Why FIs Need a Broader View of Internal & External Fraud Risk

As fraud tactics evolve, internal and external threats are increasingly acting in tandem, with internal access playing a critical role in enabling and accelerating fraud across the organization.

Internal fraud has long been treated as an unfortunate but limited problem. It’s typically framed as opportunistic behavior: an employee spots a gap, takes advantage of it, and operates alone. The financial impact is usually limited, the incident is handled, and the organization moves on.

On paper, external fraud remains the greater threat. Losses are larger, more visible, and easier to tie directly to financial impact. By comparison, internal fraud can appear relatively contained. Benchmarking data indicates average losses per incident just over $7,000 and roughly three basis points of employees terminated for fraud-related activity in a given quarter.

However, across large organizations, even a small percentage represents a steady volume of incidents moving through the system, each tied to an individual with legitimate access to data, systems, and customers. The relatively modest loss figures obscure the consistency of the activity, the access it enables, and the downstream exposure it creates.

For smaller and mid-sized institutions, the impact of internal fraud plays out differently. Individual incidents may still fall within the same relatively modest dollar ranges, but there is less capacity to absorb those losses—financially and operationally. Fewer layers of oversight, tighter staffing models, and more concentrated responsibilities can also increase exposure if access is misused. In that context, even low-frequency or lower-dollar events can have an outsized effect, particularly when they intersect with broader fraud activity or go undetected for longer periods.

Meanwhile, each incident carries compliance implications, often requiring formal reporting. More importantly, internal fraud has a more direct and substantial impact on institutional reputation.

Increasing Sophistication

Increasingly, organized fraud groups are targeting employees directly, recruiting through social media, and in some cases placing individuals inside organizations with a specific objective: gain access, learn systems, and move money.

This evolution exposes a structural blind spot. Many institutions still classify fraud in rigid terms: internal or external, employee-driven or customer-driven. In reality, those distinctions are breaking down. External schemes often rely on internal access. Internal actors may facilitate, accelerate, or simply overlook fraudulent activity that originates elsewhere.

When those connections aren’t fully captured, the result is a fragmented view of risk. Losses tied to insider involvement may be recorded as external fraud. Collusion goes underreported. The true scope of exposure remains obscured—not because it isn’t there, but because it isn’t being measured holistically.

The Role of Institutional Culture

At the same time, the drivers of internal fraud remain largely misunderstood. Tenure, for example, offers little predictive value. Long-tenured employees can pose just as much risk as new hires. What tends to matter more are shifts in behavior, such as financial stress, disengagement, perceived inequity, or declining performance. These are not always visible through traditional controls, and they rarely appear in isolation.

More often, they develop gradually. An employee rationalizes a small action, tests a boundary, and finds it easier than expected. What begins as a one-time decision can quickly become a pattern. Over time, the activity expands, especially in environments where controls are weak or oversight is inconsistent.

Culture plays a role here, though not always in obvious ways. Employees rarely describe their actions as purely unethical. Instead, they justify them by pointing to leadership behavior, inconsistent enforcement, or a belief that others are doing the same without consequence. Whether those perceptions are accurate is less important than the fact that they exist. Left unaddressed, they create space for risk to grow.

The result is a form of fraud that is harder to detect, slower to surface, and more deeply embedded in normal operations.

Are Institutions Diagnosing the Problem Correctly?

Treating internal fraud as a series of low-dollar, isolated incidents may have been sufficient in the past. It is less effective in an environment where internal access is increasingly being used to enable broader schemes. Addressing that reality means moving beyond rigid classifications and toward a more integrated view of fraud risk. It means connecting signals across functions and recognizing that some of the most meaningful indicators of risk may not appear in transaction data at all.

Benchmarking shows how internal fraud is actually manifesting across peer institutions, where patterns are emerging, and how approaches to detection, control, and response are evolving in practice. It moves the conversation beyond assumptions and into measurable reality.

These are the types of insights developed through Auriemma Roundtables, where institutions come together to share data, compare performance, and pressure-test strategies against real-world experience.

To learn more about benchmarking participation and upcoming discussions, explore our Internal Fraud Roundtable and Bank Fraud Control Roundtable.