Credit unions are becoming more susceptible to emerging loss exposures that can cause immediate losses or result in third-party claims, litigation and subsequent losses, according to Roger Nettie, senior risk management consultant with the CUNA Mutual Group.
Speaking to an America’s Credit Union Conference Discovery breakout session, Nettie said credit unions face a two-pronged loss threat – by fraudulent acts committed directly against the institution and through litigation by third parties.
Direct losses can result from myriad reasons, including employee dishonesty, illegal funds transfers and electronic crime. Employee dishonesty is universal but the most commonly victimized organizations are in banking and financial services, according to the 2012 Global Fraud Study conducted by the Association of Certified Fraud Examiners.
The study indicated employee frauds lasted a median of 18 months before detection, with a median loss of $140,000. The study showed more than one-fifth of these caused losses of at least $1 million. “The longer a perpetrator works for an organization, the higher fraud losses tend to be,” Nettie said. “CUNA Mutual Group claims records show that over a five-year period, employee dishonesty represented just 13 percent of fraud claims, but 45 percent of fraud losses.”
Many credit unions believe their employees are all trustworthy and that they have strong enough internal controls to prevent internal theft from occurring. Yet, it still occurs.
“Fraud does not discriminate. There is no immunity to this exposure based on geography, asset size, employee tenure, or past experience,” he added.
Another growing area of direct losses is wire fraud, especially from HELOC accounts, with credit unions reporting more than $25 million in losses from 2007 to 2012. The average reported loss in 2012 was $175,000, with some approaching $1 million. “Credit unions experiencing losses generally had inadequate security for large dollar transfers, enabling crooks to easily defeat callback security measures,” Nettie said.
Consequently, CUNA Mutual Group implemented new terms with it funds transfer coverage to encourage additional controls for remote requests, and discourage the practice of accepting large-dollar remote requests. Nettie offered a number of recommendations to limit wire fraud, such as spotting fraud red flags and using layered levels of security.
In addition, electronic crime continues to cause direct losses through computer malware and money mules that illegally transfer money on behalf of scam operators, typically in another country. Prevention measures such as cookies, device recognition, Internet protocol and challenge/response questions have limited effectiveness. As alternatives, Nettie suggested out-of-band authentication, hardware tokens, digital certificates and biometrics.
Liability losses for credit unions continue to be led by employment practices liability claims and subsequent litigation. “EPL losses make up nearly two-thirds of all of CUNA Mutual Group Management and Professional Liability losses, with the most common allegations being wrongful termination, retaliation, and race and gender discrimination.” He suggested credit unions have updated policies and procedures reviewed by legal counsel and provide regular staff training.
Finally, Nettie discussed the growing incidence of costly lender liability claims, which generally allege the credit union failed to follow state law requirements in their Notices of Intent to sell repossessed property and Notices of Deficiency letters. “Usually, this is a case of you getting sued by your worst borrower and then having it mushroom into a class action lawsuit,” Nettie said. “It’s vitally important to have your forms reviewed and approved by legal counsel for each applicable state, and train employees on how to properly complete the forms.”