THWART PROCUREMENT BATTLING PRODUCT LEARNING FROM PRIVATE 5 MOST SCANDALOUS UNETHICAL BEHAVIOR

FRAUD P. 24 SUBSTITUTION P. 32 INVESTIGATORS P. 40 FRAUDS OF 2022 P. 48 RATIONALIZATIONS P. 62

VOL. 38 | NO. 1 | JANUARY/FEBRUARY 2023

Fraud-Magazine.com

THE MEDICARE DISADVANTAGE

HOW INSURERS GAME THE SYSTEM AND COMMIT FRAUD
SEE P. 14
 Stay ahead in
the ever-changing
world of fraud
Fraud is always evolving. You should be too.

Become a Certified Fraud Examiner (CFE)

• Enhance your anti-fraud knowledge and expertise
with world-class training and resources
• Earn 17% more than your non-certified colleagues*
• Showcase your CFE credential on social media
with the exclusive CFE digital badge
*2022 Compensation Guide for Anti-Fraud Professionals

Visit ACFE.com/CFE to learn how you can earn your CFE credential.
 Contents Volume 38, No. 1, January/February 2023

COVER STORY
The Medicare disadvantage —
How insurers game the system
14
and commit fraud

By Paul Kilby

Medicare Advantage, the private-sector

arm for elderly care, is fast becoming
the new battle front in the fight against
health care fraud in the U.S. Here’s
why, and what fraud examiners think
should be done.
14 THE MEDICARE DISADVANTAGE

FEATURES

WHAT CAN CFES LEARN FROM

40 PRIVATE INVESTIGATORS?

BATTLING FRAUDULENT 5 MOST SCANDALOUS FRAUDS

24 THWART PROCUREMENT FRAUD 32 PRODUCT SUBSTITUTION 48 OF 2022

What can CFEs learn from private

Thwart procurement fraud
investigators?
by Sheryl Goodman and Tom Caulfield, CFE
24 by Dick Carozza, CFE 40
Battling fraudulent 5 most scandalous frauds
product substitution of 2022
by Stewart Thompson, CFE 32 by Jennifer Liebman 48
4 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

COLUMNS AND DEPARTMENTS
FROM THE PRESIDENT
Use advanced tools to fight
Medicare fraud
Bruce Dorris, J.D., CFE, CPA
FRAUD IN THE NEWS
A house of cards
Compiled by Anna Brahce
INNOVATION UPDATE
Build it right, and they will come
By Vincent M. Walden, CFE, CPA
FRAUD BASICS
Preventing fraud through
due diligence
By Mandy Yousif, CFE
CASE IN POINT
Better together
By Raina Verma, CFE
CAREER CONNECTION
‘The devil made me do it’
and other unethical
behavior rationalizations
By Donn LeVie Jr., CFE
ACFE NEWS
TAKING BACK THE I.D.
Fake Geek Squad scams and what
to do if you fall victim to credit
card fraud
By Robert E. Holtfreter, Ph.D., CFE
I’M A CFE
Kathryn Wilson, CFE
By Jennifer Liebman
CPE QUIZ
Publisher John Gill, J.D., CFE
Editor-in-chief Paul Kilby
Editor-in-chief emeritus Dick Carozza, CFE
Assistant Editor Jennifer Liebman
Editorial Assistant Anna Brahce
Contributing Editor Scott H. Patterson
Contributing Writer Donn LeVie Jr., CFE
Legal Editor Ron Cresswell, J.D., CFE
Art Director Lauren Marshall
3 Designers Flavia Sanches, Daryl Smith, Amy Tisi,
Victoria Tolan, Stephanie Weil
Cover Art Illustrator Jonathan Bartlett
Circulation Manager Aimee Jost, CFE
6 Account Executive Nathalie Sterling
Contact: (800) 245-3321 | nsterling@ACFE.com
Editorial Advisory Committee
6 FRAUD IN THE NEWS Jonathan E. Turner, CFE, CII, chair; Jane Amling, CFE, FCA; Em-
manuel A. Appiah, CFE, CPA, CGMA, CFF; Johnnie R. Bejarano,
8 DBA, CFE, CPA, CGMA; Richard Brody, Ph.D., CFE, CPA; Jeimy J.
Cano, Ph.D., CFE, CAS; Courtney Castelino, CFE, CPA, CA, CBV,
CFF; Franklin Davenport, CFE; Chris Dogas, CFE, CPA; David J.
Clements, CFE; Peter D. Goldmann, CFE; Katya Hirose, J.D., CFE,
CAMS; Robert Holtfreter, Ph.D., CFE; Sezer Bozkus Kahyaoglu,
CFE; Thomas Cheney Lawson, CFE, CIA; Philip C. Levi, CFE, CPA,
FCA; Robert Loh, CFE, CFCS, CIRA; Larry Marks, CFE, CISA, PMP,
CISSP, CSTE; Dorothy Riggs, CFE; Elisabeth Rossen, MBA, CFE,
MAcc; Daniel Semick, MPA, CFE, CGFM; Katharina Shamai, CFE,
10 CIA, CA, IIA; Herbert Snyder, Ph.D., CFE; Stéphane Vuille, CFE, PCI
2022-2023 Board of Regents
Bruce Dorris, J.D., CFE, CVA, CPA; Jeanette LeVie, CFE;
Wendy Evans, CFE; Alexandra Sagaro, MSS, CFE, Collins
Wanderi, CFE; Hannibal “Mike” Ware, CFE; John Warren,
J.D., CFE; Chrysti Ziegler, CFE
58 Fraud Magazine (ISSN 1553-6645) is published bimonthly
65 ACFE NEWS by the Association of Certified Fraud Examiners, 716 West
Avenue, Austin, TX 78701-2727, USA. Periodical postage
paid at Austin, TX 78701 and at additional mailing offices.
Postmaster — Please send address changes to:
Fraud Magazine | ACFE Global Headquarters
716 West Avenue | Austin, TX 78701-2727, USA
(800) 245-3321 | +1 (512) 478-9000
Fax: +1 (512) 478-9297
62 Subscriptions
ACFE members: annual membership dues include a reg-
ular one-year subscription. Printed subscription rates for
65 66 TAKING BACK THE I.D. libraries and organizations are available upon request.
Membership information can be obtained by visiting
ACFE.com, emailing MemberServices@acfe.com or by
calling (800) 245-3321, or +1 (512) 478-9000. Change of
address notices and subscriptions should be directed to
Fraud Magazine. Although Fraud Magazine may be quot-
ed with proper attribution, no portion of this publication
may be reproduced unless written permission has been
obtained from the editor. The views expressed in Fraud
Magazine are those of the authors and might not reflect
the official policies of the Association of Certified Fraud
66 Examiners. The editors assume no responsibility for
unsolicited manuscripts but will consider all submissions.
Contributors’ guidelines are available at Fraud-Magazine.
com. Fraud Magazine is a double-blind, peer-reviewed
publication. To order reprints, visit Fraud-Magazine.com/
reprint or email reprints@fraud-magazine.com.
© 2023 Association of Certified Fraud Examiners, Inc. “ACFE,” “CFE,” “Certified
68 Fraud Examiner,” “CFE Exam Prep Course,” “Fraud Magazine,” “Association of
Certified Fraud Examiners,” “Report to the Nations,” the ACFE Seal, the ACFE
Logo and related trademarks, names and logos are the property of the As-
70 68 I’M A CFE - KATHRYN WILSON, CFE sociation of Certified Fraud Examiners, Inc., and are registered and/or used in
the U.S. and countries around the world.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 5
FRAUD in the news Read more news at Fraud-Magazine.com

VICTIMS SCAMMING VICTIMS
While many fall victim to fraud scams,
it’s rare that the scammers themselves are
victims. But that’s what’s been happening
in Southeast Asia, where tech workers
are being conned into working for
cybercrime rings.
Lured by fake high-paying job
offers, thousands of young Asian tech
workers have arrived on job sites only
to find crime syndicates confiscating
their phones and passports, demanding
ransom fees and threatening violence.
Criminals hold tech workers captive
in converted casinos in Cambodia,
and economic zones in Myanmar and
Laos, and train them in the art of online
cryptocurrency scams.
A favorite scam is “pig butchering,”
which involves building trust with
victims over social media apps and
developing fake romantic relationships
to get them to invest in crypto and
trading scams.
In August last year, 40 Vietnamese
workers narrowly escaped a casino in
Cambodia’s Kandal province, and in
September, the Indian government
issued an advisory against the fake
job offers targeting young IT workers.
(See “Cyber criminals hold Asian tech
workers captive in scam factories,” by
Anuradha Nagaraj and Nanchanok
Wongsamuth, Reuters, Nov. 1, 2022,
tinyurl.com/37xkjscv; “Inside The
Crypto Human Trafficking Rings In
Myanmar, Cambodia & Laos,” by Suprita
Anupam, Inc 42, Oct. 24, 2022, tinyurl.
com/ceymxurf; and “‘I was a slave’:
Up to 100,000 held captive by Chinese
cybercriminals in Cambodia,” by David
Pierson, Los Angeles Times, Nov. 1, 2022,
tinyurl.com/9jacz4t3.)
A HOUSE OF CARDS
When Andrew Smith rented a house in
Cambridge, U.K., he immediately set about
trying to sell the three-bedroom property
through a fake online real estate company.
In November, Smith received a 2 1/2-year
jail sentence for his fraudulent scheme.
Police nabbed Smith after neighbors
alerted a prospective buyer that the house
was rented. The buyer contacted the letting
agents who in turn reported the fraud to
law enforcement.
To decorate the house, Smith had
rented furniture from a company that
provides furniture for showrooms. The
unsuspecting buyer almost parted with
400,000 pounds in what one police con-
stable described as an “almost unbeliev-
able and truly brazen crime.” (See “Man
jailed for trying to sell someone else’s
house,” by Debbie Luxon, Independent,
Nov. 9, 2022, tinyurl.com/3r25r2nw.)

DOJ CLOSES BOOK ON ONE A 58-year-old woman received a 10-year prison sentence in October for masterminding
OF U.S.’S BIGGEST-EVER what a Homeland Security agent called one of the biggest marriage fraud conspiracies in
MARRIAGE SCAMS U.S. history — a scam that brought in a total of $15 million for the fraudsters, according
to the U.S. Department of Justice.
Ashley Yen Nguyen was the ringleader of a group that charged Vietnamese nationals
$50,000 to $70,000 to find a spouse in the U.S. and fraudulently obtain permanent resident
status in the country. Operating out of the Southwest Houston area, the group organized
over 500 sham marriages, using fake wedding albums and fabricated details about the
couples’ relationships to appear legitimate during interviews with immigration officials.
Nguyen regularly offered U.S. citizens $15,000 and $20,000 in installments to act
as spouses but rarely paid them the full amount. She also used mass marketing to reach
her audience, advertising the scheme through recruiters and Facebook. (See “Ringleader
sentenced in immigration scam that offered fake marriages for $70,000,” DOJ, Oct. 27,
2022, tinyurl.com/mu5kc84y.)

— Compiled by Anna Brahce

6 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 Prepare to Pass
the CFE Exam
The CFE Exam Prep Course® gives you flexibility to
prepare for the CFE Exam on your schedule. Including
study questions and practice exams, the CFE Exam Prep
Course will help you prepare to pass the rigorous CFE Exam.

Includes a subscription to the

online Fraud Examiners Manual!

1,300+ STUDY QUESTIONS PRACTICE EXAMS FRAUD EXAMINERS MANUAL

Review sample exam questions with Evaluate your preparedness for the CFE Explore topics in depth with the
explanations of the correct answers. Exam with practice exams and results. Fraud Examiners Manual.

Visit ACFE.com/PrepCourse to learn more.

 INNOVATION UPDATE
BUILD IT RIGHT, AND THEY WILL COME
When we think of innovation, certain industries spring to mind: electric vehicles, fintech,
medtech, space exploration, to name a few. But innovation and change are just as prevalent in the
professional services industry, where consultants must stay up to speed to best advise their cli-
ents. Learn how professional services firms can stay competitive and relevant through technology
innovation.
T
oday’s world is fraught with
geopolitical sanctions, fraud,
corruption and cyber warfare,
and fueled by rapidly emerging tech-
nologies that continue to change how
we approach business and risk mitiga-
tion. Companies large and small are
enduring a costly, but necessary, shift
to digital, while transitioning opera-
tions to the cloud and scrambling to
protect their systems from intrusion.
With change comes risks, which is why
companies often look to anti-fraud and/
or forensic technology professionals
to help them build the preventive and
detective anti-fraud controls needed to
protect their business and align with
regulatory expectations.
In many cases, companies turn
to professional services firms that can
add additional horsepower (like more
CFEs) to their risk mitigation objectives
or assist with an internal investigation
or litigation matter. This often includes
specialized forensic technology solu-
tions where professional services firms
can really go deep. However, yesterday’s
innovation is today’s norm. What was
relevant a few years ago may not have
the same market need as today’s fraud
risk or investigative technologies.
That’s why professional services firms,
especially leading mid-to-large firms
and the Big Four, are constantly seeking
to innovate new fraud risk manage-
ment solutions and technologies to stay
relevant with their clients.
In Fraud Magazine’s January/
February 2019 edition of “Innovation
Update,” I collaborated with my friend
Eric Johnson, managing director at EY,
to apply a common framework known
8 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
Practical anti-fraud ingenuity
COLUMNIST
VINCENT M.
WALDEN, CFE, CPA
CEO KONA AI
as the “innovation funnel” to innovate
and create new anti-fraud products. (See
tinyurl.com/27b4met9.) The framework
walks through six phases summarized
as follows:
1. Ideation: Brainstorming market and
client needs and services.
2. Evaluation: Frequent yet short
meetings to narrow down the list of
options.
3. Acceleration: Selected proof of con-
cept is designed and modeled out,
and more research is gathered.
4. Incubation: Solutions are tested in
a pilot environment in development
sprints, and solutions are compared.
5. Iteration: Finalizing activities and
plans to roll out the new service or
solution.
6. Launch: New service offering or
product is launched in the market.
While the above framework can be
helpful in spurring innovation, there are
still many questions a professional ser-
vices firm needs to consider, especially
when it comes to technology.
Buy vs. build in-house
“There’s no disputing the fact that
professional services firms, particularly
in forensic accounting, need to invest
in technology infrastructure, cutting-
edge anti-fraud software, and superior
talent to be able to provide high-quality
client service and remain ahead of the
competition,” Ken Feinstein, managing
FRAUD-MAGAZINE.COM
director at consulting firm J.S. Held
LLC, tells Fraud Magazine.
“However, firms are constantly
faced with resource allocation chal-
lenges, wrestling with decisions to hire
more technical experts and/or invest
in licensing technology solutions that
will gain them a competitive differen-
tiator and ROI [return on investment].
With the flood of technology companies
hitting the market in recent years, the
timeless debate over whether to build
your own technology infrastructure or
buy/outsource has become more critical
than ever.”
Feinstein says that building soft-
ware solutions from scratch, or “pro-
ductizing,” can be a dangerous game for
professional services firms, which need
to adapt nimbly to their clients’ chang-
ing needs. Challenges facing today’s
companies may quickly become yester-
day’s news, leaving what seemed to be
the next big thing collecting dust on the
proverbial shelf. Take the Cambridge
Analytica scandal from 2018, when re-
ports revealed that the political consult-
ing firm had harvested Facebook data of
millions of people without their
consent to support the 2016 presiden-
tial campaigns of Ted Cruz and Donald
Trump. (See “How Cambridge Analytica
Sparked the Great Privacy Awakening,”
by Issie Lapowsky, Wired, March 17,
2019, tinyurl.com/yc55vu5k.) Executives
across the globe scrambled to ensure
their customer data was secure from
third-party misuse, spurring consulting
firms to respond expeditiously to assess
third-party risk and identify data misuse
through automated solutions. But by
the time the ink dried on many engage-
ment agreements, much of the buzz
surrounding the scandal had subsided,
and companies instead were funneling
investment dollars towards stricter com-
pliance and data governance. That left
many firms with half-baked products
and fewer clients concerned about these
types of third-party risks.
The concern over conflict miner-
als is arguably a similar story. In 2010,
the Dodd-Frank Wall Street Reform and
Consumer Protection Act sought to stop
the national army and rebel groups in
the Democratic Republic of the Congo,
among others, from funding armed con-
flict through illegal mining by requiring
companies to disclose whether their
products contained these types of con-
flict minerals. Consulting firms spent a
tremendous amount of time and money
to find solutions for clients faced with
the new regulatory landscape only to see
the Trump administration try to repeal
those rules years later. (See “The Dodd-
Frank repeal: What it means for conflict
minerals,” by John Filitz, mining.com,
Aug. 8, 2017, tinyurl.com/5awn59wx.)
“Procuring technology to meet a
client’s needs is unavoidable whether
it’s commercial off-the-shelf software
(COTS), cloud-based platforms or data
visualization tools, etc.,” says Feinstein.
“It becomes a question of invest-
ment when faced with an opportunity
to help your client handle a unique
challenge such as performing natural
language processing (NLP) to derive
insights from thousands of documents.
When evaluating the purchase of a
software technology, one should ask if
this is a one-and-done proposition for a
specific client need or does this solution
span multiple clients.”
Outsourcing is another option,
but it’s typically more about people
and processes rather than technology.
Companies often choose to outsource
a task or function as part of an overall
client service offering to conduct oner-
ous or routine procedures. One such
example is third-party due diligence
checks, which require access to expen-
sive databases and significant, but often
tedious, reviews to ensure the accuracy
and relevance of the subject. For firms
wishing to specialize in third-party
due diligence, bringing this function
in-house could be a good solution. But
for forensic accounting or investigations
firms whose specialty skills are in fo-
rensic accounting, forensic technology,
litigation support or white-collar crime
investigations, it often makes sense to
subcontract or outsource due diligence
checks.
Staying ‘software agnostic’
Professional services firms might be
tempted to develop their own anti-fraud
or compliance-monitoring software
solutions, replacing the hourly billing
model with one that’s more scalable
around a solution. But this poses a con-
flict for professional services firms that
view themselves as “software agnostic.”
In other words, they’re supposed to
be recommending the best technical
solution for the client’s need, not what
they’ve internally built themselves.
(Think of it as a “separation of church
and state” on the software level.) Be-
yond that inherent conflict, there are
also other factors like ongoing support
and maintenance that make software
development challenging to a profes-
sional services firm. How will they
deploy software updates and security
patches on the client’s hardware after
the consulting agreement (or project) is
over? Is the client tied to the consulting
firm, and their billable hours, for the
entire life of the software relationship?
To combat these issues, many pro-
fessional services firms offer a managed
service solution where the firm hosts
(stores) the client’s data for analysis.
This works well for a one-time investiga-
tion, eDiscovery matter or short-term
projects, but not for long-term monitor-
ing or proactive risk assessments and
continuous monitoring where client
data constantly needs to be refreshed to
be relevant. The thought of companies
sending reams of sensitive transactional
data (such as third-party payments or
sales) each month to an outside firm for
processing and analysis sounds like an
IT and data privacy nightmare.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
Software companies specialize in
developing and supporting software to
address a specific business issue, most
often in the customer’s IT environment.
In contrast, professional service firms
have expert knowledge of particular
fields or sectors (also known as domain
expertise) and the understanding of
various technologies to align the right
people, processes and software tech-
nologies to solve a particular client
problem.
How to build it right,
so they will come
Feinstein and I collaborated on some
tips to help professional services firms
in the anti-fraud and investigations
space best foster innovation and contin-
uously remain relevant to their clients.
We aren’t claiming an all-inclusive list
here, but these tips are drawn from
more than 20 years of experience we
each have in this field. Some of these
are idioms you may have heard; others
might make you laugh. But all of them
stem from experience.
• Stay relevant: Come up with a new
service offering or market idea at least
every six months, and let the market
know about it.
• It’s always best to align your anti-
fraud and service offerings to industry
or regulatory guidance from The
Committee of Sponsoring Organiza-
tions of the Treadway Commission
(COSO), U.S. Department of Justice,
U.S. Securities and Exchange Com-
mission, U.K.’s Serious Fraud Office,
EU’s General Data Protection Regula-
tion and the U.S.’s Financial Industry
Regulatory Authority (FINRA), just to
name a few.
• Cost, quality or speed — clients can
only pick two.
• Go beyond rules-based queries in your
solution designs. Think data visual-
ization, text mining, machine learn-
ing, optical character recognition (for
matching), risk scoring, and pattern
and link analysis, for example.
CONTINUED ON PAGE 71
FRAUD MAGAZINE 9
 FRAUD BASICS Fundamentals for all
PREVENTING FRAUD THROUGH DUE DILIGENCE
Due diligence is a proactive countermeasure against fraud, helping to safeguard the interests of
all parties involved in a transaction. Here are some pointers in how to carry out due diligence and
prevent fraud in the process.
I n March 2019, former New York Lt.
Gov. Brian Benjamin, at the time
a state senator, asked a real estate
developer to help procure a number of
small-dollar contributions for his latest
political campaign. Benjamin’s un-
named contact, who also led a nonprofit
organization, later told investigators
from the U.S. Department of Justice
(DOJ) that he initially rebuffed Benja-
min’s request for several reasons: He
didn’t have experience “bundling politi-
cal contributions” in that manner; he
was focused on fundraising for his own
nonprofit; and any potential donors he
could target were the same ones from
whom he intended to solicit contribu-
tions for the nonprofit. (See “New York
Lieutenant Governor Brian Benjamin
Charged With Bribery And Related Of-
fenses,” DOJ press release, April 12, 2022,
tinyurl.com/4z969d4p.)
Benjamin was undeterred, telling
the developer, “Let me see what I can
do,” according to the DOJ. About three
months later, New York awarded a
$50,000 grant to the developer’s non-
profit, a windfall that the DOJ alleges
Benjamin facilitated — with the expec-
tation that the developer acquiesced
to his request for campaign donations.
The developer did just that in an alleged
bribery scheme that disguised his il-
licit payments to Benjamin’s campaign
as “donations” made in the names of
unaware family members, as well as
from an LLC under his control. The
alleged scheme was finally exposed,
according to the DOJ, when Benjamin
failed to meet disclosure requirements
for the LLC, the New York City Cam-
paign Finance Board deemed some of
the donations as ineligible, and a media
outlet published an article questioning
10 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
COLUMNIST
MANDY YOUSIF, CFE
COO/PARTNER, SPECIALTY
RISK & INTELLIGENCE
SERVICES (SRIS)
the legitimacy of various contribu-
tions to Benjamin’s campaign. In the
fallout, Benjamin was indicted by the
DOJ for bribery and related offenses
and resigned his office, and we can
presume that taxpayers are on the hook
for the tab in Benjamin’s investiga-
tion and prosecution. (See “New York’s
lieutenant governor resigns after being
charged with bribery and fraud,” NPR,
April 13, 2022, tinyurl.com/23adu8nu.)
Benjamin’s case isn’t an outlier. A
string of recent fraud investigations il-
lustrates the importance of conducting
due diligence, and the repercussions
of failing to do so. These range from
the well-publicized fraud trial of Trevor
Milton, the founder of electric truck
company Nikola; to the lesser-known
case of the buyer of a laundry service
who failed to dig deep into the busi-
ness’s financials. (See “Nikola founder
Trevor Milton found guilty of fraud over
statements he made while CEO of the
EV company,” by John Rosevear, CNBC,
Autos, updated Oct. 14, 2022, tinyurl.
com/burkza2n and “Buyer’s failure to
conduct due diligence defeats claim
for misrepresentation against seller
of laundry business,” by James R.G.
Cook, Gardiner Roberts, Aug. 20, 2021,
tinyurl.com/34x3msse.)
The latter is a good case in point.
In 2019, Chirag Patel agreed to buy
a coin laundry business in Ontario,
Canada, for C$290,000 — C$100,000
upfront and the rest over time through
a promissory note — after the seller
FRAUD-MAGAZINE.COM
told him that the business generated
a gross income of C$12,000 a month.
The agreement allowed Patel to cancel
the transaction if he found this to be
false after conducting due diligence
within a certain period of time. Patel
conducted some due diligence, but not
enough and eventually found that the
business brought in much less money
than he was told. He defaulted on the
promissory note and accused the seller
of fraudulent misrepresentation. The
courts, however, ruled in favor of the
seller, rejecting Patel’s requests for
further financial records as he had not
sought them during the time stipulated
in the contract. Lesson learned. (See
“Canada Inc. v. Ontario Inc. - court file
no.: CV-19-00630443,” Ontario Superior
Court of Justice, June 25, 2021, tinyurl.
com/nw9jaj2a.)
Due diligence is an essential
preemptive measure against fraud,
and failing to apply it can be detrimen-
tal. Read on to learn how proper due
diligence can go a long way toward pre-
venting fraud, irrespective of the nature
of a contract and whether it’s related
to a mergers and acquisitions (M&A)
transaction, vetting of political appoin-
tees, preemployment background or
vendor screening.
Levels of due diligence
The nature and extent of due diligence
processes organizations employ to
mitigate fraud vary depending on their
assessment of perceived risks. Organiza-
tions commit a common mistake when
they apply the same level of diligence to
each engagement without taking into
consideration the level of risk, type of
investment or purpose of the contract.
 For instance, when recruiting
new employees, the level of diligence
should not be the same for an execu-
tive position and that of an entry-level
position. Likewise, the level of dili-
gence should be greater for a multi-
million-dollar investment or acquisi-
tion than a smaller one. The following
are the most common levels of due
diligence:
• Simplified/basic.
• Standard.
• Comprehensive/enhanced.
The checklist dilemma
Due diligence investigations often in-
clude accessing and reviewing a number
of legal, regulatory, financial, licensing
and disciplinary records, as well as vari-
ous additional government, proprietary
and public records. A common mistake
organizations make is accessing and re-
viewing records based on a checklist ap-
proach without considering the nature
of the industry, or profile of the target
personnel (to name a few factors).
Just as an organization shouldn’t
conduct the same due diligence inves-
tigation on a publicly traded entity as a
privately held company, due diligence
strategies should be different based on
various industry sectors. For example,
due diligence on a political candidate
should differ from an individual within
the investment sector or the cyberse-
curity industry. Following a checklist
of items will limit the due diligence
process and could fail to uncover sig-
nificant findings that could later cause
harm to the organization.
Due diligence isn’t simply a check-
list or a box-ticking exercise, but rather
a process dependent on a number of
factors that must be assessed through-
out the investigation.
Myopic approach
Due diligence investigations often fail
when they take a myopic (i.e., nearsight-
ed, or narrow) approach, focusing on
the analysis of partial legal and financial
records — and failing to include a
number of additional crucial records.
Further, a myopic approach often only
targets a specific timeline (usually 10
years) and is mainly focused on a certain
jurisdiction.
Organizations must take a holistic
view and thoroughly assess all areas of
risks such as all available legal, regula-
tory, financial, licensing, disciplinary,
political, corporate, strategic, cultural
and operational records, just to name a
few. Rather than focusing on a spe-
cific jurisdiction, your investigation
should cover relevant records from all
jurisdictions where the target person-
nel has resided and worked. In the case
of a corporate entity, the investigation
should include all jurisdictions where
the entity operates. Don’t limit your in-
vestigation to a specific period — cover
all available records dating as far back
as permitted.
Many organizations operate under
the assumption that public records
and traditional media sources include
all that’s needed for a due diligence
investigation. But reputational source
inquiries are crucial. Third-party
source inquiries not only verify known
facts but often also reveal information
that’s not publicly available.
In the case of preemployment
background checks, organizations
often fail to contact references, as-
suming they’ll only provide a positive
reference. However, some candidates
will list important-sounding individu-
als as references with the hope that the
recruiting organizations won’t contact
them. Further, references often dis-
close information that’s not necessar-
ily favorable. In addition to checking
references, organizations should, to
the extent permitted by law, contact in-
dependent references such as industry
associates, litigation adversaries and
others. These references can provide
further insight and information that’s
likely unattainable through other
resources.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
Know your vendor
Perhaps the most critical aspect when
conducting due diligence is partner-
ing with the appropriate expert. We’ve
seen cases where organizations have
partnered with the wrong vendors af-
ter failing to uncover obvious red flags.
Third-party vendors play a key role in
due diligence investigations as they pro-
vide the necessary expertise to obtain
and interpret information and identify
potential adverse records such as prior
criminal offenses, litigation disputes
or poor credit reports. The reliance on
third-party vendors is greater when the
investigation requires an international
component.
Relying on third-party vendors
presents many risks, and they’re higher
among organizations that use inter-
national third-party vendors and lack
access to, or knowledge about, foreign
records.
Organizations can mitigate these
risks by conducting their own due
diligence into new third-party vendors
prior to partnering with them. Ad-
ditionally, evaluate the relationship of
existing vendors regularly to assesses
their performance and reliability. Prior
to engaging a third-party vendor, con-
sider the following measures:
• Inquire about the vendor’s reputa-
tions, both locally and globally.
• Ensure that the vendor has an exist-
ing ethics and compliance program
as well as privacy regulations and
policies.
• Ask about the vendor’s anti-bribery
and anti-corruption policies.
• Assess how the vendor conducts
internal audits.
• Ensure that the vendor agrees in writ-
ing to abide by the organization’s code
of conduct.
• Carry out a background check on
the vendor’s business, ownership
structure, executive team and par-
ticularly on the employees who will
perform the investigation on your
FRAUD MAGAZINE 11
 FRAUD BASICS Fundamentals for all

