Four Banks, Four Failures: Internal Controls for Fraud Prevention

Fraud has already claimed two banks, and 2025 is far from over. The January collapse of Chicago's Pulaski Savings Bank, followed by June's failure of The Santa Anna National Bank in Texas, marks a disturbing acceleration in fraud-related bank failures. 

These financial institutions (FIs) are part of an alarming pattern that has seen four banks fail due to inadequate internal controls for banks in just four years. Each failure was preventable, each more costly than necessary, and each shared control weaknesses that many community banks would recognize in their own operations. 

Now is the time for FIs to be on high alert and strengthen their internal controls to prevent similar fraud-related incidents from happening at their institutions. Building a strong foundation and maintaining continuous monitoring can mean the difference between a thriving institution and one on the brink of failure.

Related: Worried About Fraud Risk? 3 Key Issues When Updating Fraud Risk Assessments

Patterns in internal controls for banks

What makes these recent bank failures particularly alarming — and relevant to community FIs nationwide — is that every bank had assets under $150 million. Each FI had its own specific vulnerabilities, but all shared critical weaknesses that made them prime fraud targets. Common issues included less sophisticated internal controls for banks, limited staff for proper checks and balances, weak fraud prevention resources, and dangerously concentrated executive power that could override controls for fraud prevention.

Also, three of these banks are located in communities with populations of less than 3,000 people, which amplifies the broader implications beyond immediate financial losses. The FDIC's 2020 Community Banking Study suggests that the loss of a community bank represents more than just the loss of a financial service provider — it's the loss of an institution that understands and is committed to local economic conditions, potentially accelerating economic decline in already vulnerable communities. 

For small communities, community banks serve as critical providers of relationship-based lending and local business financing that larger institutions often cannot replicate, making their failure particularly devastating to local economic stability. 

Related: Emerging Risks in the Securities Industry 2025

Pulaski Savings Bank

On January 17, 2025, Pulaski Savings Bank was closed by the Illinois Department of Financial and Professional Regulation. The Chicago-based bank had deposit liabilities of at least $20.7 million, which were not recorded in the bank’s core system. These unrecorded deposits (discovered by a third-party contractor) had no matching assets, depleting the bank’s equity and rendering it critically undercapitalized. While no fraud or criminal charges have been made, the Office of Inspector General (OIG) has emphasized the impact of operational risks, especially on smaller banks. 

The loss to the FDIC’s Deposit Insurance Fund (DIF) was $28 million, or 62% of Pulaski’s total assets. After suspecting fraud, the agency launched an in-depth review, discovering significant unresolved discrepancies in suspense accounts. 

Control failure 

The bank’s poor manual processes and lack of documentation were a significant factor in its demise. Between 2017 and 2023, regulators noted many issues — downgraded CAMELS ratings, poor management oversight, ineffective board governance, risk exposure, and poor earnings, to name a few — but the bank failed to take corrective actions. 

The Santa Anna National Bank

After 92 years, the Office of the Comptroller of the Currency (OCC) closed The Santa Anna National Bank. The bureau acted after the bank’s “unsafe or unsound practices” caused assets to fall dramatically. The FDIC also noted that suspected fraud contributed to the bank’s failure. 

The estimated loss to the FDIC’s DIF is $23.7 million, with an additional $2.8 million in deposits exceeding FDIC insurance limits. 

Control failure 

While the specifics of Santa Anna’s practices have not been identified, unsafe and unsound practices are often attributed to weak internal controls, poor risk management, poorly managed lending, and insider misconduct. Without a strong risk management program, FIs can fall victim to a range of risks — both internal and external. 

Heartland Tri-State Bank

In 2023, the Kansas Office of the State Bank Commissioner closed Heartland Tri-State Bank when its CEO initiated $47.1 million in wire transfers as part of a cryptocurrency scam. Pushed by leadership, bank employees bypassed internal controls and processed the transfers. 

Control failure 

Bank leadership overrode established controls — a stark reminder that checks and balances must apply to every role, no matter the position or community standing.

First National Bank of Lindsay

In October 2024, the OCC shut down the First National Bank of Lindsay. Despite appearing financially healthy months earlier, gaps developed in their controls for fraud prevention, including “false and deceptive bank records.” The bureau also found that the FI was engaging in unsafe or unsound business practices, and its assets were less than its obligations to creditors and others. 

The failure is estimated to cost the FDIC $43 million. 

Control failure 

The bank’s breakdown suggests severe issues with internal controls, especially over financial reporting, recordkeeping, and cash/asset oversight. The case is yet another example of how poor internal controls can snowball and impact an institution and its customers. 

Related: Financial Services Enforcement Action Tracker | Ncontracts

Why do small FIs need stronger controls for fraud prevention?

Community FIs face unique operational realities that require thoughtful approaches to internal controls for banks:

• Streamlined decision-making: Smaller FIs often have fewer decision-makers, which can create efficiency but also requires careful attention to checks and balances within fraud prevention systems.
• Resource optimization: Community FIs typically operate with focused budgets and team members that wear multiple hats, making it essential to choose fraud prevention solutions that deliver maximum effectiveness for the investment.
• Process evolution: Many FIs still use manual processes for risk management and approvals. Modern automated controls for fraud prevention offer significant advantages in accuracy and efficiency.
• Relationship-centered operations: The personal relationships that strengthen community banking also require balanced fraud prevention approaches that maintain trust while ensuring appropriate oversight.
• Staff versatility: In smaller teams, employees often juggle multiple responsibilities, making it important to design internal controls for banks that support proper task separation while accommodating operational flexibility.

Related: The Life of A Strategic Risk Manager: The problem of manual processes

What is the value of strong internal controls?

Establishing strong controls for fraud prevention is an investment that requires evaluating the costs against the benefits. 

Based on the four recent fraud-related failures,costs averaged $37.5 million per incident (calculated from FDIC loss estimates ranging from $23.7 million to $54 million). Comprehensive controls for fraud prevention typically cost between $200,000 and $650,000 annually — representing less than 2% of potential failure costs.

Beyond financial protection, enhanced internal controls for banks provide additional benefits:

• Improved operational efficiency through automation
• Better regulatory examination outcomes
• Enhanced reputation and community trust
• Stronger competitive positioning
• Reduced insurance and compliance costs

How can I evaluate my FI's controls for fraud prevention?

Consider these questions when assessing your institution's current internal controls: 

1. How quickly can we detect unusual transaction patterns? Modern fraud prevention systems can identify issues within hours rather than weeks or months.
2. Do our approval processes work effectively for all transaction types? Strong controls for fraud prevention should handle routine and unusual situations consistently.
3. Can we easily demonstrate our control effectiveness to examiners? Well-designed internal controls for banks provide clear audit trails and documentation.
4. Are our reconciliation processes catching discrepancies promptly? Effective fraud prevention identifies variances quickly for investigation and resolution.
5. Do all staff members understand their role in maintaining controls? Successful internal controls for banks require organization-wide engagement and understanding.
6. How do we stay current with evolving fraud tactics? Ongoing education and system updates keep controls for fraud prevention effective against new threats.

Related Podcast: Compliance is a Team Effort 

How can I strengthen my FI's internal controls?

The recent bank failures are a wake-up call for FIs, but the good news is that making improvements doesn’t have to be overwhelming. An organized, systematic approach that integrates with existing operations is key.

Phase 1: Foundation assessment

• Upgrade your technology foundation: Implement automated transaction monitoring integrated with your core banking system. You’ll be able to flag unusual activity in real time, learning normal patterns to catch potential fraud in hours rather than weeks.
• Enforce system-based approval workflows: Configure your system to require dual approvals for high-risk transactions, preventing bypassing of controls.
• Automate reconciliations: Use digital tools to quickly identify discrepancies, flagging variances for investigation rather than waiting for month-end reviews.
• Review existing controls: Identify high-risk areas where technology improvements will have the greatest impact. Focus your initial efforts on vulnerabilities that could lead to significant losses.
  

Phase 2: Operational strengthening

• Design natural checkpoints: Separate transaction initiation, approval, and execution (even if your staff is limited) and leverage technology to enforce separate roles.
• Implement systematic exception reporting: Generate automated reports on unusual activity, failed logins, after-hours access, or reconciliation anomalies, and review and document investigations regularly.
• Test controls with real scenarios: Periodically run transactions through new processes to uncover gaps that theoretical reviews may miss.
• Document and train: Ensure all enhanced controls are recorded and staff are trained on new procedures, reinforcing accountability and consistency.
  

Phase 3: Cultural integration and continuous improvement

• Encourage staff reporting: Provide multiple, simple channels — one-on-ones, surveys, or suggestion boxes — for raising concerns.
• Ongoing fraud awareness training: Conduct brief, practical sessions on emerging tactics relevant to your operations.
• Lead from the top down: Management adherence to procedures reinforces a culture where controls are applied consistently.
• Establish evaluation cycles: Regularly review controls, track performance metrics, and solicit frontline feedback to identify practical improvements.
  

Related: Policy Management Best Practices for Financial Institutions

The financial services industry continues to evolve, and institutions that proactively strengthen their fraud prevention capabilities position themselves for long-term success. Rather than viewing recent cases as cautionary tales, forward-thinking FIs can use these lessons as stepping stones toward more secure, efficient, and competitive operations.

By strengthening internal controls, investing in fraud prevention technology, and building a culture of accountability, community FIs can protect themselves while continuing to serve their communities with confidence.

Is your FI ready for your next exam? Learn how to communicate your risk story to regulators with our free checklist.