Pub. 6 2016-2017 Issue 3

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S November • December 2016 17 tries to pass counterfeit currency or in any way causes the bank a financial/monetary loss – think of the Blanket Bond first. This policy was first designed 50 or more years ago by the Surety Association of America and was once called the Form 24. Today, insurance carriers who provide Financial Institu - tion Bonds usually have their own form but they will mimic the Form24 very closely. There are some nuances whichmake some forms better than others, but their intent is the same. Corporate Account Takeovers have been a huge issue to banks over the last two years. Interestingly, coverage for this ex - posure has been found in the FIB all along. This is also one of those areas that differ from company to company on how coverage is afforded. But in general, banksmust call back on all wire transfer requests and have a written agreement in place with the customer. Where do you find this coverage? Look at your FIB policy and find Computer Systems Coverage. It’s been there for at least 25 years. Robberies are still occurring and bankers need to be very aware of early morning robberies. It should go without say - ing, but be sure to keep all entrances to the bank clear of any obstacles, bushes, trees, etc., where a robber may hide. When I discussed this with a banker recently he looked at me, then his security officer and asked her, “Why don’t we just come in the front door instead of the back?” What a novel idea! If your front door is unobstructed (as most are) and clearly visible to the street (again as most are) why not have employees enter from there? They should of course scope out the parking lot to be sure no unknown cars are present. Second, once the first person has entered and checked the building to be sure it’s safe, only then should they signal for the second employee to enter. If for whatever reason the second person is not given the “proper” all clear signal, they should not enter. This occurred a few years ago when a robber accosted the first employee as she entered and forced her to wave at the second teller to come in. That was not the signal. But the teller came in anyway. Both tellers were now able to open the vault for the robber. One of the major reasons for a Blanket Bond is to protect the bank against Employee Dishonesty. We usually think of embezzlements, but it can also be a teller slipping ones on top of a strap of twenties in the vault knowing that the cashier doesn’t look through the bills when he’s auditing the vault. But usually, yes, they’re the losses that have been going on for years. These losses occur because, typically, internal controls are not what they should be in the bank. Dual controls are missing or are very lax. And lastly, vacations are not adhered to as they should be. In the old days, two weeks in a row was the requirement. Today, due to smaller staffs, that may not be possible. Insur - ance companies like to see nine days in a row off. That’s a five business days off with weekends on either end. Usually that’s how banks do vacations today. But the key is you must not allow the employee back into the building during that time. Remember (it’s sometimes forgotten), the reason for vacations is that, to this day, it’s usually the way we discover fraud. An - other employee stumbles upon something odd and starts to dig into the issue. Does embezzlement still occur? Yes. A few years ago, a relatively small bank in Texas suffered a $6million embezzlement. Our agency recently had a long-time, trusted employee steal $300,000 through a fictitious payroll account she had established. In fact, the typical person found stealing is the most trusted employee, she’s also been there a long time, her fingers are in everything, internal controls are not what they should be, and lastly, they don’t take complete vacations. As mentioned previously, robberies still occur. But remember, the average robbery is only $3,800. Now, the FBI and other authorities will advise bankers to hit the alarm when it’s safe to do so. I tell my bankers it’s not safe until they are out of the bank and driving down the road! My advice is give them what they want, get them out the door, lock the door, then hit the alarm. It’s not the banker’s job to catch the robber. That’s the job of the police. Your job is to protect your employees and customers. Often I’m asked what the best way is to prevent robberies. My answer is simple: greet all customers. . I know that sounds simple, but I can say from27 years of traveling insuring banks, about half the time I walk into a bank I’mnot greeted nor even noticed. That’s exactly what a robber is looking for. I mentioned above about Corporate Account Takeovers. When I meet with bankers today, most every banker nods their head when I discuss this topic. They all know about them. Unfor - tunately, the losses still occur. Usually losses occur today because the bank lets its guard down, or this one time, they didn’t make the call back. Recently, a loss occurred because the fraudsters are getting smarter. In this case, the fraudster hacked into the commer - cial customer’s email account, found the CEO’s email, and then sent a fake email from the CEO to his assistant, who was authorized to do wire transfers. The fraudster instructed her to wire $250,000 to a bank in California, giving her the bank routing number and account. She emailed the bank with the instructions the fraudster gave her. What did the bank do? They called her back. She confirmed that yes, she had just initiated that wire, and the money went out. When the CEO (who was on vacation of course) returned and discovered the wire, he contacted the bank immediately. The money was gone. Is this covered under the Blanket Bond? No. Why not?—because the bank did everything it could do. As far as the bank and the insurance company are concerned, that was a good wire transfer! The bank had a written agree - ment, it was an authorized person and they called back. That is a good transfer. In short, insurance companies and banks are not responsible for the security of customer’s computers. What can your customer do? They can buy a Crime Policy. All companies of any size should have an insurance policy which protects them fromemployee embezzlement. Today, insurance companies will add coverage for Fraudulent Wire Transfers! In short, they can insure these exposures themselves. There aremanymore exposures and coverages available under the Financial Institution Bond. We plan on having seminars or webinars in the near future which will allow more time to dive deeper into this and our other topics. In our next article we will discuss Directors and Officers Lia - bility. The key to those policies is no two policies are alike! n