Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

The Board's Critical Role in Preventing Internal Fraud
Friday, December 19, 2014 6:30 AM

By Joette Colletts
Senior Manager, Risk Management
CUNA Mutual Group

For a perfect mini-seminar on how a board of directors can allow internal fraud to sink a credit union, take an hour or so to peruse the NCUA's "material loss reviews," which summarize investigations into why credit unions failed, resulting in losses to the National Credit Union Share Insurance Fund.

Investigators directly link many failures to internal fraud, usually citing "a failure of the Board to perform its duties related to oversight of the Credit Union."

Consider the following details from 2014 and 2013 reviews:

In a credit union that "failed primarily due to management fraudulently overstating assets, specifically cash on deposit, and understating shares"1:

  • Board meeting minutes were missing for some months. The board had not signed off on some minutes, and board discussion notes regarding audit/exam results and follow-up were limited.
  • The board didn't challenge treasurer's financial reports showing large swings in income, projections, and operating results.
  • No record of substantive discussion of policy reviews, risk management, or strategy.

In a credit union that failed due to years of allegedly fraudulent over-statement of assets, enabled by "weak supervisory committee oversight" and "weak board of directors oversight"2:

  1. The supervisory committee failed to get supervisory committee audits for three consecutive years.
  2. The board failed to keep complete and accurate minutes or to obtain board packets with sufficient information.

Here are typical results from a few other material loss reviews involving employee fraud:

  • A board and its supervisory committee didn't follow up on recommendations from examiners and an external CPA firm that the credit union needed segregation of duties to prevent fraud.3
  • Voluminous board packets were delivered late, giving directors little time to read and understand the details and trends.4
  • The board didn't heed red flags related to acquiring a CUSO run by someone related to a top executive.4

Four lessons to take from loss reviews:

  1. Attend board meetings and take good minutes.
    These lessons go together because if board members can't attend meetings, good minutes will catch them up. It's not unusual for board members to miss a meeting occasionally, but a pattern of missing meetings is a red flag.
  2. Insist on comprehensive board packets delivered in a timely fashion.
    Packets should include all topics on the next meeting's agenda, plus the relevant financial statements, minutes from the previous meetings, and any pertinent news about credit union staff or operations. You should have enough time to read the packet and make notes to prepare for the meeting. 

Fraud is often hidden through doctored financial statements and incomplete reports to the board. Carefully reading your packet can reveal discrepancies and red flags.

Packets not only keep you informed, they document the board's oversight and governance practices. This can be critical in establishing liability.

  1. Ask questions and follow through until you get complete answers.
    If you don't understand something in your packet or something presented at a board meeting, speak up. If the matter can't be clarified during the meeting, request that the appropriate staff or board member follow up promptly.
  2. When necessary, hire outside resources to investigate and advise.
    A volunteer credit union board may not have the experience and expertise to detect and prevent certain types of internal fraud. But ignorance doesn't release your fiduciary duties.

Get the outside help you need to assess your internal controls, look for vulnerabilities in policies and procedures, and investigate red flags you can't address internally.

Two important tools: written credit union fraud policy and whistleblower policy

If your credit union doesn't have a written, up-to-date policy addressing employee dishonesty, your board and executive team should work with legal counsel to produce one as soon as possible. The policy should spell out the procedures your credit union will follow to deter, detect, investigate, and punish fraudulent acts.

Require employees to read and sign the policy annually.

Another basic protection a credit union board can establish is a whistleblower policy to protect employees who come forward with allegations about wrong-doing. In addition to setting a safe reporting procedure for employees to follow, the policy should protect whistle-blowers from retaliation.

Credit union board members aren't expected to be professional fraud investigators. But creating a culture of due diligence, documentation, and zero-tolerance for fraud—from the top down—is one of the most effective methods of prevention.

©CUNA Mutual Group, 2014 All Rights Reserved.


1 NCUA's Material Loss Review of Taupa Lithuanian Credit Union (record number OIG-14-06), 3/26/14
2 NCUA's Material Loss Review of G.I.C. Federal Credit Union (OIG-13-13), 12/2/13
3 NCUA's Material Loss Review of El Paso's Federal Credit Union (OIG-13-09), 8/26/13
4 NCUA's Material Loss Review of Telesis Community Credit Union (OIG-13-05), 3/15/13