PRP aie A IN THIS ISSUE Cite fraud options, | Sorry, this fraud has been | ACH and wire aa coir iiel disconnected, p: Peet eee LaePrepare to Pass the CFE Exam Designed with the busy anti-fraud professional in mind, the CFE Exam Prep Course® software gives you flexibility to prepare for the CFE Exam on your schedule. Including study questions and practice exams, the CFE Exam Prep Course will help you prepare to pass the rigorous CFE Exam. SACFE WT a me Or ees Ly — a + 1,500 study questions provide sample exam questions with explanations of the correct answers * Timed practice exams simulate the CFE Exam environment + Read more about topics on which you need additional review with the included PDF “A version of the Fraud Examiners Manual + Money-Back Pass Guarantee — Prepare for the CFE Exam with confidence knowing the CFE Exam Prep Course is backed by ou Money-Back Pass Guarantee ACFE.com/Prep| FROM THE PRESIDENT AND CEO Listen and learn begin our careers with optimistic plans. But as you move from position to position, you might find that sue- «cess is eluding you. Maybe its time to reevaluate and lean from a master fraud fighter. Steve Albrecht, the author ofthe cover article, isan academic who has spent as much time in business offices as classrooms. He’ consulted with numerous organizations, including Fortune 500 companies, major finan. cial institutions, the United Nations and FBI, among many others. Until july 2008, he was the as- sociate dean ofthe Marriott School at Brigham Young University (BYU). ‘And before that he was director of the BYU School of Accountancy. Steves research in fraud and accounting is renowned. When this association was in its gestation pe- riod, Dr Joseph T. Wels, CFE, CPA, founder and Chairman ofthe ACFE, approached Steve for his counsel Steves professional DNA is woven into the fraud body of knowledge: the Fraud Esaminer’s Manual, the Cert fied Fraud Examiner credential, plus our seminars and conferences. normally dont extol! the high points of a persons résumé, bat im em- phasiaing that you should listen to this man, He knows what he’ talking about. “Praud fighting isan exciting career” Steve writs in the cover ar- ticle, “However, not al fraud-fghting professionals are equally successful Whether you work for a company, are an independent consultant, an ‘expert witness or perform other fraud-fighting and forensic account ing work, here are seven of the most critical things you can do to further Your career and success” la By James D. Ratley, CFE Here are Steve's lessons: You must make a business case for ‘your services You must help others understand that there are no small frauds; just large frauds that are caught early + Ifyou want to build a successful fraud-fighting business, you have to make yourself visible and build a 00d reputation. + Always deliver high-value and helpful product to your client. + You must understand business concepts to become an effective fraud fighter. You must always perform high: quality work that has higher value than your competitors. + Bea good listener. like all of Steve's points, but that last one is probably the most im- portant lesson. “Asa fraud-fighting professional, you're always work- ing for someone else — perhaps an ‘employer, a law firm or a large corpo- ration,” he writes. “You must listen carefully to understand expected ‘outcomes and what they expect you to do — don't assume anything Don't just hear the words but under stand and connect” Listen to this man. And learn, FM James D. Ratley, CFE, President and CEO of the Association of Certified Fraud Examiners, can be reached at jratley@ACFE.com. EM Read more Fraud Magazine content ‘online at Fraud-Magazino.com. FRAUD-MAGAZINE.COM Publisher John Gil, J.D, FE Editor in chief Dick Carozza, CFE ‘Assistant Editor Emily Primeau Contributing Editor Cora Bullock Contributing Edltor Rober Tie, CFE, CFP ‘Art Director Helen Eliot, CFE Circulation Manager Aimee Jost, CFE Legal Editor Mark Scot, J.0., CFE Editorial Advisory Committee ‘nathan €,taey CFE, Cl chs Lary Ada, ECA cA Cis, COA, CaP ECP: Emmancel, 2 sippiah, MBB, CPA. Cre: Joma Boron, (ba Cre, Cem, COMA: chord Brody, PhD, CF, {Pin Cao, Phd, CFE, CAS; inda Chase, Fx, CFE Franlin Davenpor, CFE; Dave). Ge ‘ert, CFE; Craig tion Pb «CFE. CPa: lon Fecher, CFE, Cl Petar D. Goldmann, CFE Allon F Greggo, Cr, CPP, Robert Hotiater Ph.D. CE, Peter Hughes, Ph. MBA, CFE, CIA, CPA Chel yer CFE Ca, CVA: Raber Ka, CF, (CPi; Thomas Cheney Lamon, CFE Cit Pip C (ee CFE, Ca, Foy Lary Ma, CFE, Cis, PMP, CSS. CSTE; Jy 8. Pappas, CFE: Michael Pearson OB. CFE, CP CMA: Morn Paterson, GFE Lara rato, CEE, Rob E Sa, nD. EdveatorAevocate Karen Foren: Tuner 20142018 Board of Ragonte “sep Ages, CFE Richard 6. Brody, Ph. CFE, CPA. Bruce Dai, 1D. CFE, CVA, CPA Bruce De ‘aig, MS, CFE, CPA ames Rae, CF, Aton Stamatis CFE, CP, CF loka Wiaron 10, C7 Gerad ac CFE CPA, CB Fraud Mecacne ISN 185546) publohed Eon by the Associaton of Catia rad Exim inere 716 West Avene, Aun TR70700-2727, USA (©2015 Al ihe served, Periodical Postage Pod at Pati TX 78704 are oon ming cs Postmaster — Please send ales changes to: Fraud Magazine ® APE Gib Headqunters Tie West Avenue © Rar, RTB7ON 2727, USA (aoc) aus act» 21 @reiave 9000 Foc 21 (612)4769097 Subscriptions CFE member: annual menbenip des inde $85 for» rogue orejearsubacpton” S15 for an Siecronie amber nubactiption, ara $1 fer stadont, Sniretved mame subseptonsNan-member Sab ‘Shipton rats oe S65 in be U5. $77 ould oS, Nemberstip fornaon can be csined by vising ACFE com or by cling 00) 2452921, 07 61 (TE 447890 Change fades noes and utsrpons ‘Soul be Seced tn ruc Magee Alogh Freed Mageche may be quted wih proper anti, ne porton sf thizpabestion my be Feprosiced wart, {nrten prrmaen tas been abtaned fom the odor, ‘Tha view expesied in Fraud Magan av those of the autre and might not rfc the efi! polos tthe Rsocation of Coned Fraud Examnare The Stars asune no espesbty fo asaicted mana Seipts bt wil conse al eubrisiore. Conibuton ‘udines we ovlable et Fraud Magaine com, Fatd Nagase sa double-blind pearevewed publeston % re pede lcm rp cb Magasin coir er ea repenesfravs Magazine com Advertsing Coordinator ‘Trav Kol» (0) 285 221 helasACFE com JANUARY/FEBRUARY 2018 FRAUD MAGAZINE 3[CONTENTS | Volume 30, No, 1, January/February 2015 19 25 30 36 41 FEATURED ARTICLES C-suite fraud options: commit it, permit it or fight it How CFEs can help keep execs on the straight and narrow, part 2 of 2 By Robert Ti, CEE, CEP ‘To llutrate C-suite nonfeasance this article cites recent examples from the realestate sector As the biggest cog in Ameriss economic machinery. it generates 13 percent of US GDP. Pethaps unsurprisingly, money laundering inthe eal estate industry (MLRE) is vast and, some say, under-regulated. Here's a discussion of how CFEs can help its leaders — and those in all industries — actively fight fraud, Sorry, this fraud has been disconnected, part 1 $1.5 million fraud at a telecommunications company ‘By Merle Bloch, LD. CFE, OCEP-F Dan Jackson was tving the good ie: well paying job, beaut wie kids in pvate schoo, expensive clothes Rolex watches, However, the fagade hid a man who defrauded hiscompany of $1.5 mln, In pat 1 ofthis two-pare,weleatn Danis background and his collision with ke a sleazy external consultant. Finishing well by starting well 7 keys to an effective fraud-fighting career 2 W. Steve Albrecht, Ph.D, CE, CPA A pillar in the fraud examination profession provides tips, which an help ensure that at the end of along career youll know you did your best infighting fraud, Tangled wires ‘ACH and wire-transfer fraud ‘By Stephanie Davis, CFE: and Jack Armitage, Ph.D., CFE, CPA Automated Clearing House and wire transfers are increasing but soi fraud in these trans actions. Alla fraudster needs isan account number and a bank-routing number. Here are ‘ways to prevent and fight these lucrative crimes. Turning on a dime Refocusing your fraud examination as unexpected twists arise By James. Pet, PAD, CFE; and Kenneth. Wilon, CFE, SAR ‘When a cae takes an unanticipated tur, these fraud examiners regroup and refocus thels examination to discover evidence that eventually helped obtain a felony conviction on corrupt city official. 4 FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE.COMFrom the President & CEO Listen and learn By James D. Ratley, CFE Fraud in the News. ACFE Cookbook .. Don't sell the short sellers short By Gerry Zack, CFE, CPA, CIA Case in Point Tearing the veil on the classic ‘pump and dump’ By Nick Savona, CEE, CFCS oo 16 Stop insider fraud with improved policies, advanced data analytics By Jim Oakes, CFE, CFCT isn't just for academics By Jeremy Clopton, CFE, CPA; Les E.Heitger, Ph.D, Educator Associate; and Lanny Morrow, BCE Recognizing human trafficking red flags can save lives By Tim Harvey, CHE, JP Starting Out. Unele Sam wants you (for 2 fraud examiner job) 3 4g By Colin May, CEE is Taking Back the ID Beware of these recent MoneyPak scams By Robert E.Holifreter, Ph.D, CPE, CICA, CBA Fraud Spotlight. If you can’t trust a probation officer, whom can you trust? - By M. George Durler, Ph.D. Educator ‘Associate; and Jing Xu 62 Research Findings. The social side of frau Collusion and culture By Pamela R. Murphy, PhD.» CRE, CPA (Minos) and Cliston Free, PhD. V'ma CFE. Urs Steiner, CFE By Emily Primeaux CPE Quiz... FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2018 FRAUD MAGAZINE 5FRAUD in the news Read more news at Fraud-Magazine.com Stolen identities lead to stolen tax refunds ‘According to a Now. 18 press release from the FB! and US. Attorneys Office, 17 individuals were ar- rested for their involvement ina stolen identity ta fraud scheme that utilized students’ financial ser- vices accounts. See “Sev- enteen Charged Today in Connection with Stolen Identity Tax Refund Froud Scheme Involving Student Financial Services Accounts,” at hitp:/Ainyurl com/myjwmngu) ‘According tothe release, the investigation uncovered a tax refund fraud scheme that accessed more than 1000 student accounts at Miami Dade College, victimized 644 and resulted in an aggregate intended loss amount of $1.9 million, Twenty-one wore charged, and four remain at large. ‘As alleged in the indictments, the defendants used the students’ stolen identities so they or their co- conspirators could submit fraudulent ‘tax returns to the IRS “Students attend college to give themselves a better chance for a successful future,” says Kelly R. Jackson, special agent in charge, IRS Criminal Investigation, in the release. “These students, however, are accused of federal crimes that could land them in prison and tar- nish their records forever” ONLINE CONTENT Read more about identity thet tax refund fraud inthe 2014 Fraud Moge- ine feature articles fom March/April (https tinyur.com/phet9go) and May! June thtp/Iinyureom/nbiBke), A strange case of credit card fraud According to an Oct. 27 Consumer Affairs article by Jennifer Abel, chip- based credit cards might be more secure than magnetic-strip cards, but determined thieves could still find ways to commit fraud. (See “ ‘Replay’ lets fraudsters disguise fake credit card charges as legitimate chip-card transactions,’ http://tinyurl.com/n7a856v.) “[Chip-based] cards also tend to require a personal identification number (PIN) at point of sale” says Abel. “These features do not make it impossible for hackers to steal money from accounts, but they are supposed to make thieves lives more difficult by making it harder for them to actually use any account numbers they manage to steal” Yet thieves are finding ways around this new system, According to the article, a strange case of credit card fraud out of Brazil has American banks and credit-card companies arguing over who's responsible for cating the cost. 66 [At least three unnamed U.S. financial institutions have] reported receiving tens of thousands of dollars in fraud- ulent credit and debit card transactions coming from Brazil and hitting card accounts stolen in recent retail heists. 9 ¥ BRIAN KREBS As first reported by security blogger Brian Krebs (a keynote speak- er at the 26th Annual ACFE Global Fraud Conference, June 14-19, 2015, in Baltimore, FraudConference.com), a least three unnamed US. financial institutions have “reported receiving tens of thousands of dollars in fraud- ulent credit and debit card transactions coming from Brazil and hitting card accounts stolen in recent retail heists” According to Krebs, as quoted in the article, the unauthorized charges were submitted through Visa and MasterCard’s networks as chip-enabled transactions, even though the banks haven't even begun sending customers chip-enabled cards. However, the question still remains: Who pays for these fraudulent transactions? FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE.COMTake a closer look at the name on your junk mail Mabel Seyfried of Lynn Township, Pennsylvania, was left feeling helpless after discovering that she might have been a victim of identity theft. It started when one of her banks. called to ask if she had bought aitlne tickets with her credit card in Spain. She hadn't, and the purchase was fraudulent. Around mid-June, she started to receive junk mail addressed to “Noris Ricketts or current resident” that welcomed him to his new home. After more coupons and special offers arrived in her mailbox addressed to Ricketts, she decided to contact the local postmaster and file a report with state police, ‘According to the Sept. 3 article, “Strange mail has woman oon edge,” by Paul Muschick in The Morning Call, junk mail sent to a strange name at your address could be a sign of identity theft,"Clever crooks know how to set up accounts ‘0 bills are delivered electronically,” writes Muschick. Ac- cording to the article, you also should be on the alert if you notice important pieces of mail, such as credit card bills, aren't being delivered. That could mean an identity thief has, hijacked your accounts and changed the address so you won't immediately get the bills with the unauthorized charges. “How do you stop someone from using your address ‘fraudulently? Criminals always know how to work the sys- ‘tem, and their victims can't always protect themselves," says Seyfried. "People just need to be aware ths is something they shouldn't just shrug of. Its just part of the larger pic- ture.” (Read the entire story at http://tinyurl.com/ndfqbta.) Advertisers versus the fake-impressions business “Originating with search ads, and make ing its way to display, ad fraud has ma- tured and bled its way into the highly lucrative online video ad landscape — and for good reason,” writes Tod Sacerdoti in his Nov. 20 AdAge article, “How to Fight Taff Fraud in