Last Tuesday, a regional bank president called our team. “We just discovered our head teller has been stealing from us for four years… how did we miss this?”
Said bank had spent $2.3 million on cybersecurity upgrades in the past two years. State-of-the-art firewalls. AI-powered fraud detection. The works. Meanwhile, the head teller was skimming $300 a week from dormant accounts, and nobody noticed because she was careful, she was patient, and she knew exactly how their systems worked.
The teller walked away with $62,400 before they caught her. The bank’s going to lose about $1.2 million by the time this mess gets cleaned up.
The frustrating part? The suspected employee wasn’t some criminal mastermind. She was just paying for her mom’s nursing home care and figured nobody would miss money from accounts that hadn’t been touched in years. She was wrong about the “nobody would miss it” part, but she was absolutely right about how easy it would be.
Here’s What Nobody Wants to Talk About
Internal fraud accounts for roughly 70% of all banking losses. Not cyberattacks. Not check fraud. Not even armed robberies. Your own people.
The numbers from this year are brutal. According to the latest industry report, 57% of financial institutions lost over $500,000 to fraud in 2024. A quarter of them lost over a million. That’s not “some banks.” That’s most banks.
The fraud examiners association puts the total at 5% of revenue lost to fraud annually. Take your bank’s revenue, multiply by 0.05, and try not to throw up.
But here’s what really gets complicated: these numbers only represent the fraud we actually catch. For every suspected teller who gets discovered, how many others are out there right now, slowly bleeding banks dry?
Your Security Strategy Has a Teller-Sized Hole in It
Most banks approach security like they’re building Fort Knox. Massive perimeter defenses. Sophisticated detection systems. Armed guards. Electronic monitoring. It’s all very impressive.
But Fort Knox doesn’t help you when the threat is already inside, wearing a company ID badge and asking about your weekend plans.
Your firewall doesn’t know that Steve from commercial lending is using customer information to make stock trades. Your fraud detection system won’t flag Sarah from operations when she approves fake expense reports for her boyfriend’s contracting company. And all those automated alerts? Completely useless when someone knows exactly how to fly under the radar.
Last year’s case involved three employees who figured out how to create phantom loan accounts. Not sophisticated stuff—just basic knowledge of how the approval process worked and where the gaps were. Over eighteen months, they “approved” $340,000 in loans to fake borrowers, then split the proceeds. The beauty of their scheme? Each step looked completely legitimate to anyone checking.
Another case involved a compliance officer—the person whose job was literally to prevent fraud—who figured out how to hide unauthorized wire transfers in routine regulatory reports. She stole $180,000 over two years, and the only reason they caught her was because she got greedy and started moving larger amounts.
These weren’t criminal masterminds. They were regular employees who understood their bank’s blind spots better than the security team did.
The Real Cost Makes the Teller Case Look Like Pocket Change
Direct theft is just the appetizer. The main course is everything that comes after.
When regulators find out you’ve had internal fraud, they don’t just slap your wrist. Banking regulators issued $4.3 billion in penalties last year, with banks taking $3.52 billion of that hit. The fines often exceed the original theft by 5x or 10x.
Then there’s the reputation damage. Banking is built on trust. When customers find out your employees have been stealing, they start wondering what else you’re not telling them. Accounts close. New customers go elsewhere. Community banks have lost 15% of their deposit base after internal fraud becomes public knowledge.
The operational chaos is devastating too. Good employees get pulled off important projects to deal with the investigation. New procedures have to be implemented overnight. Staff morale craters because everyone’s now under suspicion. Some banks never fully recover from the disruption.
And then the lawyers show up. Customers sue. Shareholders file lawsuits. Insurance companies fight claims. Legal bills pile up faster than snow in January.
The bank president mentioned earlier? By the time the teller’s case was resolved, the total cost was $1.2 million. For $62,400 in actual theft.
The Trusted Employee Problem
The worst cases always involve people you’d never suspect. Not the sketchy new hire who shows up late and leaves early. It’s the 20-year veteran who coaches Little League. The manager who organized the office Christmas party. The compliance officer who never missed a continuing education seminar.
These folks don’t wake up one day and decide to become criminals. It starts small—borrowing from petty cash with every intention of paying it back. Taking a small amount from an inactive account “just this once.” Using customer information for a “sure thing” stock tip.
But here’s what becomes clear after investigating hundreds of these cases: once someone crosses that line the first time, it gets easier every time after that.
