Where are you most at risk?

Human ResourcesPhysical SecurityInformation TechnologyIntellectual Property ProtectionLegal and ethical policies and proceduresTrusted Business Partners

Legal and Ethics

Does your insider threat program enforce your legal and ethical goals?

An organization should have a process for developing new policies and procedures that support preventing, detecting, and responding to an insider threat. The organization should also have a process for periodically reviewing existing policies and procedures. Such policies should form the basis for employee screening, monitoring, discipline, termination, and legal action regarding insider activity.

Without defined insider threat policies and procedures, it can be difficult to discipline, terminate, or prosecute employees who engage in insider threat activity. To be effective, defined policies and procedures must be routinely and consistently enforced. In most cases, the organization must also communicate these policies to employees.

True Story

An employee was employed as president and manager of the victim organization, a financial institution, for 17 years…

Learn More Button


Is your insider threat program legally and ethically sound?

<p>Insider Threat policy requirements:</p>

  • Pervasive system of checks and balances
  • Clear guidelines for acceptable use
  • Ongoing monitoring
  • Protocols for threat information sharing
  • Defined intellectual property ownership guidelines
  • Documented employee conduct and performance standards
  • Documented policies for employee management during restructuring
  • Documented procedures for employee screening/onboarding/separation
  • Established protocols for reporting and responding to employee grievances
True Story

An employee was employed as president and manager of the victim organization, a financial institution, for 17 years. For at least 15 years, the employee embezzled funds from the victim organization. As a function of her job, the employee had access to and could internally control loans and check writing. The employee misused this access to write multiple checks to herself, including checks written as “add-ons” to existing loans belonging to others without their knowledge or consent, checks posted as “share withdrawals” from other member accounts, and internal checks from other member’s accounts. To conceal the activity, the employee created fraudulent teller entries and also purposefully failed to post many of the checks written to herself to the organization’s records.

The employee used multiple accounts to perpetrate the fraud, including the accounts of family members, a non-profit, and another organization. The employee was able to embezzle money from the non-profit account because she was a board member of the non-profit and had sole signatory authority at the financial institution.

The employee refinanced her mother-in-law’s existing vehicle loan several times and kept the extra funds. She did this by making unauthorized advances for a new loan, which she then rolled into her mother-in-law’s existing loan. There were no loan documents to support any of the loans made or modified, only the canceled checks evidenced the loan advances.
The incident was detected after the organization performed a forensic audit of its financial records, which revealed detailed spread sheets and bond claims that evidenced the employee’s illegal transactions. One month after the incident was discovered, the employee resigned, citing health problems.

The U.S. Attorney’s Office declined to prosecute the employee, in lieu of local charges. However, local charges were never brought against the employee because she was gravely ill at the time. The employee admitted to defrauding her mother-in-law, but denied responsibility for the other fraudulent activities. The employee, who filed for bankruptcy after the incident, made an agreement with the financial institution to pay $355 a month toward the money stolen from her mother-in-law, approximately $22,000.

What could have been done to prevent this case of long term theft?
  • A policy supporting appropriate checks and balances would prevent a single employee from having the ability to carry out such long-term fraud and abuse.
  • An appropriate employee monitoring process, that applies to all employees, would allow a financial institution to potentially identify unusual or inappropriate transaction activity early.
  • A policy on when to initiate an internal investigation and/or involve law enforcement supports the proper collection and preservation of critical evidence for use in follow on disciplinary or legal proceedings.
  • Engaging your legal team early in the process of creating or refining of your insider threat program policies can go a long way to protecting your company from undetected and long-term fraud and theft.