Among a range of subjects he covered during recent remarks before the National Directors Roundtable Conference in San Diego, the vice chairman of the National Credit Union Administration (NCUA) board stressed one matter in particular: Internal fraud at small credit unions.

“You are the first line of defense,” Rick Metsger said in his remarks. “Your job is to know what’s going on, to be engaged and to ask questions. That’s how you lead your credit union, that’s how you protect it, protect your members, protect the system and protect the Share Insurance Fund.”

Speaking before the conference, Metsger said that although Share Insurance Fund losses have been on the decline, internal fraud had contributed to more than half the losses from the fund.

In 2009 and 2013, Metsger said, estimated losses exceeded the assets of credit unions that failed because of internal fraud, and he said that whenever fraud is detected, it is usually due to the work of an examiner or third-party auditor – and seldom due to a board member or supervisory committee member’s diligence.

In particular, Metsger turned his focus to fraud at smaller credit unions.

“I think the primary reason is these are smaller institutions; generally, they have less financial controls and weaker oversight, and therefore are at greater risk. When you have that formula, more often you’ll have more trouble than, say, at a bigger commercial bank,” said Christopher Marquet.

Marquet is the CEO of Marquet International, which for five years has analyzed data from employee theft totaling $100,000 or more and publishes those findings in the Marquet Report on Embezzlement.

In last year’s report, the latest so far, Marquet highlighted credit unions as a significant victim of fraud and embezzlement. Of the 80 cases of financial institution fraud, about a quarter of them were credit unions.

But that doesn’t point to a problem inherent to the credit union industry so much as it does the risk of being a smaller financial institution. In other words, the fewer people who have their hands on the purse strings, the more tempting the opportunities for would-be embezzlers.

Putting It In Perspective

Losses to the Share Insurance Fund totaled $30.4 million at the end of the third quarter. Of those, approximately $28.6 million were attributable specifically to internal fraud, an NCUA spokesperson said. The Share Insurance Fund totaled $11.7 billion at Sept. 30.

While he didn’t discount the gravity of internal fraud, Paul Gentile, president and CEO of the Massachusetts Credit Union League, pointed out that those fraud losses represent less than one percent of the total fund.

“Certainly, institutions need to protect against internal fraud, and it really does come down to policy, governance, supervisory committees and internal controls. When there is internal fraud, one of those areas has been lax or compromised in some way,” Gentile said. “If somebody’s intent on doing it, it’s a challenge to manage.”

Gentile also questioned whether the regulatory burden placed upon credit unions actually mitigated the problems they were intended to solve – or just created more work for small credit unions.

“In the last few years, we’ve been dealing with new regulation after new regulation. Whether it’s interest rate risk or concentration risk, we’ve had so many new regulations to deal with,” he said. “The thing I always worry about is: Are these new regulations helping at all? Or are they just causing additional burdens for credit unions?”

An Ounce of Prevention

Credit unions are not totally on their own here, though.

The Massachusetts Credit Union League offers its members a host of options to help thwart internal fraud. The league offers policies and best practices on everything from vendor due diligence to internal controls and routinely offers training and consulting on things like fiduciary responsibility for boards and Bank Secrecy Act compliance.

Additionally, Gentile said it’s wise for a credit union to hire an outside firm to conduct its audits, which should occur annually.

Marquet advocates a clear separation of duties and occasionally rotating people amongst those duties – not just for banks or credit unions, but for any institution that handles large amounts of cash – and he also advocates periodic and random auditing of various functions within the organization.

Ultimately, it’s not that smaller credit unions are any riskier, inherently, than larger financial institutions, but a case of fraud that might simply damage the reputation of a larger bank or credit union could bring a smaller organization to its knees.

“They need the controls, however large they are. Without the controls, they’re just putting themselves at risk,” Marquet said. “The potential downside for smaller institutions is that it can mean utter devastation, but whether you’re big or small, you need controls. You need oversight. It’s critical.”

Email: lalix@thewarrengroup.com