Online Video Advertsing” According to the article, traf- fic fraud costs marketers billions of dollars in wasted ad expenditures an- rnually. Since the emergence of the pay- perclck model in the ate 1990s, traffic {roud has created expensive probleme for advertisers, agencies, intermediaries and publishers. "Originally freudsters hired actual humans to click on search and display ‘ads (remember click farms?), but it was expensive to seale so they began build- ing scripts that simulated humans clicking fon ads," writes Sacerdoti. “Today, the fake-impressions business has grown ‘more sophisticated, with hidden and laundered impressions being sold to un- suspecting advertisers through a number of sophisticated technologies.” The AdAge article covers six steps that advertisers and agencies can take to fight fraud including reviewing the URLs your ads run on and using accredited, third-party veritication services to validate that campaigns are being delivered to humans. (See http://tinyurl.comvI7 3heye) FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2015 FRAUD MAGAZINE 7[ ACFE COOKBOOK | Exlaining the many recipes for financial statement fraud Don't sell the short sellers short ay what you will about short sellers, but they've played an interesting role over the years when it comes to uncovering financial statement fraud, And if recent news is any indication, this role appears to be expanding and becoming more contro- versial than ever. For the uninitiated, a short seller makes money by identifying stocks he or she thinks are overvalued and then betting thatthe stocks’ prices will fall ‘once the market catches on. A short seller accomplishes this by borrowing shares ofa stock from an investor- lender and quickly selling them at their current, inflated price. Later, when the stock’s price goes down, the short seller purchases the stock and returns it to the lender, which closed the seller’s “short” position, “The term “naked shorting” has nothing to do with a shor seller’ life- style but refers to the illegal practice of selling shares without having properly secured the borrowed shares first. So, short sellers make their money by hoping a stock’s price falls. Tradi- tionally, short sellers targeted com- panies that they felt were overvalued for reasons having little to do with, fraud — some weakness in a.com: pany’s strategy, emerging competition for some other factor that the short seller picked up before anyone else did, But in recent years, the number of instances in which a short seller has claimed that a stock was overvalued because of financial statement fraud has risen quite noticeably. ‘A short seller claiming that a company’s financial statements are fraudulent is nothing new. In 2001, tone short seller had a heated exchange with Enron CEO Kenneth Lay during a conference call with company officers over the accounting positions taken in Enron's financial statements, accord- ing to “Activist Short Sellers: Market Manipulators or Market Protectors?” by Joanna Lee, Review of Banking & Finan- cial Law, Volume 32, page 274. Lay accused the short seller of de- liberately trying to drive Enron stock price down, and that isa company’s underlying concern with information produced by short sellers. When some- cone has a vested interest in a stock’s price falling, how accurate do his or her assertions need to be? But we all know how it turned out in the Enron case — score one point forthe short sellers. ‘The question of whether “activ- ist” short sellers provide a valuable service to the markets isa controver- sial one that's beyond the scope of, this column, However, their increas- ing influence on the market can’t be questioned. Here we'll take a look at one recent case in which a short seller was correct in asserting financial statement fraud, as well as some other recent allegations of fraud made by these new, self-appointed watchdogs. Gowex, Gowex, gone “Let’s Gowex SA” was once a darling of Spain's MAB stock exchange. The Wi-Fi company was valued at €1.9 billion in the spring of 2014 and everything seemed to be going great. The com- pany's stock price had risen by a factor (of 10 in just 15 months — after report- ing a sevenfold increase in revenue in three years “The ACFE Cookbook” is devoted to examining recent cases and news involving alleged financial reporting fraud. Our focus is _lobal, ono matter where you are, if you see news of financial reporting fraud, weld like to hear about it for posible coverage. Send your links, news or informa- tion on public reports of alleged ‘fraud to gcack@bdo.com. — ed. ‘But this blissful period was short- lived, ater a short seller named Gotham City Research LLC issued a report on July 1,2014, which claimed Gowex was nothing but a big fraud. Within two days, the price of Gowex dropped 60 percent until trading was suspended ‘on July 3. Then on July 5, Gowex’s ‘CEO resigned and admitted that hed falsified the company’s financial state~ ‘ments. Shortly thereafter, Gowex filed for preliminary creditor protection asit claimed it faced “imminent” insolvency. On the surface, the Gowex fraud amounts to another revenue inflation scheme — the category that makes up more than half of all financial state- ment fraud. But the manner in which Gowex perpetrated the scheme — in- volving the creation of fake customers 8 FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD MAGAZINE. COM— and how Gotham City uncovered it, is interesting. ‘The former CEO admitted in court that he'd orchestrated the revenue inflation scheme since at east 2005. And he solicited the assistance of several people to help him do that. ‘The former CEO's maid claims that Gowex’s CFO escorted her toa notary and to several banks to sign docu- ‘ments that created a company, which purportedly purchased Gowex ser vices. The maid received €300 for her efforts. Another witness claims to have worked for Gowex for three months making photocopies and signing, ownership papers for 10 companies, A thied witness said he created two companies with the Gowex CFO as his partner. However, these companies never developed and were abandoned. Only after the Gowex scandal erupted, did the witness realize these two companies had been represented as customers of Gowex. Making matters worse — and likely «major reason that the fraud went un- detected as long as it did — Gowex’sau- ditor admitted to helping cover up the phony customer accounts. The auditors exact roe is still emerging in this case But when the independent relationship between auditor and aucitee is tainted and phony documentation is prepared to support fraudulent activity detection of financial statement fraud becomes significantly more difficult, ‘hat brings us to Gotham City Research — the short seller whose July 1 report triggered the CEO's confession just ive days later. Gotham analyzed Gowex for eight months using all the publicly available information they could find, according to the short- seller's founder. Gotham concluded that Gowex’s 2013 revenues were inflated bya factor of 10 based on its analysis cof Gowex’s reported €100 million in roaming charges compared to simi- lar revenue earned by competitors. Gotham decided the reported figures made no sense. And Gotham uncov- ‘ered several other red flags that led to its conclusion, such as: + The CEO's wife signed offon the company’ financial statements. + It found links between Gowex’s CFO and two of the company’s biggest customers (perhaps the same two companies that the third witness was referring to above). + An unusually low percentage of revenues was spent on the cost of the company's annual audit in compari- son with competitor companies. ‘Whether every claim of wrongdo- ing alleged in Gothams lengthy report is true or not, its clear thatthe overall assessment of Gower as a fraud was accurate How about other short sellers? Notall short sellers fraud accusations have resulted in quick confessions. In fact, some companies have fought back against short sellers. ‘On Sept. 10, Trinity Research published a 121-page report, which claimed that Chinese company 21Vi- anet Group Inc. (VNET) was a Ponzi scheme and a massive fraud and was “fabricating revenue.” Trinity said that VNET had “ghost offices” and subsidiaries that were nothing more than shell companies. ‘VINET held a Sept. 11 conference call with investors to try to quell con- cerns, but the stock tumbled. Hovev- er, by Sept. 14, doubts about Trinity's allegations emerged and VNET's stock price began to increase. On Sept. 15, By Gorry Zack, CFE, CPA, ca. NET, in a formal rebuttal to Trin- ity’s report, addressed each allegation, including a detailed explanation of the increase in the days sales outstanding in receivables ratio — a major aspect, of Trinity's allegation of phony rev- enue. Trinity responded with a second report on Sept. 17, which focused solely on an allegation of undisclosed insider relationships and transactions but didn't address VNET's response to the first report. “The bottom line on VNET is yet tobe determined. The stock price Making matters worse — and likely a major reason that the fraud went undetected as long as it did — Gowex’s auditor admitted to helping cover up the phony customer accounts. partially recovered from its low of less than $15 on Sept. 11 to more than $21 in early October before sliding back a bit amid news unrelated to the fraud allegations. For now, it appears that no- body else is alleging financial reporting fraud with VNET, but this saga prob- ably isnt finished yet. ‘Among short sellers, few areas famous as Muddy Waters Research. In 2011, Muddy Waters issued a report claiming that Sino-Forest, a Cana- dian company that engaged in forest plantation activities in China, was — “lke Madoft” — a “multibillion Ponzi scheme” made up of inflated forestry assets and a pattern of fraudulent fi nancial reporting that dated from 1995, ‘The company’s share price dropped by more than 80 percent despite its claims of innocence and its initiation of an independent investigation by an accounting firm. However, Canadian authorities began their own investiga- tions, and trading in Sino-Forest stock ‘was suspended. In 2012, Sino-Forest filed for bankruptcy. “The Sino-Forest case cemented ‘Muddy Waters reputation asa short seller to take seriously. Muddy Waters FRAUD-MAGAZINE COM JANUARY/FEBRUARY 2015 FRAUD MAGAZINE 9[ ACFE COOKBOOK | Exlaining the many recipes for financial statement fraud hhas gone on to issue “strong sell” reports on other companies but not always for fraud. However, in Octo- ber 2013 it did accuse NQ Mobile of reporting fictitious revenue (72 percent ofits China security revenue for 2012) and inflating its cash balances, among, other fraudulent acts. NQ Mobile's independent investigators reported that it verified all cash balances and all large cash transactions and didnt find fraud or misstatements in cash or in the reporting of revenue — although it did "uncover some weak business practices. But the damage had already been done. Ben the independent investigation’ report, which cleared the company of fraud, didnt significantly help NOs stock value recovery. Aggressive short sellers: useful service? ‘The era of activist short sellers is clearly ‘upon us in full force. While some of them are shrouded in anonymity and others have been accused of improper and potentially illegal investigative practices their activity is expanding, ‘And their business model of profiting froma decline in a company’s share price automaticaly raises suspicions. But they've established such sufficient credibility with the Gowexs and Sino- Forests ofthe world, thatthe business ‘world is taking them seriously. And as Gotham City pointed out in response to-concerns over the inherently biased nature of short sellers: Aren't CEOs and CFOs also biased when they pub- lish financial reports? ‘The public battles between short sellers and their targeted companies will likely only become even more heated; the fight between Tianhe ‘Chemicals and Anonymous Analytics is the latest to watch Sit back and take it all in, then reach your own conclusion about ‘whether the short-seller community is ‘Company er Frettious revenue Let's Gowex SA Gotham City Resoarch Quindell PLC Gotham City Research 2iVianet Group Trinity Research NO Mobile Sino Forest Muddy Waters Research TTertura Corp Citron Research Tianhe Chemicals Anonymous Anaytce Suspect” profits Fictitious revenue Muddy Waters Research Fictitious revenue; overstated cash Inflated assets: Ponzi scheme Inflated gross margins Inflated revenue; exaggerated tx payments A partial list of some recent financial statement fraud allegations made by short sellers to the finan- providing a useful ser cial markets or not. « FM Gerry Zack, CFE, CPA, CIA, is a man- aging director in the Global Forensics practice of BDO Consulting, at which he provides fraud risk advisory and investigation services. He’ a member of, the ACFE Board of Regents and is an ACFE faculty member. His email address is: gzack@bdo.com. References Gowex and Gotham City Research Gotham City Research at hip: /gothameityre searcheom, “Gower Ex-CEO Garcia Told Court He Faked Accounts Since 20057 by Rodrigo Orihuela and Macsrena Mun, Bloomberg, July 1 2014, tp! /tinyur com/en2qBs ‘Gowex Chief Orchestrated Sham by Hiding Lies in Plain Sight” by Greg Farrel Jesse Drucker and Rodrigo Orihuela, July 15,2014, bp inyur.comiotahwgh, “Gowex Boss Paid Maid $405 to Hide His $26 Billion Fraud by Rodrigo Orihuela, loony berg July 2, 2014, hp tinyurl coma nt27vb “Private company swoops down on corpo: rate crimey by Andrew Langen, The Miami Hurricane, Sept 14,2014, htp:/tinyuel.com/ tds, {Quindell, PLC and Gotham City Research Gotham City Research at hip! /gothamelyre. search com, “Gotham City on the Short Case for Quindell, PLC (QPP); ValueWelk, Apel 23,2014 ‘Vianet and Trinity Research "21Vianet Falls on Record Volume After Short, Seller Report’ by Belinda Cao and Boris Korb, Bloomberg, Sep. 10 htp/tinyur, comipy7dd3s “Trinity Research: Massive Fraud At21Vianet ‘Group Ine (VNET), Worth Zero” by VW Stal, Sept. 10,2014, htp/tinyurlcom/mkdzzm9, “Why 21Vianet (VET) Stock Continues to Plunge Today by Andrew Meola, Sep. 1, 2014, TheStreet, http Iingur.com/kcze9Ba ‘Sino-Forest and Maddy Waters Research “Muddy Waters Initiating Coverage on TRE. ‘TO, OTCSNOFF - Strong Sell? Muddy Waters Research, June 2, 2011, htp!