Citi was recently fined $500,000 by the Financial Industry Regulatory Authority (FINRA) for its failure to pick up on an employee skimming over $750,000 from the accounts of 22 Citi customers over the last eight years .

When I first read the headline, my initial thought was that this was yet another unfortunate example of an organization not having set-up or maintained appropriate access controls (to grant access to only those who really need it) and that lacked visibility into what activities are actually happening.

Turns out, my initial thoughts were wrong.  As part of her job, the employee needed access to the information.  And it also sounds like the fraudulent activity should have been visible to Citi:

“FINRA said its investigators had determined that Citi failed to detect or investigate a series of so-called red flags that should have alerted the bank to Moon’s fraudulent use of customer funds.

The red flags included exception reports that highlighted conflicting information in new account applications, as well as customer account records that reflected suspicious funds transfers between unrelated accounts.”

It sounds like that with the systems and exception reports Citi already had in place that they should have detected the suspicious activity involving transfers and disbursements in the accounts.

This is a reminder that simply investing in technology isn’t good enough.  Successful deployment must include not only training for the IT department on how to properly install and configure, but also training for end users that are responsible for consuming and acting on the information provided by the system.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.