And the longer they’ve been with your institution, the more dangerous they become. They know which accounts get reviewed and which don’t. They understand your approval processes inside and out. They’ve built relationships with colleagues who trust them implicitly. They know exactly how much they can steal without triggering alerts.
Most importantly, they know how to make their theft look like system errors, processing delays, or customer mistakes.
Why Your Internal Team Can’t Handle This
Your internal audit department is good at checking boxes and following procedures. They’re not trained to think like criminals. Your IT security team knows technology but doesn’t understand criminal behavior. Your HR department can handle policy violations but can’t conduct covert surveillance or digital forensics.
Here’s what happens when you try to investigate internal fraud with internal resources: word gets out immediately. The suspected employee either covers their tracks or disappears. Evidence gets deleted or destroyed. Witnesses get nervous and stop cooperating. The investigation becomes a circus, and the fraudster usually walks away clean.
Professional investigators bring capabilities that don’t exist in most banks:
Covert observation: Professional teams can watch suspected employees without them knowing an investigation exists. No office gossip, no warning signs, no opportunity to destroy evidence.
Digital forensics: Deleted emails, cleared browser histories, encrypted communications—specialized tools and expertise can recover digital evidence your IT department can’t access.
Social media investigation: Many internal fraudsters post about their newfound wealth on social media. Expensive dinners, luxury vacations, designer purchases—all funded by stolen money and documented online.
Interview techniques: Getting the truth from employees requires specialized training. Professional investigators know how to conduct interviews that actually produce useful information, not just denials and deflections.
Legal evidence handling: Finding evidence is one thing. Making sure it holds up in court is another. Professional investigators know how to preserve evidence, maintain chain of custody, and document everything properly for prosecution.
Red Flags That Should Scare You
Some warning signs are obvious: employees living beyond their means, reluctance to take vacation time, defensive behavior about routine questions. Others are more subtle.
Watch for employees who seem to know too much about other people’s financial situations. Staff members who volunteer for overtime constantly, especially on weekends when fewer people are around. Anyone who gets unusually anxious when others handle their responsibilities.
Pay attention to customer complaints about account discrepancies, even minor ones. Notice employees who have unusually close relationships with vendors or specific customers. Be concerned about resistance to new procedures or system changes.
Anonymous tips should always be taken seriously, even if they seem vindictive or far-fetched. Most anonymous tipsters are fellow employees who’ve seen something suspicious but are afraid to speak up directly.
Here’s the thing about gut instincts: they’re usually right. If something feels off, it probably is.
The Math Works (When You Do It Right)
Yes, hiring professional investigators costs money. But consider the alternative.
The average internal fraud case costs financial institutions $1.4 million in direct and indirect losses. That includes the stolen money, regulatory fines, legal costs, reputation damage, and operational disruption. Some cases cost much more.
A comprehensive fraud investigation typically runs $15,000 to $50,000, depending on complexity. Even expensive investigations cost a fraction of what you’ll lose if fraud continues undetected.
Plus, professional investigators often uncover additional fraudulent activity that internal investigations miss. More complete investigations lead to better recovery through insurance claims, civil lawsuits, and asset seizure.
And here’s something most bank executives don’t consider: the deterrent effect. When employees know management takes fraud seriously and has professional resources to investigate suspicious activity, they’re much less likely to try anything stupid.
Don’t Wait for Your Next Audit to Discover the Problem
Internal fraud isn’t theoretical. It’s happening right now, at banks just like yours, committed by employees who seem just as trustworthy as yours.
The longer fraudulent activity continues, the more sophisticated it becomes and the more expensive it gets to resolve. Early detection saves money, protects reputation, and minimizes disruption.
If you’re seeing red flags, experiencing unexplained losses, or just want an honest assessment of your vulnerability, don’t wait. The cost of acting too late is always higher than the cost of acting early.
Ready to discuss your institution’s fraud prevention and detection capabilities? Schedule a confidential consultation with Kyle Robison, our Deputy Director of Investigations at Lauth Investigations International. Kyle brings extensive experience helping financial institutions identify, investigate, and resolve complex internal fraud cases.
Schedule your consultation today to discuss how professional investigative services can protect your institution’s assets and reputation. You can also text us directly at 317-759-1004— really, text us.
Lauth Investigations has been helping financial institutions deal with internal threats for over twenty years. We know banking, we understand fraud, and we know how to investigate these cases without destroying your institution’s reputation in the process.