To trap the "mole": banks will be obliged to identify employees who are accomplices of scammers

Banks will have to identify employees who knowingly or involuntarily assist fraudsters in obtaining loans for victims. Moreover, often huge amounts of money are given to people whose income obviously does not allow them to count on such amounts, which is impossible without the participation of the organization's employees. In order to identify the "mole" and make changes to their regulations to prevent such cases, banks will have to investigate each incident of credit fraud and establish the personal responsibility of employees. Such a proposal was approved at a meeting of the Expert council (EC) on consumer protection of the Central Bank's financial market, sources told Izvestia and participants of the event, which took place last week, confirmed.

Why banks should change regulations against fraud

As the participants of the meeting of the Expert Council of the Central Bank told Izvestia, the issue of credit fraud is extremely relevant.

— The central Bank cited data that 40% of the money that scammers receive is credit, the source told Izvestia. — However, victims' complaints indicate that in 100% of fraud cases, the victim is forced to get a loan in order to transfer it, roughly speaking, to a "secure" account. As a result, people not only lose their savings, but are also left with a lot of debt.

Moreover, huge loans are often made to people who, shortly before, due to low income, were denied a small loan to buy small—scale equipment - a vacuum cleaner or a microwave oven. It often doesn't bother anyone that a million is given, for example, to a pensioner or a student whose income is not comparable to the amount of funds borrowed.

— Such examples show obvious vulnerabilities in intrabank loan procedures. Cases of intentional involvement of bank employees are not excluded. However, it is quite possible that bank managers are trying to meet internal performance indicators (employee ratings depend on the number of sales of products and services. — Approx. "Izvestia"), neglecting the social responsibility to protect customers, — said another interlocutor of "Izvestia".

Currently, banks have no obligations to identify and punish willing or unwitting accomplices of scammers. Therefore, another source of Izvestia suggested, organizations either do not pay attention to this in principle, or identify a "mole", but they do not take out the trash from the hut. They just get fired under an article from the category of a "wolf ticket".

Everything has changed due to the adoption in February of the sensational law on combating credit fraud (No. 9-FZ dated 02/13/2025, effective September 1 of this year). He is mainly known for the fact that banks will have to set a cooling-off period before issuing a loan. However, the document contains a large set of measures that organizations should take to prevent the issuance of borrowed funds without the consent of the client or consent obtained under the influence of social engineering.

In particular, banks need to develop internal documents that regulate risk management procedures. In particular, they should contain the procedure for implementing measures to combat credit fraud.

How banks will investigate cases of credit fraud

Therefore, at the EC meeting last week, the Central Bank proposed to develop recommendations for banks that they could use when preparing internal regulations. So, what is proposed to be included there? First of all, an internal investigation. After receiving information about the issuance of a loan under the influence of fraudsters, the bank must investigate the entire issuance procedure for a certain period of time. To do this, conduct a survey of employees, view recordings from video cameras, analyze scoring results, etc.

— The study examines the nature of human behavior, the dialogue accompanying the application, signing the contract, receiving money, the timing of the decision by the credit institution and the aspects that influenced the approval of the issue, — explained one from Izvestia's interlocutors.

The results obtained will not only identify the accomplice of fraudsters, but also improve their anti-fraud procedures. In particular, these may be additional verification triggers. If such changes are not required, then the credit institution must record the fact that a particular employee did not comply with the requirements of the established procedures, and determine measures of personal responsibility. Also, all the results obtained need to be communicated to all bank employees so that they understand the consequences of issuing a loan under the influence of fraudsters.

Member of the EC of the Central Bank, head of the National Council of the Financial Market (NSFM) Andrey Emelin confirmed to Izvestia that the issue of developing recommendations to strengthen counteraction to internal fraud in financial organizations was indeed discussed. This included the identification of employees who knowingly or unwittingly assist intruders. These are proposals in follow-up to what the chairman of the Central Bank said at the Ural Forum about strengthening the personal responsibility of employees of financial organizations who do not make enough efforts in terms of anti-fraud.

— There was even a proposal to prepare a standard for investigating incidents, but in the end everyone agreed that it would be more correct to develop recommendations, since all credit and MFI organizations have different internal processes. And using the framework recommendations, they could make changes to their regulations to strengthen protection against fraudsters," said Andrey Emelin.

According to him, this option was supported by the majority of the EC participants who attended the meeting. It was decided to propose to the Central Bank to create a working group with experts to develop such recommendations.

Why do experts support identifying "moles" in banks

The proposed changes to the risk management system seem to be very reasonable, said Daniil Chernykh-Aipov, Deputy Chairman of the Sulim and Partners Bar Association.

— It is especially important that banks conduct a thorough investigation of each case of loan issuance under the influence of fraudsters with an analysis of the entire decision—making chain — from the behavior of the client and dialogue with the manager to the procedures for checking and approving the loan, - said the lawyer.

Obviously, the problem of credit fraud in Russia is very acute, and to eliminate it, it requires significant restructuring of both banks' risk management systems and regulatory mechanisms by the Central Bank, agrees Mikhail Khachaturian, Associate Professor at the Department of Strategic and Innovative Development at the Financial University under the Government of the Russian Federation.

— The proposed solution may be effective. But here it is fundamentally important how significant changes should be made in the risk management system of banks and what internal control tools should be prescribed, as well as how the functioning of these mechanisms will be checked and controlled by the Central Bank," he commented.

From the point of view of efficiency, a significant element of the proposals is the introduction of personal responsibility for bank employees who have violated procedures for issuing loans to victims of fraud, said Daniil Chernykh-Aipov. According to him, there is currently no clear mechanism obliging banks to identify such employees and take action against them. The introduction of appropriate procedures will create the necessary incentives for more careful compliance with the regulations, the lawyer concluded.

Will the Central Bank limit itself to recommendations or introduce stricter regulation

Apparently, the Central Bank is not going to limit itself to recommendations, but is planning a tougher approach to regulating anti-fraud, follows from the response of the Central Bank's press service to a request from Izvestia. It says: "Measures to implement Federal Law No. 9-FZ of 02/13/2025 will be provided for by regulatory acts (unlike recommendations, they are mandatory. — Approx. Izvestia) Of the Bank of Russia, we will develop them by the time it comes into force."

— This is not indisputable, — commented Andrey Emelin. — The Central Bank currently does not have direct legislative provisions for detailed regulation of banks' internal documents on anti-fraud. But if the Central Bank considers such regulation appropriate, we will be ready to take an active part in the development of draft regulatory acts of the regulator.

In practice, the Central Bank really cannot directly legislate the internal documents of banks, as a rule, it issues recommendations, said Alexander Terentyev, a judicial expert of the Veta Expert Group.

— But the Central Bank, as the regulator of the banking system, has sufficient powers to influence banks' internal processes at the regulatory level," the lawyer noted. — However, recommendations won't hurt. Most likely, the Central Bank decided to take a different path of some kind of backsliding due to an excessive desire to regulate anti-fraud measures, or there is some other subtext here that is understandable only to the Central Bank itself.

According to Andrey Emelin, after the minutes of the meeting with the EC are agreed upon with the decision, the relevant department will carefully study the materials and select the most appropriate regulatory format. But regardless of the chosen path, banks will certainly improve their counteraction not only to external, but also to internal fraud.