On June 26, the FBI arrested Gary Foster, a former accountant in Citigroup that allegedly embezzled more than $19.2 million. We don’t want to think that employees embezzle, but it happens. What caught my eye was not that an accountant might have embezzled, but the fact that it took a year before anyone noticed millions of dollars were missing. Not only that, but Foster was living an extremely extravagant life with 6 multi-million dollar homes, a Maserati GranTurismo, a BMW 550xi and a Ferrari on order. Not exactly what you would expect from someone making around $100,000 a year.

The situation is a little more absurd as Foster allegedly embezzled the money during the second half of 2010 and left Citigroup in January of 2011. The alleged embezzlement was only found in late June, about six month after Foster left Citigroup and was traveling the world. The FBI caught Foster in Kennedy airport as he arrived on a flight from Bangkok after a trip to Europe and Asia.

To read more about the Citigroup embezzlement go to the New York Times.

Naturally I got curious. A bank that was in the center of the financial crisis less than two years ago; A bank that has been forced to improve its security measures specifically against internal fraud; One of the largest banks in the United States; Such a bank takes a year to notice $19 million are missing. Yes, it’s a huge bank, but I would have expected such an institution to employ the best security measures.

The answer is painfully obvious – Citigroup was not doing a good job of monitoring insiders. As I kept reading about it turned out that this is the situation in most banks. Earlier this year, 4 banks including Bank of America and Wachovia had account and personal information of 676,000 people stolen. Orazio Lembo has allegedly bought this information from bank employees and later sold it. 10 people were arrested including Lembo and 7 bank employees.

Police statement said that “Based on forensic examination of Lembo’s computers, it was determined that he had employed upper-level bank employees to access and identify individual accounts in their respective banks. That information was then sold to his clients, which included more than 40 law firms and collection agencies.”

The amazing part is that this security breach which may be the biggest in the banking industry, has been going on for 4 years. We expect bank employees to be monitored, but they are clearly not monitored effectively.

To read more about this breach go to CNN.