What We CoverOur ApproachClient StoriesInsightsAboutSchedule a Consultation
All insights

S$1.73 million from the vault: what the Singapore bank manager case means for commercial crime insurance

A former bank branch manager in Singapore is to be charged after allegedly taking S$1.73 million from her employer's vault over 16 months, falsifying records 206 times to conceal it. The case illustrates exactly what commercial crime insurance is built for.

A 65-year-old former bank branch manager is to be charged in Singapore after allegedly taking S$1,729,000 from her employer's vault between May 2021 and August 2022. According to the Singapore Police Force, she allegedly used the funds to repay loans and to fund gambling activities. To conceal what she had done, she falsified the branch's cash book records on at least 206 separate occasions over 16 months.

The case is notable for what it illustrates about how internal fraud actually works. The branch manager had legitimate access to the vault. Her role included handling cash. She was not breaking in. She was authorised to be there. And she covered her tracks by falsifying the records that would ordinarily detect a discrepancy.

This is the pattern at the centre of commercial crime insurance, and it is far more common than the dramatic fraud cases that attract headlines.

Why trusted access is the core risk

Most business owners, when they think about theft, picture an external threat. A burglar. A hacker. Someone from outside who should not be there.

Commercial crime, in practice, looks nothing like that. The losses that commercial crime insurance is designed to address come from people who are already inside, who have legitimate authority over money, inventory, or records, and who use that authority dishonestly.

The branch manager in this case allegedly had access to the vault because her role required it. The 206 falsifications of the cash book were possible because she had the authority to maintain those records. Neither the access nor the recording function was inappropriate. What was inappropriate was how she used both.

This pattern, trusted access combined with the ability to falsify or manipulate records, is the structural condition under which most significant internal fraud occurs. It is also why internal fraud is often undetected for months or years. The same authority that enables the fraud is the authority that would ordinarily catch it.

What commercial crime insurance covers

Commercial crime insurance covers financial losses a business suffers as a direct result of dishonest acts by its own employees. The emphasis is on dishonesty: the employee knew what they were doing was wrong and did it deliberately.

The main categories of cover in a well-structured commercial crime policy are as follows.

Employee theft of money or property. Direct financial loss from the theft of cash, securities, or other assets by an employee acting alone or in collusion with others. The bank vault case is a direct illustration of this: the branch manager allegedly took physical cash from the vault repeatedly over 16 months.

Falsification and forgery. Losses arising from the falsification of accounts or the forgery of financial documents. In the bank vault case, the alleged falsification of the cash book on 206 occasions is the mechanism by which the fraud was concealed. A commercial crime policy responds to losses that are caused or facilitated by this kind of document manipulation.

Computer fraud. Financial loss from the fraudulent use of a company's own computer systems by an employee, including the manipulation of payroll records, accounting entries, or payment instructions.

Funds transfer fraud. Loss from fraudulent payment instructions originated by an employee.

Theft of client assets. Where a business holds funds or property on behalf of clients, and an employee misappropriates those assets. Particularly relevant for professional services firms, property managers, and financial services businesses.

The detection lag problem

The bank vault case allegedly ran from May 2021 to August 2022, a period of approximately 16 months. The MDR Limited case, covered in our earlier post on Commercial Crime Insurance in Singapore, ran for 13 months before it came to light. The Chia Teck Leng case, still the most significant commercial fraud in Singapore's history, ran for four years before discovery.

The detection lag is not a coincidence. It is a feature of how trusted-insider fraud is structured. The perpetrator understands the controls that exist to detect what they are doing. They know which transaction sizes attract scrutiny, which reconciliation processes are run monthly versus annually, which approvals are rubber-stamped, and which records are rarely checked. The fraud is structured to stay within the boundaries that would trigger a review.

For businesses, the detection lag has a direct insurance implication. Commercial crime policies are typically written on a discovery basis: the loss must be discovered during the policy period, regardless of when the fraud actually occurred. A fraud that ran for three years and is discovered after a policy lapses may not be covered. The run-off and discovery provisions of a commercial crime policy are worth understanding before a claim is ever needed.

The collusion dimension

The bank vault case involves an alleged second party: a 36-year-old woman who allegedly received the majority of the misappropriated funds and used them to gamble at local casinos and on illegal remote gambling platforms. The police allege she cashed in S$1,521,509 at local casinos and transferred S$790,106 to various third-party accounts for remote gambling purposes.

Collusion, where an employee acts in concert with an external party, is a recognised pattern in commercial crime. The external party provides a channel through which the proceeds are converted or transferred in ways that are harder to trace. A commercial crime policy that covers employee theft typically extends to losses caused by employees acting in collusion with external parties, but the specific wording varies. Whether the policy covers losses where the primary dishonest act was by the employee and the external party was a recipient of the proceeds is a point worth confirming in the policy wording before a claim arises.

What this case means for employers

The branch manager in this case worked in a bank, an institution with comparatively rigorous financial controls. The fraud allegedly ran for 16 months and involved 206 falsified records before it was detected.

For a small or medium-sized business, the controls that would catch this kind of fraud earlier are often thinner. There may not be independent reconciliation of cash records. The person responsible for maintaining records may also be the person authorised to approve transactions. A trusted long-serving employee may receive less scrutiny than a newer staff member.

None of this is unusual. It is simply how smaller businesses operate. But it means that the structural conditions for trusted-insider fraud, legitimate access combined with the ability to manipulate records, are frequently present without the business being aware of them.

Commercial crime insurance does not prevent fraud. What it does is ensure that when fraud occurs, the financial loss does not have to be absorbed entirely by the business. The legal costs of investigating the fraud, the costs of forensic accounting, and the loss itself are within scope of a well-structured policy.

For businesses that also face the risk of being deceived by external parties rather than defrauded by their own staff, social engineering fraud (SEF) cover addresses a different but related exposure. We covered the distinction in detail in our post on Commercial Crime vs SEF vs Cyber Insurance.

You can read more about our commercial crime cover on the products page. If you would like to understand whether your current commercial crime policy would respond to the types of loss described here, we would be glad to work through it with you.

This article provides general information only. It is not insurance advice. Policy availability, terms, conditions, and exclusions vary by insurer and product, and cover is subject to the full policy wording. Please contact TZY CO for advice on your specific situation.

Wondering how this applies to your business?

Schedule a Consultationor message us on WhatsApp →
Back to all insights