Internal Fraud

From Open Risk Manual


Internal Fraud is the risk of unexpected financial, material or reputational loss as the result of fraudulent action of persons internal to the firm.

Internal Fraud is a recognized risk category in regulatory frameworks worldwide (Basel II/Basel III standards). The Basel II definition states more specifically: Losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involves at least one internal party.

Basel Level 2 & 3 Event Type Classification

  • Unauthorized activity
    • Transactions not reported (intentional)
    • Trans type unauthorised (w/monetary loss)
    • Mismarking of position (intentional)
  • Theft and Fraud
    • Fraud / credit fraud / worthless deposits
    • Theft / extortion / embezzlement / robbery
    • Misappropriation of assets
    • Malicious destruction of assets
    • Forgery
    • Check kiting
    • Smuggling
    • Account take-over / impersonation / etc.
    • Tax Non Compliance / evasion (wilful)
    • Bribes / kickbacks
    • Insider trading (not on firm’s account)

Commonly reported examples by Business Line

Types of internal fraud vary by business line. An indicative list:

  • Corporate Finance: Loan fraud, Embezzlement, Failure to follow procedures/limits, misuse of confidential information
  • Trading and Sales: Unauthorized trading, misappropriation of assets, misreporting of positions, breaching of trading limits
  • Retail Banking: Theft or customer data, embezzlement, theft of assets
  • Commercial Banking: Fraudelent transfer of funds, embezzlement, theft of customer funds
  • Payment & settlement: Payment fraud, theft of customer funds or assets
  • Asset Management: Unauthorized trading

Internal fraud events vary also by the number of people involved, their role within the organization and the involvement, or not, of external parties


Internal fraud is mitigated with strong internal controls comprising both of system and processes and supported by the firm's risk culture embedded in employees

Issues and Challenges

  • As with all operational risks, difficult to obtain objective measures of actual risk, both before and after the application of controls
  • Potential overlap with market risk, e.g. unauthorized trading by a rogue trader that creates a market exposure

External Links