When fraud, credit risk and internal audit disagree, loss follows 

Fraud is not always obvious, but losses are. That is the problem. 

In auto lending, internal audit, credit risk and fraud teams are often looking at the same file and reaching different conclusions. Manipulated documents sit alongside real errors, and the question is not just what is wrong, but how it should be classified. 

Common questions to ask include: 

• Is it fraud? 
• Is it early payment default risk? 
• Is it a borrower who cannot repay? 
• Or is it a mistake that requires a self-identified finding and remediation? 

Fraud teams are focused on intent, while credit risk is focused on performance and repayment, and internal audit is focused on control gaps and whether the issue rises to a reportable finding. 

Each answer drives a different action, and when teams are not aligned, the portfolio absorbs the cost. 

Why this matters now 

Document-based signals have not historically been reliable inputs into credit risk models, but today, that is changing. 

Patterns in income misrepresentation, document manipulation and synthetic behavior are now measurable at scale. With AI interfaces readily available, as many as 1 in 5 paystubs are being classified as fraudulent.  

Which means something bigger: Credit risk models need to evolve. 

Model monitoring also needs to evolve, with a few things now necessary:  

1. Document-layer monitoring. Traditional model monitoring watches prediction scores and outcomes. You now need a separate signal layer watching the inputs themselves for authenticity signals before they ever reach your risk model. 
2. Outcome lag is more dangerous. Credit risk models are validated on default outcomes that take 12 to 24 months to materialize. Fraud-enabled defaults won’t show up as model degradation until it’s very expensive. 
3. Monitor the monitoring. You essentially need a meta-layer that asks: “Are the features I’m receiving trustworthy inputs at all?” That’s a fundamentally different question than “Has my model drifted?” 

The issue is not just around creditworthiness, but around data integrity and intent. This is because what looks like credit loss is often misclassified as fraud, and what looks like fraud is sometimes operational error.  

Without alignment, both get priced incorrectly. 

Where internal audit comes in 

Internal auditing is no longer just validating controls after the fact. It is becoming the function that connects fraud signals to credit outcomes. 

The question is not how to find fraud; it is how to classify it correctly, consistently and at scale. 

Misclassification in either direction drives measurable loss. Misclassifying fraud as error leaves bad actors in the portfolio and misclassifying error as fraud creates legal and customer risk. 

Audit leaders are asking sharper questions: 

• Are we classifying documents or just flagging anomalies? 
• Are defects driven by intent or process breakdown? 
• Do our findings hold up under regulatory scrutiny? 

Financial impact is already showing 

More than half of lenders estimate that 10% to 19% of loan losses are tied to documentation fraud, but not all losses are fraud. 

Some are misrepresentation, some are operational defects and some are credit risk that was never properly understood. 

The opportunity is not just loss prevention; it is accurate classification, which drives better underwriting, pricing and recovery. 

That is where ROI shows up. 

What leading lenders are doing differently 

1. Separating fraud from credit loss signals. Treat document misrepresentation as its own risk layer, not buried inside credit performance. 
2. Incorporating document integrity into risk models. Income, identity and document consistency are now predictive. They should influence underwriting and portfolio monitoring. 
3. Building audit trails, not just flags. Findings need to stand up to internal audit, regulators and potential recovery actions. 
4. Act on self-identified findings early. Especially as regulatory dynamics shift. 

The Consumer Financial Protection Bureau has signaled resource constraints while state regulators are increasing enforcement activity, creating a more fragmented but active oversight environment. 

Internal audit is no longer a back-end control; it is becoming a forward-looking risk function. 

Fraud or not fraud is no longer a debate. It is a data problem. And for the first time, the answer is measurable. 

Jessica Gonzalez is the vice president of customer success at Informed.IQ and has more than 15 years’ experience in the financial services industry, including tenures at Santander Consumer USA and Visa. 

Content sponsored by Informed.IQ