Mortgage fraud is a term we have heard more and more in recent times. Most of the shady deals associated with mortgage fraud relate to residential home purchases. Likewise, identity theft and credit account abuse are on the rise; both in occurrence and awareness or discussion by the media. However, fraud involving credit does not always involve mortgages and homes or a fraudster stealing Social Security or credit card numbers from a dumpster.

Make a Loan to Yourself

An example of another side of mortgage fraud involved a regional finance company with several local branches located throughout their state. This finance company operated at a level beneath that of a mortgage originator but above that of a “payday loan” provider. This company completed secured and unsecured loans averaging under $2,000. These loans were disbursed, mostly in cash, directly to the borrowers at the time of the loan. Many of the borrowers were frequent repeat customers.

Each local branch employed a manager and one or more customer service representatives. As the business consisted of several disparate locations, itinerant supervisors were each assigned to a certain number of branches. The local branch employees originated and approved loans, entered the necessary information into the company computer system (a turnkey loan-tracking-and-accounting package), and disbursed funds to the customers. Local employees also received and recorded customer payments on account, and followed up on past-due loans. The supervisors’ control duties included the random performance of bank reconciliations, reviewing loan files and computer-system reports and authorizing, through password-controlled computer access, other functions such as loan write-offs and alterations of terms (i.e., advancing due dates on the loans). All access to and activity within the company’s computer system was tracked by username.

In this case, two employees — a manager and a customer service representative — allegedly stole over $1.5 million from their employer over an estimated period of three years. The employees simply entered fraudulent loans into the company’s computer system in the names of former customers and pocketed the cash for themselves.

Detection and Downfall

The scheme allegedly worked similar to a Ponzi scheme, with proceeds from newer fraudulent loans used in part to keep previous loans’ payments current (thus avoiding attention). When the list of dormant customers ran out, the employees allegedly began advancing due dates in the computer system to keep the loans from going past due. The finance company stated that the employees used their supervisor’s username and password without authorization to advance the due dates. Note that the finance company advised that the due date of a loan is rarely advanced, and then only in specific circumstances such as the establishment of a new payment plan following a bankruptcy.

Small consumer lending companies depend on larger financial institutions known as “warehouse lenders” to fund the loans originated by the lending companies. In early December 2008, this finance company received communication from their warehouse lender that a review of the finance company’s computer system disclosed an unusually high number of loans at one particular branch for which due dates were advanced. Further investigation revealed a lack of basic loan documents, such as promissory notes, in the physical loan files for the identified loans.

The subject employees allegedly confessed to the misappropriation of funds, and their employment was terminated. The finance company further reported that the customer service representative committed suicide following the discovery of the defalcations, and that the manager was arrested. The finance company reversed interest and fee income generated from the alleged fraudulent loans and charged off the remaining principal balances as bad debts.

Controls Are Key

This example certainly begs the question: How in the world did $1.5 million go undetected in such a small operation? Well, obviously, it didn’t in the end, but we can certainly see that there was a severe breakdown of internal controls involved here:

1. Nature of the business model. Small loans paid out in-person and in-cash certainly lends itself to an opportunity for theft. But even within this dangerous context, certain controls can be put in place to minimize the opportunity for employee infidelity. Of course, those controls, when being circumvented by junior management as in this case, must be operated correctly by senior management.
   
   The employees simply entered the fraudulent loans into the computer system, without placing documentation in the loan file. As part of the control activities, the itinerant supervisor regularly requested the loan files from the principals for all the loans generated during a certain period. However, the request to see “all” loans was not checked against a system-generated listing. Thus, the employees were essentially free to select on their own those files given to the supervisor for review. Had the supervisor started with a listing from the system, even a random selection of loan files for review could have stopped this scheme in its tracks.
2. Controls built into computer system. However, these controls were evidently circumvented in this matter, as the junior management had access to the supervisor’s username and password, which were used without authorization (according to the supervisor) to advance the due dates. Although the supervisor did not state how the employees obtained access under his username, it is quite possible that the supervisor gave the combination to the employees to complete an earlier, authorized, transaction on his behalf. Even if the supervisor’s username and password were somehow stolen by the employees, once again, a key control — although in place — was circumvented. Possible remedies for this control deficiency would be system requirements 1) to change passwords every three months to six months: 2) for passwords to contain numbers, letters and symbols: and 3) that no new password can be used if it has been used before in the last two instances. Of course, perhaps one of the best user/password controls is a stated policy NOT to allow access under one’s username to any other co-worker for ANY reason, and to hold each employee responsible for all transactions entered under their assigned username and password.

It is important to note that the advancing of the due dates was detected by an outside party — the warehouse lender. However, a regular review of the system by the finance company itself would have found the same thing. Unfortunately, aside from the advanced due dates, there was nothing within the computer system itself that distinguished an allegedly fraudulent loan from a legitimate loan. The cash control procedures (such as regular drawer counts) would also not have turned up anything missing. This is why the review of ALL physical loan files is essential to control.

Make a Loan to Yourself — The Sequel

One would think that after such a fraud was detected that control procedures would be enhanced and that all employees who had contemplated such a scheme might be put on notice. Some of the finance company’s control procedures were stepped up (bank reconciliations are now reviewed more often); yet one employee of a different branch decided to attempt the same scheme, although on a much smaller scale.

In this instance, a branch manager allegedly started with convincing certain repeat customers to take out loans in their own names on behalf of an unidentified “friend” of the manager (the “friend” was supposedly about to lose his house in a foreclosure). Later on, the manager allegedly took out new loans in the names of other former customers without their knowledge (like at the other branch). Although some payments were recorded, most of the loans noted above were rolled forward into new loans with new due dates (unlike the advancing of due dates, these roll-forwards did not require supervisor authorization and do frequently occur with legitimate loans). The manager also accepted loan payoffs and — instead of recording the payments on those loans — allegedly retained the payments for himself and rolled those principal balances forward, assuring the customers that the loans were paid off.

This scheme was detected only when one of the customers contacted the itinerant supervisor of that branch (a supervisor different from the first case) after receiving a call about a past due account from a customer service representative. The supervisor reviewed the loan file in question and found that signatures on later promissory notes did not match signatures on earlier notes. The manager was confronted and discharged. Further investigation revealed that checks written by the principal ostensibly to stock the branch’s cash drawers were cashed at the bank but not recorded in the finance company’s computer system, leaving an unaccounted amount allegedly taken by the manager.

In this case, the employee attempted to document the loan activity in the loan file by allegedly forging promissory notes and other documentation, which might have passed a cursory procedural review. However, the increased frequency of bank reconciliation review may have detected the check scheme earlier than the previous procedures would have done. Consequently, the controls that were in place (segregation of duties, supervisor review) seemed to operate much better than in the first case, and ultimately cut the scheme short before reaching the levels of the first case.

Conclusion

Loan fraud may be impossible to stamp out or prevent entirely, but recognition of the inherent risks involved, plus an emphasis on putting controls in place and executing them properly, may be the key to preventing a loan officer from going to Tahiti on the dime (or 15 million dimes) of his employer.

Lester Hankes, CPA, CFF, CFE, is a director and Michael Val Hietter, CPA, CFE,  is a senior accountant in the Atlanta office of RGL Forensics, the international forensic accounting and consulting firm.