organization’s behalf. The vendor
may be reputable, but some employ-
ees may lack the necessary skills for
the job. This is especially problem-
atic when the investigation has been
delegated to junior employees with no
oversight from management.
• Interview the vendor and inquire
about its industry knowledge, and
independently verify its credentials.
Don’t simply trust all information
found on the vendor’s website.
• Request a proposal prior to engaging
the vendor. The first red flag is when
the vendor immediately accepts a
client’s proposed request without
providing any recommendations, ad-
ditional areas of inquiry, or delivering
its own proposal.
especially for databases that feature
several sections. For instance, Cana-
dian Securities Commission databases
vary across all provinces and territo-
ries; some of these databases contain
over 20 sections with specified search
criteria.
• Become familiar with foreign records
and ensure that the vendor provides
clarification on the purpose of each
search.
• Request sample reports from multiple
vendors for comparison.
• Consider retaining a second vendor
for further verification and com-
parison. This is highly recommended
when selecting a new vendor. It en-
sures that old vendors are providing
accurate results.
document to ensure the search was
conducted properly.
Knowing exactly with whom you’re
partnering is not only a good business
practice, but also a legal and ethical
necessity.
Fraud prevention starts with
adequate due diligence procedures and
strategies. Regardless of the jurisdic-
tion, it’s best to conduct rigorous due
diligence on third-party associates to
ascertain their integrity, financial via-
bility, and legal and ethical compliance.
Knowing that fraud can take many
forms and cause extensive damage, it’s
easier, and less costly, to prevent and
mitigate the risks of fraud than it is to
detect it. ■ FM

• Ensure that the vendor is trained • Don’t assume that the vendor’s reports Mandy Yousif, CFE, is COO and partner
to use databases and remains up to are always free of error. at consultant Specialty Risk & Intelli-
date with the changes and security • Don’t accept “no record” for an answer gence Services (SRIS). Contact her at
features. This is extremely important, and request a copy of the actual Mandy.Yousif@sris.ca.

ACHIEVING EXCELLENCE
WITH A GLOBAL VISION

OUR OFFERINGS
Forensic Investigation Due Diligence
Hard Disk Imaging Background Checks
Anti Counterfeit operations Physical Security consulting
Cyber Security Dark Web Monitoring
Online Monitoring Training and Certifications

Offices: UA E | S ri L a nk a | Si ng a p or e | I nd i a
OUR PRESENCE { India Offices: Del hi | M um b a i | B eng a l ur u | Chenna i | H y d er a b a d | Kol kat a
2 G / 2023 G CO
More details: info@netrika.com | www.netrika.com | +91 97152 4711713 | +91 98710 93338
 Online Self-Study CPE Course
Merchandise

10 infamous cases of the 21st century

Duffel Bag

This rugged yet refined duffel bag with

ACFE seal, constructed of washed beige
cotton canvas and genuine leather, is
perfect for a trip to the gym after work, an
overnight business trip or a weekend
getaway. The top zipper closure opens to
a spacious main storage area that includes
a zippered interior pocket and two small
interior pockets without zippers.

Sling the bag over your shoulder using
the removable and adjustable shoulder
strap or use the double carrying handles.
Features
In this self-study course, learn from 10 infamous
fraud cases to better protect your clients, employers
and the general public from similar schemes. Fraud
CPE Credit
cases include the WorldCom scandal, Madoff’s Ponzi 4
scheme and the Fédération Internationale de Football
Association (FIFA) scandal.

Top zipper closure

Zippered interior compartment KEY TAKEAWAYS: Course level
and two small interior pockets • Introductions and background information for Basic
Detachable adjustable shoulder all cases
strap that extends up to 58” • Insights to how each scheme was perpetrated
Double carrying handles and detected
• Recommendations to prevent future frauds
• Lessons learned for each case
prerequisites
None

$79.20 Members
$99 Non-Members $135.20 Members / $169 Non-Members

Visit ACFE.com/Duffel to learn more. Visit ACFE.com/TIFC to learn more.

 THE MEDICARE
DISADVANTAGE
How private insurers are gaming the Medicare
system and committing fraud

By Paul Kilby
Illustrations by Jonathan Bartlett

14 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 Medicare Advantage, the
private-sector arm for elderly
care, is fast becoming the new
battle front in the fight against
health care fraud in the U.S.
Here's why, and what fraud
examiners think should be done.
W hen Cigna launched its “360 Pro-
gram” in 2012, it described it as a
way to identify gaps in care for
Medicare Advantage plan mem-
bers through regular wellness visits. The
health insurer said the extra consultations
came with no added costs and helped de-
tect health problems earlier on while they
were less expensive to treat. They even
gave patients gift cards for participating.
It all made sense. After all, the strategy fell
nicely under the original rubric of Medi-
care Advantage, a program within the U.S.
public health system designed to create
greater efficiencies, more choice and lower
costs by having private insurers manage
health care for elderly Americans. (See
“Prevention Pays: $50 Prevention Bonus
program for 2018,” Network Insider, Cigna-
HealthSpring, Network Insider, Winter
2017, tinyurl.com/2p97vr6u.)
But there was more to the 360 Pro-
gram than met the eye, at least according
to the U.S. Department of Justice (DOJ),
which in October 2022 joined an earlier
whistleblower lawsuit that accused the
insurer of using its 360 medical in-house
exams conducted by third-party vendors
for more nefarious and fraudulent means.
Rather than treat patients, the vendors
allegedly used the home visits to collect
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
lucrative diagnosis codes so that Cigna
could garner higher payments from Medi-
care. And the company admitted as much
in internal communications, according to
the lawsuit. In a 2017 company document,
Cigna said: “[t]he primary goal of a 360
visit is administrative code capture and
not chronic care or acute care manage-
ment.” (See “Complaint in Intervention
of the United States of America, Civil Ac-
tion No. 3:21-cv-00748,” U.S. District Court,
Oct. 14, 2022, tinyurl.com/4mw5ry82.)
The way Cigna went about using
third-party vendors for this purpose was
suspect, according to the DOJ. The health
insurer allegedly prohibited the vendors
from providing patient treatment or care
during home visits — one of the exam
options. Instead, nurse practitioners or
nonphysician health care providers, with
no access to beneficiaries’ full medical
histories, spent little time with patients
during home visits and relied heavily on
responses to self-assessment question-
naires, according to the lawsuit.
The DOJ accuses Cigna of using ven-
dors, who were incapable of properly as-
sessing patients’ health, to establish in-
valid diagnoses for serious illnesses that
it couldn’t have reliably determined in a
home setting without extensive diagnostic
FRAUD MAGAZINE 15
 THE MEDICARE DISADVANTAGE
testing or imaging. The lawsuit claims that
Cigna knew that these 360 home visits
generated false and invalid diagnoses, but
it continued to submit tens of thousands
of these invalid codes to the Centers for
Medicaid & Medicare Services (CMS), an
agency of the U.S. Department of Health &
Human Services, because it was profitable.
CMS took that data to determine higher
risk scores and in turn a bigger payout for
the insurer, which allegedly made tens of
millions of dollars this way.
“Cigna knew that, under the Medi-
care Advantage reimbursement system,
it would be paid more if its plan members
appeared to be sicker,” U.S. Attorney Da-
mian Williams said at the time. “This office
is dedicated to holding insurers account-
able if they seek to manipulate the sys-
tem and boost their profits by submitting
false information to the government.” (See
“United States Files Civil Fraud Lawsuit
Against Cigna For Artificially Inflating Its
Medicare Advantage Payments,” DOJ, Oct.
17, 2022, tinyurl.com/bdx43sw4.)
Cigna isn’t the only U.S. insurer to face
a civil fraud lawsuit for allegedly submit-
ting false and invalid patient diagnosis
codes to artificially inflate payments
received from the Medicare Advantage
program. Over the past several years, the
DOJ has similarly sued some of the largest
health insurers in the country as it turns a
spotlight on fraud in this corner of the U.S.
national health care system. Aside from
Cigna, other U.S. health care giants such
as UnitedHealthcare, Humana, Elevance
(formerly Anthem) and Kaiser Perman-
ente have found themselves in the DOJ’s
16 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
crosshairs for fraudulent behavior relat-
ing to the Medicare Advantage plan. (See
“‘The Cash Monster Was Insatiable’: How
Insurers Exploited Medicare for Billions,”
by Reed Abelson and Margot Sanger-Katz,
The New York Times, The Upshot, Oct. 8,
2022, tinyurl.com/2dw56tph.)
Alleged wrongdoing ranges from the
mundane accusation of failing to check
the accuracy of diagnosis codes (argu-
ably because deleting them would impact
revenues) to more sophisticated schemes
using algorithms and data mining. “Some-
times it is inadvertent, sometimes it is on
purpose, but at the end of the day it is
about making more money and getting
reimbursed at a higher rate,” says Kurt
Yannelli, CFE, who has sold Medicare Ad-
vantage plans to seniors and now works as
a trooper in the Pennsylvania State Police’s
criminal investigation unit.
The defendants all deny wrongdoing,
but the cases mark the latest chapter in
the perennial battle against fraud in the
U.S. public health system, this time high-
lighting the potential for financial chica-
nery among private insurers that provide
such coverage in this growing segment of
the Medicare system. “If these turn out to
be strong cases and the U.S. government
wins them, it’s a shot across the bow be-
cause fraud among the insurers was never
touched upon previously in the Medicare
Advantage world,” says Eric Rubenstein,
CFE, director of litigation for fraud, waste
and abuse at health care advisory company
Advize.
FRAUD-MAGAZINE.COM
CODING, CAPITATION
AND CLASSIFICATIONS
To understand the DOJ’s fraud accusations,
it helps first to examine how the U.S. gov-
ernment reimburses private insurers. Un-
der Medicare Advantage programs, insur-
ers (or plans) agree to assume the liability
and risks of beneficiaries’ health expenses
and in exchange the CMS pays the insur-
ers a monthly, per person (or capitated)
amount. The CMS pays the plans according
to a base rate determined by the insurer’s
bid for the business and whether it’s above
or below a benchmark rate set by the fed-
eral government. If it’s above, a plan gets
the benchmark rate and can charge enroll-
ees a premium to make up the difference.
If it’s below, which most bids are, the plan
gets a rebate, which it’s then required to use
to lower costs and provide extra coverage.
(See “Understanding Medicare Advantage
Payment & Policy Recommendations,” Bet-
ter Medicare Alliance, September 2018,
tinyurl.com/32n8tw88.)
But what’s important is the extra layer
of payments the insurers receive through
the so-called risk-adjustment scores that
the CMS calculate to account for the costs
of sicker patients. The insurer and the doc-
tors in its network supply the CMS with
International Classification of Disease
(ICD) codes based on diagnosis data. The
CMS then takes that information, plus
geographic information and other data,
to create a numbered risk score (some-
times called Risk Adjustment Factor or
RAF) using a model called hierarchical
condition category (HCC) that estimates
GLOBAL. EXPERIENCED.
INTEGRAL.
CRI® Group safeguards businesses from fraud and corruption,
providing a wide range of background

BACKGROUND INVESTIGATIONS
EMPLOYEE INTEGRITY DUE DILIGENCE
VENDOR AND 3RD PARTY SCREENING
PERSONNEL VETTING & PRE-EMPLOYMENT SCREENING

COMPLIANCE SOLUTIONS
INVESTIGATIVE DUE DILIGENCE
INTEGRITY DUE DILIGENCE
CORPORATE SECURITY & RESILIENCE
THIRD-PARTY RISK ASSESSMENT
ANTI-MONEY LAUNDERING

Partners to TRUST

BUSINESS
INTELLIGENCE
MARKET RESEARCH & ANALYSIS
COMMERCIAL INVESTIGATIONS

INVESTIGATIVE RESEARCH
ANTI-CORRUPTION & REGULATORY INVESTIGATIONS
ASSET SEARCH AND RECOVERY
FRAUD RISK INVESTIGATIONS
INSURANCE INVESTIGATIONS
IP INFRINGEMENT INVESTIGATIONS

TRAINING
INTERNAL INVESTIGATIONS & CONFLICT OF INTEREST
FINANCIAL INVESTIGATIONS

& CERTIFICATION FORENSIC ACCOUNTING

ISO 31000:2018 RISK MANAGEMENT

ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEM
GET A QUOTE
ISO 37002:2021 WHISTLEBLOWER MANAGEMENT SYSTEM
ISO 37301:2021 COMPLIANCE MANAGEMENT SYSTEM
ANTI-MONEY LAUNDERING (AML)

37th Floor, 1 Canada Square,

Canary Wharf,
London, E14 5AA
United Kingdom
t: +44 203 927 5250
e: london@CRIgroup.com
Global Leader in Risk Management,
BackgroundFRAUD-MAGAZINE.COM
Screening & Due Diligence Solutions
JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 17
 THE MEDICARE DISADVANTAGE
TOTAL MEDICARE ADVANTAGE ENROLLMENT, 2007-2022
Medicare Advantage penetration
24 % 25 % 26 %
22 %
19 %
2008 2010
Note: Includes Medicare Advantage plans: HMOs, PPOs (local and regional), PFFS and MSAs. About 58.6 million people were enrolled in
Medicare Parts A and B in 2022.
SOURCE: KFF analysis of Medicare Chronic Conditions (CCW) Data Warehouse from 5% of beneficiaries, 2007-2017; CCW data from 20
percent of beneficiaries, 2018; and Medicare Enrollment Dashboard 2019-2022. Enrollment numbers from March of the respective year.
future health care costs per patient. For
example, a person with cancer will get
a higher number than a person who has
some hypertension, qualifying the insurer
for a higher payment amount for the sicker
patient. But a patient who has had cancer
and recovered with no need for treatment
shouldn’t bump up risk scores for that
year. Each year the process starts anew.
(See “Hierarchical Condition Category
Coding,” AAFP, tinyurl.com/2wjku2y5;
“Medicare risk adjustment,” foresee Medi-
cal, tinyurl.com/y62tvnrs; and “Managed
Care Fraud,” Whistleblower Law Collabora-
tive, tinyurl.com/2hpevut5.)
The idea is that the CMS ensures pay-
ments cover the costs of the beneficiaries
most in need and in theory stop the in-
surance companies from profiting by just
enrolling the healthiest Americans. The
system is more akin to what the health
industry calls value-based care, which
is supposed to encourage higher
quality care through bundled ser-
vices and smarter spending. (See
18 FRAUD MAGAZINE
33 %
31 % 32 %
27 % 29 %
TABLE
2012 2014 2016
“Evaluating Medicare Advantage Value-
Based Contracts,” American Medical As-
sociation, 2019, tinyurl.com/2p85fc2x.)
In contrast, traditional Medicare has
typically worked on a fee-for-service (FFS)
basis, where a doctor will bill Medicare
for separate, unbundled services, such
as an office visit or specific medical pro-
cedures. Doctors use current procedural
terminology (CPT) and other codes to bill
for a particular medical or surgical service
rendered. Critics say this payment sys-
tem incentivizes physicians to “upcode”
— offer as many treatments and services
as possible to garner more fees, often in
fraudulent ways. And the U.S. Congress
has endeavored to change this, most re-
cently through an abstrusely titled piece
of 2015 legislation called Medicare Access
and CHIP Reauthorization Act (MACRA),
designed to reward physicians for the qual-
ity rather than the amount of health care
they provide. (See “What Is CPT®?” AAPC,
Dec. 15, 2021, tinyurl.com/3ec57dn4;
“Upcoding — Health care and Medicare
JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM
46 % 48 %
42 %
37 % 39 %
35 %
2018 2020 2022
Fraud,” Whistleblowers International,
2022, tinyurl.com/ycx5e427; and “What
Are MACRA and MIPs?” by Max Freed-
man, Business News Daily, updated June
29, 2022, tinyurl.com/bddtexfs.)
“Traditionally health care fraud has
been linked to the (upcoding) of CPT
codes,” says Jacqueline Bloink, CFE, who
runs a health care compliance consult-
ing firm. “For example, maybe a doctor
is billing as if they performed the service
in an ambulatory surgical center when
they really did it in their office. There is a
place-of-service code, and the ambulatory
surgical center pays more money than the
office-based setting.”
Cast against FFS, Medicare Advan-
tage’s reimbursement system certainly
has its merits. One lump payment per
year with the dollar amount dependent
on the severity of the diagnosis arguably
eliminates the temptations to commit the
type of fraud that comes with traditional
per-service Medicare payments. And, as
Bloink points out, it’s arguably also easier
to substantiate whether the ICD codes submitted are correct or
not. An investigator, for example, can simply look at chart notes,
lab results and prescriptions sent to pharmacies to see if a person
has diabetes and is being treated for it.
This may be why the focus on insurers committing fraud
in Medicare Advantage — apart from some scandals around ag-
gressive marketing tactics — has been until recently largely off
U.S. agencies’ radar screens.
“For some reason the U.S. government thought there
wouldn’t be a lot of fraud in Medicare Advantage,” says Mary
Beach, CFE, senior director for program integrity at Evolent
Health. She says the CMS’s Medicare
Managed Care Manual only includes
SHIFTING INCENTIVES
In 1997, the U.S. Congress passed the Balanced Budget Act, which
among other goals tried to stop insurers from favoring healthy
Medicare enrollees over sick ones by providing higher payments
for beneficiaries in poor health. (See “The Emerging Role of Private
Plans in Medicare,” by Gretchen Jacobson, Journal of the Ameri-
can Society on Aging, Summer 2015, tinyurl.com/yb9pf7dk.)
Incentives shifted. And CMS providing higher compensation
for sicker patients tempted health care practitioners to upcode
and commit fraud.
“There are good arguments for capitated payments [in
Medicare Advantage], but suddenly
it’s not so much the providers [the

"
a couple of paragraphs on special in-
vestigative units (SIUs) and provider
investigations.
Rubenstein, who started his
career as a senior special agent for
the U.S. Department of Health and
Human Services Office of Inspector
General, has a similar take.
“When I was first hired as an
agent in 1997, there was the belief
There are good arguments for
capitated payments [in Medicare
Advantage], but suddenly it's not
so much the providers who are
committing fraud through upcoding;
now you have profit-motivated
doctors] who are committing fraud
through upcoding; now you have
profit-motivated insurance compa-
nies getting as many capitation fees
as they can,” says Samuel May, J.D.,
CFE, a research specialist at the ACFE
and a former investigations consul-
tant at UnitedHealth Group. “You are
adding an extra layer of complexity
between the doctors and those re-
sponsible for oversight.”

insurance companies getting as

that there was no fraud (in what were
then Medicare private plans) because
the patients are getting the servic- many capitation fees as they can.
es they need,” Rubenstein says. “It
doesn’t matter if the patient sees the
doctor one time or a hundred times,
- Samuel May, CFE
the payment was what it was. But as
time went by the spotlight has great-
ly shifted to the payer side, which is
where we see the lawsuits with Anthem and Cigna and Kaiser.”
In reality, experts like Mark Starinsky, CFE, were already
seeing problems through the use of so-called Adjusted Commu-
nity Rate Proposals that managed care organizations were using
to identify the health services they would provide to Medicare
members and the estimated costs. Plans would enroll a patient
with a risky diagnosis and then disenroll them once CMS had
accepted their proposal, says Starinsky, who used to audit those
plans and is now senior product manager of U.S. health care at
Shift Technology. (See “U.S. Targets HMO Fraud In Medicare and
"
The process is vulnerable to
fraud not only because it’s complex
but the sheer volumes of data — not
to mention the multitude of Medi-
care Advantage plans — can make it
easier to miss wrongdoing. Accord-
ing to KFF, a nonprofit organization
focused on U.S. health care, 3,834
Medicare Advantage plans were
available for enrollment in 2022 — more than any other previous
year — with more than 26 million people already enrolled. (See
“Medicare Advantage 2022 Spotlight: First Look,” by Meredith
Freed, Anthony Damico and Tricia Neuman, KFF, Nov. 2, 2021,
tinyurl.com/2ukaenr8.)
“When it comes to the validity of the claims data that is fed
back to CMS, I think that is probably where there are problems.
You are dealing with so much data,” says Beach. “Part of the
problem is just the volume of it all, and there are thousands of
different Medicare Advantage plans. Just the oversight of that
is tremendous.”