/tinyurl Robert Tie, CFE, CFPC-suite fraud options pto $2 tilion islaundered globally each year, says the United Nations Office ‘on Drugs and Crime (http://tinyurl com/76hst83). Drug cartels, active in the U.S. and Mexico, are responsible for much of that total ‘Take, for example, the case of Fred dy Centeno. (See the Dec. 19, 2013, FBI release, “Real Estate Agent Headed to Prison for Money Laundering,” http:// tinyurl.com/mScygoc,) In 2011, he had a bright future as a licensed agent with ERA Real Estate, a vast international network of sales franchises. Centeno, ‘working like most in his profession as an independent contractor, was a soli producer in ERA’s Brownsville, Texas, office, on the U.S-Mexico border. ‘Then Armando Arambul of the ‘Matamoros drug cartel approached him. ‘When Mexico tightened its anti-money laundering (AML) provisions, the cartels looked for ways to wash their loot north of the border. Purchasing U.S. real estate through a straw buyer was easy, so Ar- ambul made Centeno an offerhe couldn't refuse. Fora while, things went smoothly. -Arambul transferred drug profits to Cen- teno, who used them to buy ‘Texas real estate in his ovin name, then transferred titles to Arambul. Eventually though, US. lawenforcement caught up with Arambul, ‘who admitted to laundering $5 million. He was convicted in 2013 on one count of, drug trafficking and two counts of money laundering and drew a 14-year sentence. According to Angela Dodge, public affairs officer forthe US. Attorney, South- er Distrit, in Houston, the Arambul investigation revealed Centeno’ involve~ ‘mento federal aw enforcement officers, ‘who didnt charge anyone else with per- ticipating inthe scheme. Centeno pleaded guilty and received a two-year sentence. Perhaps ERA could have detected his ‘money laundering in real estate (MLRE) —but apparentyit didn't. Yeteven if FRA had suspicions, it ist required to report potentially illegal activity. Its options are to ask no questions and reap profits or assess and, if appropriate, voluntarily re- port suspicious activity and risk missing out on lucrative business. > VARIATION ON A THEME ‘Around the same time, an agent’s phone rang in the Related Group, a leading Mi- ami real estate firm. The caller was in- terested in an expensive condo in a new beachside high-rise. She said she was a ‘manager at United Parcel Service. Un- derstandably, the agent was reluctant to ‘waste time on an apparently unquelified ‘his article, the second in a two- part series, presents insights and bes practice recommendations rom CCFEs and other experts on how to ‘anticipate and respond to passive executive fraud, or nonfeasance, such as failing to prevent employ- ees from engaging in ilct financial transactions. art 1 explored techniques and tools that veteran CFEs and other experienced fraud fighters use to detect and prevent C-suite-initiated schemes, or malfeasance. buyer. How coulda 9-to-5er buya $2-mil- lion property? ‘The agent’ instincts told her the proposition was fishy. Butshe pushed her doubts aside and submitted the caller's offer. That gamble paid off. The deal soon closed, and everyone involved profited handsomely. Ultimately the UPS manager bought 10 more condos — all developed and sold by the Related Group. Meanwhile, when federal investiga- tors in Florida arrested drug runner Al- varo Léper Tardén of Miami Beach and Madrid, Spain, they found he owned lots oflocal realestate. (See the Sept. 29,2014, FBI release, “Head of International Nar- cotics Trafficking and Money Launder- ing Organization Sentenced to 150 Years in Prison. http://tinyuel com/nnkdhce.) ‘Also caught in the dragnet were several members of Tardéns gang, Los Miamis ‘They were longtime cocaine distributors in Furope and the US. andhad laundered millions through the purchase of luxury ‘goods, including Florida realestate. ‘Tardén’ girfriend, Fabiani Krentz, the UPS manager, had used the drug prof- its to purchase properties on his behalf. ‘The federal indictment of Tardén, Krentz and theirassociates listed numerous assets bought to launder Tardéni illicit gains: 17 cars, 15 condos and houses and 26 bank accounts — valued at $26 million. Of the 15 properties, the Related Group had sold and developed 11. The government seized ‘them all, and in September 2014, Los Mi amis’ members were sentenced to prison — Tardén for 150 years. No one at the Related Group was charged. They had neither broken laws nor failed to comply with AML regula tions, which didn’t apply to them. But how could Related Group executives not be suspicious of a midlevel manager's ability to afford so much luxury real es- tate? More broadly, how do corporate leaders in general feel about cutting corners to boost profits? Consider the results of Ernst & ‘Youngs2013 Global Fraud Survey (htp:// tinyurl.com/pslexkg), which conducted 2.719 interviews with senior executives of large companies in 59 countries and territories. It covered a broad range of industries. + Eleven percent of CEOs said that misstating financial performance is. justifiable to survive an economic downturn, + OFC-suite executives, 41 percent said they were willing to offer gifs, en- tertainment or cash to win or retain business + Three-fifths (61 percent) of C-suite ‘executives hadn't attended anti-brib- ery and corruption (ABAC) training. Further, 72 percent of CEOs hadn't ‘been asked to participate in an ABAC 20. FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE.COMrisk assessment by their company in the past two years. + One quarter (26 percent) of C-suite ‘executives, when asked whether their company’s board of directors received regular updates on fraud ‘and noncompliance allegations or investigations, said the question “does snot apply” ‘Nearly half (45 percent) of organiza- tions surveyed lacked a whistleblower hotline. Ernst & Young said thatthe level of fraud reported by respondents has re- ‘mained largely unchanged over the past six years. Because these findings represent industry broadly, the question is whether similar patterns exist in the real estate sector. It would be useful, therefore, to hear from leaders of firms that have ex- perienced — if not committed — MLRE. } SILENCE AT THE TOP ERA Real Estate headquartered in Madi- son, New Jersey, has 31,000 brokers and sales associates in 2,300 offices in 46 states and 33 countries. To understand hhow ERA manages the risk of MLRE as perpetrated by its former agent, Centeno, Fraud Magazine requested an interview with ERA President and CEO Charlie Young, Buta company spokesperson said ‘Young wasnt available and didn't respond to Fraud Magazine’s subsequent request todiscuss MLRE with any ERA executive. ‘The Related Group of Florida, with a staf of 350, has built more than 80,000 condominiums and apartments, It, too, failed to respond to Fraud Magazine's re- quest for an interview of its CEO, Jorge M. Perez. What, then, does the real estate in- dustry’s foremost trade group, the Na- tional Association of Realtors (NAR), say about MLRE? According to paper on its website, “Business / Money Laundering and Terrorist Financing” (http:/itinyurl com/n6do90n), “Any risk-based assess- ‘ment would likey find very litle risk of ‘money laundering involving real estate agents or brokers” This assertion arouses “He just wants to unload his cash in something safe and relatively liquid. With the real estate in- dustry not subject to AML regulation, what more could a money launderer ask for?” — David Long, J.D, CFE @ ar skepticism among some professionals with extensive real estate industry experience. David Long, J.D., CFE, is one of them. A principal of Northern Califor- nia Fraud Prevention Solutions, a San Francisco AML consultancy, Long pre- ‘viously served as a federal white-collar crime investigator and also worked five yearsasa rea estate agent in Los Angeles. Long says NAR issued voluntary AML guidelines for real estate professionals (http://tinyurl.com/egns3dx). He also says that NAR cites the Internal Revenue Service's requirement to file Form 8300 (http://tinyurl.com/6nljgsb), which all of C-suite executives said they were willing to offer gifts, entertainment or cash to win or retain business businesses — including the real estate industry — must file when they engage in ransactionsinvolving $10,000 or more in cash or equivalents. “But since compliance with NAR guidelines is voluntary, they're seldom folloved,” Long says. “At no time during ry realestate career did I hear anyone ‘mention money laundering or AML he adds. Long staysin touch with his former real estate colleagues, who tell him that AML remains a low priority in their in- dustry, despite the high isk of MLRE. As an example, Long describes the market in the San Gabriel Valley, east of Los Angeles FRAUD-MAGAZINE. COM JANUARY/FEBRUARY 2015 FRAUD MAGAZINE aC-suite fraud options ) 72” "CFEs can help make such team- work an organiza- tional priority. They also can promote big data analysis to help a passive C-suite detect fraud it otherwise might miss.” —Dan Barta, CPA, CFE of CEOs hadn't been asked to participate in an ABAC tisk assessment by their company in the past two years lators and law "Since 9/11, regu- enforcement have scrutinized banks, wire transfer houses and virtually every _sector except real. “Its not uncommon there to be ap- proached by someone from China who offers $800,000 in cash for a house listed at $600,000” Long says. “That kind of buyer — and there are plenty of them — isn't concerned about the property's quality. He just wants to unload his cash in something safe and relatively liquid. With the rea estate industry not subject to AML regulation, what more could a ‘money launderer ask for?” > FINCEN’S POSITION ‘Why, then, dont AML regulations apply to the realestate industry. as they do to bank- ing and other financial service sectors? FinCEN Public Affairs Officer Can- dice Basso, in an email to Fraud Maga- zine, wrote that “[FinCEN’s] approach to the risks of money laundering in the real estate industry continues to evolve and be guided by the insights from our law enforcement partners and from our analysis of the risks and vulnerabilities to ‘money laundering and related financial «rime, FinCEN will continue to consider appropriate regulatory actions to address ‘vulnerabilities, including further applica- tion of anti-money laundering require- ‘ments where appropriate” ‘To put Basso's reply in context, it should be noted that FinCEN, like other executive branch agencies, doesnt inde- pendently and entirely control its own regulations’ scope or application, which in some instances federal legislation de- termines rather than the agency. The Anti- Drug Abuse Act of 1988, or example, ex- panded the definition ofthe term financial institution to include businesses such as car dealers and real estate closing person- nl. That legislation, in turn, affected the ‘manner in which federal banking regu- lators enforce rules elated to the Bank Secrecy Act — the US'sprimary AMLlaw. > AML TRAINING FOR THE UNREGULATED “Real estate is the only industry I've worked in where people are so frank about wanting to make money” Long says. 22 FRAUD MAGAZINE JANUARY/FEBRUARY 2015, FRAUD. MAGAZINE. COM“That's its culture, and its why Tbelieve .CEN’s AML regulations should a ply to realestate, where the temptation for corruption is so high. Powerful real estate interests have successfully fought AML compliance. I'll come, but I don't hear anything about it happening soon” ‘Asa result, Long says real estate firms rnced someone to help them recognize and ‘mitigate their MLRE exposure. CFEs can ‘meet that need, he believes by providing AML training that tresses the need to be wary of clients who: + Are from a country with a reputation for money laundering, «+ Are ina great rush to complete the transaction. + Show litle interest in a property’ distinguishing characteristics + Offer to buy a property for far more than its market value. + Offer to pay an amount inconsistent with thetr reported income. ‘+ Want to re-sell the property immedi- ately after buying it. > UNCHECKED RISK Louise | Shelly, Ph.D. founder and direc torofthe Terrorism, Transnational Crime and Corruption Center at George Mason University, says MLRE isa neglected criss "Since 9/11, regulators and law en- forcement have scrutinized banks, wire transfer houses and virtually every sec tor except real estate, allowing MLRE to flourish? she says Shelley, the author of “Dirty Entan- glements: Corruption, Crime, and Terror- ism (Cambridge University Press, 2014), was the first co-chair of the Organized Crime Group of the World Economic Forum and is a lifetime member of the Council on Foreign Relations. “Many people in the real estate in- dustry are unconcerned about where the money in big deals comes from’ she says. “They just don't inquire much, Some don't inquire tal. But certain real estate agents are more central to this problem than others” Asaresearcher, Shelley is particularly concerned about the paucity of analysis, being done on MLRE. “The only ones ‘working on this are the Dutch” she says “No one in the USS. is studying MLRE” Shelley says the same is true of leg- islators, regulators and law enforcement in the US. and the EU. She uses the Tar- don casein Miamiasan example of how money launderers can afford to worry ‘more about their investment return than about their detection and arrest. “Tardén was familiar with the real estate markets in Florida and Spain?” she says. “Realizing that property values in Spain still weren't rebounding from the financial crisis, he converted his drug profits into Miami real estate, which was a much better investment.” ‘What would motivate the real estate industry to make more of an effort to de- tect and report MLRE? Shelley believes mandating its compliance with AML regulations would help a lot. “When money laundering becomesa risk toa business own interests it sets up will always have dirty gains to launder. Let's make it harder for them. a compliance office. A business that has been fined for noncompliance begins to ‘behave differently? Shelley says. “But the real estate industry doesn't have to comply and therefore has neither been fined nor changed its behavior” Ifand when AML regulation extends to the real estate industry, it wont work unless its applied to the entire range of entities participating in the real estate market, According to “Regulating Lux- ury Investments,” a 2014 Transparency International Policy Brief (http//tinyurl com/lyew8c4), many EU countries have extended AML regulations to the non- financial sector, but loopholes hinder their effectiveness In the UK, for example, real estate agents must perform due diligence on sellers, but not on buyers. “Governments should require AML compliance not just ofthe real estate firms, ‘butalso of the lawyers and others who set up LLGsand other front companies used in MLRE;’ Shelley says. “If you address just one part of MLRE, you're not being FRAUD-MAGAZINE COM JANUARY/FEBRUARY 2015 FRAUD MAGAZINE 2C-suite fraud options effective. The regulatory solution has to be comprehensive” > AMORE ALERT C-SUITE Internal audit, corporate security and oth- ers track fraud, but corruption persists sometimes because of poor interdepart- ‘mental communication and cooperation. “CPEs can help make such teamwork: an organizational priority” says Dan Barta, ‘CPA, CFE, a financial crime specialist in the Dallas office of SAS Security Intel- ligence, a maker of advanced analytics systems. “They also can promote big data analysis to help a passive C-suite detect fraud it otherwise might miss AERA, Barta adds, executivesat the parent company could perform compara~ tiveanalytics on all ofits franchise offices, potentially exposing any MLRE or other illegal activity. The approach should be multidimensional “For example, compare Brownsville, ‘Texas, not only to other south Texas offices butalso to ofices in Idaho and, overtime, toitslf” Barta says. "Looking at your data from multiple perspectives can give the suite and the board a comprehensive view ofthe organization’ fraud risks” A GOOD M DEL Finally, tohelp companies keep the C-suite on the straight and narrow, CFEscan focus clients on the Bank Secrecy Acts (BSA) so-called “four plas” of AML (http:// tinyurl.com/oyr4bs, pages 44-54). While ‘mandatory only for financial institations, theyalso can serve asa practical model for others to emulate. Each pillar represents a component ofan effective AML program. 