The invisible threat of financial crime lies inside the bank

It started with small cash bribes. In late 2022, a single employee at TD Bank decided to earn a bit extra by opening accounts in exchange for payment – a few hundred dollars here and there. Within months, he had opened more than 100 accounts, several of which later became vehicles for money laundering and fraud. The bank detected nothing. Only when US authorities launched an investigation did the irregularities come to light. For an entire year, the employee created accounts for criminals without being exposed.

Over the past decade, banks have invested heavily in preventing financial crime from external sources. They have hired specialists, implemented advanced monitoring systems and tightened controls around customers and transactions. Yet while attention has focused on external threats, another risk has moved closer: insider risk.

Insiders look like everyone else. They understand system weaknesses and know how to avoid attention. For banks, they often pose a greater challenge than a suspicious payment from abroad, because they do not trigger automatic alerts. Instead, the insider is a colleague standing by the coffee machine.

Insiders

Examples already exist in Sweden and Norway – and increasingly now in Denmark as well. In last week’s interview in Børsen with former money launderer Wael Diraoui, an uncomfortable truth emerged: criminals do not defeat banks by outsmarting systems from the outside. They do it by using people on the inside. Wael explained how insiders advised him on which transaction patterns went unnoticed and how payments could be structured to appear entirely ordinary. With that knowledge, he moved millions in criminal funds through the financial system without raising any suspicion.

Methods have grown more sophisticated. Criminals use social media to map employees, set up fake job interviews and test “random approaches” to identify individuals they can influence. As banks become better at detecting suspicious transactions, criminals find new ways in and attempt, among other things, to recruit bank employees with attractive offers of jobs on the side.

In a recent briefing, the Danish Financial Supervisory Authority stressed that Danish banks must take insider risk seriously. That challenges the basis of Danish working culture: a high level of trust and a reluctance to take an interest in colleagues’ private lives.

Vulnerable to pressure

Many find it intrusive to consider a colleague’s finances, relationships or potential addiction issues. Yet it is exactly those factors that can make someone vulnerable to pressure, bribery or manipulation.

That does not mean trust should give way to suspicion. It means trust needs to be nuanced. Professional trust today depends on transparency and proportionate security measures.

For banks, that requires systematic screening of employees. Not only at the point of hiring, but continuously when roles change, new authorities are granted or risk profiles shift. It requires responses to unusual behaviour, both technical and human: a colleague who never takes time off, logs in at odd hours, or whose financial profile suddenly no longer matches their income. It also requires a culture where it feels legitimate to talk about risk factors, and where employees in vulnerable situations in their lives receive support before problems escalate.

Protecting employees

Protection of employees who make difficult decisions and fight financial crime matters just as much. When a bank rejects a transaction or blocks a product, frustration often lands on frontline staff. In Sweden, banks now consider the use of aliases and centralised contact points, so employees can do their jobs without becoming personal targets. Such measures make sense and improve safety.

Managing insider risk does not mean treating employees as suspects. It means protecting both people and institutions. Trust in the Danish financial sector remains strong, and that makes protecting it even more critical. Modern financial crime does not only come from the outside. It can start at an ordinary desk in an open-plan office.

Banks therefore need robust control mechanisms around employees whose authorities can be abused – not least those working to combat financial crime. Trust and control are not in oppositions; they depend on each other. Applied wisely, they strengthen security and the working environment alike and make banks far less attractive to anyone seeking a way in from the inside. Preserving trust takes the courage to protect it.

Read the article in Børsen in Danish.