Medicaid,” by Laurie Mcginley and David S. Cloud, The Wall Street

Journal, Oct. 19, 1998, tinyurl.com/3nbxy823 and “Semiannual
Report - April 1, 1998 - September 30, 1998,” Department of Health
and Human Services, OIG, tinyurl.com/mvdbrxnh.)
DATA MANIPULATION
Because large amounts of data are increasingly susceptible to
algorithmic manipulation, insurers are allegedly finding creative

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 19

 THE MEDICARE DISADVANTAGE
ways to use technology to bend diagnostic
code results in their favor.
In late 2021, the DOJ accused Kaiser
Permanente, a California-based managed
care consortium, of defrauding Medicare
of $1 billion by submitting inaccurate diag-
nosis codes through the Advantage Plan.
The company allegedly used algorithms to
data mine and identify high-value codes
and “then determined the diagnoses its
doctors would need to make to support
the [codes] Kaiser wanted to submit for
Medicare reimbursement,” according
to the court filing. The company alleg-
edly used high-pressure tactics. Doctors’
compensation was allegedly tied to report
cards based in part on their responses to
data-mining results. And Kaiser allegedly
asked those doctors who disagreed with
algorithmically induced diagnoses to meet
one-on-one with “data quality trainers”
and attend mandatory meetings called
“coding parties” to reassess their views
on diagnostic results, according to court
documents. (See “United States ex rel.
Osinek v. Permanente Med. Grp.,” case-
text, May 5, 2022, tinyurl.com/2p96e3ue
and “Kaiser Permanente Defrauded Medi-
care of $1 Billion, DOJ Alleges,” by Lydia
Wheeler, Bloomberg Law, last updated Oct.
26, 2021, tinyurl.com/2p843bkw.)
Other health care providers are also
allegedly using data mining to these ends.
In 2021, the DOJ alleged that New York-
based Independent Health, and an affiliat-
ed medical analytics company, DxID, used
unsupported risk codes to scam the Medi-
care Advantage Program. This marked
the first civil suit by the U.S. government
20 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
targeting a data miner for this kind of
fraud. [See “The DOJ Says A Data Mining
Company Fabricated Medical Diagnoses To
Make Money,” by Fred Schulte, NPR, Sept.
14, 2021, tinyurl.com/5dpwsft5 and court
document, case no 12-CV-0299(S), Sept. 13,
2021, tinyurl.com/ax4vpm69.]
TURNING THE SPOTLIGHT ON
INSURER FRAUD
Governmental and medical experts are
increasingly sounding the alarm about this
type of fraud, and the DOJ says it has made
investigating and litigating wrongdoing
in the Medicare Advantage Program, also
known as Medicare Part C, a top priority as
more whistleblower cases come to light.
(See “DOJ and OIG ramp up enforcement
of risk adjustment coding: 5 compliance
tips for providers,” by Nicole Jobe and Cath-
erine Feorene, Thompson Coburn LLP, Jan.
27, 2022, tinyurl.com/yyk7tx43; “Medicare
Advantage Upcoding, Overpayments Re-
quire Attention,” by Paul N. Van de Water,
Center on Budget and Policy Priorities, off
the charts, Oct. 30, 2018,
tinyurl.com/3vjme2z5;
and “The Coming Ex-
plosion Of Medicare
Advantage Fraud And
Penalties,” by David
FRAUD-MAGAZINE.COM
Lareau, Forbes, Innovation, Aug. 19, 2022,
tinyurl.com/2p83k5jw.)
“The government has increased its
oversight in this area and that will con-
tinue to happen,” says Starinsky, a former
senior auditor for the U.S. Department
of Health and Human Services Office of
Inspector General. (See “Justice Depart-
ment’s False Claims Act Settlements and
Judgments Exceed $5.6 Billion in Fis-
cal Year 2021,” DOJ, Feb. 1, 2022, tinyurl.
com/4zeecmvz and “Petition for a writ
of certiorari,” U.S. Supreme Court, Feb. 2,
2022, tinyurl.com/54fw6bs8.)
The DOJ has enjoyed some successes.
In 2021, Sutter Health agreed to pay $90
million to settle allegations that it had
knowingly submitted unsupported di-
agnosis codes and failed to correct them.
Data mining and high-pressure tactics
also allegedly played an important role
in this case. (See “Sutter Health and Af-
filiates to Pay $90 Million to Settle False
Claims Act Allegations of Mischarging
the Medicare Advantage Program,” DOJ,
Aug. 30, 2021, tinyurl.com/2p9b55uz and
court documents, March 4, 2019, tinyurl.
com/2p986j7w.)
 A CALL FOR CHANGE
Rising fraud, waste and abuse in the U.S. Medicare Advan-
tage plan is stirring the ire of politicians, who are calling for
change. U.S. Representative Lloyd Doggett (D-TX), then-chair
of the House Ways & Health Subcommittee, along with other
lawmakers, took aim at the plan in a letter last year to the
Centers for Medicaid & Medicare Services (CMS). They’re
criticizing a system that they say is overpaying insurers bil-
lions of dollars compared to what the U.S. government would
spend on the same beneficiaries under traditional Medicare.
(See “Members Urge Reform of Medicare Advantage to Pro-
tect Taxpayer Dollars & Improve Care,” office of Rep. Lloyd
Doggett, press release, Sept. 7, 2022, tinyurl.com/2d5s6msa
and “Comment on Request for Information: Medicare Pro-
gram,” Aug. 31, 2022, tinyurl.com/4bpx4w6v.)
Doggett and fellow lawmakers think the CMS should
implement the following recommendations proposed by the
U.S. Government Accountability Office, OIG and MedPAC to
prevent what they call the “looting of Medicare:”
• Conduct targeted audits of plans receiving a dispropor-
tionate share of payments from chart reviews and health
risk assessments (HRAs). Chart reviews are an exami-
nation of a beneficiary’s medical records to identify
diagnoses that a provider didn’t submit or submitted in
error. HRA involves collecting data from a beneficiary to
identify possible gaps in health care. OIG has expressed
concerns that insurers leverage both chart reviews and
HRAs to maximize risk adjustment payments without
providing additional care for any diagnosis determined
through those assessments. DxID, the medical analytics
company cited in the case above, is accused of disre-
garding the chart review requirement that submitted
diagnosis codes must be relevant to the date of service
years, not merely mentioned in prior years. MedPAC ad-
vocates eliminating HRAs altogether as a source for risk-
adjusted payments. (See “Some Medicare Advantage
Companies Leveraged Chart Reviews and Health Risk
Assessments To Disproportionately Drive Payments,”
U.S. Department of Health and Human Services Office of
Inspector General, Sept. 20, 2021, tinyurl.com/4rbj9vjr.)
• Reassess the use of in-home HRAs as a source of diagno-
sis for risk-adjustment payments. (Refer to the article’s
opening Cigna case.)
• Increase the statutory minimum coding adjustment that
the CMS must make. When the CMS calculates Medicare
FRAUD-MAGAZINE.COM
Advantage risk scores, as described above, it’s obliged by
law to reduce those scores to make them more consis-
tent with the FFS coding used elsewhere in the Medicare
system. Yet while CMS has the authority to impose a
larger reduction than those required by law, the agency
has never done so, according to MedPAC. That higher
risk score in Medicaid Advantage plans resulted in an
estimated $12 billion in unwarranted payments in 2020,
according to MedPAC. (See “Improving the Medicare
Advantage Program,” MedPAC, testimony, June 28, 2022,
tinyurl.com/ysd98uz7.)
• Enforce greater transparency around pricing practices of
insurance companies participating in Medicare Advan-
tage to prevent manipulation of medical loss ratios — an
Affordable Care Act mandate that requires these plans to
spend 80% to 85% of what they receive from Medicare
on medical claims and improving the quality of care. For
smaller plans it’s 80%, and for the big ones it’s 85%. No
more than 15% to 20% of those premiums can go toward
profits and administrative costs. (See “medical loss
ratio,” Healthinsurance.org, tinyurl.com/ystady8m.)
However, those ratios are susceptible to fraud and other
types of manipulation. (See “Profits, medical loss ratios,
and the ownership structure of Medicare Advantage
plans,” by Richard G. Frank and Conrad Milhaupt, USC-
Brookings Schaeffer Initiative for Health Policy, July 13,
2022, tinyurl.com/nhdws34n and “What is Medical Loss
Ratio Fraud,” Price Armstrong, tinyurl.com/25wcch5f.)
• Verify the accuracy of encounter data — details of a ben-
eficiary’s health and treatment based on “encounters”
with physicians. CMS has increasingly used this data to
determine risk-adjustment scores. (See “Encounter Data
in Medicare Advantage,” Better Medicare Alliance, Jan.
12, 2021, tinyurl.com/yuv7942w.) Critics say that insur-
ers provide insufficient information in encounter data,
such as national provider identifiers (NPIs) for physi-
cians and nonphysician practitioners. The CMS and OIG
use NPIs to conduct oversight and fraud investigations,
helping them to identify inappropriate billing and order-
ing patterns. (See “CMS’s Encounter Data Lack Essential
Information That Medicare Advantage Organizations
Have the Ability to Collect,” U.S. Department of Health
and Human Services Office of Inspector General, August
2020, tinyurl.com/uxpfzwf3.)
JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 21
 THE MEDICARE DISADVANTAGE

But it isn’t always easy to prove fraud,

and many cases are still stuck in the courts
hear UnitedHealth’s lawsuit on Medicare
Advantage overpayments rule,” by Robert
BIG MONEY
as insurers fight back against what they Still, if large amounts of government mon-
King, Fierce Healthcare, Payers, June 22,
think is unjust punishment for honest ey are any gauge for potential fraud and
2022, tinyurl.com/ykzbd2ta.)
mistakes and incorrect claims in diagno- worth the attention of fraud examiners, the
That case stems from UnitedHealth-
sis coding. They also argue that the U.S. Medicare Advantage program fits the bill.
care’s 2016 challenge
challe to the
h so-called
ed
government employs
emplo a double
d b standard The program now accounts for $427 billion,
overpayment rule that required plans to
bet ee audits
between aud ts in ttradi-ad - or 55%, of total federal Medicare spending
r
refund
d reimbursements
b to CMS within
hin
t o a Medicare
tional ed ca e a andd (net of premiums), according to KFF. That’s
60 d
days if the
h ddiagnosis llacked
k d the
h sup-
p- set to grow to more than $850 billion if
the
h Advantage
d
p
port of medical
d l records.
d It said
d the
h rule
le estimates by the U.S. Congressional Budget
plan.
l United-d
v l d “actuariall equivalence”
violated l by
b allow-
ll w- Office are correct. (See "Baseline Projec-
H
Healthcare,
ing supported
d and
d unsupported
d codes
d in tions," tinyurl.com/mry5dwzk.) It’s also
the biggest
gg
t
traditional Medicare while only permit-
it- worth noting that Medicare Advantage is
private
p in--
ting supported
d codes
d when
h calculating
l l ng fast becoming the dominant health care
su e in the
surer t e
U fought
U.S., h r k scores in Medicare
risk d Advantage.
d This
his option among elderly Americans reliant
legal ar- c
came as the DOJ joined
j two whistleblower
er on the country’s national health services.
guments c
cases against UnitedHealthcare,
d lh accusing
ng According to KFF, 28 million people, or 48%
ag
against the it among other
h things
h of ignoring invalid
lid of the 58.6 million of Medicare beneficia-
way y it used diagnosis
g codes to avoid returning
g over-
er- ries, were enrolled in Medicare Advantage
ddiagnostic
g p y
payments. (See “DOJ files official com-
m- in 2022. (See table on page 18.) That marks
ccoding g for plaint in Medicare Advantage
g fraud case
se a steep upward participation rate since
y
years before against
g UnitedHealth,” by Leslie Small,
ll, 2007, when just 19% of Medicare ben-
t h e U. S . F
Fierce Healthcare,
lh May 3, 2017, tinyurl.
rl. eficiaries had signed up for the program.
Supreme (See “Medicare Advantage in 2022: Enroll-
c /
com/4uzrj826 re
and “UnitedHealthcare
Court
C re- ment Update and Key Trends,” by Meredith
l
loses Medicare Advantage
g overpayment
nt
j e c te d i t s Freed, Jeannie Fuglesten Biniek, Anthony
s
suit,” b
by Rebecca
b Pifer, HealthcareDive,
lh ve,
appeall llast Damico and Tricia Neuman, KFF, Aug. 25,
Aug.
g 16, 2021, tinyurl.com/mbsn7nab.)
y
year. (See 2022, tinyurl.com/5ef9hvdz.)
“We very rarely g
get to call anything
ng
“S
“Supreme This growth comes on the back of
fraud
aud in health
ea t
Court dde- what some critics see as dodgy, if not fraud-
c
care b
be-
c es
clines ulent, sales tactics to get seniors signed
t o up with the plan, provoking the ire of
politicians who think the incentives driv-
ing insurers involved in Medicare are all
wrong. (See “Pocan, Khanna Introduce Bill
to Strengthen Medicare, Define Alternative
Plans, U.S. Representative Mark Pocan,”
cause actually
lly
press release, Oct. 13, 2022, tinyurl.com/
p
proving
i intent
i to
bajyyb5y and “Medicare Advantage has a
co
commit
t criminal
c a fraud
aud marketing problem,” by Victoria Knight,
i very h
is hard,”
d says May.
ay. Axios, Sept. 8, 2022, tinyurl.com/4jbrc5t8.)
l
“So, unless h are super
they er Meanwhile, complex policy debates
e
egregious cases involving
l hor- abound over how best to mend what many
rific amounts of money, it usually
lly see as the fragile financial state of the U.S.
stays at waste and abuse where there
re public health care system. That includes
is a negotiation about
b h much
how h they
h are
re questions over whether Medicare Advan-
g g to pay back.””
going tage’s diagnostic coding system ultimately

22 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

results in more waste, abuse and fraud
despite the benefits of greater choice for
its beneficiaries.
Indeed, Medicare Advantage enrollees
now have access to close to $2,000 in ex-
tra benefits annually, but this comes at an
extra cost to the taxpayer and ultimately
to those seniors on Medicare who haven’t
signed up to the Advantage plan, accord-
ing to MedPAC, an independent legislative
branch agency that provides analysis and
policy advice to the U.S. Congress about
Medicare. (See “The Medicare Advantage
program: Status report and mandated re-
port on dual-eligible special needs plans –
Chapter 12,” Report to the Congress: Medi-
care Payment Policy, MedPAC, March 2022,
tinyurl.com/5n9xzu65.)
CALL FOR CHANGE
In a recent report, MedPAC says that the
private plans involved in Medicare Ad-
vantage have never produced savings for
Medicare due to “deeply flawed” payment
rates. The agency is calling for a major
overhaul of Medicare Advantage policies
that it says have resulted in inflated cod-
ing and incomplete data on beneficiaries’
health care encounters. Committee for a
Responsible Federal Budget, a nonprofit
policy organization, has also questioned
how capitated payments incentivize insur-
ers and ultimately up the cost of Medicare.
(See “The Medicare Advantage program:
Status report and mandated report on
dual-eligible special needs plans – Chap-
ter 12,” MedPAC and “Reducing Medicare
Advantage Overpayments," Committee for
a Responsible Federal Budget, Feb. 23, 2021,
tinyurl.com/yy5srr3b.) And politicians have
also joined the chorus of voices propos-
ing changes to the system. (See sidebar
on page 21.)
WHISTLEBLOWERS AND provides guidelines on audits and what
is expected of compliance departments
OTHER REMEDIES at insurance companies. (See "Managed
Care Manual," tinyurl.com/3t6hhv5h.) But
Many internal whistleblowers have re-
there remains much scope in how plans
ported fraud in Medicare Advantage cases
manage compliance and the people they
thanks to the qui tam provision of the False
hire to keep an eye on any misconduct.
Claims Act that allows those with evidence
“It then comes down to the culture of
of fraud against a federal program to sue
the company as to how independent the
on behalf of the U.S. government.
compliance department is,” says Beach.
“Whistleblowers are going to con-
“Sometimes they hire a compliance officer
tinue to become an integral part of these
who has no idea about health care. You
cases because the level of information they
would hope that someone is regularly con-
tend to have is so unique,” says Rubenstein.
ducting an audit to ensure that the infor-
“If an insurer has rewritten an algorithm
mation fed back to the CMS is true and ac-
to move someone from one category to
curate. But Medicare Advantage plans are
another, that requires people who under-
required to perform claims audits, which
stand that technical information and can
are checked against processing guidelines,
impart it.”
and these claims audits do not include the
Aside from advocating for whistle-
validity of the claims information, such as
blowers, some are calling for more super-
vision and frequent audits. Each year, the
the diagnosis codes.”
Ricky D. Sluder, CFE, is head of health
CMS conducts what are called Medicare
care value engineering for Shift Technol-
Advantage Risk Adjustment Data Valida-
ogy, where he helps develop artificial in-
tion (RADV) audits to ensure the accuracy
telligence software that health-insurance
of the data used to determine risk-adjusted
special investigators can use to prevent
payments. And new rules for such audits,
and detect fraud in reimbursement claims.
including the retroactive use of the new
“More audits are good as long as regu-
methodology to recover payments from
lation requires the plans to provide more
audits as far back as 2011, have ignited
transparency in the encounter data (details
protests from the insurance industry. But
of a beneficiary’s health and treatment
critics say the CMS has been far too meek
based on 'encounters' with physicians),”
in its approach. (See “Insurers criticize
says Sluder. “Right now, the way encounter
risk adjustment overhauls for MA plans,”
data is set up, it doesn’t tell the full story.
by Jeff Lagasse, Healthcare Finance, Sept.
That sets up auditors for failure, and as a
6, 2022, tinyurl.com/yc4y9a42 and “‘The
CFE that bothers me because if I don’t have
Cash Monster Was Insatiable’: How Insur-
the ability to gather all the facts, how can
ers Exploited Medicare for Billions,” by
I be effective?”
Reed Abelson and Margot Sanger-Katz,
Whatever the merits of the Medicare
The New York Times, The Upshot, Oct. 8,
Advantage plans, fraud examiners focused
2022, tinyurl.com/2dw56tph.)
on health care are likely to have their work
Some also wonder if the system re-
cut out for them in the years to come. ■ FM
quires a rethink about how insurance
companies share information and audit
their data. In chapters nine and 21 of the Paul Kilby is editor-in-chief of Fraud Mag-
Medicare Managed Care Manual, the CMS azine. Contact him at pkilby@ACFE.com.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 23
Identifying procurement integrity
breaches via data analytics

By
Sheryl Goodman
and
Tom Caulfield, CFE
 Organizations need to buy goods and services.
Fraudsters love to target faulty procurement
systems because that’s where they can find
fantastic amounts of cash. But you can impede
integrity breaches with dynamic data analytics.
A
s protests raged in Chile in 2020 over the cost of liv-
ing and inequality, the government sought to procure
body cameras for the police to monitor events on the
ground. After going through a public bidding process,
U.S. telecommunications equipment provider Motorola Solutions
won the business to supply 300 cameras at a cost of close to 400
million Chilean pesos, or about $340 each at today’s exchange
rate. Soon thereafter, those involved in the bidding process found
themselves under investigation for irregularities. According to
the local press, government officials accepted Motorola’s bid
even though the company submitted its offer on the electronic
procurement portal outside the hours stipulated by the bid rules.1
In early 2021, the scandal intensified after Chile Compra, the
entity that runs the electronic procurement portal — known un-
der its Spanish name Mercado Público — revealed that Motorola’s
cameras had failed to meet some basic requirements — namely
an ability to keep recording for at least 120 seconds after being
turned off.
The intense scrutiny over the bidding process (and what may
seem like a storm in a teacup for some) reflects Chile’s serious-
ness in tackling corruption and its efforts to clean up its pro-
curement process with the help of technology. In the late 1990s,
Chile created what was then a first-of-its-kind electronic portal
for procurement to improve the efficiency and transparency of
public spending. It’s been updating the system ever since. The
electronic public marketplace brings together all those involved
in the procurement process onto one easy-to-find platform.2
This case represents how entities — public or private —
can detect and eventually prevent public procurement integrity
breaches via data analytics and other types of technology. Other
countries around the world have also set up systems that use
technology to catch procurement fraud. (See sidebar on page 31.)
These breaches, a major risk to organizations worldwide,
can result in unnecessary financial losses, reputational dam-
age, contract delays and even contract terminations. Corrupt
officials and internal and external fraudsters love to target public
FRAUD-MAGAZINE.COM
procurement because that’s where the cash is, and safeguards
are often lacking.
In fiscal year 2020, the U.S. federal government spent more
than $665 billion on contracts — an increase of over $70 billion
from fiscal year 2019. Half of this increase, or $35 billion, is at-
tributed to spending on medical supplies and pharmaceuticals to
treat COVID-19 patients, among other things related to COVID-19.
[See “A Snapshot of Government-Wide Contracting For FY 2020,”
U.S. Government Accountability Office (GAO), June 22, 2021,
tinyurl.com/22destye.]
In 2018, the U.S. Department of Defense (DOD) reported to
Congress that over $6.6 billion had been recovered from defense-
contracting fraud cases from fiscal years 2013 through 2017. In
2020, the DOD Office of Inspector General reported that roughly
one in five of its ongoing investigations are related to procure-
ment fraud. (See “DOD Fraud Risk Management: Actions Needed
to Enhance Department-Wide Approach, Focusing on Procure-
ment Fraud Risks,” GAO, Sept. 20, 2021, tinyurl.com/ycycz3xu.)
Violators breach procurement integrity — honest, fair, im-
partial, transparent and legal contracting — by deliberately and
covertly abusing established contracting procedures, policies
and requirements. Some examples of breaches are the improper
acceptance of late vendor bids, biased technical evaluations dur-
ing bid scoring, needlessly long delays in contract negotiation or
awards, unnecessary limiting of solicitation periods, approving
uncalled for contract modifications and competitors submitting
complementary bids.
Rule breakers who cause breaches don’t always commit con-
tract fraud. For example, some internal employees who knowingly
violate procurement policies or guidance might believe estab-
lished requirements are unnecessarily or overly burdensome.
Others might think they’re helping their organizations when they
perform their contract breaches. (See “Five personality faces of
procurement fraud risk,” by Tom Caulfield, CFE, CIG, CIGI; and
Sheryl Goodman Steckler, CIG, CIGI, Fraud Magazine, November/
December 2017, tinyurl.com/skw4crfb.) Of course, these breaches
JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 25
 THWART PROCUREMENT FRAUD
are inexcusable, but some well-meaning employees might per-
form them because of lack of training.
Regardless, organizations can greatly reduce procurement
breaches by using robust data analytics and continuous monitor-
ing software. Now it’s no longer a question of how technology
can ensure procurement integrity, but what are the best ways to
incorporate data analytics into our procurement integrity control
systems? (A procurement integrity control system is the aggregate
of the people, processes, procedures and management systems
that are designed to provide reasonable assurance regarding
the prevention, detection, reporting and capability to respond
to procurement abuse, procurement fraud or noncompliance
with procurement policy.)
Ways to perform
searches for breaches
Open Contracting Partnership (OCP) is an independent, not-for-
profit spun out of the World Bank promoting open and transparent
government contracting worldwide.
An OCP global literature review showcased a wide and some-
times inconsistent view on the most effective ways to perform
analytical searches for questionable breaches in procurements.
(See “RED FLAGS for integrity: Giving the green light to open
data solutions,” OCP, tinyurl.com/4rzzjwm9.) However, three
common points of agreement were identified:
• The need to contextualize.
• The need to incorporate triangulation.
• The importance of data quality and quantity.
(See “G7 commits to open and participatory public procure-
ment reforms essential to ensure trillions of dollars for recovery
aren’t wasted,” Open Contracting Partnership, Sept. 10, 2021,
tinyurl.com/bp7zcvb7.)
Contextualize
Organizations need to develop effective procurement integrity
data analytics in the right context. To illustrate, what’s a “short”
or “long” period for a given procurement task or an “abnormally
high” or “abnormally low” cost? The answer relies on several
specific factors, such as: (1) the type of procurement method (2)
services or goods provided and (3) the provider’s geographical
location. For example, in a highly specialized profession like
aerospace, a typical solicitation for the building of a satellite may
only result in two or three bidders, but a contract for a new web
design may result in over a dozen bidders. Under these scenarios,
three bids for a satellite could be considered normal. However, a
26 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM
web design solicitation with just three bidders could be flagged
as suspicious.
Triangulation
Triangulation is the use of multiple search conditions to identify
a single procurement integrity risk. The number of conditions
and specific triangulation methods will depend on available
data and the ability to group procurement integrity risks into
similar categories.
For example, if your analytics is monitoring the total number
of sole-source contracts (also called directed procurements) by
procurement departments and it identifies one unit noticeably
higher by percentage than the others, is that in itself a procure-
ment integrity risk? (As the name indicates, a sole-source contract
is procurement through solicitation of a proposal from only one
source.) What if the same analytics also included an additional
search requirement for any sole-source contracts containing a
modification within 30 days after the award — when 30 days is
considered abnormal? If these two analytical results are com-
bined, would it now increase the level of accuracy in identifying
a more accurate procurement integrity risk?
If a third search condition is also added — such as the per-
centage of increase in the dollar value of the sole-source contract
over its period of performance — we’d surmise that the higher the
percentage, the greater the risks. By adding more search condi-
tions, we increase the ability to identify procurement integrity
risks more effectively.
Data quality and quantity
The quality and quantity of available data directly impacts the
ability to contextualize and triangulate. Quality in, quantity out
(QIQO) means that the value of data input influences the value of
the results’ output. In practice, it means that if the data going into
an analytical model is clean and of sufficient size, the resulting
work done by the model will be accurate. Creating data analytical
searches to identify procurement integrity is challenging enough;
doing so with a data sample that’s limited in scale and scope could
exacerbate miscalculation and identification of false breaches.
Data availability is also critical. Quick, easy and reliable
access to automated data is, of course, the single most relevant
requirement for the successful implementation of procurement
integrity data analytics. The greater the number of datasets, the
more comprehensive and advanced the data analytics technique
will be. For example, if your data is limited to only collecting
vendor information (e.g., a vendor management system) and
human capital information (i.e., employee demographics), your
data analytics may be restricted to existing relationships among
 “
employees and vendors, improper release of bidding information
and/or anti-competitive activity of bidders.
The quality
Potential integrity breaches and quantity of
Organizations collect and store enormous amounts of contracting available data
activity data in a digital format, especially with e-procurement
directly impacts
systems, so they can perform multitude analytical searches to
identify potential procurement integrity breaches, such as: the ability to
contextualize
”
• A pattern of contract awards followed by change orders that
significantly increase the price of the contracts. and triangulate.
• Invoices notably higher than the average cost of similar
services and goods.
• Disparity in bid prices greater than a threshold value.
• An existing financial relationship between a vendor and the
procuring entity’s employee.
• Bid prices dropping when a new or infrequent competitor
enters a competition.
• Patterns of anti-competitive cost submissions in bids.
• Invoicing inconsistent with contract terms.
• Unusual percentage of sole-source contract awards.
• Winning bids that don’t meet award criteria of “lowest price
technically acceptable” (LPTA) when LPTA is required.
• Inconsistent bid evaluation scorings.
• Awards below the competitive bid threshold followed by
change orders that exceed such limits.
• Total payment for service is greater than invoice total.
• Wide variation in line-item bid prices among bidders with-
out apparent justification.
• Contract line items remain in recurring contracts that have
never been called for in the past, and/or which weren’t
called for in future contracts.
• Supplier receives multiple single-source/noncompetitive
contracts from a single procuring entity during a defined
time period.
(Source: “How emerging technologies are helping tackle
procurement frauds,” by Arpinder Singh and Harshavardhan
Godugula, EY, April 11, 2022, tinyurl.com/a54au24u.)

Analytical techniques
Parameter analytics
Parameter analytics is a technique that uses a limited number
of datasets combined in a simple Boolean condition (“true or
false,” “yes or no”) followed by an action. [Boolean conditions are
queries that compare two values with each other, e.g., with == or

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 27

 THWART PROCUREMENT FRAUD

>= (or “equal to” or “greater

“g than or equal to”),
) and then return the value true
or false or yes or no. Those values that are interpreted as true or false
depend on the data type.]
ty ]
A simple example
exam l would
ld be:
b “Is the
h name of the
h re--
quester of the goods and that of the procuring
g official
the same? If yes, identify.”
ide Parameter analytics and
building Boolean conditions
cond will
ll normally
ll start
from a known statement:
statem “If
the contract is structured
structu ed
for quarterly payments,
payme
numb
the maximum number
of payments is four (4).”
)
The Boolean condition
condit o
would be “is the number
numbe
of payments greater than
th
four?”
O t h e r e xa m p l e s
conditions
of Boolean conditi
could be: “Does any in--
voice have multiple tax
identification numbers?”
numbe
Or “does any contract have
h
a change order within
with 20
days after contract award?”
aw
Each of these can be filtered
te ed
as a “true or false,” “yes
“y or no” (Boolean condition) and
whenever positive to identify.
d It’s important to remember
b
that data analytics doesn't
do identify
d misconduct;
d it can only
l
identify indicators or questionable
bl breaches,
b h andd therefore
h
each may require additional
add l follow-up
ll to determine
d the
h true
causes.

Distribution analytics
anal
Distribution analytics rely on accurate historical data, known patterns
and thresholds. This type
t of analytics is looking
g for outliers throughout
g the procurement data,
such as payments by percentage that
h are h
higher
h than
h prior purchases
h for the
h same items or a
greater number of contract
co modifications than that of a similar contract.
These outliers, more
m commonly referred to as anomalies, can be identified when looking
g at
multiple prior procurement
procur occurrences in addition
dd to those
h identifi
d ed
d whenever
h the
h same type off
procurement isn’t consistent.
co For example, identify:
y (1) abnormally
y short periods between invoice
payments (2) a higher
highe number of payments compared to a similar contract or (3)) a higher number of
purchases under a multiple-award
m l l d contract for a product
d compared
d to a judgmental
d l sample.
l
exampl is identifying
Another example g the percentage
g of sole sourcing
g performed by a procurement
official compared to other
o h procurement officials.
l All
ll of these
h are b
based
d on a d
deviation from what’s
h

28 FRAUD MAGAZI
MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM
M
normal.l As mentioned d previously,l develop
d l effective procurement the risk score up to 10. The predictive analytical model would
integrity
g data analytics in the right
g contexts (i.e.,
e., contextualized). then automatically combine this risk factor with other risks,
again between 1 to 10, such as:
Sociall network
k analytics
l • Number of months for the period of performance: The
Use social network analytics,
U y also called
lled “link analysis,” greater the number, the higher the risk.
t determine
to d relationships
l h among g different entities
• Contract value: The greater the amount, the higher the risk.
and/or individuals. Organizations
g s design link analy-
• Procurement method used: Sole-sourcing and emergency
ses with
h the
h underlying
d l reality
l that
hat most misconduct
purchasing are always assigned a higher risk.
occurs among those h familiar
l with each other and
who have previously y established ed relationships. • Number of follow-on contracts: The higher the number, the
This
h analytical
l l approach h will normally gen- greater the risk.
e
erate web-like
b l k graphic h d displays
lays that visualize • Degree of complexity of the effort: Low complexity, low risk.
andd link
l k theh types and d strengths
gths of connections • Prior incidents with a vendor: Five or more prior incidents of
a
among organizations or individuals. These poor performance indicate a higher risk.
c
connections mightg includeude shared address-
• Number of days from contract award to the first contract
e phone
es, h numbers,b family
mily relationships,
compared to similar contracts: over 40 days, low risk;
company affilliationss and other business
between 20 and 39 days, medium risk; under 20 days, high
connections.
i
risk.
D
Design sociall network analytics
The combined risks will provide a statistical probability of
with a strong g reliance
liance on unstruc-
the contract’s overall degree of risk, which can be displayed to
tured d data,
d such
ch as blogs, video
visually give an “early warning” and an opportunity to determine
s
services, d ssion forums and
discussion
what follow-up may need to occur. The statistical probability can
oh
others. An examplemple could be us-
be visually displayed to identify each of the numerical values for
i
ing public
bl media dia networks like
each risk factor, giving a better understanding of the specific risk
T
Twitter, Facebook ok and/or LinkedIn
condition. The visual display can be configured to perform this
to track k potentially
ally inappropriate
type of analytics across a division of the organization, a region
relationships.
l h
of the country or a specific type of contract.

Predictive analytics
lytics
Predictive analytics is the
P he gold star of tech-
n
niques because
b it can forecastst a potential future
o
occurrence of improper conduct d or noncompliance to These breaches, a major risk
p
policyy or improper payments.
y Predictive analytics
lytics can be one of
to organizations worldwide,
the more effective contract management g techniques.
hniques. However,
predictive analytics isn’t easy because it requires
p quires (1) assigning can result in unnecessary
a numerical value of risk (i.e., risk factor)) to individual pro- financial losses, reputational
c
curement actions (2)) combining the risk k factors together damage, contract delays and
( comparing
(3) g results to historical procurement
rement data of the
organization and (4)) establishing a range nge of low to high
even contract terminations.
risk. The proper assigning
g g of a numeric
meric value to each
risk factor makes this analytical approach
pproach difficult.
To give an example, l let’s
l start
rt with this analyti-
c model: Using
cal g a range
g of 1 to 10,0, with 10 being the
h h
highest risk,
k assign a score b based
sed on the number
o standard
of sta da d deviations
de at o s o on tthee number of contract
modification (mods)) for a similarmilar contract. The
h h the
higher h percentage of deviation the higher

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 29

B
Breeding g
grounds for fraud
R
Research
h by
b the
h World
ld Bank
k found
d that
h governments around
d the
h world
ld
s
spend
d an estimated
m d $9.5 trillion
ll on goods
d and
d services each
h year. This
h
a
accounts for roughly
o hl one-third
h d of government expenditures
d and
d 10% to
20% of total gr
gross domestic product in many nations — more than 14%
i low-income
in o co e cou
countries.
t es Thiss does
doesn’tt accou
accountt for
o tthee ttrillions
o s of
o dol-
do -
lars spent in the
h private sector on contracts. (See
(
“
“GovTech:
h Putting
ting People First w
with Simple,
l
Efficient and
dTTransparent Government,”
v
W
World Bank Live,
v April 13, 2019,
9 tinyurl.
y
com/48rpmzym.)
ym
A procurement
e system
y that
a lacks
i
integrity is the
h ideal breeding g
ground
f waste of vital
for t resources, m
miscon--
d
duct and
d even w
worse, fraud.
d Regular
R l
p
procurement integrity
n data analytics
n
can provide
d indications
d of breaches
e
th organizations
that i can use to
o deter--
mine whether
h h they
t need to conduct
c
i d h reviews.
in-depth w
Data analytics
ly is not the
h end-all
solution,, but when combined
b with
t
trained
d employees
l y — in a setting committed
it d
t procurement
to n integrity — its potentiall is llimitless.
l ■ FM
F

Sheryl
S y Goodman
m and Tom Caulfield, CFE,
CFE, are co-founders off
Procurement Integrity
P g Consulting
g Services, LLC —a woman-owned
ssmall businesss specializing
g in developing,
g assessing
g and structuring
g
sstrategies
g to ensure
n contracting
g integrity.
g The company also assists
both domestic and international clients in identifying
b g and mitigat-
g
iing
g their inherent
r risk to procurement fraud and abuse, developing
g
analytical strategies
a t g and ensuring
g an environment commitment to
procurement integrity.
p g Contact Goodman at sheryl@procurement-
iintegrity.net.
g Contact Caulfield at tom@procurement-integrity.net.
C g

Endnotes
d s
1
“El informe de C
Contraloría
í que complica a Katherine Martorell, la actual vocera de
S
Sichel, por millonaria
n compra de cámaras
á GoPros para Carabineros,” El Mostrador,
O 15, 2021, tinyurl.com/yrrkksc3.
Oct. y /
2
“Martorell en p
problemas: informe de Chile Compra
p revela q
que Subsecretaría
incumplió
ó basess de licitación
ó para adquisición
ó de cámaras
á para Carabineros,”
El Mostrador, Jan.
n 6, 2021, tinyurl.com/yjm4tnk8; “Cámaras policiales: testigos
g
r
revelan presiones
e para favorecer a Motorola en licitación
ó de Martorell,” Nicolás
á
P
Parra a Montero, BioBioChile, March 23, 2022, tinyurl.com/2fsr5zwa;
y Felipe Díaz /
a d “Martorell
and ll in
n trouble:
bl Chile
h l Compra report reveals
l that
h Undersecretariat
d failed
l d
to comply
l with
hbbidding
dd rules
l for the
h acquisition of cameras for Carabineros,”
b
A
Archyde, Jan. 6, 2021, tinyurl.com/3km7m5dx. Also see “Chilecompra: Using
g
T h l
Technology to Deliver
el Better Value
l for Public
bl Money,” b
by Rachel
h l Lipson, Harvard,
d
T
Technology and Operations Management, Nov. 18, 2016, tinyurl.com/4ufy3cb7.

30 FRAUD M
MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM
M
 International examples of
data analytics systems
Brazil
The Office of the Comptroller General
of Brazil launched the Public Spending
Observatory (Observatório da Despesa
Pública) to enable the continuous
identification of potential misconduct
and fraud in public procurements. (See
“Country case: Public Spending Obser-
vatory in Brazil,” OECD, 2016, tinyurl.
com/2ppnt2tr.) The Observatory cross-
checks procurement data with other
government databases and identifies
possible misconduct by color coding in
orange or red flags for follow-up reviews.
The system looks for 20 indicators of
potential wrongdoing, including:
• Conflicts of interest by procurement
personnel.
• Contract splitting to avoid competitive
bidding.
• Unusual bid patterns in amounts or
number of bidders.
• Bidders with the same address.
• Rotation of winning bidders.
• Contract amendments within one
month of contract award.
Malaysia
The Malaysian Administrative and Mod-
ernization Unit, an agency within the
Prime Minister’s Department, developed
“Cartelogy,” a proactive and preventive
tool to help the ministry of finance and
other procurement agencies identify po-
tential bid-rigging and corruption risks in
public procurement at the tender stages
before contracts are even awarded.
Cartelogy combines data about
procurements, company profiles and
political persons. The tool is designed to
analyze, evaluate, and detect potential
breaches so that decision-makers (as well
as oversight committees and relevant
authorities) are better equipped to make
informed procurement evaluation and
contract award decisions. Cartelogy is
configured to reduce the probability of
contracts being awarded to phantom,
crony or colluding companies, and
expose conflicts of interests or personal
relationships among public officials and
companies. (See “Cartelogy: A tool for
fair competition and corruption-free pub-
lic procurement in Malaysia,” by Zulkfli
Ahmad, Open Contracting Partnership,
Aug. 23, 2019, tinyurl.com/3wpuym8h.)
Mexico
The Instituto Mexicano para la Competi-
tividad (IMCO), a Mexican NGO, used
analytics to spot suspicious patterns in
contract awards. The IMCO wanted to
identify any patterns related to which
vendors had historically won a specific
percentage of public contracts; namely
who the awarding government organiza-
tions were; how much was being paid;
and the dates and periods of perfor-
mance. (See “Corruption Risk Index: the
Mexican Public Procurement System,”
IMCO, Investigation, March 5, 2018,
tinyurl.com/fwrnv338.)
The IMCO analytics project clearly
identified a pattern of contract awards
after various presidential elections. Spe-
cifically, after Mexico’s 2012 presidential
election, 73 companies had won 29% of
the Mexican public contracts awarded
that year. However, after the 2016 elec-
tion and a change of administration, the
same 73 companies were awarded less
than 1% of all public contracts. The data
also revealed that a second group of
companies who had won only 2% of all
F
FRAUD-MAGAZINE.COM
E.COM JANUARY/FEBRUARY 2023
public contracts awarded in 2012, won
over 32% in 2016.
These drastic statistical changes
are suspicious because IMCO found
that most public procurement markets
typically maintain a certain range of
stability in public contract awards — never
in inflated numbers, such as these. The
IMCO’s findings were provided to the
Mexican National Anti-Corruption System
for further investigation. (We can’t further
report on any investigation conducted
by this system because of the lack of
publicly available information.)
U.S. Postal Service
Some U.S. government agencies utilize
data analytics to enhance procurement
integrity. For example, the U.S. Postal
Service (USPS) inspector general's office
built the Risk Assessment Data Reposi-
tory (RADR) to help identify high-risk
contracts for follow-up audits and
investigations.
At its core, RADR is a suite of analyti-
cal models that merge data from a vari-
ety of internal sources and scores it on
the likelihood — or probability — of fraud.
The resulting analytics are displayed
on a geographic interface allowing for
proactive actions rather than waiting to
receive reports of wrongdoing. The USPS
developed RADR with inspectors general
offices’ subject-matter and technical ex-
perts along with a contractor to develop
tailored algorithms. The analytical tool
was first built to identify potential health
care fraud, expanded to contracts and
financial fraud, and eventually to mail
theft. (See “In-house analytics tool maps
fraud at USPS,” by William Jackson, GCN,
May 20, 2014, tinyurl.com/2wbdwzxc.)
FRAUD MAGAZINE 31
 BATTLING
fraudulent product
substitution
By Stewart Thompson, CFE

32 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 Fraud fighters have long been aware of the dangers
of product substitution and counterfeit parts
in military equipment. But global supply chain
shortages and the U.S. armed forces’ need for
obsolete parts have exacerbated the problem. Here
a former NCIS agent talks about his experience and
how a more proactive approach can help.

I
magine for a minute that you’re
an Air Force pilot flying the
fighter jet F-16CM Falcon and
you’re returning to base after
a nighttime training mission.
While attempting to touch
down on the runway, you discover that
your landing gear is damaged. You execute
a go-around and try to land again, this time
by having the plane’s tailhook catch an ar-
resting cable. That fails too, and the wing
touches the runway. As the plane starts to
crash, you reach down and pull the ejec-
tion handle, which releases the canopy.
An explosive cartridge launches your seat
over a hundred feet into the air. But your
parachute fails to deploy, and you realize
you’re about to slam into the ground, still
strapped into your seat, with only a frac-
tion of a second to go before your death.
How could a scenario like this happen?
Once an ejection handle is pulled, it trig-
gers an almost instantaneous sequence
of events aimed at getting the pilot safely
to the ground. But in this real-life exam-
ple of the potential dangers of product
substitution, an Air Force investigation
later revealed that the failure of the seat’s
digital recovery sequencer (DRS) — which
controls the timing of the ejection — con-
tributed to the pilot’s death. Not only that,
but the electronic components inside the
sequencer were reportedly counterfeit,
even though the F-16 manufacturer main-
tained the strictest quality controls over
its subcontractors that built the ejection
seat and the DRS.
This incident is based on the true
story of First Lt. David Schmitz, an F-16
Fighting Falcon pilot, who died in June
2020 in a botched landing after his ejection
seat failed to deploy its parachute. It un-
derscores the need for strict enforcement
of U.S. Department of Defense (DOD) stan-
dards for military parts. And an important
part of that is the aggressive investigation
of anyone suspected of prioritizing profits
over safety by substituting subpar com-
ponents to meet contract demands and
passing them off as parts that meet the
standards. (See “An F-16 pilot died when
his ejection seat failed. Was it counterfeit?”
by Rachel S. Cohen, Air Force Times, Sept.
13, 2022, tinyurl.com/5n9amjba.)
Because of the enormous amount
of government funding that goes into
the defense sector, the U.S. military has
long suffered its fair share of fraud. And
counterfeit components/product substitu-
tion — which is really a category of pro-
curement fraud all on its own — remains
an ongoing problem.
With the U.S. government looking
to replenish billions of dollars in military
aid to Ukraine on the back of supply chain
woes, fraud fighters are once again on high
alert for signs of fraud and abuse. In fact,
there are even more pressures and oppor-
tunities to commit this type of fraud, as
people seek illicit sources for parts amid a
global supply chain crisis that has created
a rich environment for fraud and made
the U.S. more vulnerable to threats from
foreign adversaries.
Concerns about the use of Chinese
components in U.S. military equipment
are on the rise not only because they might
be counterfeit but also for their potential
use in sabotage and spying as military and
economic competition between the two
superpowers intensifies. Earlier this year,
FBI Director Christopher Wray warned that
the Chinese government “poses the big-
gest long-term threat” to the economic
and national security of the U.S. and its
allies. (See “Heads of MI5, FBI give joint
warning of growing threat from China,”

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 33

 BATTLING FRAUDULENT PRODUCT SUBSTITUTION
by Juby Babu, Reuters, updated July 7, 2022,
tinyurl.com/ywr9prmk.)
Just last September, the Pentagon and
Lockheed Martin suspended deliveries of
F-35 fighter jets after discovering that a
subcontractor had used a magnet made of
cobalt and samarium alloy that came from
China. Lockheed described the supplier
of the alloy as a “fifth-tier” supplier amid
concerns that the Chinese-sourced materi-
als might have violated the Defense Federal
Acquisition Regulation Supplement — re-
quirements and regulations designed to
maintain the integrity of sensitive govern-
ment information that third parties might
hold or use. [See “Pentagon suspends F-35
deliveries over Chinese alloy in magnet,” by
Stephen Losey, Defense News, Air Warfare,
Sept. 7, 2022, tinyurl.com/yydbz6fx and
“Defense Federal Acquisition Regulation
Supplement (DFARS),” Security Encyclo-
pedia, tinyurl.com/4m9we9m9.]
As a retired special agent for the Na-
val Criminal Investigative Service (NCIS),
I spent many years investigating product
substitution cases for the Navy. Here I look
back on how the NCIS took a renewed in-
terest in counterfeit parts, the latest cases
of wrongdoing in this corner of the fraud
world and how NCIS’s proactive approach
can make all the difference in detecting
and preventing product substitution.
A renewed focus on
product substitution
After the 2000 USS Cole bombing and
the Sept. 11 terrorist attacks in 2001, the
NCIS’s fraud program was overshadowed
by those events and became extinct ... al-
most. The NCIS resurrected it, largely due
to the efforts of former Special Agent Louis
Lockwood, who in 2005 became NCIS’s di-
vision chief, economic crimes, which is the
department responsible for safeguarding
the Navy’s acquisition programs from fraud
and corruption. Lockwood developed and
implemented the Integrated Agent Fraud
34 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
Program at major U.S. Navy commands to
supplement its more traditional, reactive
role. He also helped procure funding so
that NCIS agents could obtain their CFE
credential, realizing they needed the train-
ing the ACFE offers. [See “I’m a CFE - Nancy
Rich, CFE, Special Agent at the Naval Crimi-
nal Investigative Service (NCIS),” by Emily
Primeaux, Fraud Magazine, September/Oc-
tober 2014 issue, tinyurl.com/2xxbhcvw.]
Lockwood envisioned that agents
would embed themselves in major Navy
command headquarters to develop close
relationships and promote fraud aware-
ness through briefings. This proactive
approach would help agents better un-
derstand and assess command vulner-
abilities and concerns. It was during this
time that Admiral Walter Massenburg took
over the reins as Commander of Naval Air
(NAVAIR) Systems Command in Patuxent
River, Maryland.
In 2005, members of the NCIS Eco-
nomic Crimes Division, Washington, D.C.,
went down to NAVAIR to brief Massenburg
on the Integrated Agent Program. Debbie
Winslow, NCIS assistant special agent-in-
charge, told me that when Massenburg
was asked to identify his major concern,
he replied, “What keeps me up at night
are potential safety mishaps involving our
aircraft.”
That philosophy continues to this day
as NCIS works alongside other government
agencies to prevent this type of fraud and
the accidents it causes. Here are some re-
cent cases of product substitution, involv-
ing NCIS and the Defense Criminal Inves-
tigative Service (DCIS) — the investigative
arm of the Office of Inspector General, U.S.
Department of Defense (DOD). (See “Semi-
annual Report to the Congress,” Inspector
General, DOD, Oct. 1, 2021, through March
31, 2022, tinyurl.com/4mkww6h3.)
• In February 2022, Elaine Thomas, the
former director of metallurgy at Brad-
ken Inc., was sentenced to 30 months
FRAUD-MAGAZINE.COM
in prison and fined $50,000 after
years of falsifying the results of tests
to measure the strength and tough-
ness of steel used in Navy submarines.
Bradken is the Navy’s leading sup-
plier of high-yield steel castings for
submarines, which can’t fail during a
collision. But for 30 years, Thomas fal-
sified test results to hide that its cast-
ings failed to meet the Navy’s rigorous
standards. Bradken agreed to pay a
nearly $11 million civil settlement
related to the case. In all, the fraud
affected 30 submarines, and the Navy
has had to spend nearly $14 million to
assess the risks to the vessels.
• From 2012 to 2019, Brighton Cromwell,
LLC, a military vehicle parts supplier,
allegedly provided the DOD with non-
conforming materials and knowingly
violated the Defense Federal Acquisi-
tion Regulation Supplement by selling
items without determining whether
they were manufactured according
to the Buy American Act or the Trade
Agreements Act. Brighton Cromwell
also allegedly breached its contracts
with the government after selling it
items manufactured or assembled in
prohibited countries. In 2021, it agreed
to pay $850,000 to resolve these
allegations.
Dangers lurking in the
gray market
Historically, the DOD has relied on compa-
nies like Bradken and Brighton Cromwell
to manufacture or sell parts for military
aircraft and weapon system applications.
However, as the cases above illustrate, un-
scrupulous companies have used various
methods to introduce counterfeit or non-
conforming parts into the DOD procure-
ment chain. This is worrisome because
counterfeit parts imported from abroad
and sold to DOD distributors can poten-
tially compromise U.S. national security.
Because of the enormous amount of government
funding that goes into the defense sector, the U.S.
military has long suffered its fair share of fraud.
And counterfeit components/product substitution —
which is really a category of procurement fraud all
on its own — remains an ongoing problem.
These items can contain malicious com-
puter code and create a back door into DOD
networks, enabling a foreign adversary to
access sensitive information to commit
espionage. And the gray markets — where
items are sold outside the manufacturer’s
authorized channels — have been a par-
ticular concern. (See “Brand Protection
Insights from Industry Leaders in Gray
Market, Counterfeit and IP Fraud Mitiga-
tion,” by Sherri Erickson, De La Rue and
John Solheim, FiveBy Solutions, December
2020, tinyurl.com/4b6zade8.)
Gray markets aren’t new. Nor is their
use to game the U.S. military procure-
ment system. In 2006, a U.S. district court
charged the owners of eGlobe Solutions
Inc, an authorized seller of Cisco Systems
products, with defrauding the government
on computer equipment contracts worth
$788,000. They allegedly sold gray-market
and counterfeit products from China to
the Navy. Unauthorized vendors also al-
tered that equipment to appear as if the
product met the contract specifications.
(See “Edmonds Brothers Charged With De-
frauding The Government on Computer
Equipment Contracts,” DOJ, press release,
Nov. 16, 2006, tinyurl.com/4rs9npu4 and
“Inspector General United States Depart-
ment of Defense Semiannual Report to the
Congress, Oct. 1, 2006 – March 31, 2007,”
tinyurl.com/m9kewsyp.)
Against this backdrop, major prime
contractors at NAVAIR were reporting in
the Government-Industry Data Exchange
Programs (GIDEP) increasing procure-
ments of counterfeit integrated circuits
(ICs) from multiple independent dis-
tributors. (See “Counterfeit Part Report-
ing Trends,” by Henry Livingston, Feb. 11,
2014, tinyurl.com/4fw23bf6.) GIDEP is an
information-sharing program between the
U.S. government and industry. GIDEP’s da-
tabase receives and disseminates informa-
tion about nonconforming products and
materials. The DOD has also designated
GIDEP as its central database on obsolete
military parts and those parts with a di-
minishing number of manufacturers. (See
www.gidep.org.)
Clamping down on
counterfeit parts
By the early 2000s, the rise in this type of
fraud helped spur a series of investigations
by law enforcement into the distribution
of counterfeit network hardware, bring-
ing together various agencies including
the NCIS and DCIS. (See “Departments of
Justice and Homeland Security Announce
International Initiative Against Traffickers
in Counterfeit Network Hardware,” DOJ,
Feb. 28, 2008, tinyurl.com/wtv6wzsh.)
In the case that laid the foundation
for the creation of the largest task force
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
investigating counterfeit parts — Op-
eration Chain Reaction — Stephanie A.
McCloskey was sent to prison in 2011 for
importing counterfeit integrated circuits
from China and Hong Kong and selling
them to the U.S. Navy and defense con-
tractors. McCloskey and others had run
their operation from a Florida-based firm
called VisionTech Components, generat-
ing $15.8 million from those sales. I was
the case agent at NCIS, which conducted
the investigation jointly with U.S. Immi-
gration and Customs Enforcement’s (ICE)
Homeland Security Investigations (HSI).
(See “VisionTech administrator sentenced
to prison for role in sales of counterfeit cir-
cuits destined to US military,” U.S. Depart-
ment of Homeland Security, Oct. 25, 2011,
tinyurl.com/ytbehkhf.)
BAE Systems Electronic Solutions had
reported that it and NAVAIR had jointly
procured suspected counterfeit microcir-
cuits from a parts broker; this broker had
purchased the discrepant devices from a
second tiered subcontractor based in Flor-
ida, which we now know was VisionTech.
NAVAIR and BAE had procured these parts
for the purpose of installing them in ship
and land-based antenna equipment related
to the identification friend foe (IFF) sys-
tem, which enables the military to identify
whether incoming aircraft or vehicles are
friendly or hostile.
FRAUD MAGAZINE 35
 BATTLING FRAUDULENT PRODUCT SUBSTITUTION
In a related case I worked on, owners
of California-based company MVP Micro
were sentenced to 20 months in prison for
importing counterfeit microchips from
China. In a process called “blacktopping,”
the owners took legitimate chips, sanded
off the brand markings and re-marked
them to make them appear to be of a
higher quality. The company owner was
indicted and pleaded guilty in U.S. Dis-
trict Court. One of the counts he pleaded
to was purchasing a counterfeit, military-
grade integrated circuit from VisionTech.
(See “Three California Family Members
Indicted in Connection with Sales of Coun-
terfeit High Tech Parts to the U.S. Military,”
DOJ, Oct. 9, 2009, tinyurl.com/yc2ja2dx
and “Operations Manager for MVP Micro
Sentenced to 20 Months in Prison For Con-
spiring to Sell Counterfeit Microelectron-
ics to the U.S. Military,” DOJ, Feb. 22, 2022,
tinyurl.com/mry4e869.)
Other investigations involved differ-
ent agencies, including the Federal Avia-
tion Administration (FAA), NASA Office
of Inspector General (OIG), and the U.S.
Department of Transportation OIG, as both
civilian and military aircraft share many
of the same parts. For example, one com-
pany, which had contracts with NAVAIR
and NASA, altered test results and falsified
36 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
Unscrupulous companies have used
various methods to introduce
counterfeit or nonconforming parts
into the DOD procurement chain. This
is worrisome because counterfeit
parts imported from abroad and sold
to DOD distributors can potentially
compromise U.S. national security.
certificates of conformance (CoCs) for parts
destined for use in the space shuttle. An
authorized party typically provides a CoC
to verify that a product meets certain
standards of specification. (See “What is
a Certificate of Conformance?” My Ac-
counting Course, tinyurl.com/yvb9vdxt.)
This resulted in the FAA issuing an unap-
proved parts notification (UPN), initiat-
ing a suspected unapproved parts (SUP)
investigation and sharing the informa-
tion with law enforcement agencies. (See
“Owners of Florida Aerospace Metals Sup-
plier Pleads Guilty to Supplying Customers
with $854,379 in Sub-Standard Metals,”
OIG, U.S. Department of Transportation,
Sept. 12, 2006, tinyurl.com/2drxcyw9.)
As part of these cases, we reviewed
U.S. Customs and Border Protection (CBP)
import/export seizure records with the
assistance of Homeland Security’s Intel-
lectual Property Rights Resource Center
and found that the implicated companies
distributed counterfeit electronic compo-
nents and violated U.S. export licensing
requirements. As a result, the original
equipment manufacturers would often
issue cease-and-desist letters to the con-
tractors receiving the bogus parts to pro-
tect their brands against trademark in-
fringement. I shared with NCIS’s Foreign
FRAUD-MAGAZINE.COM
Counterintelligence Division all intelli-
gence gleaned from companies abroad that
were importing counterfeit parts into the
U.S.
Despite efforts to put an end to this
type of fraud, law enforcement and manu-
facturers continue to fret about the sale
of unauthorized parts through the gray
market and other means. Cisco Systems
recently warned that the disruptions in the
global supply chains due to the pandemic
have encouraged its customers to turn to
unauthorized channels to purchase its
gear. This has resulted in a spike of avail-
ability of counterfeit/gray-market Cisco
equipment. (See “Cisco Warns Supply
Chain Issues Causing Spike In Gray Mar-
ket, Counterfeit IT Gear,” by Gina Narcisi,
CRN, Networking News, April 28, 2022,
tinyurl.com/53xu69d8.)
Need for obsolete parts
Many micro components installed in mili-
tary and aerospace applications are tested
to withstand conditions typically experi-
enced in a military environment such as
shock, vibration, salt spray, high-altitude
pressures and extreme temperature rang-
es. As a result, many of these parts are la-
beled as military grade. Fake components
could work perfectly fine for months and
then prematurely fail when most needed
long after installation and use.
The problem is exacerbated by the fact
that the DOD relies on obsolete parts, es-
pecially brand-name, trademark-protected
microchips, to maintain its aging aircraft
fleet and weapon systems. DOD aircraft
and other weapon systems are designed
to operate with upgrades for decades. In
many cases, original equipment or com-
ponent manufacturers no longer make or
upgrade the proprietary semiconductors
used in the systems, because it’s no longer
cost-effective. This forces the DOD to turn
to outside channels, such as unauthorized
distributors or parts brokers, which leaves
the industry vulnerable to procuring coun-
terfeit or gray-market materials. In addi-
tion, global supply chain disruptions create
even more of an opportunity for brokers to
sell fake parts. (See “Fraud’s fertile breed-
ing ground,” by Stephen Pedneault, CFE,
CPA/CFF, Fraud Magazine, January/Feb-
ruary 2022 issue, tinyurl.com/4cn4j8n9
and “Chip shortages result in record wire
fraud reports by desperate buyers,” by Jane
Lanhee Lee, Reuters, June 28, 2022, tinyurl.
com/2p8zm38x.) It’s hoped that the recent
passage of the U.S. CHIPS Act bill will boost
the production of microchips in the semi-
conductor industry and help alleviate these
shortages. (See “The proposed legislation
to boost semiconductor manufacturing,”
by Alex McLenon, WDET, July 23, 2022,
tinyurl.com/yrmsukeu.)
Understanding the
vetting process
Before examining proactive methods im-
plemented at NAVAIR, it first may help to
understand the vetting process for supply
contracts in the U.S. armed forces.
The Defense Contract Manage-
ment Agency (DCMA), which adminis-
ters contracts for the DOD, carries out a
process known as origin inspection and
acceptance. This involves going to the
contractor’s facility to inspect and verify
the product for acceptance. The DCMA
works directly with the defense contrac-
tor to ensure sufficient technical systems
are in place to produce the products and
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
that products presented for acceptance
satisfy established contract technical
requirements.
Alternatively, a contract may simply
stipulate destination acceptance. This
means that the organization where the
product was sent will administer the in-
spection and acceptance process for the
government. As part of DCMA procedures,
it’s common to have DOD employees,
known as quality assurance representa-
tives (QARs), perform on-site inspections
to confirm that quality procedures are in
place and to perform material acceptance
inspections. In addition, DCMA QARS wit-
ness various types of testing to verify that
contractual requirements are met.
When the DOD identifies a substan-
dard part, the supplier typically claims
innocent error or that the government
reported the deficiency long after the ex-
piration of any warranty. This usually re-
sults in either a credit to the government
or some determination of cause or blame.
When the DOD detects nonconforming
parts, it’s often difficult to prove intent to
FRAUD MAGAZINE 37
 BATTLING FRAUDULENT PRODUCT SUBSTITUTION
defraud without compelling evidence. The
DOD normally administers each problem
as a separate instance and rarely conducts
an analysis of the overall practices of the
vendor for possible referral for criminal
investigation. Law enforcement agen-
cies have traditionally investigated bogus
parts cases reactively. This investigative
approach of addressing the problem and
of developing and prosecuting bogus parts
cases has had only limited success.
Proactive prevention
A proactive approach provides a more ef-
fective and efficient means of obtaining
evidence to prosecute suspects, who are
predisposed to supplying nonconforming
parts to the DOD. This starts with monitor-
ing suppliers for red flags. A disproportion-
ate percentage of deficiency reports, failed
tests or inspections, and terminations for
convenience or default are good indica-
tors of chronically unreliable suppliers,
whether they’re careless, unscrupulous
or possibly both.
Here’s one case that underscores the
importance of paying attention to these
warning signs. In 2006, the DCIS and NCIS
initiated an investigation, implicating the
owner of four companies in knowingly
providing nonconforming parts to NA-
VAIR. For example, the companies failed
to conduct contractually required testing
and falsified CoCs.
38 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
A review of the pertinent DCMA file
and witness interviews revealed the QARs
had issued these companies numerous
corrective action requests (CARs), docu-
menting the contractors’ quality deficien-
cies, including repeated testing failures.
CARs provide written notification to a
contractor that the parts inspected were
rejected and inform the contractor of the
reason for the failure. These companies
also had a lengthy history of failing first
article testing (FAT) inspections witnessed
by QARs or independently performed by
NAVAIR engineers to ensure a contractor
can correctly make the part.
The investigation revealed that one of
the companies failed a FAT inspection for
a motor cable, part of the weapons system
for a U.S. Marine Corps amphibious ve-
hicle. The cable was classified as a critical
application item (CAI), meaning if it failed
it would likely impact the ability or perfor-
mance of a weapon system to carry out a
required mission. After the testing failure,
the contract was terminated for default.
Despite that the company subsequently
provided motor cable assemblies with the
same part number, including a CoC, under
a destination acceptance DOD contract.
FRAUD-MAGAZINE.COM
Queries of product quality deficiency
reports (PQDRs) revealed that the compa-
nies provided nonconforming parts to the
DOD. PQDRs are part of the Navy’s product
data reporting and evaluation program
(PDREP), which is useful in locating com-
panies selling nonconforming products/
services to the government. (See tinyurl.
com/z92n83a3.)
For example, one of the companies in-
volved in this case was issued a PQDR after
supplying defective cables associated with
the AIM-9 missile’s guidance system. The
cable was classified as a CAI. The PQDR
concluded that the parts didn’t pass cali-
bration tests. Had they been installed, the
missile system would’ve likely been ren-
dered inoperable. The AIM-9 (Sidewinder)
is a supersonic heat-seeking missile car-
ried by U.S. fighter aircraft. This is an es-
pecially effective weapon as the pilot can
fire the missile and immediately exit the
area to get out of harm’s way. The DCMA
had previously rejected the parts after they
failed in-house testing, resulting in the is-
suance of a CAR. But the contractor then
sold the parts, accompanied by a CoC, to
a commercial distributor, which in turn,
sold them to the DOD.
Another one of the companies sup-
plied serialized wiring harnesses for Seal
Team 1’s submersible Seal Delivery Vehi-
cles (SDV). These serialized parts had been
rejected under an earlier contract after
failing an in-plant insulation resistance
 “What keeps me up at night are
potential safety mishaps
involving our aircraft.”
- Admiral Walter Massenburg
test, which resulted in moisture entering
the cable/connectors. After receiving the
parts, Seal Team 1 authored a PQDR. One
part bore the same serial number as the
one that the DCMA QAR had previously
rejected. Had these parts been installed,
a failure would've had potentially disas-
trous consequences to the safety of the
crew during high-risk exercises and mis-
sions, as the vehicle would need to surface.
(See “Indictment alleges business owner
defrauded U.S. gov’t.,” Centraljersey.com,
Aug. 13, 2008, tinyurl.com/bdfthedh and
“Monmouth County Defense Contractor
Pleads Guilty to Making False Statements
to Defense Department,” DOJ, Jan. 15, 2010,
tinyurl.com/2uvmaxnb.)
Working together
NAVAIR carried out proactive operations
to help determine whether suspects know-
ingly provided nonconforming parts for
use in military systems. To make these
determinations, NCIS/NAVAIR would fund
the purchase of parts from subject contrac-
tors. Law enforcement agents worked with
NAVAIR to conduct research relating to the
military specifications associated with the
parts. The relevant military command or
agency — i.e., NAVAIR, DCMA, or Naval
Sea Systems Command — provided the
specifications, which would, in turn, be
given to the suspected supplier. Once NCIS
received the parts, they were entered into
evidence. The parts were then tested for
compliance with contract specifications
by NAVAIR’s system engineering depart-
ment or the original manufacturer of the
part, which was often a member of the
Semiconductor Industry Association (SIA)
Anti-Counterfeiting Task Force (ACTF).
activity for civil remedies to initiate debar-
The SIA ACTF provided direct support to
ment and suspension proceedings.
law enforcement in the form of report-
The above examples demonstrate how
ing suspected counterfeit devices and
some contractors and parts distributors
in testing suspected counterfeit parts.
egregiously supply nonconforming parts
(See "Anti-Counterfeiting," SIA, tinyurl.
to the DOD despite the best efforts of gov-
com/6ju5ve9k.)
ernment to prevent this type of fraud. Bad
If the parts failed testing, then law
enforcement agents considered making
actors can still find ways to intentionally
sell defective goods through distributors
repeat buys. Sources engaged subjects in
that knowingly or innocently sell bad parts
consensually monitored telephone con-
to the DOD or to major contractors. This
versations to potentially elicit incrimi-
underscores the importance of imple-
nating statements and to request any test
menting proactive operations at various
data from the company and CoCs that the
military commands to combat product
supplier hadn’t already provided. NAVAIR
substitution. n FM
would identify all platforms in which the
discrepant parts were installed. NCIS
would notify sister law enforcement agen- Stewart Thompson, CFE, is a retired
cies if their organizations were impacted. special agent for the Naval Criminal
Law enforcement agents worked closely Investigative Service (NCIS). He served
with the relevant assistant U.S. attorneys over 25 years at the U.S. Department
to apply for and execute search warrants. of Defense and as an insurance fraud
After the criminal case was completed, it investigator with the State of Maryland.
was referred to the pertinent debarment Contact him at thomps4649@gmail.com.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 39
WHAT CAN CFES LEARN FROM PRIVATE INVESTIGATORS?

WHAT CAN
FRAUD
EXAMINERS
LEARN FROM
PIS?
Some Certified Fraud Examiners, who are
also licensed private investigators, say their
PI skills have helped them become better
practitioners. Here’s what they can teach us.
By Dick Carozza, CFE
 T
here’s a good
possibility
you’re a Certi-
fied Fraud Ex-
aminer. But you’re prob-
ably not a licensed private
investigator. Are you missing
out?
t? Not necessarily, but some
C s believe their hard-won PI
CFEs
sk s burnish their fraud exam-
skills
iner careers
areers and make them bet-
fessionals.
ter professionals.
L ah Wietholter, a licensed
Leah
P
PI, is one e of those CFEs. In a case
sshe worked, ed, an engineering busi-
n
ness came to her firm, Workman Fo-
rensics, afterr its managers suspected a
s b
subcontractor or was stealing from them
v overbilling.
via b ll g. The subcontractor had
b
burned through gh the budget granted by
the
h engineering ing firm, then requested
m
more money from the engineers, spent
that
h and d requested
uested even more. And he
wasn’t d delivering
l ing adequate work.
The engineers
gineers invoked the audit
cclause
ause in tthe e subcontractor’s contract.
Wietholter
h l sent
ent him a letter asking for
e l
explanations and records, but the subcon-
t
tractor never responded.
esponded. “Some fraud ex-
aminers at thiss point might have thought,
‘ can’t get much
‘I ch further because I have no
financiall records,’”
rds,’” Wietholter says. “But
my PI instinctss kicked in, and I began an
open-source intelligence [OSINT] investi-
gation. We found that the subcontractor
in turn subcontracted to a guy in India
who was charging only $30 an hour, but
the original subcontractor was billing the
engineering firm $150 an hour.”
Wietholter then discovered through
OSINT that the original subcontractor
wasn’t even a licensed engineer but had
been using the stolen licensing number of
an actual engineer. OSINT is the process
of obtaining intelligence in an investiga-
tion through publicly available informa-
tion. [See “Everything about Open Source
Intelligence and OSINT Investigations
(2021)," Maltego, tutorial, Oct. 31, 2021,
tinyurl.com/mwka9sr8.]
“I never got to look at the original
subcontractor’s invoices and time sheets
like I would in a financial investigation,
but through my PI work I was able to write
a report for the client so they could end
the subcontractor engagement and turn it
over to law enforcement,” Wietholter says.
“I was able to get the job done successfully
without looking at one spreadsheet!”
What’s a private investigator?
As we all know, the CFE Exam tests pro-
spective CFEs on four areas: financial
transactions and fraud schemes, law,
fraud prevention and deterrence, and
investigation. The investigation section
of the ACFE Fraud Examiners Manual (FEM)
is exhaustive. But we thought it might be
useful to get some input from CFEs who
also wear PI hats. Fraud Magazine recently
interviewed several CFEs/PIs who empha-
sized they’re better fraud examiners be-
cause they’ve attained PI skills that help
them move FEM concepts off the page and
into action. First, here are some of their
thoughts on what a PI does and the dif-
ferent roles they can play.
“A private investigator conducts in-
vestigations on behalf of various clients,
such as corporations, insurance agencies,
law firms, private individuals or other
entities. Depending on the jurisdiction
and the situation, the PI may require li-
censure in their jurisdiction,” says Beth
Mohr, CFE, PI, managing partner at The
McHard Firm, which specializes in foren-
sic accounting. (See sidebar on page 47
for more details on the possible need to
become a licensed PI.)
Brian Willingham, CFE, PI, is found-
er and president of investigative firm
Diligentia Group. “I believe in ethically
sourced information to help clients make
educated decisions, answer complex
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
questions or ease concerns,” says Will-
ingham. “I just happen to be a private
investigator.” 
Marcy Phelps, CFE, PI, is owner of
Marcy Phelps & Associates Inc., a firm
focused on due diligence, financial as-
set investigations and training services.
She says, “I see private investigators as
unbiased third parties — those with no
stake in the outcomes of investigations.”
The PI-finder site PInow (pinow.com)
says clients might hire PIs for investigat-
ing suspicions of infidelity, performing
background checks on potential employ-
ees, investigating the validity of an insur-
ance claim or finding a missing person.
Most of the CFEs/PIs interviewed here
also conduct in-depth due diligence for
their clients.
PInow says PIs use several tactics, in-
cluding surveillance, computer forensics,
skip tracing, background checks and asset
searches.
PI areas that enhance fraud
examiners’ capabilities
CFE and PI skills, of course, aren’t mutual-
ly exclusive; they overlap and sometimes
merge as fraud examiners move through
their careers. But here are some areas,
among many others, that the CFEs/PIs
interviewed say PI education and experi-
ence have enhanced:
• Skeptical and investigative mindset.
• Cognizance of personal risks and
liabilities.
• Open-source intelligence (OSINT)
proficiency.
• Evidence collection.
• Ethical challenges solidifying
convictions.
Skeptical and investigative mindset
Phelps says that in her years of investiga-
tive research she’s learned that she must
let the facts speak for themselves and not
FRAUD MAGAZINE 41
 WHAT CAN CFES LEARN FROM PRIVATE INVESTIGATORS?

make any preconceived judgment per the ACFE Code of Professional

Ethics: “No opinion shall be expressed regarding the guilt or innocence
of any person or party.”
“I often receive calls from attorneys who want me to prove their
cases,” Phelps says. “But I don’t do that. I find the facts and let them
speak for themselves.” Willingham agrees with Phelps’ sentiment.
“A lot of attorneys come to me and always have some theories about
something that happened, and they want you to find information to
support their theories,” Willingham says. “That’s just not how my
brain works; I’m a fact-finder. I let the facts do the talking.”
Phelps says that her PI experience helped her develop a skep-
tical mind and avoid assumptions. “Sometimes fraud isn’t in the
numbers or financial statements,” she says. “Sometimes when I’m
doing due diligence, for example, on a hedge fund manager, I might
find something subtle like they said they received an MBA from a
prestigious university, but it was really from a state school. That was
a deal breaker for one client.”
Jeffrey Dunhill, CFE, PI, is senior manager, colleague relations
relat
at CVS Health, where employee investigations are a major portionporti off
his job. He says a PI who was his supervisor in a previous investiga-
inves -
tive job encouraged him to always inspect what you expect.
“Many times, we get into a case and we see what the outcomes
outco
are most likely going to be, so we might rush to judgment and stop
investigating if we think we’ve reached a conclusion,” he says. “But
if we’re ever deposed, attorneys will ask if we did enough thorough
thoro h
research. If they indicate that we didn’t, they can accuse us of bias.”
b
(Dunhill’s comments in this article are his own and not necessarily
necess
those of CVS Health.)
Wietholter says most of her firm’s cases are from closely held h ld
companies that don’t have internal audit teams or just have one audi-a
tor each. (A closely held corporation, according to Investopedia,
Investopedia is a
company with the majority of its shares owned by a few individuals.
individ
Shares aren’t traded publicly on an exchange and, therefore, can’t
be purchased by the public. Those who control most of the shares
have a significant influence on and control of the company. See
tinyurl.com/4trtwp8y.) Therefore, these companies need assistance
from a company, such as Workman Forensics, to conduct audits
and investigations.
PINOW
O SAYS
S S PIS USES Wietholter says she wanted to be an investigator since she was
12. In her book, “Data Sleuth: Using Data in Forensic Accounting
SSEVERAL TACTICS,
C CS IN- Engagements and Fraud Investigations,” (Wiley, 2022) she
writes that she was obsessed with an episode in a kid’s
CCLUDINGG SSURVEILLANCE,
CE, radio drama in which a young woman, Tasha, was in-

CO
COMPUTER FORENSICS,
O S CS, troduced as a special agent for the U.S. National
Security Agency. “This episode about Tasha’s

SKIP TRACING, BACK- career as an agent … made me realize that

I, as a female, could be an investigator,”

GROUND CHECKS AND she says.

ASSET SEARCHES.
 An accounting d
degree followed,
ll d then
h a
c
coveted FBI internship and two years with
the agency.
g y After an MBA and a few years
y at
a public accounting firm, “An accounting
headhunter suggested, ‘What would hap-
pen if you started your own investigation
and forensic accounting business?’” she
writes in her book. She opened her firm
in November 2010 and then earned her
Oklahoma private investigator’s license.
Cognizance of personal risks
and liabilities
PIs generally own their businesses, so, un-
like CFEs who might work in the corporate
world, they must protect themselves be-
cause clients’ and organizational struc-
tures won’t shield them. “PIs must review
their jurisdictions’ laws and regulations to
ensure they’re in compliance,” says Dun-
hill. “Companies normally have policies
requiring employees to communicate with
their internal investigators. PIs don’t have
that. No one is required to talk with them.
They’re on their own. So, PIs have to be
overly cautious because their reputations
are on the line. That cautious attitude has
helped me as a fraud examiner.”
For the first 10 years or so of his career,
Dunhill worked for a PI. “He taught me to
make sure my documentation was clean,
consistent and repeatable, and to pay at-
tention to detail — principles that have
assisted me in every investigative role I’ve
ever had,” he says.
Other skills critical to success and
avoiding liability, Dunhill says, are to con-
duct quality interviews, assess subjects’
credibility and leave no stone unturned.
“As a private investigator, you don’t have
any additional support. No one will go to
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
b for you. So, your work product should
bat
a include any exculpatory evidence and
also
not indicate judgment. Again, just present
the facts.”
When Dunhill managed his private in-
vestigations business, he says the personal
risks gave him additional energy and mo-
mentum to ensure the integrity of evidence
and findings he presented to his clientele.
“That energy has crossed over into the cor-
porate realm, where I now work,” he says.
OSINT proficiency
Investigators and researchers of all stripes
and in all sectors — military and state
intelligence, marketing, IT — search for
information in published or otherwise
publicly available sources. OSINT, and
research through subscription software,
is a major component of PIs’ workdays. “I
work with law firms, private-equity firms,
hedge funds and investors to conduct due
diligence,” says Willingham.
“There’s a big difference between what
I do and what Certified Fraud Examiners
do. CFEs usually have a collection of doc-
uments they have access to — normally
through their employers that they use to
analyze situations. I typically don’t start
with any access.”
Willingham is working on a case
where his client sued a financial advisor
for several hundreds of thousands of dol-
lars. Willingham and his team believe the
financial advisor is lying, but they aren’t
analyzing all the financial statements to
prove this. “Although the financial state-
ments may provide some clues, I’m trying
to find information that suggests that the
financial advisor might be a serial liar,
FRAUD MAGAZINE 43
 WHAT CAN CFES LEARN FROM PRIVATE INVESTIGATORS?

used his clients’ asset for personal use or has a history of toxic re-
lationships,” says Willingham. “I’m also looking up lawsuits that
the financial advisor has been involved with to determine whether
others have accused him of fraud — finding fact witnesses that can
speak to his character or can impeach his credibility in civil court.”
In a 2013 ACFE Insights article, Willingham encouraged fraud
examiners to make use of public sources in their examinations. (See
tinyurl.com/5a32vdcm.) “What I have come to learn is that many
people take public records for granted,” he wrote. “Because they are
‘public,’ people assume that they can’t be all that valuable. … Our
vast system of public records in the U.S. is one of the most unique
investigative assets we have.
“Most people don’t realize how public records can serve as re-
sources to help connect the dots, develop a complete picture, fill in
the blanks, and find supporting documentation, hidden clues or just
plain old dirt,” Willingham writes. “As an investigator, your job is to
collect information and facts. And if part of collecting information
doesn’t include using the vast resources found in public records, you
are definitely missing out.”
One advantage for private investigators, Willingham says, is
that as professional practitioners of their craft they invest in some
powerful and pricey resources, such as Maltego, TLO, IDI, IRB, Trac-
ers and Delvepoint. “Maltego, for example, is a platform that helps
you sort and analyze massive datasets,” Willingham says. “For
example, it’s good for establishing some links or connections
among dozens or hundreds of Twitter accounts.”
Phelps, who holds a master’s degree in library and
information science, uses OSINT resources to help
mitigate risk and to prevent and deter fraud for
asset management firms, funds of funds and
other investment organizations; private
equity firms; mergers and acquisitions
advisors; attorneys; senior execu-
tives and others. In addition to
specialized investigative
databases, she also uses
IN A 2013 ACFE other subscription
services, such as
INSIGHTS ARTICLE, LexisNexis,
Dow Jones
WILLINGHAM ENCOUR- Factiva
and
AGED FRAUD EXAMINERS
TO USE PUBLIC SOURCES IN
THEIR EXAMINATIONS.

44 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 ProQuest Dialog.
P l Phelps
h l teaches
h severall online courses at Illumeo.
com, such as “How to Search Online Records
rds Like a Pro” and “Online
Court Searching: A How-To
How To for Non-Legal
Non Legal Professionals.”

Evidence collection
“Auditors who find evidence are trained to make copies and return
the original documents to the client,” says Mohr. “But as an investi-
gator, if you run across something that may have evidentiary value
you’re obligated to collect the original as evidence, and you have
to preserve it in a way that allows it to be admissible as evidence
in court, which means having it in a secure spot with a chain-of-
custody log that proves to the court who’s handled it and that it
hasn’t been altered.” Mohr’s PI experience heavily influences her
evidence collection and preservation plus her interviewing. She
teaches on the subjects to auditor and accounting groups, and
the ACFE. A former officer with the San Diego Police Department,
Mohr is credentialed as a Nationally Certified Law Enforcement
Instructor by the International Association of Directors of Law
Enforcement Standards and Training.
Of course, CFEs are trained in evidence collection and preser-
vation. But Mohr says her PI and law enforcement experience has
accentuated the seriousness of protecting anything that could be
considered evidence. “Fraud examiners might just have cursory
experience of investigatory techniques and evidence collection.
Some of the attendees at one recent workshop I taught had little
knowledge in this area. I always tell any attendees, ‘When in doubt
— bag and tag!’” she says.
PIs know that when they must collect digital evidence, they
need to call in digital forensics experts so they don’t risk contami-
con
nating computers and devices, Mohr says. She provides these digital
d l
evidence collection guides from her PI experience:
• “Best Practices for Seizing Electronic Evidence: A pocket guide
d
Departme off
for First Responders v. 4.2,” U.S. Secret Service, Department
Homeland Security (tinyurl.com/5n93u9a8).
• “First Responder Guide to Mobile Forensics,” by Amber
Schroader, Paraben Corporation (paraben.com).
• “Electronic Crime Scene Investigation: A Guide for First
Departme off
Responders,” National Institute of Justice, U.S. Department
Justice (tinyurl.com/4h8ubvrs).
• “Seize First, Search Later: The Hunt for Digital Evidence,”
by Paige Bartholomew, Touro Law Review, volume 30, No. No 4
(tinyurl.com/rpzu6wby).

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 45

 WHAT CAN CFES LEARN FROM PRIVATE INVESTIGATORS?
VESTIGATO INVESTIGATORS?

PIs’ ethical challenges can solidify 4 Conflicts

4.
t i convictions
their i i s We will not knowingly
kn l
The ACFE has a strict Code of Professional Eth-- accept
ccept any assignments
assi
ics and a Code of Professional Standards for its that can be construed
const ued in
members (tinyurl.com/3ec8mrse). Violations can any way as self-serving
self g
result in ACFE discipline, such as suspension or or a conflict of inter--
permanent expulsion from the association. ACFE
est with our business or
members know the ethics bar is high.
other assignments. We
Private investigators might not always have
will not allow our personal
the shiniest of reputations, says Willingham. In a
beliefs, prejudices, friend-
2013 Google consumer survey his firm, Diligen-
tia, conducted, 95% of those surveyed thought ships or feelings influence
that private investigators break the law at least our professional decisions. AS AN INVESTIGATOR,
some of the time, and 20% thought that PIs never 5. Confidentiality
abided by the law. “The public’s perception of PIs We will not disclose any
YOUR JOB IS TO COL-
is one of the ultimate reasons I earned my CFE
because it was one of the only credentials after my
confidential information
without the consent of our
LECT INFORMATION
name that actually means something,” he says.
PIs (as well as any investigator) can be tempt-
clients, unless required by law AND FACTS. AND IF
or court order.
ed to slide over the line into unethical practices,
which ironically can help them maintain and 6. Fees and results PART OF COLLECT-
fortify their honesty, Willingham says. He’s de-
vised his own Private Code of Ethics:
We will bill at a reasonable fee,
which is mutually agreed upon
ING INFORMATION
1. Professional standards and can be adequately explained.
We will not work on a contin-
DOESN’T INCLUDE
We will adhere to these ethical and moral
standards, follow the laws of the jurisdic- gency fee. We offer no guarantees USING THE VAST RE-
tions in which we work and will cooperate regarding the result or outcome of
with the appropriate legal and regulatory our investigation. SOURCES FOUND IN
authorities. We expect our employees and 7. Reporting
subcontractors to follow these same ethical Our reports will be based on unbi-
PUBLIC RECORDS,
and legal guidelines.
2. Licensing and insurance
ased, fact-based information. We
will not provide any determination
YOU ARE DEFINITE-
We will maintain a license with the ap-
propriate licensing body where we practice.
of guilt or innocence and we will not LY MISSING OUT.
omit any material information.
We will maintain professional liability
insurance to protect ourselves, our employ-
Burnish your skills
ees and our clients.
By nature, CFEs are inquisitive and resource-
3. Scope of work
ful. It makes sense that you’d want to learn
We reserve the right to refuse work that
from the viewpoints of your private inves-
could call into question our character, mor-
tigator colleagues. Allow these CFEs/PIs to
als or professional license or cases that may
emphasize time-honored principles that you
have questionable motives. We will only
accept cases in which we have the appropri- can use to polish your professional skills. ■ FM
ate level of expertise required to conduct
the investigation. We will not misrepresent Dick Carozza, CFE, is editor-in-chief emeritus
ourselves in order to solicit private, inti- at Fraud Magazine. Contact him at
mate or confidential information. dcarozza@ACFE.com.

46 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 IF YOU’RE A CFE,
DO YOU NEED
TO BECOME A
LICENSED PI?
“The term fraud examination refers to a process of
resolving allegations of fraud from inception to dispo-
sition, and it is the primary function of the anti-fraud
professional,” according to the ACFE Fraud Examiners
Manual. “The fraud examination process encompasses
a variety of tasks that might include obtaining evi-
dence, reporting, testifying to findings, and assisting
in fraud detection and prevention.”
Beth Mohr, CFE, PI, says this definition includes
many elements that are traditionally associated with
investigations, including those specifically included
in various U.S. state statutes that require investigators
to be licensed.
In the “Career Connection” column in the July/
August 2013 Fraud Magazine, Mohr wrote that each
jurisdiction in the U.S. and around the world has varied
regulations that govern what defines investigators
or private detectives. The statutes can change at any
time. Mohr wrote that CFEs and CPAs who say they
conduct “forensic investigations” should be properly
licensed if their jurisdictions require it.
Mohr tells Fraud Magazine that PI licensing quali-
fications vary — from testing and prior law enforce-
ment or extensive investigative experience as a re-
quirement — all the way to just being over a certain
age, like 18 or 21. Some U.S. states require a bond, oth-
ers require insurance and some have no additional
requirements, she says.
“Each firm and CFE is responsible to ensure
they’re in compliance with the law, so you need to
consult your legal counsel,” Mohr wrote. “Don’t wait to
be embarrassed on the stand or find yourself charged
with a crime.” (See tinyurl.com/4tkk3bb3.)

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 47

05
most
SCANDALOUS

fraud cases
of 2 0 2 2

Each year the ACFE, along with input from

our Advisory Council, selects the five most
scandalous fraud stories of the year based
on money lost, lives impacted and relevance
to the anti-fraud profession. It’s another year,
and we have a brand-new list.

By Jennifer Liebman
I
t’s hard to believe, but it’s been al-
most three years since the start of the
COVID-19 pandemic, and fraud fight-
ers are still grappling with the fallout of
frauds tied to government-relief funds.
Yet, despite the massive scale of pan-
demic frauds and the staggering loss of

01/ Crypto Bonnie

money, governments made some progress
after enacting task forces to investigate
COVID-related frauds and recover stolen
funds. And while some of the most scan-
dalous frauds of 2022 were connected to a n d C ly d e
the pandemic, it wasn’t all COVID all the
time. Indeed, there were plenty of other
frauds we believe will live on in infamy and The bride, dressed in gold, arrived on a Moroccan palanquin and
serve as essential case studies for fraud ex- rapped a love ditty to the groom, and the groom performed a mind-
aminers in the years to come. (See “Justice reading trick to delight the guests. But while the couple feted their
Department Announces COVID-19 Fraud love, U.S. law enforcement officials were inching closer to nabbing
Strike Force Teams,” U.S. DOJ press release, the newlyweds for allegedly laundering stolen bitcoin from the 2016
Sept. 14, 2022, tinyurl.com/3m5wf4wk and Bitfinex hack. When the couple was arrested, U.S. law enforcement
“Secret Service recovers $286 million in seized from them approximately $3.6 billion in cryptocurrency, the
stolen COVID relief funds,” by Julia Ainsley largest U.S. financial seizure to date. [See “The Ballad of Razzlekhan
and Sarah Fitzpatrick, NBC News, Aug. 26, and Dutch, Bitcoin’s Bonnie and Clyde,” by Nick Bilton, Vanity Fair,
2022, tinyurl.com/ytts63rm.) Crypto Crime, Aug. 18, 2022, tinyurl.com/mr29zkhk and “Two Arrested
for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocur-
Here we look at the most
rency,” U.S. Department of Justice (DOJ) press release, Feb. 8, 2022,
scandalous of 2022. And see the
tinyurl.com/mw7b76fm.]
online version of this article in Ilya “Dutch” Lichtenstein and Heather Morgan were an unlikely
Fraud-Magazine.com for updates pair of fraudsters when U.S. officials arrested them at their New York
on some of the most famous per- apartment in February for conspiracy to commit money laundering
petrators of past frauds. and defraud the U.S. Lichtenstein was a technology entrepreneur,
and Morgan was an occasional contributor to Forbes magazine with
articles about protecting digital currency from fraud. She also had a
hobby as a rapper called “Razzlekhan.” The couple often took their
cat for walks in a stroller. But behind their quirky personas, U.S. law
enforcement officials say the couple conducted an intricate money-
laundering scheme that would take six years to solve.
In 2016, someone hacked cryptocurrency exchange Bitfinex and looted 119,754 bitcoins, about $72 million at the time.
Lichtenstein and Morgan aren’t accused of the actual hack, but they’re facing more than 20 years in prison for allegedly tak-
ing those stolen funds, storing them in a digital wallet and laundering them via gold coins, Walmart gift cards, international
travel, five-star hotels and likely their wedding. Federal prosecutors say the couple traveled to Ukraine in 2019 to plan a life
there. They allegedly bought fake Ukrainian passports, SIM cards and details for secret bank accounts from the dark web. (See
“How Feds Aimed To Unravel One Of The Most Notorious Cryptocurrency Heists Of All Time,” by Jill Sederstrom, Oxygen True
Crime, Oct. 19, 2022, tinyurl.com/2s4z4wsz.)
According to Ars Technica, IRS Criminal Investigation (IRS-CI) traced the couple’s alleged money laundering path from
Lichtenstein’s digital wallets across the Bitcoin blockchain through wallets hosted on the AlphaBay darknet market. The couple
then used techniques like “chain-hopping,” in which they exchanged bitcoins for monero, a “privacy coin,” to hide the trail of
funds. In an article for Wired magazine, reporter Andy Greenberg wrote that the number of multilayered measures the couple
took to obscure their tracks wasn’t the most impressive part of the case. What was more remarkable was how federal investigators

5 m o s t s c a n d a l o u s f r a u d c a s e s of 2 0 2 2
 5 MOST SCANDALOUS FRAUDS OF 2022

were able to crack the case and expose the pair’s attempts at ano- in my career have I seen such a complete fail-
nymity. “They demonstrated just how advanced cryptocurrency ure of corporate controls and such a complete
tracing has become — potentially even for coins once believed to absence of trustworthy financial information
be practically untraceable,” wrote Greenberg. (See “$3.6 billion as occurred here,” he said. (See “8 Days in No-
bitcoin seizure shows how hard it is to launder cryptocurrency,” vember: What Led to FTX’s Sudden Collapse,”
Ars Technica, Feb. 12, 2022, tinyurl.com/3wjnrdkc.)
by David Z. Morris, CoinDesk, Nov. 9, 2022,
According to David Utzke, Ph.D., CFE, who worked with
tinyurl.com/yceb2mpj and “The crypto melt-
the IRS-CI when Lichtenstein and Morgan were arrested, fraud
down, explained,” by Allison Morrow, CNN,
examiners must know the technologies criminals are using to
launder cryptocurrency. Utzke is now senior director of crypto-
Nov. 18, 2022, tinyurl.com/mr4yda89.) /01
economic technology for MasterCard. “Coming from a decades-
long career in technology and civil/criminal cybercrimes federal
enforcement and being engaged in this investigation as it evolved
in mid-2016, whether we’re talking about digital assets, art, 0 2 / U n h e a lt h y
choices
drugs, or some other asset — digital or physical — laundering,
traditional AML and sanction methods are not addressing the
technology methods criminals utilized,” Utzke says.
However, federal investigators eventually tied Lichtenstein
and Morgan to the stolen crypto in a much more ordinary way From suits against large U.S. health insurers
by linking a $500 Walmart gift card to their emails and cloud- for allegedly defrauding the Medicare Advan-
service providers. (See “A Crucial Clue in the $4.5 Billion Bitcoin tage program to pharmaceutical giant Biogen’s
Heist: A $500 Walmart Gift Card,” by James Fanelli, Ben Foldy eye-popping settlement, 2022 turned out to be
and Dustin Volz, The Wall Street Journal, Feb. 15, 2022, tinyurl. quite a shameful year for health care.
com/ysduy2ws.) In July, Biogen agreed to a $900 million
Lichtenstein and Morgan’s futures are uncertain as they settlement with the U.S. government over al-
await plea deals and sentences, but one thing is for sure: Crypto- legations that it gave kickbacks to doctors for
currency and fraud will still be hot topics in 2023, especially in the promoting its multiple sclerosis (MS) drugs.
wake of crypto exchange FTX’s extraordinary crash in November. A former Biogen employee, Michael Baw-
The Securities and Exchange Commission is investigating if FTX duniak, originally sued the company in 2012
mishandled customer funds. Investors filed a lawsuit alleging under the U.S. False Claims Act as a whistle-
that FTX founder Sam Bankman-Fried and celebrities like Tom blower. In Bawduniak’s lawsuit, he accused his
Brady and Larry David engaged in deceptive practices to sell FTX
yield-bearing digital currency accounts. (See “Sam Bankman-
Fried’s FTX Empire Faces U.S. Probe Into Client Funds, Lending,”
by Lydia Beyoud, Yueqi Yang and Olga Kharif, Bloomberg, Nov.
9, 2022, tinyurl.com/358yh7nh and “FTX’s Bankman-Fried, Tom
Brady and other celebrity promoters sued by crypto investors,”
by Jody Godoy, Reuters, Nov. 17, 2022, tinyurl.com/bdd6teav.)
Reports that Bankman-Fried had inappropriately been using
FTX’s customers’ funds to prop up his crypto hedge fund Alameda
Research sparked a rush for the exits and the overnight collapse
of the exchange. Creditors are now looking to recoup billions
of dollars from the company. Bankman-Fried’s high standing
not only in the crypto community but among regulators and
politicians has made the bankruptcy particularly shocking and
has the potential to be one of the biggest fraud cases of 2023.
FTX’s new CEO John J. Ray III, better known for overseeing the
collapse of Enron more than 20 years ago, has been scathing in
his assessment of the inner workings of the exchange. “Never

50 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 March 8, 2023 | Washington D.C.

The 2023 ACFE Women’s Summit will be

in-person and online March 8, 2023.

Attend and explore common challenges

women face in the industry, ask questions,
share ideas and resources, and support
each other as you navigate your own
professional journey.

Learn more at ACFE.com/WomensSummit.

March 27–29, 2023 | Online Virtual Conference

The 2023 ACFE Fraud Conference Europe

will be online March 27–29, 2023. Learn
anti-fraud best practices from leading
experts, plus network online
with fellow fraud fighters.

Watch
sessions
online or
on-demand.
earn
20 CPE.

Learn more at FraudConference.com/Europe.

 5 MOST SCANDALOUS FRAUDS OF 2022
ex-employer of enticing doctors with sham consulting deals,
speaker engagements and fancy dinners so they’d prescribe
Biogen’s MS drugs to their patients. As Reuters explained,
MS drugs are expensive, and only a small number of drugs
are approved to treat the autoimmune disease affecting the
central nervous system. The alleged kickbacks were meant
to help the Cambridge, Massachusetts-biotech company,
which specializes in treatments for neurological diseases,
corner the market and boost sales of its MS drugs.
The DOJ claimed the alleged kickbacks resulted in false
claims to Medicare and Medicaid for prescriptions of Biogen’s
MS drugs. Biogen denies any wrongdoing. (See “Biogen
agrees to $900 million drug kickback settlement on eve
of trial,” by Nate Raymond, Reuters, July 20, 2022, tinyurl.
com/2swajs6t and “Biogen Inc. Agrees to Pay $900 Million to
Settle Allegations Related to Improper Physician Payments,”
DOJ press release, Sept. 26, 2022, tinyurl.com/yc2e2nva.)
In October, The New York Times highlighted the ex-
tent to which U.S. health insurers have allegedly exploited
Medicare Advantage — the arm of the U.S. national health
system for older Americans managed by private entities —
by fraudulently inflating diagnostic codes and making bil-
lions of dollars in the process. (See “‘The Cash Monster Was
52 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM
05
most
SCANDALOUS
fraud cases
of 2 0 2 2
Insatiable’: How Insurers Exploited Medicare for Billions,”
by Reed Abelson and Margot Sanger-Katz, The New York
Times, Oct. 8, 2022, tinyurl.com/mr2ua3mu.)
The DOJ has sued some of the biggest health insurance
companies in the country — UnitedHealth, Humana and Kai-
ser Permanente, to name a few — for submitting inflated bills
and overdiagnosing patients. The DOJ has joined several suits
that were originally filed by whistleblowers, signaling that
law enforcement believes the fraud allegations have merit.
The suits suggest that incredibly profitable insurance
companies are gaming a system that pays them higher rates
for sicker patients. The lawsuits describe how the companies
have “developed elaborate systems to make their patients ap-
pear as sick as possible, often without providing additional
treatment” to collect more from the government, The New
York Times wrote. California-based Kaiser Permanente alleg-
edly urged doctors to add extra illnesses to patients’ medi-
cal records, incentivizing them with bottles of Champagne
or pay bonuses. The U.S. Congressional watchdog group
MedPAC has estimated that additional diagnoses led to $12
billion in overpayments in 2020. (See “‘The Cash Monster
Was Insatiable,’” tinyurl.com/mr2ua3mu.) /02
 Protestors at Wells Fargo Bank shareholders meeting
(Photo by Justin Sullivan/Getty Images)

03/ Scam-to-scam
banking
The company Zelle makes sending money
to someone a cinch. It’s a person-to-person
payment service controlled by many of
the largest U.S. banks. You only need to
connect the app to your bank account
and voila: The recipient gets your money
instantly with no need to wait for a bank
transfer or a payment to clear. But the im-
mediacy of the service is also what makes
it popular with fraudsters.
In 2021, people sent $490 billion
through Zelle, but all those billions in trans-
and claim financial institutions haven’t we have an enormous amount of systems to
actions also include plenty of fraud, and
done enough to warn customers about stop. And the amount of fraud relatively is
the service has become a favorite hunting
these scams. (See “TD Bank, Capital One very small for this free-of-charge service.”
ground for the likes of romance and cryp-
and more, Zelle fraud class action lawsuit (See “Zelle Emerges as Lawmakers’ Surprise
tocurrency scammers. And while banks say
investigation,” Top Class Actions, Oct. 30, Foe at Bank Hearings,” by Jennifer Surane,
they take Zelle fraud seriously, many victims
2022, tinyurl.com/mrxp7ycw and “Class Bloomberg, Business, updated Sept. 22,
have struggled to get help. The problem is
Action Lawsuit Filed Over Alleged Wells 2022, tinyurl.com/2b7fpvrc.)
that many fraudsters trick their marks into
authorizing Zelle payments, and banks say Fargo Zelle Scam [Update],” by Corrado An investigation led by U.S. Senator

regulations don’t require them to refund
money for authorized transactions. (See
“Fraud Is Flourishing on Zelle. The Banks
Say It’s Not Their Problem,” by Stacy Cowley
and Lananh Nguyen, The New York Times,
March 6, 2022, tinyurl.com/2nh73dds.)
“It’s like the banks have colluded with
the sleazebags on the street to be able to
steal,” fraud victim Bruce Barth told The
New York Times. Barth is one of many cus-
tomers scammed by thieves on the service
but discovered his bank was unwilling to
refund the stolen money.
Since the summer, Zelle customers
have joined in several class-action lawsuits
aimed at their banks. The lawsuits, against
the likes of TD Bank, Capital One and Wells
Fargo, press banks to take responsibility for
the money customers have lost to fraud-
sters through authorized Zelle payments
Rizzi, ClassAction.org, updated June 30,
2022, tinyurl.com/ybkwmxmv.)
The U.S. Senate Banking Committee
convened hearings in September, pressing
bank CEOs and Zelle’s operator, Early Warn-
ing Services, on how they can make their
customers whole. JP Morgan CEO Jamie Di-
mon told the committee, “Anything that’s
unauthorized, we do cover. So, you’re really
talking about authorized transactions that
“It’s like the
banks have colluded
with the sleazebags
on the street to be
able to steal.”
Elizabeth Warren (D-MA) found that in 2021
and the first half of 2022, four banks had
192,878 cases worth $213.8 million where a
customer claimed they’d been tricked into
making Zelle payments. Banks reimbursed
customers in only 3,500 of those cases.
Only 47% of the dollars were reimbursed
in cases where it was obvious that funds
were transferred without the customers’
authorizations. Warren’s report also found
that PNC Bank had 8,848 cases on Zelle in
2020 and will have about 12,300 cases in
2022. US Bank had 14,886 cases in 2020 and
had 27,702 cases in 2021. Truist had 9,455
cases of fraud and scams on Zelle in 2020,
which shot up to 22,045 in 2021. (See “Sen-
ate report finds increasing cases of fraud,
scams on Zelle,” by Ken Sweet, Associated
Press, PBS Newshour, Oct. 3, 2022, tinyurl.
com/yckmyjya.) /03

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 53

 04/ Feeding fraud
In September, the DOJ arrested 47 people
affiliated with Minnesota nonprofit Feed-
ing Our Future, all wanted in connection
with a massive $250 million COVID-relief
fund scheme to defraud the Federal Child
Nutrition Program of the U.S. Department
of Agriculture (USDA). By the end of Oc-
tober, law enforcement officials had ar-
rested 51 people allegedly involved in the
scheme. Among those arrested was Aimee
Bock, founder and executive director of the
nonprofit. (See “U.S. Attorney Announces
Federal Charges Against 47 Defendants in
$250 Million Feeding Our Future Fraud
Scheme,” DOJ press release, Sept. 20, 2022,
tinyurl.com/mswc2azn and “51st person
charged in $250 million Feeding our Future
fraud case,” by WCCO Staff, CBS Minnesota,
Oct. 28, 2022, tinyurl.com/5br7nezm.)
“This was a brazen scheme of stag-
gering proportions,” said U.S. Attorney
Andrew M. Luger for the District of Min-
nesota. “These defendants exploited a pro-
gram designed to provide nutritious food
to needy children during the COVID-19
pandemic. Instead, they prioritized their
own greed, stealing more than a quarter
of a billion dollars in federal funds to
purchase luxury cars, houses, jewelry,
and coastal resort property abroad.” (See
tinyurl.com/mswc2azn.)
According to the DOJ, employees of
the organization allegedly recruited oth-
ers to open more than 250 Federal Child
Nutrition Program sites around Minnesota
to fraudulently claim to be serving meals to
thousands of children. Defendants are ac-
cused of creating shell companies to enroll
in the program and receive and launder
reimbursement funds. Furthermore, de-
fendants allegedly created and submit-
ted fake documents to show the number
of children and meals plus false invoices
and meals served at each site. They also
submitted false invoices for food and fake
attendance records complete with fake
names of children supposedly served at
the sites.
As in many COVID-relief-related
frauds, the rush to get money to people
in need combined with poor controls, lack
of oversight and relaxed standards for par-
ticipation in the Federal Child Nutrition
Program contributed to the scale of fraud
associated with Feeding Our Future. USDA
allowed for-profit restaurants to partici-
pate in the program and permitted off-site
food distribution to children outside of
educational programs. Both were part of
the Feeding Our Future fraud. According
to The New York Times, two Feeding Our
Future locations claimed to be running
large child care centers out of the same

All in the family W h en A rchegos

Dishonorable
mentions
Many frauds vied for a spot
in the top 5 this year. Here
are some scandalous ones
that deserve a little bit more
attention even if they didn’t
quite make the cut.
By Anna Brahce
In April, Archegos Capital Management CEO Bill Hwang
c ol l ap s ed in March
2021 , Wa ll S treet
and his top lieutenant, Patrick Halligan, were arrested for
ba n ks t h at w ere
racketeering conspiracy, securities fraud and wire fraud.
c ou n t erparties to
According to prosecutors, loose regulations over “family
t h e in ves t ment f irm
offices” — private wealth management firms that serve the
super wealthy — allowed them to intentionally mislead
su f f e red billions in
l osses a n d s hare-
banks to loan them money so they could place bets on h o l d er valu e.
stocks through sophisticated securities.
When Archegos collapsed in March 2021, Wall Street
banks that were counterparties to the investment firm
suffered billions in losses and shareholder value. Hwang
allegedly timed stock trades to drum up investor interest
and borrowed enough to increase his portfolio from $1.5
billion to a staggering $160 billion in stock exposure. (See
“Archegos stock manipulation scheme was ‘historic,’ U.S.
attorney says,” by Matthew Goldstein and Lananh Nguyen,
Bill Hwang leaves for federal
The New York Times, Business, April 27, 2022, tinyurl.
court (Photo by Spencer Platt/
com/6z2dewuc.) Getty Images)

54 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 5 m o s t s c a n d a l o u s f r a u d c a s e s of 2 0 2 2

small building. One said it was feeding 2,000 children a day and the
other claimed to be feeding 500. Another operation in a restaurant said
it was feeding 6,000 children a day, which was more than the number of
children who lived in the ZIP code in that area. A lawyer for the nonprofit
said the group never had an accountant on staff. And while Feeding Our
Future said it had a three-member board to provide outside oversight
of its finances, the person listed as the board’s president between 2018
and 2020 was a bartender and electrician who said he’d been tricked
into taking the job. (See “Running a marathon at a sprinter’s pace,” by
Paul Kilby, Fraud Magazine, May/June 2021 issue, tinyurl.com/2bvv547p;
“Preparing for a post-pandemic fraud landscape,” by James Ruotolo,
CFE, and Linda Miller, Fraud Magazine, November/December 2021 issue,
tinyurl.com/2p8sa2va; and “F.B.I. Sees ‘Massive Fraud’ in Groups’ Food
Programs for Needy Children,” by David A. Fahrenthold, The New York
Times, March 8, 2022, tinyurl.com/29hbz6c2.) /04

Bed Bath & Beyond fraud
In September, the CFO of Bed Bath & Beyond,
Gustavo Arnal, fell from the 18th floor of a Manhat-
tan building to his death less than two weeks after
being named in a federal lawsuit accusing him of
securities fraud and insider trading. The suit, filed
in the U.S. District Court for the District of Columbia
claimed that Arnal and GameStop chairman Ryan
Cohen used false statements to sell their Bed Bath
& Beyond shares and inflate the price of publicly
traded stock. Arnal sold more than 42,000 shares for
$1 million, and Cohen sold all his 9.8% stake, causing
shares to plummet in a pump-and-dump scheme.
The home goods retailer closed 150 of its 900 stores
and laid off 20% of its corporate staff. (See “Bed Bath
& Beyond CFO was implicated in insider trading and
fraud scheme days before death, court docs show,”
by Oliver O’Connell, The Independent, Sept. 5, 2022,
tinyurl.com/37pp6hk4.)
the stock prices of the deli’s parent company Hometown Interna-
tional and another company, E-Waste Corp, through manipula-
tive trading. Hometown’s stock prices rose 939% and E-Waste’s
rose 19,900%, raising Hometown’s market value to $123 million
even though its sole asset was a deli. (See “Owners of a small
deli are charged with fraud for valuing business at $100 million,”
by Matt Adams, NPR, National News, Sept. 28, 2022, tinyurl.
com/3bpyy6cn and “$100 million New Jersey deli scheme leads
to U.S. fraud charges,” by Jonathan Stempel, Reuters, Sept. 26,
2022, tinyurl.com/2p9aex9j.)
‘Gucci Master’ of none
Nigerian Instagram influencer, Ramon Abbas, aka the “Billionaire
Gucci Master” or Hushpuppi to his followers, was sentenced to
11 years in prison in the U.S. for committing wire fraud, money
laundering and identity theft. The assistant director of the Los
Angeles FBI office, Kristi K. Johnson, said he was “among the
most high-profile money launderers in the world.”
Abbas made his claim to fame bragging on social media

The pastrami wasn’t amazing
In September, the owners of a tiny deli in New Jersey
were charged with securities fraud for falsely valuing
their business at more than $100 million. In a letter
to clients, investor David Einhorn noted the deli
had generated less than $40,000 in sales but had a
market cap of $113 million. “The pastrami must be
amazing,” he joked.
According to prosecutors, the owners of Home-
town Deli, James Patten, Peter Coker Sr. and Peter
Coker Jr., had been conspiring since 2014 to inflate
about his wealth. But his riches weren’t won through an hon-
est day’s work. Instead, Abbas accumulated his wealth through
business email compromise (BEC) scams. The FBI also believes
he facilitated large-scale transactions for North Korea, including
a scheme in 2019 to launder $13 million stolen by North Korean
hackers from a bank in Malta. The Gucci Master’s scams amount-
ed to more than $24 million in losses. (See “Hushpuppi: Notori-
ous Nigerian fraudster jailed for 11 years in US,” BBC News, Nov.
8, 2022, tinyurl.com/5n8sbrtv and “‘He Got Burnt’: How One of
Instagram’s Biggest Fraudsters Was Brought Down,” by Charlotte
Lytton, Vice, Nov. 8, 2022, tinyurl.com/yfd8ad2h.)

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 55

 5 MOST SCANDALOUS FRAUDS OF 2022

0 5 / C h i n a’ s
banking scandal

In April, customers of several small banks in

rural Central China with deposits worth at
least $1.5 billion, found their accounts frozen
and were unable to access their funds. The
scandal sparked rare protests, put a spotlight
on loose banking regulations and ignited what
some described as China’s biggest-ever bank
fraud probe. (See “China probes officials, re-
pays more depositors in Henan bank scandal,”
Reuters, July 29, 2022, tinyurl.com/4vdnnd29.)
Bank officials claimed internal updates
were blocking access to funds, but custom-
ers later realized that their plight was due to
financial shenanigans perpetrated by Lv Yi, a
former official of a banking group, who also
happened to be the alleged head of a crimi-
nal gang. The gang allegedly colluded with
bank employees to steal about 40 billion yuan
($5.9 billion) in deposits and investments.
They used online platforms to entice deposi-
tors with promises of high interest rates and
created fake lending agreements to transfer
money. Yi allegedly used the money to invest
in financial institutions, leveraging shell
companies as collateral. In August, Chinese
police arrested 234 people allegedly con-
nected to the gang. (See “China’s cash crisis
culprit named by police, said to have run
powerful criminal gang since 2011,” by Luna
Sun and Amanda Lee, South China Morn-
ing Post, July 11, 2022, tinyurl.com/2p99j9j9;
“China’s rural bank scandal has $300 bln tail
risk,” by Yawen Chen, Reuters, July 12, 2022,
tinyurl.com/3cbstj46; and “China arrests

56 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

“The most important take-
away from the scandal is the
failure of the regulatory
system to properly implement
regulations.”
hundreds in rural banking scandal,” by Nectar Gan, CNN, Aug.
30, 2022, tinyurl.com/4te2nwhv.)
In July, over 1,000 depositors, seeking to get their money,
gathered in protest outside the central bank in Zhengzhou.
Demonstrations soon turned violent when plainclothes police
officers forcibly dispersed depositors from the scene. Chinese
banking regulators now are refunding depositors to quell un-
rest. (See “China arrests hundreds in rural banking scandal,”
tinyurl.com/4te2nwhv.)
“The most important takeaway from the scandal is the
failure of the regulatory system to properly implement regu-
lations,” Martin Chorzempa, a senior fellow at the Peterson
Institute for International Economics, told Bloomberg Business
Week in an Aug. 29, 2022, report. (See “An Epic Bank Scandal
05
FRAUD-MAGAZINE.COM
in China Adds to Social Tensions Over Finance,” Bloomberg,
tinyurl.com/yc7tw8z3.)
While the fraud only affected about 400,000 customers
out of a nation of 1.4 billion people, rural banks comprise about
one-quarter of China’s banking industry. That makes these
types of financial institutions a potential hotspot for broader
systemic risks and worthy of regulatory scrutiny. Indeed, the
scammers allegedly circumvented rules that prohibited rural
banks from soliciting new depositors outside their regions
by marketing online across the country. Their complicated
ownership structures also make them a prime spot for corrup-
tion, according to a report by CNN. (See “An Epic Bank Scandal
in China Adds to Social Tensions Over Finance,” Bloomberg,
tinyurl.com/yc7tw8z3 and “Small banks in China are running
into trouble. Savers could lose everything,” by Laura He, CNN
Business, June 24, 2022, tinyurl.com/mv3kdajt.) /05
Jennifer Liebman is assistant editor for Fraud Magazine.
Contact her at jliebman@ACFE.com.
Anna Brahce is editorial assistant for Fraud Magazine.
Contact her at abrahce@ACFE.com.
most
SCANDALOUS
fraud cases
of 2 0 2 2
JANUARY/FEBRUARY 2023 FRAUD MAGAZINE 57
 CASE IN POINT Case history applications

BETTER TOGETHER
Sometimes departments within organizations can have tunnel vision, which can be
fatal for fraud investigations. Here the author looks at how a money-laundering probe at
one financial institution revealed the flaws in its siloed approach and how working together
makes all the difference.

W
hen sailing, mariners
must always know the
wind’s direction and
mind their points of sail — a boat’s
course relative to the wind. Sails can’t
catch the wind in what is known as the
no-go zone, approximately 45 degrees on
either side of the wind’s direction. But
sailing close-hauled, or as close to the
wind as possible, mobilizes sails. (See
“What is Sailing Close to the Wind?”
Life of Sailing, tinyurl.com/2m2mnvpr.)
Indeed, sailing requires working with
the wind to move ahead. Managing
fraud risk and investigations is a similar
process: Just as the mariner works with
the wind, collaboration among teams
of experts is the best way to propel
forward. When people come together
and share their expertise, they can truly
succeed.
My team and I learned the impor-
tance of collaboration when we worked
on a money-laundering probe at my
former employer, a financial institu-
tion. The investigation revealed gaps
in my organization’s processes and A case of money laundering similar troubling trends associated
controls, but perhaps more important, Someone had been wiring millions of with the same account through the
it redefined how we operated and man- U.S. dollars to different accounts outside company’s alert management system.
aged cases. Ultimately, we were able to the country without the appropriate We’d both spotted significant issues but
do right by our customers, sharehold- approvals from the account owner. And had failed to share the information with
ers, peer banks and regulators because as an investigator, I identified suspi- each other.
we decided to work together. We also cious patterns in the transactions, which This proved to be just one of many
strengthened our organization’s fraud- the anti-money laundering (AML) unit instances in the investigation that
fighting efforts after breaking down had reviewed. But, unbeknownst to me, showed how vital information went un-
the siloes we worked in. Here’s what our fraud-risk analyst, who worked in a noticed among teams that are trained
happened. different department, had also spotted to spot fraud and money laundering in

58 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

different ways but for whatever reason
decided not to communicate their find-
ings across the organization.
Another blind spot revolved
around so-called threshold triggers.
Depending on the risk profile of the
customer, banks will raise red flags if
transaction sizes hit or exceed certain
thresholds. The client under suspicion
was receiving 157,000 Emirati dirham
every other day — about $43,000 at
the current exchange rate. But that
failed to alert the analyst who based his
threshold trigger on single-day trans-
actions. Velocity and volume reports,
which measure the pace of transactions
and the amounts over a longer period,
would’ve told a different story and alert-
ed us to potential suspicious activity.
We could’ve then contacted the client
for clarification and raised suspicious
reports if we received an unsatisfactory
response.
Suspicious internet banking activi-
ty also wasn’t immediately flagged. The
client failed to report that someone had
debited his account from abroad. This
was strange as the client would have
received a text message on his mobile
phone confirming this kind of activity.
The account owner told us he was in
the country when the transactions were
made, but it wasn’t until later that our
investigation revealed he’d shared his
credentials with other parties.
That someone with an IP address
from another country was wiring funds
from the account should’ve raised red
flags, especially if the account owner
had been banking on the internet just
a few hours earlier. This was clearly
suspicious and, as we found out later,
indicated that he’d been sharing his
credentials. The national origin of these
types of communications are impor-
tant indicators in cases like this, not to
COLUMNIST
RAINA VERMA, CFE
INTERNAL AUDIT AND
FRAUD RISK MANAGEMENT
PROFESSIONAL
When people come
together and share
their expertise, they
can truly succeed.
mention the correct matching of static
and dynamic data. Static data refers to
information that doesn’t change, such
as date of birth, nationality and past
education. Dynamic data, on the other
hand, may eventually change such as
passport number (upon expiry), visa
residency number, current residence
and place of work, etc.
Indeed, this case raised red flags
galore across our organization such as
the suspicious usage of the internet-
banking account, odd transaction
volumes, and how the customer’s risk
category did not align with behavior
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
he displayed when using the account.
But this information was dispersed
across separate units in the company,
and no one had shared what they knew
or connected the dots. That is until our
investigation revealed that the account
was being used for money laundering.
I feared our organization would
suffer unless we radically revised our
policies and procedures. Our inves-
tigation of the account holder lasted
for more than a year, even with im-
mense support from regulators and law
enforcement. And while our internal
process needed a facelift and created
obstacles, we eventually proved that
the clear intent for opening this ac-
count with us was to defraud millions
and hide the origin of wired funds. We
quickly flagged this to regulators. And
with possible litigation threats looming
over our organization, I immediately
devised a plan to engage with our in-
house legal counsel, law enforcement,
regulators and our corporate lawyers.
Thankfully the blind spots we
discovered in our internal controls pre-
sented an opportunity to revamp our
systems to better serve our customers,
improve employee training and aware-
ness, and fine-tune working relations
with regulators and law enforcement.
Here are some of the lessons we learned
about collaboration.
Breaking down siloes
Fraud-risk managers and AML experts
approach investigations with differ-
ent perspectives. But both skill sets
go hand-in-hand, and regulators see
them as critical functions at financial
institutions. Each group may garner
information that the other could use,
and together they’re more likely to see
an entire scheme taking placing under
their noses. With collaboration, we can
FRAUD MAGAZINE 59
 CASE IN POINT Case history applications
avoid overlapping reports as occurred
above, and help anti-fraud and AML
teams build on what’s already known
about a customer profile.
To ensure that they’re adequately
covering the AML and fraud-risk
ground, organizations should maintain
separate transaction-monitoring sys-
tems but educate the different teams on
how to identify the red flags that each
team seeks.
If an AML analyst reviews an alert
and doesn’t find anything suspicious
from an AML perspective, they should
pass those alerts along to a fraud risk
analyst for their review. This informa-
tion sharing enables the fraud inves-
tigation team to dig deeper into the
matter. While financial crimes analysts
cut their teeth in a wholly different area
of expertise, sharing their informa-
tion can also greatly aid in AML and
terrorist-financing investigations. In
our case, it was clear that there had
been no collaboration between the AML
and fraud team, each keeping alerts and
reviews within their respective units.
Leveraging in-house data
It’s important to leverage readily avail-
able in-house data. Some companies
often think that hiring a data analyst to
create reports is enough. But it’s often
better to bring in a financial crimes
analyst with the skills to review reports
60 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
Fraudsters know that the keys to success
are collaboration and sharing information,
so fraud examiners must pool their resources
and work together to fight back.
and identify whether it’s necessary to in-
vestigate further or escalate a suspicious
activity report (SAR) to regulators.
Remember that financial institu-
tions use know-your-customer and
know-your-customer’s-customer
processes (KYC and KYCC) to monitor
transactions, and that this readily avail-
able data can be used to spot suspicious
cases and trade-based money launder-
ing triggers.
It’s also critical that organizations
reach out to regulators because infor-
mation sharing helps identify global
criminal infrastructures.
Identifying unusual relationships
in nonfinancial data using demograph-
ic details of employees, customers,
vendors, contract workers’ attendance
records, etc. is critical for any organiza-
tion in the race to curb bribery, corrup-
tion and the use of insider information.
Fraudsters work together, so
must fraud fighters
Fraud examiners must work collabora-
tively because that’s what fraudsters are
doing. ACFE’s Occupational Fraud 2022:
A Report to the Nations shows fraudsters
are increasingly working together and
successful because of it. Frauds involv-
ing two or more perpetrators comprised
58% of cases in 2022 versus 42% in 2012.
The median loss to fraud committed by
two or more perpetrators is $145,000
FRAUD-MAGAZINE.COM
compared to a $57,000 median loss
when fraudsters go solo. (See ACFE.
com/RTTN.)
Fraudsters know that the keys to
success are collaboration and sharing
information, so fraud examiners must
pool their resources and work together
to fight back. (See “Why fraud fighters
should team up for success,” by Nicho-
las White, BAI, Banking Strategies, Oct.
24, 2022, tinyurl.com/42yspae6.)
You can’t overreact and roll out a
fraud risk management program with-
out understanding what your business
requires — that’s like sailing directly
into the wind. However, finding the
right degree of wind is like finding your
degree of collaboration during a fraud
investigation. Collaboration ensures
that when fraud happens, the impact is
minimal. No fraud risk assessment or
any program can save an organization
alone but collaboration with stakehold-
ers can. n FM
Raina Verma, CFE, is an internal audit
and fraud risk management profes-
sional specializing in financial crimes
investigations, regulatory compliance
and anti-money laundering. Contact
her at Raina@windowslive.com.
Join more than 5,000 anti-fraud professionals gathering in Seattle and online.
Now in its 34th year, the ACFE Global Fraud Conference is the world’s largest
conference for fraud fighters looking to go beyond all limits.

Network with Earn more than Choose from Hear from

more than 30 NASBA CPE 90+ EDUCATIONAL 100+ INSPIRATIONAL
5,000 by attending live SESSIONS. SPEAKERS in the
ATTENDEES. sessions and watching fraud-fighting industry.
on-demand recordings.

