An excelle...
58 comments
Read more

RPA - The miracle solution for incumbent banks to bridge the automation gap with neo-banks?

Hypes and marketing buzz words are strongly present in the IT landscape. Often these are existing concepts, which have evolved technologically and are then renamed to a new term, as if it were a brand new technology or concept. If you want to understand and assess these new trends, it is important to   reduce the concepts to their essence and compare them with existing technologies , e.g. Integration (middleware) software   ensures that 2 separate applications or components can be integrated in an easy way. Of course, there is a huge evolution in the protocols, volumes of exchanged data, scalability, performance…​, but in essence the problem remains the same. Nonetheless, there have been multiple terms for integration software such as ETL, ESB, EAI, SOA, Service Mesh…​ Data storage software   ensures that data is stored in such a way that data is not lost and that there is some kind guaranteed consistency, maximum availability and scalability, easy retrieval...
29 comments
Read more

IoT - Revolution or Evolution in the Financial Services Industry

1. The IoT hype We have all heard about the   "Internet of Things" (IoT)   as this revolutionary new technology, which will radically change our lives. But is it really such a revolution and will it really have an impact on the Financial Services Industry? To refresh our memory, the Internet of Things (IoT) refers to any   object , which is able to   collect data and communicate and share this information (like condition, geolocation…​)   over the internet . This communication will often occur between 2 objects (i.e. not involving any human), which is often referred to as Machine-to-Machine (M2M) communication. Well known examples are home thermostats, home security systems, fitness and health monitors, wearables…​ This all seems futuristic, but   smartphones, tablets and smartwatches   can also be considered as IoT devices. More importantly, beside these futuristic visions of IoT, the smartphone will most likely continue to be the cent...
21 comments
Read more

AI in Financial Services - A buzzword that is here to stay!

In a few of my most recent blogs I tried to   demystify some of the buzzwords   (like blockchain, Low- and No-Code platforms, RPA…​), which are commonly used in the financial services industry. These buzzwords often entail interesting innovations, but contrary to their promise, they are not silver bullets solving any problem. Another such buzzword is   AI   (or also referred to as Machine Learning, Deep Learning, Enforced Learning…​ - the difference between those terms put aside). Again this term is also seriously hyped, creating unrealistic expectations, but contrary to many other buzzwords, this is something I truly believe will have a much larger impact on the financial services industry than many other buzzwords. This opinion is backed by a study of McKinsey and PWC indicating that 72% of company leaders consider that AI will be the most competitive advantage of the future and that this technology will be the most disruptive force in the decades to come. Deep Lea...
18 comments
Read more

A bank account - A concept of the past

Almost every recent article written about banking starts with the statement that the   banking industry is being disrupted   by new competitors, new innovations and new technologies. Although this statement is definitely true, the extend of the disruption can still be debated. Even the most innovative neo-banks still work with bank (current, saving, term and investment) accounts, cards (credit and debit), traditional credits, existing payment infrastructure…​ The user experience surrounding the origination and servicing of these products has dramatically improved (and will continue to evolve), but the underlying banking products are not really disrupted. You could argue that banking products are so intertwined with society and our way of thinking about finance, that they can’t be disrupted, but looking at those products you cannot ignore that they are far from an optimal solution in our current digital world. Let’s consider   cards   for example. Isn’t ...
11 comments
Read more

An overview of 1-year blogging

Last week I published my   60th post   on my blog called   Bankloch   (a reference to "Banking" and my family name). The past year, I have published a blog on a weekly basis, providing my humble personal vision on the topics of Fintech, IT software delivery and mobility. This blogging has mainly been a   personal enrichment , as it forced me to dive deep into a number of different topics, not only in researching for content, but also in trying to identify trends, innovations and patterns into these topics. Furthermore it allowed me to have several very interesting conversations and discussions with passionate colleagues in the financial industry and to get more insights into the wonderful world of blogging and more general of digital marketing, exploring subjects and tools like: Search Engine Optimization (SEO) LinkedIn post optimization Google Search Console Google AdWorks Google Blogger Thinker360 Finextra …​ Clearly it is   not easy to get the necessary ...
12 comments
Read more

Peer-to-peer payments - A crucial component towards a cashless society

The Corona crisis has led to an exponential   decrease in the usage of cash , due to the associated hygienic problems and the enormous rise of eCommerce. While in commercial transactions cash is disappearing rapidly, it is however still commonly used for   informal money exchanges , like between friends, family, colleagues…​, but also those payments are becoming more and more digital, thanks to   peer-to-peer payment (P2P) solutions . These solutions drastically   improve the user experience   (removing friction) for both the person initiating the payment (= the payer) and the person receiving the payment (= the recipient), compared to a simple initiation of a wire transfer in a banking app. Before clarifying where those solutions bring most value, it is important to first identify the   typical use cases , where peer-to-peer payments are most common, as the P2P payment solutions need to optimally accommodate these use cases: Family giving a   cash gif...
3 comments
Read more

From app to super-app to personal assistant

In July of this year,   KBC bank   (the 2nd largest bank in Belgium) surprised many people, including many of us working in the banking industry, with their announcement that they bought the rights to   broadcast the highlights of soccer matches   in Belgium via their mobile app (a service called "Goal alert"). The days following this announcement the news was filled with experts, some of them categorizing it as a brilliant move, others claiming that KBC should better focus on its core mission. Independent of whether it is a good or bad strategic decision (the future will tell), it is clearly part of a much larger strategy of KBC to   convert their banking app into a super-app (all-in-one app) . Today you can already buy mobility tickets and cinema tickets and use other third-party services (like Monizze, eBox, PayPal…​) within the KBC app. Furthermore, end of last year, KBC announced opening up their app also to non-customers allowing them to also use these thi...
11 comments
Read more

Marketplaces in the financial industry - Here to stay?

Marketplaces are   hip and trendy   on the internet and will likely evolve even more in the near future. In some markets (like food delivery, transportation, commerce, holiday…​) they already represent double digit market shares (e.g. in 2018 $1.86 trillion was spent globally on the top 100 online marketplaces), but for the financial services sector, their impact (even though there are a few unicorn FinTechs in this space) on the industry is still limited. Any form of   intermediation   (travel agents, taxi dispatchers…​) will likely be replaced by a modern, digital and more direct equivalent, i.e. a digital marketplace. As the business of banks is exactly the intermediation between people having excess money and people needing money, the financial services sector will be significantly impacted. Furthermore, marketplaces are strongly intertwined with other concepts like the   gig-economy, the sharing-economy and the API-economy . All these trends will ultimately...
11 comments
Read more

Neobanks should find their niche to improve their profitability

The last 5 years dozens of so-called   neo- or challenger banks  (according to Exton Consulting 256 neobanks are in circulation today) have disrupted the banking landscape, by offering a fully digitized (cfr. "tech companies with a banking license"), very customer-centric, simple and fluent (e.g. possibility to become client and open an account in a few clicks) and low-cost product and service offering. While several of them are already valued at billions of euros (like Revolut, Monzo, Chime, N26, NuBank…​), very few of them are expected to be profitable in the coming years and even less are already profitable today (Accenture research shows that the average UK neobank loses $11 per user yearly). These challenger banks are typically confronted with increasing costs, while the margins generated per customer remain low (e.g. due to the offering of free products and services or above market-level saving account interest rates). While it’s obvious that disrupting the financial ma...
7 comments
Read more