No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Financial Services

As Layoffs Continue, the Potential for Insider Fraud Is Growing. Are You Ready?

2023 has already seen thousands of layoffs in tech and finserv, which could increase exfiltration of sensitive information

by Chris Gerda
March 15, 2023
in Financial Services, Risk
insider fraud threat

From startups to big banks, the technology and financial services sector have already seen tens of thousands of layoffs in 2023. Not only do these cuts challenge main business functions, but they could lead to serious trouble down the road in the form of insider fraud. Bottomline Technologies’ Chris Gerda talks about new approaches banks and financial institutions should take to protect their commercial clients.

In these times of big tech layoffs and general economic malaise, here’s a statistic that should send a shiver down the spine of every compliance and security professional. Almost two-thirds (63%) of all employees admitted to taking data from their previous job to their current job. Here’s an even scarier one: 71% of companies surveyed don’t know how much data departing employees take to their next job or while searching for a new one.

And these behaviors take place in an environment where the workforce has become decentralized, scattering key employees and their devices to home offices, shared workspaces and coffee shops. The statistics illustrate a lack of awareness around a dangerous current threat — insider fraud. 

Our experience over the past six months shows that a perfect storm of economic pressure, hybrid work arrangements, migrations from old to newer technologies and new fraud vectors have created opportunities for employees and outside forces to capitalize on their access to data, intellectual property and capital.

What’s more, the ability to mitigate insider fraud has now become a competitive issue, especially for banks. Recent client interactions prove to us that banks stand a chance of losing their commercial customers if they can’t extend solutions to mitigate this threat effectively. And in turn, those commercial entities can lose customers due to financial and reputational damage if insider fraud continues its destructive path. And perhaps the most significant risk, illustrated by the real-world data, is that insider fraud often goes undetected. We see it as the reputation killer that could lurk behind the scenes within companies of every size and business vertical.

trade secrets
Risk

Inside Job: How Businesses Can Protect Valuable Trade Secrets

by María Amelia Calaf
October 5, 2022

A relatively new law (the Defend Trade Secrets Act) aims to give businesses a legal framework to fight against theft of trade secrets by insiders. María Amelia Calaf of Wittliff Cutter explains the nuances of the law and discusses how businesses can prevent misappropriation of valuable trade secrets.

Read moreDetails

New approaches needed

While it may occasionally involve more recognizable payments fraud, which banks especially have made progress on detecting, insider fraud is a different kind of offense and will require different actions. For example, it’s easy enough to flag a payment from Company A to Company B if it looks to be inconsistent with standard business patterns. 

But valuable data is another matter. If a company sees that a competitor suddenly gains valuable information about key accounts, it can be challenging to identify that as fraud rather than a result of hard work or luck. The reality may be that a current or former employee has accessed and shared sensitive account information. Some other use-case examples that could indicate insider fraud includes performing account/customer inquiries that exceed the average, behavior that is inconsistent with the employee’s responsibilities (e.g., off-hours inquiries, examining other departments’ accounts) or erratic interactions like attempting to send large files to personal email addresses.

However, compliance officers and security professionals have sophisticated technology and new operational strategies available to identify, detect, prevent and, if necessary, prosecute insider fraud. These translate into the following actions:

Work across the financial and operational functions to identify internal behavior patterns that could indicate fraud

The use cases above are just the tip of the iceberg for insider fraud. It’s critical to work across financial and operational functions to identify internal behavior patterns that could indicate fraud or ongoing anomalous behavior. 

A common scheme is the “ghost employee” or “ghost company” vendor. In this case, an employee will create a new record and supporting documentation to allow that “ghost” to be paid. The employee then sends funds to an account they can access, concealing the transaction by moving internal funds to offset anything suspicious, changing inventory numbers or generating fake invoices for generalized, non-tangible services. Here, security professionals need to invoke the “principle of least privilege,” a control that blocks system access from employees who don’t need them.

That principle of least privilege should never be enforced by one manager or even one detection technology. Dual controls mean that more than one senior employee approves access to sensitive data or finances. It’s a common-sense solution that too many companies fail to implement.

Work with IT and compliance management to identify threats that are not technically insider fraud but will be enabled by it

Social engineering frauds, such as identity theft, account takeovers or a rash of fraudulent checks written against a specific account all could be entangled with some form of insider fraud. Businesses need to have data loss prevention measures in place on email, web uploads, USB ports and other areas where people might exfiltrate data. Flagging and proactively blocking these is critical to stopping data loss and detecting suspicious activity from employees who, for example, may never need to email anyone externally or access 150 customer accounts in a normal day.

Create data and best practice alliances

The best threat mitigation technology providers, whether they’re in payments, cybersecurity or employee monitoring, all aggregate the interactions across their networks and can see aberrations within it. Example: Healthcare Company A receives malicious emails that several employees tag as suspicious. Those emails are confirmed as malicious by the cybersecurity provider. Then Healthcare Company B receives the same emails but doesn’t yet know they are threats. The intelligence from Company A gives them evidence to block the senders. 

Another best practice can involve payroll theft. Employee payroll account numbers should never go into the company ERP to pay vendors or be duplicated on other employee account records without dual-approval processes.

Security professionals are undoubtedly aware of Cressey’s fraud triangle, which identifies the conditions to commit fraud as pressure, rationalization and opportunity. In the context of fighting insider fraud, those three conditions are magnified. It’s better to accept that they present a legitimate threat that companies must prevent before an incident occurs, whether they use human-driven practices, technological solutions or a combination of both.


Previous Post

Fraud Section’s 2022: A Year of Individual Accountability, Cooperation With Foreign Authorities & Pushing Compliance Programs

Next Post

Economic Sanctions and AML Developments

Chris Gerda

Chris Gerda

Chris Gerda is responsible for the overall anti-fraud strategy and technology initiatives that protect Bottomline’s Paymode-X payment network. His professional experience spans 14 years in military, law enforcement and BSA/AML compliance at major financial institutions. He has investigated and managed a wide variety of financial crimes, strives to build and strengthen organizational cultures of compliance and focuses on hardening and developing detection and prevention technology.

Related Posts

GFT Canada Update

GFT Expands AI Compliance Suite for Canadian Credit Unions

by Corporate Compliance Insights
May 8, 2025

Digital transformation company GFT has expanded its compliance suite to help Canadian credit unions combat payment scams and identity theft...

AxiomGRC Launch

Business Resilience Platform Axiom GRC Enters Global Market

by Corporate Compliance Insights
May 8, 2025

A business resilience platform called Axiom GRC has launched in the UK, backed by £500 million private equity investment from...

MyCOI Launch

myCOI Launches AI-Powered Insurance Compliance Platform

by Corporate Compliance Insights
May 8, 2025

Insuretech provider myCOI has launched illumend, an AI-powered platform designed to manage third-party insurance compliance and certificate of insurance processing....

Beachhead Documentation Launch

Beachhead Solutions Launches Compliance Documentation Tool

by Corporate Compliance Insights
May 8, 2025

Data security provider Beachhead Solutions has launched ComplianceEZ, a new compliance documentation tool built into its BeachheadSecure platform. The tool,...

Next Post
Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights