You only need to read the headlines to know that the unthinkable is well thought out by someone you might not expect, like a bank or credit union employee.
Recently James Roy Entzminger was in the news. A federal indictment accused him of stealing about $527,000, by making unauthorized transactions while a teller for a credit union in Arizona. According to published reports, he was charged with nine counts of embezzlement, fraud and aggravated identity theft for criminal activity allegedly committed from 2009 through 2014. He allegedly picked multiple people who had little used accounts and made cash withdrawals, transferred money between accounts and changed addresses in credit union records so they wouldn’t get statements.
It’s a tale worth taking note of. Stuff happens. “This is a rare occurrence, but it obviously does happen,” says Jef Henninger, an attorney that handles white collar crime.
If you find yourself in the unfortunate position of being a victim, “Your right is to question any transaction you do not recognize after it has posted on your statement within 60 days of the posting and report it. The bank must investigate and if the investigation is going to take longer than 10 days (20 days for new accounts opened in the last 30 days), it must issue a temporary credit. However, I suggest that in cases of employee fraud, the onus is on the bank, not on the customer. In order to hold you responsible, your bank would have to show that if you notified them before the end of the 60-day period, the transactions would not have occurred. At any rate, in a case like this, I would expect full credit for any lost funds immediately upon discovery of fraud by the bank, which could be even before the customer noticed it on a statement,” says Linda Sherry, director of national priorities for Consumer Action.
While for sure this messy situation is a pain in the neck, the onus is on the financial institution, not the customer. “That is why they carry fidelity bond insurance. They could also be sued, although the case might be required to be handled in arbitration depending on the consumer contract with the bank. The bank or credit union typically has fidelity bond insurance to protect itself against employee theft. This is in addition to FDIC insurance (banks) or National Credit Union Administration insurance (credit unions). If the employee is prosecuted, and sentenced, restitution probably will be required to the bank or credit union. However, this is not dependent on the customer getting their money back,” says Sherry.
Don’t dilly dally. “Banks and credit unions are liable for the full amount of any employee-instigated fraud, less the $50 liability assumed by the customer. This can change if the customer fails to address the situation in a timely manner,” says Chris Moon, a banking analyst with ValuePenguin, a company specializing in financial research.
Doug Johnson, senior vice president, payments and cybersecurity for the American Bankers Association, says, “If the bank detects an insider threat, or notices unauthorized transactions, the money is fully reimbursed. You are harmless due to electronic transaction protection that come from Regulation E. If you notice before the bank, you must tell the bank as soon as you see it. You are more likely to detect than the bank.”
Furthermore, says Sherry, “Call the bank, and if they string you along at all, complain to the CFPB and consider getting a lawyer to write a letter.”
There’s no guarantee you can stay out of the clutches of determined employees, but you can do your part. “The key is to make sure it is caught right away. Always know how much money is in your account. If the balance is different, you should be able to pick up on that right away. You should also look at every bank statement to make sure you recognize every transaction. Dispute any transactions you don't recognize. Accounts that are infrequently used are particularly vulnerable. Run some transactions through the account to generate activity. Also, check your statements each month even if you don't use the account,” says Henninger.
How to best protect yourself? “Leverage online banking. Don’t wait to get your monthly statement, monitor your account, weekly, or daily if you are more comfortable with that,” says Johnson.
Then too, sometimes what happens is that an account that’s infrequently used will be targeted by an insider because it’s inactive. “My advice is to consolidate accounts. Don’t have accounts lying dormant. You don’t want anything happening to your money. While you will get your money back, you don’t want to have it unavailable to you for even a short period of time,” says Johnson.
Maybe you’re wondering if employee theft is on the rise. Johnson doesn’t think so, “It’s fairly consistent, though I have no data to support that, it’s just what I hear as head of cybersecurity.”
He says, increasingly, financial institutions are getting better at detecting threats and preventing people who have done such acts from becoming an employee at another financial institution. ”This will help counteract the problem. This is an authority we’ve had since 9/11…We have gotten better at refining the process of alerting other institutions when we have fired someone for a certain crime. We don’t have to wait until they have been sentenced or fired to get the word out about them.”