1. A system of internal controls to ensure ongoing compliance. 2. Independent testing of BSA ‘compliance, 3. A specifically designated person responsible for managing BSA compliance, 4, Training for appropriate personnel. > STEPPING UP ‘While all four BSA pillars are essential to effective AML, the last — training — particularly important. Both the C-suite and the rank-and-file — if uninformed or ‘unmotivated — can undermine an oth: erwise solid AML program. For CFEs, leading clients to mitigate this exposureis professional responsiblity anda hands. ‘on business opportunity. Fraudsters will always have dirty gains to launder. Lets ‘make it harder for them. # FM Robert Tie, CFE, CFP, isa contribut- ing editor with Fraud Magazine and a New York business writer. His email address is: bob@roberttie.com. Where Saving Time and Money Meet Ody Receive a 10% discount on your ACFE dues each year you are enrolled in the service. Your dues are automatically paid each year —no need to write a check or pay online. ‘No interruption of member benefits and services. ‘+ Environmentally friendly — paper statements and postage are eliminated. Mra eae ic Cun ete$1.5 MILLION FR wae LTH Dan Jackson was living the good life: a well-paying job, beautiful wife, kids in private school, expensive clothes, Rolex watches. However, the fagade hid a man ‘who defrauded his company of $1.5 mil- lion. In part 1 of this two-parter, we learn Dan's background and his collusion Jal azy external consultant.Sorry, this fraud has been disconnected here seemed to be no limit to where hhe would goin the company. He had recently been promoted to corporate vice president in the IT department at NyTell USA. NyTell paid him a good salary with an annual bonus. Dan just completed the company’s Senior Leadership Training course, two- ‘week seminar in Lillehammer, Norway — where NyTel executives are groomed for advancement. The walls of Dan's of- fices were covered with photos of him with yell big shots. The credenza behind his desk was littered with knickknacks from his world travels and Lucite paperweights commemorating his big IT projects. Dan had comes long way from Be: fort, South Carolina, The son of a career ‘Marine officer, Dan spent his childhood ‘moving from one military base to another. After his father retired from the Marines, the family settled in Beaufort when his father accepted ajob teaching military his- tory at a nearby college, wouldbethedeambowseTherchideh Pas Major Jackson ran his family like amil- itary commander. The kids were expected to obey onders without question. Resistance ‘was futile. “When my father told us to do something, the only option was to salute and carry on,” Dan was heard to say more than once. Although Major Jackson thought ‘the application of military discipline built character in his children, it left Dan with a constant insecurity that he would never ‘meet his father’s standards. Dan sought the major’s approval, confident that someday he would earn it. But he never got the chance. During Dan's senior year at the University of Maryland, his father was killed ina car accident on a rain-slicked road. Dan would never make peace with his father. ‘That was 20 long years ago. Now Dan seemed to have it all. Besides the job at yell, Dan and his beautiful wife, Sue, were renovating 1750s farmhouse they bought near Towson, Maryland. Sue thought it Thisartileis excerpted from the “Bribery and Corruption Casebook: The View from Under the Table” edited by Laura Hymes, CFE, and Dr. Joseph T. Wels, CFE, CPA, published by John Wiley & Sons bn. © 2012 Used with permission. Names of persons and organizations in this case have been changed. 26 FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE. COMattended private school nearby. Sue en- joyed being a stay-at-home mom, and she felt lucky that her husband’ success at NyTell meant she didnt have to work Dan had been at NyTell for six years Believing that being an executive meant looking like one, Dan always wore Brio- ni suits — at $2,000 each — and a gold Rolex President watch. The company’s travel policy required renting only mid- size cars, but Dan personally paid the extra charges and always upgraded toa Cadillac. When people questioned how a VP could afford those things, Dan ex- plained that he shrewdly cashed-out his investments before the dot-com bubble burst in the late 1990s, Dantook frequent vacations despite all the expenses in his life. Sometimes he took the family to Disney World or the Bahamas. Other times he went for “boy's weekend” with some of his co: workers. Sue thought it was harmless fun and a way for Dan to decompress. She never knew that “one ofthe boys” on those trips was actually Melanie, NyTell’s head ofhuman resources. Dan had so far ‘managed to keep his affair secret from Sue for the past 18 months. On the outside, Dan looked like the ideal NyTell employee. But was he? Be- hhind the carefully crafted image lay a troubled person, “How long can I keep this up?” he constantly asked himself With the promotions came increased responsibilities for the company’s IT networks, infrastructure and computer applications. The technology was getting ‘more complicated, and Dan was not sure hhecould keep up with it. With his natural good looks and charm— he had enjoyed college social life most men would envy —he was more talented in sales than as computer geek. Ifhe wasn't leading the IT department, no doubt he could have been a top NyTell salesman, Enter Jake Marshall. Jake was also a military brat. After high school, Jake joined the Army, where he served for five years as a telecommunications field engineer. Once discharged, Jake used his telecom skills a an entrepreneur, Dur- ing the next 12 years, Jake ran through a string of companies. All had big-sound. ing corporate names and used the right ‘marketing buzzwords. But each company had only one employee — Jake. None was particularly successful, and Jake was com- ing to realize that he would never be a suecessful entrepreneur. Why not try his hand at consulting? Dan and Jake met each other at a telecom convention in San Diego, one of those generic industry conferences where the promoters promise “networking” and guidance on “emerging issues.” Over drinks at a reception, Dan explained how NyTell was about to begin the larg- est telecom project in its history. After touting his expertise in network design, Jake offered to help Dan as a project con- sultant, “Just et me stay inthe shadows behind you. Ican keep the other vendors honest.” Jake promised, “There's no tel: ing where we can go together. The sky is the limit” ‘The collaboration would have long. term implications for them, their families and Ny'ell. i Li Nyell USA is one of the newer telecom- munications companies. NyTellisa divi- sion of Nyheter Telekommunikasjons AS, a Norwegian company. Anders Nyheter started Nyheter after World War Il and it has since expanded to 50 countries with annual revenues of €70 billion. Nyheter is headquartered in Oslo, and its stock is traded on the major European markets. Nyheter established a compliance department after its auditors found dis- crepancies in the way NyTell had been recognizing customer revenue, The an- nouncement that the auditors wouldn't verify the financial results tanked Ny- heter’s stock and led to an ouster of top management. The resulting investiga tion, however, showed only weakiinternal controls and not fraud. Nyheters board of directors ordered the creation of the compliance department as well as theim- plementation ofa whistleblower hotline, ethics trainingand mandatory reporting of fraud concerns, Since then, the current management of NyTell has been stable. Amundsen WU ete CaN ee LRU ES ASKED HIMSELF.Brygger, sent over from the Oslo head. quarters, isthe current US, CEO. Brooke ‘Nokklekortis the CFO. Chester Plumpton isthe chief information officer and Danis boss. Chetistesponsible forall of NyTells ‘needs. Brygger is holding Chet respon sible for the successful consolidation of the company’s computer systems. Like most big companies, Ny ‘more like a collection of smaller ones knitted together. NyTell has four busi- ness divisions: NyMobil (wireless ser vices), NyHome (fixed-wire or landline services), NyComputer (Internet ser vices) and NySatellite (television ser vices). Each division was the result of a corporate acquisition, so each hasits own legacy data system. Some of these data systems are old, and none is sufficiently integrated with the other systems. ‘Nyheter’s board of directors recently approved the data center consolidation project to co-locate the systems and re- design the network in the U.S. Because Dan designed the project timeline — with more than a litle help from HAL, Inc., the lead vendor on the project — theleaders in Oslo appointed him as the project executive Dan’ first task was to caleulate the project budget. He did thisin a few hours without a lot of effort. Curiously, the budget had a chunk of money set aside for consultants, although HAL would be doing 99 percent ofthe project work. No one questioned Dan's assumptions or calculations, however, and the budget was quickly approved Although Dan valued the chance to raise his profile in Oslo, he was worried. “Great. Now I have to pull this off, on budget and on time, and I also have to keep Chet from grabbing all the credit” an was still fuming from the fact that, three months earlier, Chet had refused to push for Dan to geta promotion and a raise. “Once again, I em doing senior ‘VP work ata junior VP salary.” True to form, once Chet appointed Dan, Chet turned his back on the project. He rarely asked Dan for information, and hhenever spoke to anyone else on the proj- ect, Even when Bryggeri and Nokklekort asked to be updated, Chet had Dan make the presentation, only to sit and fiddle the new network, Dan found his opportu: nity, Blowing the disagreement way out of proportion, Dan convinced Chet that the architect had to go or the project would fail. Because HAL would likely replace the architect with “another flunky off their bench” as Dan explained, NyTell needed HO THE HELL Daitirae 12 WORDS CHLOE MTU RR ea ae with his BlackBerry while Dan plowed through the PowerPoint sides. NyTell had engaged HAL to provide turnkey solution. Thismeant that HAL ‘would provide almost all of the project professional services. A few additional vendors would provide the specialized services HAL didn’t, usually because some piece of equipment or application had proprietary software that HAL’ en: gineers didn’t understand, Dan needed to get Jake on to the project. After an argument with HAL’s enterprise architect, the lead designer of someone from the outside. With some ‘mote of Danis famous salesmanship, Chet — who once again didn't ask too many questions — approved the engagement of jake Marshall. Jake would be a project consultant, and Dan would supervise him. HAL would just have to deal with jake as the new enterprise architect. Asa NyTell vendor, Jake would submitan invoice for his services to get paid. NyTell used a centrally managed system for 2 FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE. COMprocessing invoices for its four business divisions. Each vendor would send the invoice to a mail drop box, where it was ‘opened and the invoice was time-stamped to show the date it was received. The in- voice would then be digitally scanned and uploaded into BOONIS, the automated accounts-payable system. BOONIS assigned the invoice to the internal cost center — the ledger account number assigned for a project or department — and the expense was charged against the appropriate account. ‘The invoice then traveled electronically to the cost-center owner for review. Chloe Portela was the financial controller for the DCC project, so BOONIS listed her asthe project’ cost-center owner. NyTell had a schedule of authoriza- tions that allowed Chloe, because of her ‘management authority, to approve expen- ditures up to $5,000, Expenditures above that amount but below $25,000 also had to be approved by Chet. Expenditures worth ‘more than $25,000 also had to be approved by Nokklekort, the CFO. Once approved in BOONIS, the cost center was charged for the expense and its budget was reduced accordingly. NyTells accounts payable department then mailed a check directly from the headquarters in Livingston, New Jersey. ‘The DCC project, however, put a slight wrinkle in this standard company process. Chloe was a financial whiz, but she knew nothing about IT projects. Consequently, she couldn't confirm that an invoice’s goods or services were ac- tually provided. To accommodate her lack of knowledge, once BOONIS sent her an invoice, she would email it to Dan for his review. Dan would, or so he told her, validate the invoice and con- firm this in@ reply email. Ifthe invoice was instead presented to him in hard copy, Dan would scribble “OK to pay” on it and sign his name. Bither one was Chloe's assurance from Dan that she could safely approve the invoice. If Chet or Nokklekort also had to approve an invoice, each first looked for some indication that Dan had validated the invoice. Ifthey saw it, theyid approve the invoice immediately. Their invoice- review process, consequently, becamelittle more than a search for Dan's signature. DAN'S WAY About six: months into the DCC project, Chioe was concerned. Her job was to make sure that the project stayed within the budget. Based on the project timeline, only 40 percent ofthe budget should have been consumed by now. But Chloe caleu- lated that approximately 70 percent had been used, and costs were rising. ‘Chlocknew that HAL provided virtu- allyallof the vendor services fr the proj- ect. She saw invoices fr other vendors, but Dan always assured her that these vendors ‘were needed for small, specialized tasks. But she noticed that two of the vendors were sending frequent invoices for suc- cessively larger dollar amounts. One of the companies was called Information ‘Technology Company, and the other was called Technology Equipment Services. ‘Chioe picked one of the ITC invoic- es and sent itto Dan for an explanation “Who were the consultants who did the ‘work here?” she wrote in the cover note, Dan emailed back the same day: 1 just spoke with Kim at ITC. She is responsible for AP and will send me the time sheet associated with the onsite resources that were dis- patched to rack, power up, test net- ‘work equipment / connectivity for ‘the project. I will just re-lass Bob and Mike’ time once processed. ‘They were unable to fnish-out the ‘work performed by them. ‘That was a lot more information than she had asked for, and Chloe could not understand a word oft. When Chloe got stumped on IT matters, she always turned to Willie Ming. Willie was an old hand in the IT department, and he had been working on the DCC project, since the beginning. If anyone could translate Dan’s email into plain English, Willie could do it, “Who the hell is ITC?” were words Chloe would long remember. “'ve nev- er heard of the company, and they sure didn't do any work on the DCG.” Chloe quickly pulled copies ofall the ITC in- ‘voices from her files to show to Wille. “But isnt that Dan’s signature on each of them?” she pleaded, “Sure looks like it Willie replied. ‘Trying to conceal her growing panic, Chloe printed off from BOONIS a list ofall the project vendors and showed it to Willie. She also showed him one of the TES invoices. Willie knew each of the vendors on the list other than ITC and TES. “I have no idea who TES is” Willie said while perusing the invoices, “but [gotta tell you, the description of provided services is gibberish. Sounds like something you could pull off the Internet in five seconds.” Brooke Nokklekort, the CFO, called re at about 3 pm. that day. [was at the airport fiying home from wrapping up another case. “I need to talk to you about something important. How soon can you be here?” she asked. [told her I could be in the corporate ofice first thing the next morning. “Good: she said, and hung up. For the next 15 hours, I did not know ‘whether I had landed a big case or was about to lose my job, = FMI TTT} In part 2, in the March/April issue, the evidence mounts against Dan Jackson as Bloch fraud examination begins. Jackson remains obstinate through his indictment and prosecution. the senior director, global compliance, for Jabil Circuit Inc. He has conducted ‘more than 300 fraud and serious mis- conduct investigations. Hes an author and frequent speaker on investigation topics. His email address is: meric_bloch@jabil.com, FRAUD-MAGAZINE.COM “JANUARY/FEBRUARY 2015 FRAUD MAGAZINE 2G@ Ne ee ff Sa puree Sh RR {A pillar in the fraud examination profession provides tips, which can help ensure that at the end of along career you'll know you did your best in fighting fraud. Fraud fighting is an exciting career. How- ever, notallfraud-fighting professionals are equally successful, Whether you work fora company, are an independent consultant, an expert witness or perform other fraud fighting and forensic accounting work, here are seven of the most critical things you can do to further your career and success. LESSON 1: You must make @ business case for your services. In the early ‘90s, a car dealer stole $434 million from one of America’ largest au: tomobile manufacturing companies. The company asked me to meet with its man agement committee — comprised of its top 12 corporate officers — to help them understand the frau. ‘The CEO asked, “Why do you think this fraud occurred, and what can we do to prevent future frauds from occurring?” I said the company had a “business prob lem” not a “fraud problem. I asked them what their profit margin (net income as a percentage of revenues) was. They said it was about 10 percent. I asked them how much additional revenue they would have to generate to restore the stolen $434 mil lion of profits tothe company. They quickly realized that because ofa profit margin of only 10 percent, they would need to gener: ate approximately 10 times the amount of the fraud or additional revenue of $4.36 billion to restore net income to the level it would have been without the fraud | then asked them how much the aver: age wholesale price was on an automobile. They said it was approximately $20,000. I asked them how many additional cars they would have to manufacture, market and sell to generate revenues of $4.36 billion. ‘Their answer was approximately 218,000 automobiles. I told them the business problem was that they could make and sell 218,000 more automobiles, or they could prevent these kinds of fraud from occurring in the future — the result on their bottom line was the same. ‘The best-selling vehicle in America among all car companies at that time was the Ford F-150 pickup with sales of about 60,000 unitsa month, so they ealized that, indeed, they had a business problem. Itold them that while they be catching up from the fraud for the next few months, their FRAUD-MAGAZINECOM JANUARY/FEBRUARY 2015 FRAUD MAGAZINE7 keys to an effective fraud-fighting career ‘competitors would be moving ahead and becoming more profitable. As fraud fighters, we must show how ‘our work can increase productivity, prof- itability or other metrics our clients or companies care about. Executives aren't really interested in dealing with fraud, but they're always interested in solving busi- ness problems and making more money. @ LESSON 2: You must help others understand that there are no small frauds; just large frauds that are caught early. Several large New York-based finan- ial institutions once retained me to help them defend themselves against maltibillion-dollar lawsuit. A rogue ‘commodities trader lost $2.6 billion for his company by entering into complex derivatives transactions. The victim company was suing several New York financial institutions alleging that the transactions this trader executed were so favorable to them and so unfavorable to the victim company thatthe bankers had toknow the transactions were fraudulent. ‘They alleged that the New York banks ‘were therefore complicit inthe fraud. “The fraud went on for nine years with these cumulative losses: End of Year 3 Sé milion End of Year? '$600 milion ‘This magnitude of growth in frauds isnot atypical. While the amount lost was large, like all frauds, it grew geometri- cally from year to year. Frauds tend to increase during the time period of the dishonest acts with the largest losses in the ast few months or years. This happens for two reasons. First, fraud perpetrators never save what they steal nor do they stop stealingafter meeting thei financial pressures. Instead they spend their sto- len funds and get greedier and greedier with their purchases over time, Second, perpetrators offen have to increase the fraudulent amountsto both cover up past losses and to continue the frauds. In the rogue trader case, the perpe- trator had to cover up his past losses and ‘make it appear he was continuing to be profitable, which both required freudulent reporting of larger and larger trades. Ifyou can convince those you work with that there's no such thing asa small fraud and that undetected frauds will get larger and larger, which will cause increasing harm to them and their or- ganizations, they won't be as reluctant tospend the necessary money to prevent, detect and investigate any frauds that right be occurring, You must convince them that once a fraudster begins his crimes, especially if an organization allows it to get large. everyone loses: your client or company, coworkers and even the perpetrator(s) lose. The only winners are litigators. LESSON 3: you want to build a successful fraud-fighting business, you have to make yourself visible and build a good reputation. No matter how good youare, people must find you before they can retain you. Here are some ways to make yourself known: + Interact with others and serve as an officer of professional fraud-fighting, accounting and legal organizations. (The ACFE, for example, isa phe- ‘nomenal global system of likeminded practitioners), + Build interlocking networks with an online service such as LinkedIn. + Write articles and books. + Speak pro bono at antifraud con- ferences and chapter meetings of. professional groups, and provide ‘raining for governmental and global ‘organizations. Asa fraud-fighting professional, the greatest asset you have is your reputation. Do everything you can to keep it pristine. Always tell our clients that you'l work by the hour, but if you ever conclude that the work you're doing isnt appropriate, youll have to resign For example, several times in my ca- reer, attorneys who have hired me were defending CPA firms in cases in which they failed to detect financial statement fraud. In three of these cases, I realized after initial study that the CPA firms in- deed had performed negligent audits. 1 quickly resigned from these three jobs. However, if you ever feel the need to resign, then don't work for the other side — remain totally independent of the ‘matter. Your attitude and goal should al- ‘ways be: “To find the truth and then do the right thing” LESSON 4: Always deliver a high-value and helpful product to your client. once worked ona fraud-fghting engage ‘ment for one of the largestoil companies inthe world, Itwanted me to helpitdetect, fraud at its largest ol refinery. When the company retained me, the executives told ‘me that no one would “blow the whistle” ‘on their coworkers because its workforce ‘was heavily unionized, represented an “old boy” network and included several second- and third-generation employees. ‘They also told me they'd previously hired the best and biggest fraud-consult- {ng firms to help them detect fraud at the refinery, but they hadn't been helpful. In ‘one case,a large forensic investigative firm told them that the symptoms they found indicated tha there were more than 1,000 frauds at the refinery, but it didnt give specifics on who was involved or where to ook, The oil company said the forensic accounting frm information was useless. “Myson (also Ph.D. and an excellent ‘computer programmer who was working with me) and I then did all we could to: 32. FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE. COM1. Understand the business — the oil refinery 2. Identify the kinds of fraud that could be occurring 3. Catalog the symptoms that these possible frauds would generat. 4. Mine its databases to look for these fraud symptoms and continuously refine the searches. entity specific possible frauds that corporate security and internal audit could investigate. After following this process, we identified 26 frauds that most likely were occurring. We specifically identified who was involved, on what shifts the frauds were occurring, how long it appeared they'd been going on and the nature of the frauds. The company investigated the 26 cases and found that most of them indeed represented frauds. Three or four of them were company data errors that mimicked fraud. Some of the frauds ‘were huge, involving multimillion-dollar kickback schemes among vendors, con- tractors and company employees. ‘The fraud-fighting work you do for organizations must help them solve the real problems they have. BP You must understand business concepts to become an effective fraud fighter. Fraud occurs because of a combination of 1) perceived pressures, 2) perceived ‘opportunities and 3) rationalizations (he Fraud Triangle). We can all relate topersonal pressures that might motivate an individual to embezzle cash from an organization, However, understanding business pressures and opportunities re quires knowing how companies, boards of directors and corporate officers work and their motivations. We also need to understand the rudiments of account ing, auditing and technology. (You would learn basic principlesin these areas when As a fraud-fighting professional, the greatest asset you have is your reputation. Do everything you can to keep it pristine. you study for your Certified Fraud Ex aminer credential) ‘Thelegal complaintin one ofthe larg. est frauds [worked on asan expert witness contained the following paragraph: “The goal of this scheme was to ensure that [the company] always met Wall Street's _growing earnings expectations for the com pany. [The company’s] management knew that meeting or exceeding these estimates was a key factor fr the stock price ofall publicly traded companies and therefore set out fo ensure thatthe company met Wall Street’ targets every quarter regardless of the companys actual earnings. During a period of two years alone, management improperly inflated the company’s oper: ating income by more than $500 milion before taxes, which represents more than one-third of the total operating income FRAUD-MAGAZINE.COM “JANUARY/FEBRUARY 2015 FRAUD MAGAZINE 2reported by [the company... The par- ticipants in the illegal scheme included virtually the entire senior management of [the company], including but not limited toits former chairman and chief executive “offce, its former president, two former chief financial officers and various other senior accounting personnel. In total, there were over 20 individuals involved in the ‘earnings overstatement schemes.” ‘The officers of this company were trying to meet analysts’ expectations of their quarterly earnings to make the com: pany’sstock price increase. Each of them had millions of dollars of stock options that would become worthless ifthe stock price dropped. For comparison, see the chart be- low — analysts’ earnings expectations, in ‘Morgan Stanley Smith Barney Robertson Stephens Cowen Group ‘Alex Brown & Sons Paine Webber Goldman Sachs Furman Sele Hambrecht & Quist second quarter and $.11 pers million in the third quarter. Ifyou don’t understand business, ac- counting and auditing, it would be difficult to know exactly how the company met these expectations, how it perpetrated and concealed the frauds, what kinds of steps the auditors used that didn't allow them to discover these frauds and what they could have done differently. You must always perform high-quality work that has higher value than your competitors are or $71 Over the years, I've been on the opposite side of ‘expert witnesses” who weren't well-prepared. If you ever want to be mH 0.17 0.23 on oat 023 0.7 0.25 0.28 018 0.25 0.18 0.25 o2t 0.28 017 017 oat 023 017 021 023 Analysts’ expectations in US. dollars for similar financial services firms based on each firm’ guidance, for three {quarters of the same year for nine other ‘comparable companies ‘The consensus expectation was that the company would earn §.17 per share in the first quarter, $.22 per share in the second quarter and $.23 inthe third quar- ter. The company’s actual earnings for the three quarters were $.08, $.13 and $.12, respectively. Therefore, to meet analysts’ expectations, the company committed fraud of $.09 per share or $62 million in the first quarter, $.09 or $61 million in the involved in expert witnessing, litigation support, high-level corporate consulting and fraud-related training, you must al: ‘ways be over-prepared. Taking shortcuts always comes back to haunt you, You must: + Study the facts and learn more about the case than anyone else, + Be a creative analytical thinker. + Be able to take complex topics and explain them clearly to non-fraud professionals. Tov Kg icra eLeo cto Ma dealing with fraud, but they're always interested in solv- ing business prob- lems and making more money. + Bea good listener and a good communicator. + Be patient and not argumentative, re gardless of how hostile others can be. + Fully examine any documents youre asked to explain (Often, attorneys for the other side will show you only part ofa document taken out of context, and ifyou don'tlook atthe entire document, you might respond poorly) FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE.COMDon’t make mistakes that will gener- ate bad news about you and your services because you know that t will always travel faster than good news sional, you're always working for someone else — perhaps an employer, alaw firm or 2 large corporation. You must listen carefully to understand expected outcomes and what they expect you todo — donit assume anything. Dorit just hear the words but understand and connect earned the importance of good listening when I was expert witnessing. During many of those cases, the oppos- ing side’ attorneys would depose me. A deposition is much more difficult than an actual trial. The other side’ attorneys are a Urying to get you to commit perjury, box youin, limit what you can say in trialand minimize your effectiveness. Your side's attorneys can only stand lt the opposing side ask questions and object when they believe a question is unfair. ‘Therefore, during depositions, listen carefully to the questions, I never wanted tobe sidetracked by the body language of the attorneys, their demeanors or other antics they used to confuse or frustrate me. I developed a habit during those deposi tions flowering my head and not looking at them so I could focus on the questions and not be distracted, After I heard and understood the question, I would raise my head, look them in the eye, and answer simply and straightforward. ‘Often, we might be trying to think of how we'll respond before attorneys have finished their questions. Even worse, well try to answer what we think they want us CR ele Fraud Prevention to answer instead of what they're really askingus to do. Therefore, we dosit really hear what they're trying to say, and we sometimes say the wrong thing, Finishing well Success in any field, of course, doesn't hinge on just a list of pointers. But if you begin with these seven time-tested maxims, you'll waste less time, focus on integral matters and — atthe end of along career — know that you've contributed to the fraud-fighting profession. " FM W. Steve Albrecht, Ph.D., CFE, CIA, CPA, the ACFE’ first president, is the Andersen Alumni Professor of Ac countancy in the Marriott School of Management and a Wheatley Fellow at Brigham Young University. His email address is: steve_albrecht@byu.edu, Improving the Ability of Business and Government to Combat Financial Fraud Crimes Become a member today. Contributions and memberships are tax deductible. Serer Cty mcc ty epee Se ery + providing cutting-edge research to detect and deter fraud PORN MSs Mancoiog erence ca y Siamese len em ced Visit www.thelfp.org to get involved or for more informationTANGLED ACH AND WIRE-TRANSFER FRAUD Automated Clearing House and wire transfers are increasing but so is fraud in these transac- tions. All a fraudster needs is an account num- ber and a bank-routing number. Here are ways to prevent and fight these lucrative crimes. oriwasa specialist in the Automated Clearing House (ACH) and wise transfer department at a mid-size bank. One day she spotted. glitch in the web-based system the bank used to send and receive wite trans fers, so she immediately logged off and notified her supervisor. Hovrever,itwas oo late $3 million in aggregate wires had een sent from one of the banks top-tier cus tomers accounts to an accountat another financial institution. Inthis actual case, the supervisor and Lori (not her ral name) called the system provider together and verified that the funds had been sent. They quickly switched to their older wire system that wasn't web-based, notified the customer, credited the account and began to investigate. The bank eventually determined that an employee's computer had been infected with malicious software, which alloved the fraudster to initiate the attack from an external site and send the wires ACH wansfers increased neatly 11 percent per year from 2000 to 2010. (See the 2011 "Report tothe Congress on the Use ofthe Automated Clearinghouse System for Remittance Transfers to Foreign Countries” from the Board of Governors ofthe Federal Reserve System, htp:/inyurl.com/mixubu8.) ACH and wie transfers were once considered low-isk, but 3 FRAUD MAGAZINE JANUARY/FEBRUARY 2015,frandis increasing at an alarming rate because of greater accessibility, popularity, relative anonymity and poor economic conditions, according to “Detecting and De- terring ACH and Wire Transfer Fraud in the Industry Insights blog by Christine Meyers, Sept. 30, 2011, Bank Info Security, http://tinyurl.com/Ikonew7. Individuals, businesses and banks of all sizes in all geographical areas are at risk. However, the primary targets include small- to medium-size banks, busi- nesses, schools and similar organizations. They often have less security infrastructure or rely on traditional security systems and legacy applications, which make them “soft targets,” according to Meyers in her Bank Info Security blog. Some of the most common ways to commit this fraud are through phishing, account hijacking, ACH kiting and social engineering, We'll examine all ofthese areas plus, how to prevent this fraud through IT, bank customer best, practices, and improved bank policies and procedures. A simple wire transfer is one of the fastest ways to send money to a recipient bank account. Although sometimesa transfer might take days it normally only takes minutes because the transfer is sent directly to a receiving bank rather than through a clearinghouse as with an ACH transfer. Both sending and receiving banks will notify eus- tomers when transactions are complete. Customers can initiate wire transfers with cash through providers such as Western Union or MoneyGram. However, the trans fers are more risky because the providers don’t notify senders and recipients Wire transfers are more expensive than ACH trans actions because more people at financial institutions are involved. (See “Difference Between Wire Transfer and ACH; by Miranda Marquit, DepositAccounts.com, hutp:/tinyueh.com/ljxlyye) ‘According to Marquit, ACH transactionsare the sort you make when you pay bills online or when you use your debit card. During bank ACH transaction, an employee inputs information into the system to begin a transfer. ‘he bank sends the transfer with others in a large batch to aclearinghouse, which then forwards the information to a receiving bank to complete the transfer. The funds arent available as quickly as with a wire transfer because of the extra clearinghouse intermediary stop. According to the National Automated Clearing House Association (NACHA), 21 billion ACH transactions were initiated in 2013 totaling $38.7 trillion, which JANUARY/FEBRUARY 2015 FRAUD MAGAZINE 37Tangled wires translates to about 665 transactions per second averaging $1,845 each. (See http:// tinyurl.com/pahuwbt.) “These numbers represent a steady annual increase in the number of ACH transactions. In fact, Meyers, in her Bank Info Security blog, cites NAHCA statistics of approximately 18.2 billion ACH transactions totaling $30 trillion {in 2008 — up from just 4 billion ACH transactions totaling $10 trillion in 1996. In 2012, the Clearing House Interbank Payments System reported settling an approximate 1.5 trillion in wie transfers daily —both cross-border and domestic. (See https/tinyurl.com/phwahsp.) “The growing number of organizations affected by ACH and wire transfer fraud attacks is just as drastic as the growing, ‘number of these initiated transfers. The 2014 Association for Financial Profession- als (AFP) Payments Fraud and Control Survey (wwveafponline.org/fraud) reports that payment fraud from ACH debits in 2013 affected 22 percent of responding ‘organizations (down from 27 percent in 2012), while payment fraud from ACH credits in 2013 affected 9 percent (up from 8 percent in 2012) and payment fraud from wire transfers in 2013 affected 14 percent (up fom 11 percent in 2012) Meyers writes that losses from suc~ cessful ACH and wire transfer fraud at- tacks average $100,000 to $200,000 per victim, Further, 12 percent oforganizations that were victims of ACH fraud during 2012 suffered a financial loss as a result ‘of such fraud, according to the 2013 AFP Payments Fraud and Control Survey. The 2013 American Bankers Association De- posit Account Fraud Survey (htp:/tinyue. ‘com/4jrx94) revealed that ACH and wire transfer fraud cost the industry approxi- ‘mately $157 million in losses in 2012. With all ofthe fraud risks associated with ACH and wire transfers, is no sur- prise that regulators, businesses, banks and consumers are seeking ways to pre- vent and detect such frauds. How ACH and wire transfer fraud is committed ‘This fraud has become much simpler for fraudsters to commit over the years be- cause all they need isan account number and a bank-routing number, according to “ACH fraud: Why criminalslovethiscon.” by Joan Goodchild, Aug. 16, 2010, CSO, htps/tinyur.com/noys3ud. Fraudsters often use phishing emails to trick potential victims into opening up attachments, which install Keylog- ging software on their computers that steal bankaccount passwords or Trojans that log Keystrokes. More complicated schemes use mules or hired accomplices, through work-at-home schemes to move user name and password, both of which the fraudster captures. The fraudster then accesses the customer's online banking account to steal the customer’ funds via an initiation ofa fraudulent ACH or wire transfer. (See the FDIC “Putting and End to Account-Hijacking Identity “Theft” hitp://tinyur.com/nbtveph.) ACH kiting, which is similar to check siting, isan unusual but devastating kind of fraud. It involves a pair of fraudulent accounts in which an ACH debit is origi- nated from one account and drawn on the other, with the available balance taken out before settlement, according to “Payments Fraud: How it Happens And What You ACH AND WIRE TRANSFER FRAUD COST THE INDUSTRY APPROXIMATELY funds on behalf of fraudsters to their overseas accounts. ‘A classic example of account hijack- ing, described by the US. Federal Deposit Insurance Corporation (FDIC), occurs ‘when fraudster uses phishing techniques to commit fraud. The fraudster sends a deceptive email to a customer stating that hheor she can correcta supposed problem with the customer’ account by clicking con a hyperlink. Unfortunately, that click takes the customer to a bogus website that resembles the financial institution’ web- site, The customer logs in with his or her Can Do To Protect Your Organization’ a J.P. Morgan Treasury Services publication, http:/tinyurl com/nn3leqe). Another scenario, according to the J.P, Morgan publication, involves the bogus company originating debits from other business accounts, which then credit the bogus company’s account, ‘The bogus company now has what ap- pears to bea large credit on its account, which it withdraws immediately. Once the victim company notices the debits on its accounts and questions the bank, it’s too late to return the money. The bank 32 FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE.COMsuffers monetary losses from reimbursing the victim company. Fraudsters also can use social engi- neering (psychological manipulation to ‘make people perform actions or divulge confidential information) to gain access to victims computersto install software. For example, a fraudster might calla business employee and claim tobean IT employee to gain access to his or her computer on which the fraudster could then install spyware or keystroke loggers. Fraudsters might also use social engineering to con- vince bank employees thatthe fraudsters are customers. (See the breakout session of SIFMAS January 2014 Anti-money Laun- dering & Financial Crimes Conference, NY l| ln “Latest ‘Trends in Cybercrime: the Impact on our Industry and AML htp:/tinyurl com/qeqo28m.) Mitigating ACH and wire transfer fraud Banks should help mitigate ACH and wire transfer fraud by setting limits and reviews on ACH and wire transfers, uti- lizing verification techniques, educating customersand through employee aware ness training programs. Banks should utilize IT to create a safe, online banking environment. They can use the layered security of multiple controls in account administration, in- cluding requiring additional identifica tion prior to implementing changes and notifying a customer via telephone or email immediately after implementing an administrative change, according to the Texas Bankers Electronic Crimes Task Force's “Best Practices Reducing the Risks of Conporate Account Takeovers” http:!