Fraud as a means to access banking services
Imagine that 15 percent of a bank’s mortgage portfolio is approved on false grounds, because of fraud and corruption. This is one example.
Well-organised criminal networks are operating through brokers, agents and infiltrators on the inside of both small and large banks in the Nordics. The scale of mortgage fraud that has been detected must be considered in a wider context of operational risk and in the longer run potentially credit risk.
Red flags concerning fraudulent mortgage applications are however, according to current practice in many organisations disconnected from the operational risk and credit risk streams.
Unknown scale, undefined risk
Experts from FCG’s Financial Crime Prevention team, point towards developments in the current risk landscape that many operators need to take into consideration in their fraud- and corruption risk assessment.
Recently revealed mortgage fraud schemes in Norwegian banks indicate that the actual scale of this type of crime is ripe for reassessment. Because of the systematic and well-organized nature of criminal activities revealed, it is not unlikely that the issue can be much more widespread. This applies both to Norway, Sweden and other countries.
According to the National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway (Ökokrim), bank staff and other personnel in financial institutions can be targeted by professional criminal operators, a perspective that was raised in the most recent Norwegian national risk report published in November 2022. A recent case at a large bank in Norway involving several staff in a systematic corruption scheme resulted in faulty mortgage payments exceeding 150 million NOK. This is one case which has raised awareness around the current risk environment. In a new set of recommendations, the PST says that smaller banks with less developed programs against fraud and money-laundering may be especially vulnerable. Recent developments also suggest that banks may need to strengthen measures with regards to the operational risk associated with criminal schemes.
”When the scope and scale of the risk is not adequately assessed, it becomes a risk in itself that is impossible to hedge against. What we are seeing now is that there is a need to carefully reassess the current fraud models within the overall risk taxonomy”, says Henrik Skådinn, Senior Manager at FCG Norway.
Additional risk generated due to fraudulent access to services?
Assuming that the discovered fraud schemes to access banking services may constitute only a small part of a bigger problem, should banks be wary from a credit risk perspective?
We have not yet seen any bank defaults in the Nordics due to mortgage fraud. However, the potential scale and damage suggest that fraud and corruption prevention should warrant much higher prioritization now.
This would especially be the case where the business model of the bank relies on intermediaries. Consider for example a bank where 90 per cent of the loan applications are generated through mortgage brokers and agents that do not operate with a KYC obligation. As an example, a fraud scheme that was revealed in Norway involved 13 per cent of the bank´s lending portfolio. Should one extrapolate this to a number of small or semi-small banks, the sense of urgency may increase.
How the negative impact of fraud can spread with a property slump
For the sake of argument, fraudulent access to banking services does not necessarily translate directly to increased credit risk. But this can change depending on two scenarios. Firstly, what happens if property prices fall? Secondly, assuming that the demand for services in general decreases, what if incomes from the grey or black economy also dry up?
Simply put, bad customers can be “good” so long as all money is stable. “Good” bad customers can now become really bad. Part of the complexity of this issue is the inherent conflict of incentives. It is more important to ensure payments than to investigate the source of funds. However according to Henrik Skådinn, banks need to consider several aspects in their risk assessment, both the access to banking services through fraud, and perhaps more importantly the underlying risk of reliance on criminal proceeds to carry the ability of mortgage payments.
Until recently, property prices have been on a stable upward trajectory, mortgage repayments have been steady. Discounting the modus to secure loans, (fraudulent or not) refinancing of existing loans has not been an issue. With a negative property price development and higher interest rates, the conditions for refinancing loans diminish and the risk of non-performing loans grows. How this may enfold could be compared to a pyramid scheme. Adding to the mix, says Henrik Skådinn, one needs to consider that requirements on mortgage deposits for secondary housing in Oslo are easing from 40 to 15 percent according to new lending regulations.
Considering an undefined scope and scale of mortgage fraud, a bank may potentially face a latent risk greater than what the credit risk models indicate. Fraud schemes that have been detected so far, also signal that the circulation of fake documentation on property values and deposits is a credit risk. The greater the rate of default, the bigger the credit risk is for the bank. In a scenario where property taxes would increase, that would add more fuel to a potential fire in terms of risk of default and impact the operating ability of the bank.
A clear inherent risk seen in many Norwegian bank organisations, says Henrik Skådinn, is that organisations often lack a centralised structure for information handling and assessment. This means that the ability to identify forged documents may suffer, especially without consequent checks against public registers which per se may be challenging. More expertise is often needed to identify forgery, with regular training to spot forged documentation and deploy updated verification methods. The worst case scenario may be that even if there is a suspicion, there are no systems to react and take appropriate measures.
An easy way out?
Fraud and corruption are closely interlinked. Bribery is part of the modus in the business of forgery. It is not uncommon that the risk of corruption is especially high in the credit department. Better internal control mechanisms can be a game-changer to ensure that decisions are not managed single-handedly alone by individual members of staff. By way of example, the operating model whereby a customer can submit a loan application to a specific case manager may be an inherent risk. As an alternative, channelling all applications centrally with a robust routine which excludes the risk of personal preferential treatments or undue advantages may be recommended.
Bribery risks are often associated with procurement or representation, and generally not perceived as very high in the banking sector.
According to Louise Brown, anti-corruption auditor at FCG, many companies in the financial sector may want to assure that they have an updated assessment of their risk environment, considering how their products and services can be misused. Current developments in fraud and corruption point towards increasingly sophisticated ways of infiltration and manipulation, and targeted individuals and assets do not longer fit a preconceived risk model.
“It is easy to think about corruption mainly in relation to procurement and representation. What constitutes an asset and what constitutes an undue advantage is something very broad. Organisations need to think about what roles and functions that are exposed more broadly. What is the access to certain information and decision-making, how can the organisation understand the potential threat of insiders and coverups, what controls and processes are in place to identify and manage such risks” says Louise Brown. According to her, the risk assessment process is critical, as are due diligence, controls and the internal audit function in order to achieve an effective anti-corruption management system.
Recommendations:
According to FCG’s experts, the new risk environment warrants both large and small banks to consider several aspects:
- Review if and how individual roles can be abused with regards to information access and decision-making, and how targeting of individual staff can be prevented.
- Ensure adequate controls of the status of the mortgage portfolio. How is the risk of fraud taken into account, what are the scenarios, are there similar risks that the bank is exposed to?
- Carry out sample checks for verification. Innovation in forgery is limitless. What are indications of fraudulent documentation? In what process and by whom in the organisation can indications be detected?
- Update internal fraud prevention processes and routines to reflect the current risk environment. Ensure that dedicated controls to detect fraud and corruption are effectively in place, including safe channels to raise concerns without retaliation, i.e. whistleblowing. The review of these processes combined with spot checks/sampling can contribute to an efficient risk-based approach.
- Continuously develop competence in the organisation so that there is awareness, and equip staff to take a pro-active stance towards suspected activities including measures and reporting.
- Consider how the board awareness and senior management are informed and thus able to prioritise risks. How is the credit risk associated with mortgage fraud gauges and communicated from the top?
For more information, please contact:
