Topping the list are hacking of customer computers, employee embezzlement and ATM signage
Brien O'Connor, vice president of Texas Bankers Insurance Agency, has 23 years of experience in the area of bank losses, including robberies, scams, slips and falls, computer losses and lawsuits against banks. During his visits with bankers, he has developed "Talking Points" that highlight current problems he sees across the state.
Three items included on his talking points are computers, vacations and signage on ATM machines:
The bank's Financial Institution Bond contains insurance coverage, which, in certain instances, will pay for losses should its computers be hacked. The big concern, however, is not the bank's computers, but customer computers that are being infiltrated by hackers.
Through emails and infected websites, fraudsters are accessing business computers and implementing key loggers. Once they get into the computers, the fraudsters can implement wire transfers through cash management software or send emails to the bank requesting that funds be transferred to various bank accounts across the country.
A bank's Financial Institution Bond (Blanket Bond) does not cover these types of losses unless the bank has called and verified the wire transfer request.
Underwriters at One Beacon Insurance advise that the bank must also have a written agreement with customers that is completed in advance and provides the names of authorized persons to make wire transfers and an agreed upon verification process.
Obviously, if the bank is calling back, the chances of a loss are more remote. If the wire transfer is less than a bank's deductible, some insurance companies allow for a no callback exemption. Others may give banks a $100,000 limit before callbacks are required. It's important for banks to check with their company to be sure of their limit.
Invariably, the loss will occur with one of the bank's largest commercial accounts, with customers who are very vocal within the community. At that point, the bank must make a business decision as to whether to reimburse the account or not. Reimbursement will come out of the bank's bottom line, however, and not the insurance company.
A recent example of this involved a customer who on a monthly basis faxed a request for a wire transfer to another bank. One month, a fax came in, but it was from a fraudster. The bank employee who handled these requests did her job and called the number listed on the fax, but it belonged to the fraudster, and the bank unknowingly sent $180,000 to the fraudster's account. The insurance company paid the loss because the bank did call back to verify. Lesson learned: call the phone number in the bank's computer system, not the one on the fax.
In the past, examiners required bank employees to take two consecutive weeks off for vacation. The reason is that most embezzlements are discovered while the rogue bank employee is away on vacation or sick leave.
Although this is no longer required, insurance companies prefer that bank employees take at least nine consecutive days off. This equates to one full week with weekends before and after the vacation. At this time, the bank employee is not allowed back in the building. Note, however, that if the vacation rule is not followed, it does not affect a bank's Financial Institution Bond coverage.
In 2009, two TBIAinsured banks suffered employee embezzlements, each nearly $500,000. One bank had approximately $32 million in assets, while the other had nearly $100 million. In both cases, the story was the same: the embezzler was a female employee with the following characteristics:
* The most trusted employee in the bank
* A long tenure
* Involved in all areas of the bank
* Lack of internal controls
* Unrestricted access to general ledger accounts
* Took no vacations or returned to the bank during vacations
Audits will not necessarily uncover fraud if the culprit has access to the accounts in question and keeps them hidden.
There are some very busy attorneys in Texas who have been sending demand letters to banks claiming they are in violation of a Federal Reserve law requiring signage on the face of the ATM that indicates what the bank is charging for the transaction.
Although legislation is being considered in the U.S. House of Representatives that would retract this requirement, at this time the legislation has not gone to the Senate and, due to this being an election year, may not be considered in a timely fashion.
The newest twist to the ATM situation involves lawsuits filed by blind individuals who find ATMs that are either not ADA-compliant or the ear phone jack is not in working order.
According to a recent article in American Banker, half of the nation's 409,000 ATMs were not ADA-compliant as of the March deadline. Diebold, the primary provider of ATM machines and upgrades has worked hard to meet the timeline, but it just takes one machine or one problem phone jack port to trigger a lawsuit.
ABA Insurance Services Inc., which handles bank claims for both Progressive and Everest, has seen this activity in the Mid-Atlantic states, particularly Pennsylvania, against four or more banks.
"While settling for relatively modest amounts to date, all these suits require is a single dedicated handicapped plaintiff and a consumer advocate law firm whose primary income stream is statutory attorneys' fees to get going," stated an ABAIS senior attorney.
One individual has hired a law firm in Pennsylvania to sue banks they claim are in violation of ADA requirements for ATMs. Two Texas banks have been sued in the last 60 days. The banks are subject to a fine, court costs and attorney fees.
What can banks do? Banks are advised to take a photograph of their ATMs on a weekly basis to show that the proper signage was in place. Simply download the photos into a bank computer file. Also, check the earphone port weekly to make sure it is in working order, and document the findings in an ATM log.
Brien O'Connor will be presenting a series of presentations across the state discussing two vital and often misunderstood insurance policies: Financial Institut ion Bond (Blanket Bond) and Directors & Officers insurance. The presentations will be held Nov. 6 in Lubbock, Nov. 7 in Dallas and Nov. 8 in Austin. Additional information is available on the Professional Development Calendar of the TBA website, www.texasbankers.com.
Customer's computers are being infiltrated by hackers.
"The newest twist to the ATM situation involves lawsuits filed by blind individuals who find ATMs that are either not ADA-compliant or the ear phone jack is not in working order."
Tenured and trusted employees need to follow the nine-days-off rule, too.
The Diebold ADA compliant, full directional decal set