/ tinyurl.comflzm2an} ‘The online banking system also should have a screen display that shows a customer the number of failed login attempts since prior successful attempt and the date and time of the last login Other best practices, according to the ‘Texas Bankers Electronic Crimes Task Force, include out-of-band verification of ACH and wire transfers initiated, poli- cies to address potentially compromised customer equipment, dual customer au- thorization through different access de- ‘vices, and enhanced challenge questions and security requirements. Internally banks also should imple- iment effective IT controls to mitigate ACH and wire transfer fraud. They should ensure effective firewalls and processes to evaluate, monitor, and validate firewall settings. At least every ‘month, they should ensure their patches are effective to stave off security vulner- abilities. And, according to the Texas ‘bankers, they should frequently update anti-virus and anti-malware programs frequently, utilize strong authentication tokens for extra security, and initiate and submit ACH and wire transfers via dedicated and isolated machines. Bank customer best practices Even though Internet users should havea reasonable expectation of privacy prior to logging into a website, they must still take precautions. Bank customers, of course, should never respond to emails or popups by divalging personally identifiable infor- mation, open attachments in unsolicited emails oF click on links in bulk emails. Bank customers should designate a single computer in households for online ‘banking and install separate browsers for online banking. They should closeall other ‘browser tabs when banking online. When. they're done they should log off online ‘banking and close the browser, according, to "ACH & Wire Transfer Fraud: Protect Your Business’ at MySECURITY Aware- ness.com (http:/tinyurl com/kau2pel). Customers also should monitor and reconcile their accounts daily and imme- diately report any unauthorized transac tions to their banks. They should never use their online banking passwords for any other online accounts and avoid using automatic login features that save user- names and passwords, according to the MySECURITY Awareness.com article. Also, they should never share their user- names and passwords with anyone and should share account numbers only with legitimate vendors for online payments. Castomersalso never should access their online banking accounts on public com- puters or at Internet cafes, according to MySECURITY Awareness.com. Bank policies and procedures Obviously, financial institutions should ‘rain staff to spot fraud. They should have strict “know-your-customer” policies. ACH and wire transfers employees should ‘beable to recognize abnormal conditions. For example, at Lor'’s bank, in an- other casa fraudster hijacked acommer- cial customersin-process online banking session and initiated an ACH payroll ile to pay himself from the business’ funds. “The frst leters ofthe first names of most ofthe receiving employees in the file were capitalized and the rest of the letters in each name were lowercase — a standard procedure. Most ofthe paycheck amounts were reasonable (not extraordinarily high) and for odd-dollar sums because of with- holding taxes and other deductions. However, one of the payee names ‘as entered in all capital letters, for an. ‘unusually high-dollar, rounded amount FRAUD-MAGAZINE COM JANUARY/FEBRUARY 2015 FRAUD MAGAZINETangled wires that didn't appear to include any deduc- tions. Ofcourse, the payee wasa fraudster. ‘Also, banks should train employees to ask for full account numbers and au- thentication through challenge questions ‘when supposed customers want to transfer funds over the phone, according to “Four Steps for Fighting ACH Fraud,” by Tracy Kitten, April27,2012, Bank Info Security, ‘ttpy/tinyurl.com/phjb3wf, At Loris bank, only customers with wire agreements could initiate Funds transfers over the phone. The bank pe- riodically gave them specific, complex PINs that bank employees would verify. ‘ACH and wire transfer specialists should have a limit on how much they can transfer and require thatall requests above those limits obtain approval. Banks should place wire transfers of funds to ‘overseas accounts on hold to give institu- tions time to verify authenticity. Banks also should consistently up- date their employee PCs with the latest versions of anti-malware and anti-virus software. They should remember that some low-tech methods can still be ef- fective antfraud methods, according to Kitten. For example, banks might require that corporate customers send follow-up faxes to verify any funds transfer requests. Banks, especially larger institutions, should offer options to customersto help prevent fraudulent transfers. ACH debit ‘lock stops debits from postingto custom- crs’ accounts based on the criteria they select. For example, they can block all ACH debits greater than acertain amount ‘or debits from a certain company or or- ganization. Once they select the criteria, ACH debit block works automatically ACH transaction review allows cus- tomers o review and confirm ACH debit and credit transactions that post to their accounts case by case. Customers can decide those transactions they want to review by filtering for any combination of debits and credits, company IDs, dol- lar amount and transaction types. Once filtered, a customer can determine if THE BOGUS COMPANY NOW LR APPEARS TO BE A LARGE felt) me) ITS ACCOUNT, WHICH IT SE ey 1h transactions are authorized and return any that arent, according to “Mitigate Pay- ‘ments Fraud” information on Chase’ site (hetpsitinyur.com/l4ns7ep). Banks should also require customers toset limits on ACH transactionsby ACH filetype (such as payroll payments to ven dors and monthly dues), full amount of the ACH file and amount of each entry within the ACH file. Loris identification of the fraudulent payroll file actually re- quired the bank to review the file because the amount of the individual fraudulent entry and the full amount of the file ex- ceeded the limits set by the customer. This control required cash management spe- cialistat the bank to review the file before itwas sent to the Federal Reserve to spot any inordinate entries and contact the customer to resolve the issue. Banks should educate customers about other protective features such as funds transfer limitations and automated ‘payment filters. They should recommend that customers daily reconcileall banking transactions ‘Also, banks should recommend that customers initiate ACH and wire-transfer requests under dual control which means that the customer establishes a transac tion originator anda separate transection authorizer — two different people,accord- ing to “24 Tips to Avoid ACH Fraud by Linda McGlasson, May 10, 2010, Bank Info Security, http:/tinyurl.com/7llzbog, Balance extreme risk with preparations ACH and wire transfers are among the simplest and most convenient ways to transfer funds between bank accounts. “These transfers can be extremely risky if banks dont take appropriate precau- tions, When financial institutions under- stand how ACH and wire transfer fraud is committed, they can understand how to prevent attacks through IT measures, identifying best practices, and implement ing and monitoring those policies and procedures. = FIM Stephanie Davis, CFE, is an audit associate at KPMG in Omaha, Nebraska, Her email address is: sdavis0622@hotmail.com. Jack Armitage, Ph.D., CFE, CPA, isthe Distinguished Alumni Accounting Pro- fessor in the Department of Accounting at the University of Nebraska at ‘Omaha, His email address is: jarmitage@unomahaedu. 0 FRAUD MAGAZINE JANUARY/FEBRUARY 2015 FRAUD-MAGAZINE. COMProperty of the City of Selah, WA 3 LU i a aoe Refocusing your fraud examination as unexpected twists arise When a case takes an unanticipated turn, these fraud examiners re- group and refocus their examination to discover evidence that eventu- ally helped obtain a felony conviction on a corrupt city official.“ ——_— = _ _— hen a client retains you vestigate @ particular crime, you might discover another fraud, We saw fraud examina- tion morph from what appeared to bea straightforward case into something completely different. We adapted, changed ‘our investigative focus and helped find evidence that local police and prosecu- tors used to obiain an Alford plea from a corrupt city official, (An Alford plea is a defendant’ guilty plea in connection with a plea bargain without the defen- dant actually admitting guilt, ie. a “no contest” plea.) Along the way, we helped forma strong team with city officials and lawenforcement, which helped show that outside fraud examiners could be helpful. Embezzlement or destroyed documents? In April 2012, Bob Noe, the city attor- ney for Selah, Washington, contacted Ken Wilson about a potential fraud case involving the former city manager. Wil- son's workload was heavy, so he brought in James Peet, a local fraud examiner, to assist. We both have prior law enforce- ‘ment experience and are state-licensed private investigators ‘The first meeting, which was in the city’s council chambers, included Noe, the two of us, Mayor John Gawlik and the city’s only detective for the 14-offcer police department, Rich Brumley. ‘Those at the meeting suspected that the former city manager, Frank Sweet, ‘might have embezzled approximately $24,000 from a city-managed grant fund. ‘The city had later written the amount off asbad debt. Asan aside, it was mentioned that several city employees had seen Sweet destroy numerous documents during his Jast days with the city, which might hinder the fraud examination. City officials alleged that Sweet, ‘who had been the city manager for 16 years, had abused his position, accepted favors from city vendors, created posi- tions for family members and removed personnel files. Also the city coulda'taccount for profits from the sale of some city-owned real estat. In the time between Gawlik’s el tion to mayor in 2011 and Sweet's term nation at the end of January 2012, wit- nesses saw Sweet take documents from city files into his office. The witnesses said that he made multiple trips with large bags — possibly containing shredded documents — from his office to a large recycling dumpster behind city hall Sweet also had asked the city’s con- tracted IT support technician to delete all of Sweet’ files on the city’s network server. However before he complied, the technician saved all the city manager's files and made copies. The technician, at Sweet's request, also wiped clean al of Sweets files on his desktop computer in his office. When the technician opened the operating system, he noticed many files had already been deleted When Sweet left his position, he re- ported thathiscity-issued laptop had been stolen, which raised more red flags ‘TheIT technician told Brumley about Sweet’s requests. Brumley obtained a search warrant and immediately seized the city servers’ hard drives and Sweet's desktop computer. At our first meeting, Brumley gave usa flash drive of the data the techi cian had copied from one of the city’s three servers prior to wiping them clean. ‘The city gave us permission to retain the services of a computer forensics expert, so we added Dr. Gordon Mitchell with Future Focusinc,, in Woodinville, Wash- ington, to the fraud examination team. Mitchell and Wilson had collaborated in the past, so we knew he possessed the talents necessary for this case. A shift in focus ‘The city meant to focus the original inves- Ligation on the missing $24,000; howeves, it became clear to us the more obvious crime was the destruction of public docu- ‘ments, First, we reviewed Washington state law and verified that the crime of “injury to and misappropriation of record” byapublic officer isa class B felony, pun- ishable by up to 10 years in prison. (See the Washington State Legislature at htp:// tinyurl.com/ka7ubxz.) We then immersed ourselves in the statute and Washington Covert backup Seized computer Hi inbox I Sent I Dolotod | Deleted official Figure 1: Authors’ discoveries when comparing farmer city manager's emails (Credit: Gordon Mitchell) States Public Records Retention Sched- les (http:/tinyur.com/ojplvd) to beter familiarize ourselves with the required elements ofthe law. Next, we interviewed various city employees. Few of them knew anything about the missing funds, but practically all knew Sweet had been shredding doc- uments, One employee said Sweet had a “shred-fest” Another witness said he had seen Sweet placea stack of personnel fils inthe personnel department area and walk away. One of the files belonged to the ‘witness, who opened itand discovered mu- rmerousdocuments related to the witness: complaint against Sweet were missing. ‘While we interviewed employees, Mitchell made forensic images ofthe hard drives and analyzed them. He identified 42 documents as last being accessed on an external storage device. We reviewed the digital copies and determined 21 of the documents had been removed from the city’s computers and possibly stored om a portable storage device. We then reviewed twwo Outlook email files: the covert backup that the IT techni cian madeand the fils from the seized city computer. The covert backup contained emailsin the Inbox, Sent Mail and Deleted files, while the seized computer only con- tained Deleted files. More than 1,000 files missing from the seized computer were found in the covert backup. ‘The diagram at left simplifies our discoveries when comparing the email files. The covert backup contained emails in Sent, Inbox and Deleted categories. The seized computer had only deleted emails When we compared the deleted emails, we made a further refinement to distinguish emails that involved official business and those that other city em- ployees didn't send or receive. These are represented by the light blue areas in the diagram. A total of 154 “missing” emails were discovered when we compared the contents of light blue areas between the covert backup and the seized computer. ‘To meet legal and retention require iments, Sweet and the city should have retained all official city emails. The 154 official documents had been removed or destroyed, contrary to Washington state Jaw. Each document destroyed constituted a separate felony. In May, we met with Brumley, Noe and the elected Yakima County prosecut- ing attorney to discuss the case. Brumley felt he hada strong enough case to arrest FRAUD-MAGAZINE.COM “JANUARY/FEBRUARY 2015 FRAUD MAGAZINE aACFE eens Bookstore ogy Se etre Loe ne nV oem Rs ctr eared NEW! Investigator and Fraud Fighter Guidebook: Operation War Stories By Oates Pp FE | Harder 318 pages ‘This book examines how to conduct thorough and complete investigations while jug- ling a caseload. The author provides guidance on conducting a fraud investigation and spotting red flags that often indicate big-picture problems, STU 9 Tt '$34 Members / $50 Non-Members Business emagoeeat Controls Some '2t =e fee ses,

