$14 Million Fraud Scheme Shutters CUExperts Say Trust Overshadowed Due Diligence
A $14 million loan fraud scheme pulled off by a mother and son against a community-based institution with which they had a longstanding relationship offers an important reminder: Even the most trusted customers and employees have to be scrutinized.
See Also: Main Cyber Attack Destinations in 2016
Last week, Scott Lonzinski and Laura Conarton, both of Susquehanna County, Pa., pleaded guilty to felony bank fraud in connection with an elaborate scheme that cost Binghamton, N.Y.-based Broome County Teachers Federal Credit Union $14 million, and ultimately caused the credit union to be taken over by federal regulators.
George Tubin, a former financial fraud analyst who now works with the online security technology firm Trusteer, says any small institution runs the risk of falling victim to these kinds of schemes.
"Here's a small local credit union in a small town, [dealing] with a seemingly successful business that's run by people the institution has a good relationship with. When it's a small community, it's small-town banking, and the institution doesn't think there's any reason to doubt the validity of the people it's lending money to."
As part of their pleas before a U.S. district court in New York, the mother and son team admitted that between July of 2009 and February of 2011 they received 10 fraudulent loans from the former Broome County Teachers FCU, which at the time had only $52 million in assets.
Lonzinski and Conarton told the court they created false bank statements, forged signatures, created fictitious persona, and made numerous false and fraudulent statements to convince the credit union that certificates of deposit allegedly held by Lonzinski at another institution were worth amounts equal to the loans.
In reality, the CDs, allegedly held by People's National Bank, had no value.
Lonzinski and Conarton used the fraudulent loan proceeds to finance Lonzinski's construction business, which, according to a report in The Credit Union Times, also had been hired by Broome County Teachers FCU to do renovation work at the branch.
Portions of those loan proceeds also were used to purchase vehicles for Lonzinski's business, purchase and remodel Lonzinski's primary residence and buy personal automobiles and pay other business and personal expenses, court records claim.
The National Credit Union Administration discovered the scheme during a routine examination and immediately assumed responsibility for the credit union's day-to-day operations. Later, BCT's assets were sold to Visions Federal Credit Union.
During the investigation, authorities seized more than $5 million in cash and property, which will be used to make partial restitution. Lonzinski and Conarton both face maximum sentences of 30 years and fines of $1 million. Lonzinski's sentencing is scheduled for Dec. 19; Conarton is expected to be sentenced Dec. 20.
No members or clients of BCT lost any money as a result of the institution's liquidation, according to federal investigators.
How BCT Was Duped
David Navetta, an IT security and privacy lawyer and founder of the law firm Information Law Group, says Lonzinski's personal relationship with the credit union apparently got in the way of better judgment on the part of the institution's management.
"Perhaps the personal, direct relationship created a higher level of trust," he speculates.
But what's more striking, Navetta says, is that the mother apparently also had inside knowledge about banking, which she used to fuel the scheme.
According to a statement provided by U.S. Attorney Richard Hartunian to the The Scranton Times Tribune, Conarton had worked in the banking industry for 10 years and used her inside knowledge of the loan process to perpetrate the fraud.
Navetta says that inside knowledge was critical. "This woman probably knew exactly which documents the CU needed to see, how to present them, and how to make them seem authentic," Navetta says. "Finally, the fact that the money was provided in the form of 10 loans also likely delayed the discovery of the incident. As long as payments were being made on the loans, why would the institution become suspicious?"
But Peter Tapling, a financial fraud expert and president of Authentify, an online authentication company, says the credit union's management apparently failed to uphold standard practices, allowing the scheme to grow to a size that ultimately led to the institution's demise.
"Typically, small banks and CUs have a loan committee that physically meets to discuss loan approval, and they would discuss, at length, such large commitments," he says. "This was a management failure in loan approval and oversight."
More than 25 percent of BCT's assets were tied up in loans to Lonzinski's business, Tapling points out. Thus, it's not surprising federal regulators raised a red flag during their examination.
"I could understand the first loans going through without much additional scrutiny," he says. "But once loans to the parties reached a measurable proportion of assets, then credit union officials should have been doing more digging on the assets being pledged as collateral."