You might also like

• The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  

  From Everand

  The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  Mark Manson

  Rating: 4 out of 5 stars

  4/5 (5814)
• The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  

  From Everand

  The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  Brene Brown

  Rating: 4 out of 5 stars

  4/5 (1092)
• Never Split the Difference: Negotiating As If Your Life Depended On It

  

  From Everand

  Never Split the Difference: Negotiating As If Your Life Depended On It

  Chris Voss

  Rating: 4.5 out of 5 stars

  4.5/5 (845)
• • Magazines
  • Podcasts
  • Sheet music
• Principles: Life and Work

  

  From Everand

  Principles: Life and Work

  Ray Dalio

  Rating: 4 out of 5 stars

  4/5 (609)
• The Glass Castle: A Memoir

  

  From Everand

  The Glass Castle: A Memoir

  Jeannette Walls

  Rating: 4.5 out of 5 stars

  4.5/5 (1717)
• Grit: The Power of Passion and Perseverance

  

  From Everand

  Grit: The Power of Passion and Perseverance

  Angela Duckworth

  Rating: 4 out of 5 stars

  4/5 (590)
• Sing, Unburied, Sing: A Novel

  

  From Everand

  Sing, Unburied, Sing: A Novel

  Jesmyn Ward

  Rating: 4 out of 5 stars

  4/5 (1104)
• Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  

  From Everand

  Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  Margot Lee Shetterly

  Rating: 4 out of 5 stars

  4/5 (897)
• Shoe Dog: A Memoir by the Creator of Nike

  

  From Everand

  Shoe Dog: A Memoir by the Creator of Nike

  Phil Knight

  Rating: 4.5 out of 5 stars

  4.5/5 (540)
• The Perks of Being a Wallflower

  

  From Everand

  The Perks of Being a Wallflower

  Stephen Chbosky

  Rating: 4.5 out of 5 stars

  4.5/5 (2104)
• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  

  From Everand

  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  Ben Horowitz

  Rating: 4.5 out of 5 stars

  4.5/5 (348)
• Bad Feminist: Essays

  

  From Everand

  Bad Feminist: Essays

  Roxane Gay

  Rating: 4 out of 5 stars

  4/5 (1018)
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  

  From Everand

  Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  Ashlee Vance

  Rating: 4.5 out of 5 stars

  4.5/5 (474)
• Her Body and Other Parties: Stories

  

  From Everand

  Her Body and Other Parties: Stories

  Carmen Maria Machado

  Rating: 4 out of 5 stars

  4/5 (822)
• The Outsider: A Novel

  

  From Everand

  The Outsider: A Novel

  Stephen King

  Rating: 4 out of 5 stars

  4/5 (1866)
• The Emperor of All Maladies: A Biography of Cancer

  

  From Everand

  The Emperor of All Maladies: A Biography of Cancer

  Siddhartha Mukherjee

  Rating: 4.5 out of 5 stars

  4.5/5 (271)
• The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  

  From Everand

  The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  Viet Thanh Nguyen

  Rating: 4.5 out of 5 stars

  4.5/5 (122)
• Angela's Ashes: A Memoir

  

  From Everand

  Angela's Ashes: A Memoir

  Frank McCourt

  Rating: 4.5 out of 5 stars

  4.5/5 (441)
• Brooklyn: A Novel

  

  From Everand

  Brooklyn: A Novel

  Colm Tóibín

  Rating: 3.5 out of 5 stars

  3.5/5 (1947)
• The Little Book of Hygge: Danish Secrets to Happy Living

  

  From Everand

  The Little Book of Hygge: Danish Secrets to Happy Living

  Meik Wiking

  Rating: 3.5 out of 5 stars

  3.5/5 (401)
• A Man Called Ove: A Novel

  

  From Everand

  A Man Called Ove: A Novel

  Fredrik Backman

  Rating: 4.5 out of 5 stars

  4.5/5 (4770)
• The World Is Flat 3.0: A Brief History of the Twenty-first Century

  

  From Everand

  The World Is Flat 3.0: A Brief History of the Twenty-first Century

  Thomas L. Friedman

  Rating: 3.5 out of 5 stars

  3.5/5 (2259)
• Steve Jobs

  

  From Everand

  Steve Jobs

  Walter Isaacson

  Rating: 4.5 out of 5 stars

  4.5/5 (807)
• The Yellow House: A Memoir (2019 National Book Award Winner)

  

  From Everand

  The Yellow House: A Memoir (2019 National Book Award Winner)

  Sarah M. Broom

  Rating: 4 out of 5 stars

  4/5 (98)
• Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  

  From Everand

  Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  Gilbert King

  Rating: 4.5 out of 5 stars

  4.5/5 (266)
• The Art of Racing in the Rain: A Novel

  

  From Everand

  The Art of Racing in the Rain: A Novel

  Garth Stein

  Rating: 4 out of 5 stars

  4/5 (4203)
• A Tree Grows in Brooklyn

  

  From Everand

  A Tree Grows in Brooklyn

  Betty Smith

  Rating: 4.5 out of 5 stars

  4.5/5 (1929)
• Yes Please

  

  From Everand

  Yes Please

  Amy Poehler

  Rating: 4 out of 5 stars

  4/5 (1898)
• A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  

  From Everand

  A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  Dave Eggers

  Rating: 3.5 out of 5 stars

  3.5/5 (231)
• Team of Rivals: The Political Genius of Abraham Lincoln

  

  From Everand

  Team of Rivals: The Political Genius of Abraham Lincoln

  Doris Kearns Goodwin

  Rating: 4.5 out of 5 stars

  4.5/5 (234)
• The Woman in Cabin 10

  

  From Everand

  The Woman in Cabin 10

  Ruth Ware

  Rating: 3.5 out of 5 stars

  3.5/5 (2522)
• Fear: Trump in the White House

  

  From Everand

  Fear: Trump in the White House

  Bob Woodward

  Rating: 3.5 out of 5 stars

  3.5/5 (738)
• Wolf Hall: A Novel

  

  From Everand

  Wolf Hall: A Novel

  Hilary Mantel

  Rating: 4 out of 5 stars

  4/5 (3811)
• John Adams

  

  From Everand

  John Adams

  David McCullough

  Rating: 4.5 out of 5 stars

  4.5/5 (2409)
• On Fire: The (Burning) Case for a Green New Deal

  

  From Everand

  On Fire: The (Burning) Case for a Green New Deal

  Naomi Klein

  Rating: 4 out of 5 stars

  4/5 (74)
• The Light Between Oceans: A Novel

  

  From Everand

  The Light Between Oceans: A Novel

  M.L. Stedman

  Rating: 4.5 out of 5 stars

  4.5/5 (789)
• Manhattan Beach: A Novel

  

  From Everand

  Manhattan Beach: A Novel

  Jennifer Egan

  Rating: 3.5 out of 5 stars

  3.5/5 (792)
• The Constant Gardener: A Novel

  

  From Everand

  The Constant Gardener: A Novel

  John le Carré

  Rating: 3.5 out of 5 stars

  3.5/5 (104)
• The Unwinding: An Inner History of the New America

  

  From Everand

  The Unwinding: An Inner History of the New America

  George Packer

  Rating: 4 out of 5 stars

  4/5 (45)
• Rise of ISIS: A Threat We Can't Ignore

  

  From Everand

  Rise of ISIS: A Threat We Can't Ignore

  Jay Sekulow

  Rating: 3.5 out of 5 stars

  3.5/5 (137)
• Little Women

  

  From Everand

  Little Women

  Louisa May Alcott

  Rating: 4 out of 5 stars

  4/5 (104)