Register now at
FRAUDCONFERENCE.COM
 CAREER CONNECTION
‘THE DEVIL MADE ME DO IT’ AND OTHER UNETHICAL
BEHAVIOR RATIONALIZATIONS
When it comes to unethical behavior, people have a knack for rationalizing (one leg of the Fraud Triangle)
to try to justify their actions. Whether it’s “the devil made me do it” or “everyone else is doing it,” there’s
always an explanation, based on some form of self-interest, for why someone did something they shouldn’t
have or acted in a way contrary to their nature.
G
rowing up, we all tried at some
point or another to squirm our
way out of being accountable
for something we shouldn’t have done or
said. (I admit to throwing my little broth-
er under the bus a couple of times, but
my parents were wise to that approach.)
We spun the facts or rationalized our
action to avoid punitive measures; in
short, we wanted to preserve our stand-
ing in the family unit and stay in Mom
and Dad’s good graces. But alas, many
of us suffered some parental wrath as a
consequence for our behavior — and the
fictitious tales we told to rationalize it.
Our parents knew something we kids
didn’t fully appreciate: Rationalization
allows us to wander further away on
the far side of truth. As adults gaining
experience in our respective professions,
we learn about compliance and eth-
ics, but we also add to our repertoire of
rationalizations.
Rationalizations and
entrepreneurship
Entrepreneurship encourages founders
to be persistent evangelists and wheeler-
dealers for their fledgling enterprises.
They have a lot to lose and must continu-
ally be on their “game” to woo venture
capitalists, entice employees from other
companies to come work for them, and
win over skeptical market analysts. How-
ever, such a system conceals the treach-
erous waters that lure all who enter.
Back in the late 1990s, I worked
at several high-tech startups, where I
regularly witnessed instances of unethi-
cal — and even illegal — actions. In one
62 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
Building your professional future
COLUMNIST
DONN LEVIE JR., CFE
LEADERSHIP CONSULTANT
company, the founders were golfing
friends and fraternity brothers who
would rationalize their actions to keep
up the steady cash flow from venture
capitalists. The founders were enthusias-
tic yarn spinners, painting vivid imagery
of what the future could look like after
their product launched in the market-
place in a few years. They were experts
at dismissing objections with a smile, a
half-truth and a rationalization.
But soon reality set in, replacing the
hype after yet another scheduled delay,
another request for additional funding
and another round of layoffs.
Role of egocentric bias in
rationalization
Entrepreneurship isn’t entirely to blame.
People behave in ways that favor their
self-interest due in part to egocentric
bias (the tendency to believe that one’s
own opinion is the correct one). Egocen-
tric bias occurs when people allow their
personal perspectives to distort their
judgment of a situation. Entrepreneurial
pursuits are just one area where this bias
plays out.
Joseph Palmar, CFE, CEO of Palmar
Forensics, tells Fraud Magazine that
he’s encountered three reasons why
people don’t act and rationalize reasons
for not taking preemptive or proactive
steps. First, they’re comfortable with
FRAUD-MAGAZINE.COM
inaction or a lack of urgency. Second,
they don’t want to admit to a problem,
so they rationalize with an “out of sight,
out of mind” mentality. Third, they fall
into the Dunning-Kruger Effect, which
is a cognitive bias whereby their initial
confidence exceeds their competence.
(See “Why can we not perceive our own
abilities? The Dunning–Kruger Effect,
explained,” The Decision Lab, tinyurl.
com/bddnbssm.)
Palmar’s insights show how people
resort to self-preservation behavior,
which is an innate desire to keep oneself
safe and out of harm’s way. It’s a power-
ful motivator that can lead people to do
or say things they otherwise wouldn’t so
as to preserve their physical, emotional
or psychological safety. Self-preservation
can lead to unethical rationalizations,
as individuals try to justify their own
actions or decisions while overlooking
(or being willfully blind to) the potential
harm they could cause.
Everyone uses rationalizations
every day
Who are the rationalizers among us? To
quote the comic strip “Pogo”: “We have
met the enemy and he is us.” If you’ve
ever had to defend yourself against
feelings of guilt or protect yourself
from criticism for something you did
or said, you’re probably a rationalizer.
Even if “things all worked out in the
end anyway,” you’re using consequen-
tialism (the theory that says that the
consequences of your actions determine
whether they’re good or bad) to rational-
ize a positive result from a questionable
ethical action. If you’re a philanthropist
who supports several charities, but the
press has called you out for having an
extravagant lifestyle, you may have to
rationalize your position to assuage any
inner emotional conflict.
This behavior bias is known as the
licensing effect, which involves someone
rationalizing bad behavior after doing
something good. It’s an unconscious
decision that can often go against one’s
best interests in both personal and pro-
fessional situations. (See “Licensing ef-
fect in consumer choice,” by Uzma Khan
and Ravi Dhar, Journal of Marketing Re-
search, 2006, tinyurl.com/vt69uj3n and
“Licensing effect,” behavioraleconomics.
com, tinyurl.com/ys2ae375.)
Slippery slope of
rationalizations
In business, rationalization is a way of
looking at an opportunity, position or
proposal to make it appear more logical
or defensible, even if it isn’t. Rationaliza-
tions can produce inaccurate assertions
and ultimately lead to bad decisions. A
project that uses minor but questionable
rationalizations to receive “go-ahead”
approvals or funding may escalate into
more convoluted activities of a prob-
lematic moral and ethical nature (up to
and including fraud) to keep the project
moving forward — until it finally doesn’t
and slides down the slippery slope of
disaster.
As I’ve seen in my corporate and
startup experiences, if the organization-
al culture tolerates unethical behavior,
it’s more likely to become worse. If the
organizational climate supports ethical
values, it’s less likely to become worse.
Psychotherapist Dr. Michael Hurd
precisely conveys the deception be-
hind rationalizations: “The rationalizer
doesn’t merely dodge facts and logic.
He subverts them by pretending to be
paying attention to them, when in fact
he’s evading them. That’s how an ‘oth-
erwise reasonable’ person manages to
avoid facts while disguising this evasion
as intelligent and sensible.” (See “The
Slippery Slope of Rationalization,” by Dr.
Michael Hurd, Nov. 22, 2011, at Drhurd.
com, tinyurl.com/2yvynu2m.)
Unpacking the psychology of
‘the devil made me do it’
When trying to explain away our un-
ethical or immoral behavior, “the devil
made me do it” is a funny go-to excuse
made famous by comedian Flip Wil-
son. But what does this saying actually
mean? And what does it say about our
psychology?
“The devil made me do it” ratio-
nalization is how people try to absolve
themselves of responsibility for their
actions. They didn’t want to do some-
thing, so they attribute their actions to
some outside force that made them do
it. If someone believes that they aren’t
responsible for their actions, then they
don’t have to face the fact that they did
something wrong. But the saying also
reveals something about human nature
and even how our brains work in tricky
circumstances.
The brain’s role in
rationalization
Rationalization is the brain’s way of try-
ing to reduce the discomfort of cognitive
dissonance, which is a disagreeable emo-
tional state brought about by a conflict
between one’s actions and desires. (See
chart “Eight types of rationalized corrup-
tion” on page 64 and “On the motivation-
al nature of cognitive dissonance: Dis-
sonance as psychological discomfort,”
by A.J. Elliot and P.G. Devine, Journal of
Personality and Social Psychology, 1994,
tinyurl.com/569cn6c5.) Cognitive
dissonance experiments can measure
before-and-after attitude changes ac-
companying rationalizations but can’t
uncover the processes that kick-start
those changes.
When a decision is unchange-
able, or presents challenges, adjusting
attitudes to feel comfortable with the
decision can reduce cognitive disso-
nance. For instance, people will often
favor the choice they have made after
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
struggling between two options that
had previously seemed equally at-
tractive. A 2011 functional magnetic
resonance imaging (fMRI) study revealed
that certain portions of the brain were
associated with later decision-related
attitude changes. A few of these results
suggest that rationalizations linked
with decision-making may be engaged
instantaneously with those decisions.
(See “The neural basis of rationalization:
cognitive dissonance reduction during
decision-making,” by Johanna M. Jarcho,
Elliot T. Berkman and Matthew D. Li-
eberman, Social Cognitive and Affective
Neuroscience, Vol. 6, Issue 4, September
2011, tinyurl.com/5n7c52ad and “The
neural basis of rationalization: cognitive
dissonance reduction during decision-
making,” in Social Cognitive and Affec-
tive Neuroscience, by Johanna Jarcho,
Elliot Berkman and Matthew Lieberman,
September 2011, tinyurl.com/2p9fk73b.)
Tangled web of
bounded ethicality
The concept of bounded ethicality
explains how predictable organizational
and environmental pressures as well as
psychological forces can entice people
to abandon their own ethical goals and
behavior in favor of deferential, morally
suspect behavior that contradicts their
values. (See “Bounded Ethicality,” The
University of Texas McCombs School of
Business, tinyurl.com/chy97knn.)
Fixed perceptual, cognitive and
social cognitive processes (egocentric
bias) may lead to decision-making er-
rors. Most leaders try to convey a stable
self-image that’s confident, worthy and
strong; which, in turn, conveys a percep-
tion of them being less prone to ethical
challenges. But a leader with a strong
egocentric bias is likely to believe they’re
immune to the negative consequences of
their questionable decisions or behav-
iors. And this attitude makes it more dif-
ficult for an organization and its leaders
to identify and address actual ethical or
moral conflicts.
FRAUD MAGAZINE 63
 CAREER CONNECTION
Bounded ethicality is inherent to
many organizational structures in the
public and private sectors, and perhaps
none more so than in the field of entre-
preneurship, as previously explained.
Situational ethics
rationalization: ‘It depends …’
People who behave in a manner in con-
flict with their character or lifestyle may
be operating on the principal of situ-
ational ethics, wherein individuals are
free to make choices that align with their
own circumstances. Situational ethics
contends that the context of an issue
should determine the morality, rather
than deferring to a comprehensive moral
code for all situations. This more flexible
approach to ethics arguably can create
fertile ground for justifications to green-
light behavioral ills that absolve propo-
nents from personal accountability. (See
“Situation ethics,” BBC, Ethics guide,
tinyurl.com/2ws9n7sy.)
Critics say the problem with
situational ethics lies with individuals
who can’t make meaningful choices.
Instead, they rely on mitigating factors
like convenience, efficiency or facing a
“no-win scenario” in an “ends justify the
means” approach, rather than relying
on established ethical concepts and
personal standards of accountability and
responsibility.
Eight types of rationalized corruption
1. Rationalization of responsibility.
Escaping blame by denying personal
responsibility.
2. Legality and legal ignorance. Justify-
ing unethical behavior with legal tech-
nicality (“If it’s not illegal, it’s OK”).
3. Minimizing or misconstruing conse-
quences. Denial of injury (“no harm,
no foul”) or denial of victim (victim
consented to action).
4. Social weighing and comparison.
Finding examples of others who are
more corrupt to moderate the weight
of one’s own corruption.
Source: Donn LeVie Jr.
Building your professional future
Emerging field of
behavioral ethics
Research into the emerging field of be-
havioral ethics (including cognitive and
behavioral psychology, and evolutionary
biology) reveals something we already
knew: People are not completely ratio-
nal. Most ethical decisions are intuitive,
by virtue of feeling; they rarely have the
luxury of resulting from methodical
analysis. Usually, someone who makes a
morally questionable decision has con-
scious and subconscious influences at
play, including self-serving bias and the
pressure to conform, as well as the situ-
ational factor. (See “Ethics Unwrapped:
Behavioral Ethics,” The University of
Texas McCombs School of Business,
tinyurl.com/373p7mk3.)
When people engage in post hoc
moral rationalizations, they may be
more likely to engage in additional
unethical behaviors. This is especially
true for people who attach less impor-
tance to morality for their personal
identity. These “low moral identifiers”
may even increase the intensity level
of their unethical behavior over time.
“High moral identifiers,” on the other
hand, are less likely to follow this path.
(See “Moral Rationalization Contributes
More Strongly to Escalation of Unethical
Behavior Among Low Moral Identifiers
01
08 02
8 Types of
07 Rationalized 03
Corruption
06 04
05
Than Among High Moral Identifiers,”
by Laetitia B. Mulder and Eric van Dijk,
in Frontiers in Psychology, Jan. 8, 2020,
tinyurl.com/37zmumf4.)
Damage done by rationalizing
unethical behavior
It’s easy to rationalize unethical behav-
ior. We tell ourselves that it’s not really
that bad, or that everyone does it, or that
we’ll make up for it later. But the truth
is, rationalizing unethical behavior can
damage business opportunities, careers,
relationships, and a sense of self. It can
erode our integrity and damage our
reputation. It can also dull our sense of
responsibility for wrongful actions, and
lead to more serious problems, includ-
ing a variety of fraudulent actions and
consequences. ■ FM
Donn LeVie Jr., CFE, is a Fraud Magazine
staff writer and a presenter and leader-
ship positioning/influence strategist at
ACFE Global Fraud Conferences since 2010.
He’s president of Donn LeVie Jr. STRATE-
GIES, LLC, where he speaks, writes, and
leads programs that enhance leader-
ship performance, increase executive
influence, and cultivate deeper strategic
connections. His website is donnleviejr-
strategies.com. Contact him at donn@
donnleviejrstrategies.com.
5. Redemption of corrupt activities. Jus-
tifying unavoidable corrupt behavior for
positive business outcome (“ends justify
the means”).
6. Entitlement. One is entitled to corrupt ac-
tions because one feels “owed” or feels less
culpable than others (“Others have done
worse…”).
7. Appeal to higher loyalties. Claiming a
higher moral purpose (“It was for a good
cause…”).
8. Rationalization of intent. The claim that
one intends to pay back or fix the corrupt
action or using euphemisms to soften the
nature of the act (“borrowing, not stealing”).
 ACFE NEWS
CFEs have the edge in pay, high work satisfaction,
2022 Compensation Guide shows
Certified Fraud Examiners (CFEs) earn
17% more than their non-certified coun-
terparts, and 62% report being happy
on the job. These are just a few of the in-
sights from the Association of Certified
Fraud Examiner’s (ACFE) 2022 Compen-
sation Guide for Anti-Fraud Professionals,
which also revealed a slow trend toward
gender diversity in the anti-fraud pro-
fession and changing workplace habits
since the COVID-19 pandemic. (See
ACFE.com/CompGuide.)
“The CFE credential can help dis-
tinguish anti-fraud professionals from
their colleagues and represents a 17%
premium, when withholding for key
factors like geography, professional role
and experience,” says ACFE Vice Presi-
dent of Membership Ross Pry, CFE.
The guide, using data from 5,040
fraud examiners from across the globe,
shows that CFEs make more than their
non-certified peers no matter where
they are. CFEs in Latin America and
the Caribbean outearn non-certified
counterparts by 34%, while CFEs in the
Middle East and North Africa are paid
21% more than non-CFEs in those coun-
tries. North American CFEs earn 12%
more, and European and Sub-Sahara
African CFEs earn 8% and 9% more,
respectively. CFEs in Asia earn 1% more
than non-CFEs.
North American fraud examin-
ers have the highest median salary at
$106,000, followed by European fraud
examiners at $91,991. Middle Eastern
and North African examiners’ median
salary is $65,036, and in Latin Amer-
ica and the Caribbean the median is
$62,413. Asian and Sub-Saharan African
fraud examiners round out the list at
$51,346 and $34,356, respectively.
ACFE members can delve deeper
into the data and create their own
compensation reports with the ACFE
Salary Calculator at ACFE.com/Comp-
Guide, using categories such as job
function, education, industry, years of
experience, and age and gender.
Evolving and diversifying
The guide provides a status update on
the field and presents a profession that’s
diversifying, growing and adjusting to
the pandemic. Here are some notable
results.
Signaling an increasingly global
network, over 52% of survey respon-
dents were outside the U.S., exceed-
ing the number of non-U.S. respon-
dents in the 2020 guide. (See tinyurl.
com/2zeesbzc.) The profession is also
seeing more gender diversity, although
that trend has stalled over the last few
years. In the 2013/2014 Compensation
Guide, the breakdown was 65% male
and 35% female; however, in 2020
it was 60/40. The 2022 guide nearly
matches that split at 62/38. And the
COVID-19 pandemic generated major
change for anti-fraud professionals.
Now, 91% of respondents say they’re
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
CFEs earn
17% more
than their
non-certified
counterparts.
mostly fighting fraud from home. In
2019, less than 20% of CFEs worked
mostly remote, according to the 2020
Compensation Guide.
Like many professionals, fraud
examiners experience on-the-job stress,
rating their jobs either Somewhat High
Stress (39.5%) or Very High Stress
(16.7%). But 62% gave the profession
high marks. And many find personal
fulfillment fighting fraud, rating it
Somewhat High (38.9%) or Very High
(23.1%). But Pry has a warning for
employers:
“When participants were asked
about their professional plans, it was
nearly a 50/50 split with respondents
saying they plan to stay with their cur-
rent organization for the next two years
and those saying they plan to leave in
the next two years.”
acfe board of regents
expels member
The ACFE Board of Regents has revoked
the CFE credential of Paul Doran, of
London, U.K., and permanently expelled
him from the ACFE. This decision was
based on Doran falsely holding himself
out as a CFE and providing a false docu-
ment to support that status.
Reporting disciplinary cases
If you believe an ACFE member has vio-
lated the ACFE’s rules of conduct, report
directly to the ACFE Legal Department,
Legal@ACFE.com. The ACFE also main-
tains an anonymous hotline. For more
information, visit ACFE.com/standards.
FRAUD MAGAZINE 65
 TAKING BACK THE ID
FAKE GEEK SQUAD SCAMS AND WHAT TO DO
IF YOU FALL VICTIM TO CREDIT CARD FRAUD
Need help to fix your broken computer? Beware of geeks bearing gifts. They
could be fake technicians who want to access your laptop remotely pretending to
work for reputable companies. Here’s some advice to avoid these types of scams.
K
erry Binder thought of herself
as a real computer jock. When
she had a problem with her
computer that she couldn’t solve, she
contacted the Geek Squad, retailer Best
Buy’s tech support service, for help. One
day she received a text message saying
she’d been charged hundreds of dollars
to renew her Geek Squad member-
ship. She knew nothing about this and
thought that this was an error. The
text message said Binder could dispute
the charge or cancel her membership
by calling a phone number within 24
hours. When she made the call, a scam-
mer told her that he had to gain remote
access to her computer to help her.
When he’d finished rummaging around
in her computer, he told her that he’d
corrected the error and apologized for
the mistake.
A week later, Kerry found that her
bank account had a zero balance. A bank
employee told her that when she gave
the scammer remote access to her com-
puter, he probably installed a spyware
program that stole her bank account
information.
This case is fictional, but represents
this recent scam posted on the Federal
Trade Commission (FTC) website. (See
“How to recognize a fake Geek Squad
renewal scam,” by Alvaro Puig, FTC, Oct.
25, 2022, tinyurl.com/tvcptyxc.)
Puig, the author of the FTC article,
offers the following advice:
• If you think the message is legitimate,
contact the company in question us-
ing a phone number you know is real.
66 FRAUD MAGAZINE JANUARY/FEBRUARY 2023
Identity theft and cybersecurity analysis
COLUMNIST
ROBERT E. HOLTFRETER,
PH.D., CFE
DISTINGUISHED PROFESSOR
OF ACCOUNTING AND RESEARCH
Don’t use the number included in the
message.
• If you see an unauthorized transaction
on your credit card or in your bank
account, ask the credit card company
or bank to reverse it and give you back
your money.
• Report it or any other scam to the FTC
at ReportFraud.ftc.gov.
• Also, if you paid a scammer or gave
them personally identifiable informa-
tion (PII) or access to your computer,
read the helpful advice in my Novem-
ber/December 2022 Fraud Magazine
column, “Inheritance scam, improv-
ing cybersecurity protection and
what to do if you get scammed,” to
help resolve these issues. (See tinyurl.
com/2rtpm9n3.)
Credit card fraud
Credit card fraud, a major and lucrative
scheme in the playbook of most iden-
tity thieves, consists of two types: new
account and existing account.
New account: An identity thief
opens a new credit card in your name
using stolen PII.
Existing account: An identity
thief uses your existing credit card after
stealing your credit card information or
purchasing it on the dark web.
According to the FTC’s 2021 Con-
sumer Sentinel Network Data Book, out
FRAUD-MAGAZINE.COM
of the record 7 million reported cases of
identity theft, credit card fraud ranked
second with nearly 390,000 cases. New
account credit card fraud accounted
for 363,092 of these cases, and existing
credit card fraud accounted for 32,204 of
them. (See tinyurl.com/m34ywy8x.) The
FTC offers the following explanations of
why new account fraud predominates:
• Existing account fraud has become
more difficult because advance credit-
card chip technology has made the
transaction process more secure, and
it’s now harder to counterfeit credit
cards. (See “How the EMV credit card
chip works and why it matters,” by
Lance Cothern, credit karma, July 26,
2022, tinyurl.com/mumufuk6.)
• Data breaches have exposed infor-
mation for hundreds of millions of
people. Identity thieves can use this
information for new account fraud.
• Fraudsters can more easily steal mon-
ey via new account fraud because con-
sumers don’t know the new accounts
in their names exist. Card issuers or
consumers may notice suspicious
activities on their existing accounts
and lock the cards to prevent possible
takeovers by identity thieves.
Assessing liabilities
Are you personally liable for any
fraudulent charges that show up on
your credit cards? According to the FTC,
your liability is limited, but it depends
on when you report the loss and the
type of card that has been charged. (See
“Lost or Stolen Credit, ATM, and Debit
Cards,” FTC, tinyurl.com/4aad4wp3.)
 The FTC says that according to fed-
eral law, the following applies:
• If you report your credit card’s loss
before someone uses it, you aren’t
responsible for any charges you didn’t
authorize.
• If you report your credit card’s loss
after someone uses it, the maximum
you might be responsible for is $50.
• If your account number is used but
your credit card isn’t lost or stolen,
you aren’t responsible for any charges
you didn’t authorize.
Getting help
What steps can you take if you’ve been
a victim of credit card fraud or loss?
Call — or get on the mobile app — and
report the loss or theft to the bank or
credit union that issued the card as
soon as possible. It’s important to act
fast. Check your statement or online
account for the right number to call.
Consider keeping the customer service
numbers for your bank or credit union
in your phone’s contacts, and keep
them up to date.
Follow up immediately in writ-
ing. Send a letter to the card issuer and
include your account number, the date
and time when you noticed something
was wrong and when you first reported
the loss. Keep a copy of your letter and
your notes from calls with the bank
or credit union. Keep checking your
account statements and call to report
fraudulent charges immediately. If
you wait, you may have to pay for the
charges or lose the money withdrawn
from your account.
You should also do the following:
• Check if your homeowner’s or
renter’s insurance covers you for
card thefts. If not, ask your insurance
company to include this protection in
your policy going forward.
• Check your credit reports. Get
copies of your free credit reports
to monitor for accounts or charges
you don’t recognize. (See tinyurl.
com/38v74fuv.) If you suspect identity
theft, visit IdentityTheft.gov to report
it and get a recovery plan.
To protect your account information,
do the following:
• Don’t share your account informa-
tion. Don’t give your account number
over the phone unless you made the
call — and know why you need to
share it. Never leave your account
information out in the open.
• Protect your accounts by using
multifactor authentication, when
available. Some accounts offer extra
security by requiring two or more cre-
dentials to log into your account. This
is called multifactor authentication
— a security practice that makes it
harder for scammers to log in to your
accounts if they get your username
and password. (See “Protect Your
Personal Information and Data,” FTC,
tinyurl.com/57jkr7rb.) To log in to
your account, you’d need either a pass-
code you get via text message or an
authentication app, or a scan of your
fingerprint, your retina or your face.
• Keep an eye on your accounts.
Regularly check your account activity,
especially if you bank online.
• Promptly open your credit cards’
monthly statements. Compare the
current balance and charges on your
account with your receipts. Report any
charges you don’t recognize as soon as
you discover them.
• Keep your cards, PINs, receipts and
deposit slips safe. Dispose of them
carefully. Carry only the cards you’ll
need.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
• Cut up old cards. Be sure to cut
through the account number, the
magnetic strip on the back and the
security code before you throw the
pieces away in separate bags. If your
card has a chip, it may be difficult
to cut. You may want to destroy the
chip by smashing it into pieces with a
hammer.
I’m here to help
Please use information about these
scams in your outreach programs and
among your family members, friends
and co-workers.
As part of my outreach program,
please contact me if you have any ques-
tions on identity theft or cyber-related
issues that you need help with or if you’d
like me to research a scam and possibly
include details in future columns or as
feature articles.
I don’t have all the answers, but I’ll
do my best to help. I might not get back
to you immediately, but I’ll reply. Stay
tuned! ■ FM
Robert E. Holtfreter, Ph.D., CFE, is
a distinguished professor of account-
ing and research at a university in the
U.S. Northwest. He’s a member of the
Accounting Council for the Gerson
Lehrman Group, a research consult-
ing organization, and a member of the
White Collar Crime Research Consor-
tium Advisory Council. He’s also the
vice president of the ACFE’s Pacific
Northwest Chapter and serves on the
ACFE Advisory Council and the Edito-
rial Advisory Committee. Holtfreter was
the recipient of the Hubbard Award for
the best Fraud Magazine feature article
in 2016. Contact him at doctorh007@
gmail.com.
FRAUD MAGAZINE 67
 I’M A CFE
Kathryn Wilson, CFE
Senior manager, government and
public sector, CohnReznick LLP

Kathryn Wilson, CFE, learned in high school that accounting encompasses so much
more than crunching numbers — it’s also about following the money. And accounting
isn’t just a job for Wilson, who conducts risk assessments and devises ways to prevent
fraud as a senior manager in CohnReznick’s government and public-sector group; it’s
also a family affair with her two brothers and late grandfather in the profession.
Interview by Jennifer Liebman

I was born in Indiana but raised in
Western Pennsylvania. I now live in
Northern Virginia with my husband,
daughter and three fur babies: a
tabby cat, miniature dachshund
and Great Dane. (I’m a huge
“Scooby-Doo” fan.)  crunching that interested me as
I’m the oldest of four children,
so I always had a buddy to play
with. My parents encouraged us to
be active, and my favorite activi-
ties included cheerleading, tennis,
archery, swimming, horseback
riding and reading. On nice days,
you’d see me reading a mystery
or a “Betty and Veronica” comic in
the tree outside my window or on
the porch swing. I absolutely loved
reading “Choose Your Own Adven-
ture” books, “The Boxcar Children,”
“Nancy Drew” and Agatha Christie
mysteries.
I wanted to be an actress, pastor,
private detective, archaeologist,
teacher and a lawyer. But a high
school accounting course with an
amazing teacher sold me on the
profession. It wasn’t the number
much as the challenge of following
the money. It’s also a profession
I share with my two brothers and
late grandfather, who was an ac-
countant for General Electric.
I’m currently a senior manager
in CohnReznick LLP’s govern-
ment and public sector advisory
group, leading the company’s
growth in anti-fraud, waste and
abuse services. Additionally, I lead
a team of hard-working, talented
individuals to support one of our
government clients. We conduct
risk assessments, identify and
implement internal controls, and
establish policies and procedures
to mitigate fraud, waste and abuse.
Even though we don’t inves-
tigate fraud, we consider control
weaknesses that allow fraud to oc-
cur and identify areas that require
remediation. There’s always a
lesson to learn about what fraud-
sters can do and how to apply that
knowledge to future audits and risk
assessments.
My interest in fraud started with
my passion for solving “myster-
ies” and bringing justice to those
who’ve been victimized. You
might’ve guessed from the careers
I considered and the books I en-
joyed growing up that I’m a fan of a
good mystery.

68 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM

 Being a CFE has also changed my mindset in every aspect
of work. Not a day goes by that I’m not thinking about fraud
risks. I even apply my CFE knowledge outside of work, such
as watching reality TV and calling out characters who are lying
because I can read their body language. It stays with you.
Pay attention to details and docu-
ment, document, document! When
it comes to documentation, it’s
important to capture exactly what
you learned and what you found to
be reasonable or unreasonable and
explain why so that someone read-
ing your report for the first time will
understand what happened.
Fraud prevention and strong
internal controls are key. In my
experience, many agencies are
only focused on the latest tools for
detecting fraud after the damage
is done. It’s our duty as CFEs to
educate about fraud risks, internal
controls and prevention. I often hear
about programs in which only one
person is handling transactions with
little support documentation and
minimal review of internal controls
or appropriate reconciliations.
If there’s a will, there’s a way;
fraudsters are finding new ways to
deceive, and we need to be up to
date on the trends. The world still
needs fraud fighters.
When I first started my career, only
a few of my colleagues were CFEs.
Once I heard there was an organiza-
tion dedicated to fighting fraud, I
instantly knew I needed to be a part
of it. I took a chance and traveled to
New York City for the ACFE’s CFE
Exam Prep Course, and I passed all
four sections that week. My mother
even traveled to support me and
see me walk out of the last exam
with a big “cheese” smile and yell, “I
did it!”
I credit all the job opportunities
I’ve gotten and the people I’ve met
throughout my career to the CFE
credential. Being a CFE has also
changed my mindset in every as-
pect of work. Not a day goes by that
I’m not thinking about fraud risks. I
even apply my CFE knowledge
outside of work, such as watching
reality TV and calling out characters
who are lying because I can read
their body language. It stays with
you.
If you haven’t already, get certified.
Even if you only have an inkling of
interest, do it. You do need to study
for the exam, and I highly encour-
age taking the CFE Exam Prep
Course and attending in person if
possible. Once you obtain those
credentials, doors to many opportu-
nities will open.
FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2023
Don’t be afraid to network and
build relationships, and don’t be
too quick to judge an opportu-
nity. Talk to people, observe their
mannerisms (a helpful interview
tool), and most of all, be yourself.
I wouldn’t be where I am today if
I didn’t network and meet people
who’ve supported and mentored
me in my career.
My ultimate achievement is my
daughter. She is a sassy, strong-
willed, passionate and beautiful
5 year old (going on 16) who I
know will one day conquer the
world. She’s lit a fire in me and em-
powered me to be a better version
of myself and a role model.
I enjoy reading, playing the
piano and flute, watching movies,
walking, yoga, meditating, watch-
ing the Steelers, playing pool and
rummy with my husband, “dance
nights” with our daughter, being
outside, going on family trips to the
beach, national parks and historic
landmarks, and evenings dancing or
sitting by a bonfire with friends I’ve
known since grade school.  n FM
Jennifer Liebman is assistant editor
of Fraud Magazine. Contact her at
jliebman@ACFE.com.
FRAUD MAGAZINE 69

CPE QUIZ
No. 166 (JANUARY/FEBRUARY 2023, Vol. 38, No. 1)
1. According to the article, “The Medicare disadvantage,’’
how did Cigna allegedly commit fraud in its 360 Program?
A. It knew that 360 home visits generated false and invalid
diagnoses but it continued to submit tens of thousands
of these invalid codes to the Centers for Medicaid &
Medicare Services (CMS).
B. It consistently prioritized chronic care and acute care
management.
C. It allowed vendors to provide patient treatment and
care during home visits.
D. It gave nurse practitioners full access to beneficiaries’
full medical histories.
2. According to the article, “The Medicare disadvantage,” the
sheer volumes of data and multitude of Medicare Advan-
tage plans can make it easier for fraud fighters to miss
wrongdoing.
A. True.
B. False.
3. According to the article, “Battling fraudulent product sub-
stitution,” what is one weakness in the vetting process for
supply contracts in the U.S. armed forces, in contrast to the
proactive methods implemented at NAVAIR?
A. When the Department of Defense detects nonconform-
ing parts, excessive amounts of compelling evidence
have made it too easy to prosecute suspects.
B. The Department of Defense normally administers each
problem as a separate instance and rarely conducts an
analysis of the overall practices of the vendor for pos-
sible referral for criminal investigation.
C. Law enforcement agencies have been overly proactive
in investigating bogus parts cases.
D. When the Department of Defense identifies a substan-
dard part, the supplier immediately admits the error
and is too quick to take the blame before a proper
investigation can be conducted.
4. According to the article, “Battling fraudulent product sub-
stitution,” what are the red flags to look for when monitor-
ing for suppliers that may be predisposed to supplying
nonconforming parts to the Department of Defense?
A. A high number of passed tests and inspections.
B. Reports indicating high efficiency.
C. A disproportionate percentage of deficiency reports,
failed tests or inspections, and terminations for conve-
nience or default.
D. A lack of corrective action requests and zero testing
failures.
5. According to the article, “Thwart procurement fraud,”
what is one example of how violators breach procurement
integrity?
DO NOT SUBMIT THIS FORM. Log in to your My Transactions page after purchasing the Fraud Magazine Quiz
set to submit your answers or record your answers on the answer sheet and submit online when you are ready.
70 FRAUD MAGAZINE JANUARY/FEBRUARY 2023 FRAUD-MAGAZINE.COM
The Fraud Magazine CPE quizzes are now available on-
line only. Please visit ACFE.com/FMQuiz or view the CPE
Quiz form on the next page for more information on how
to earn your 10 CPE.
A. Proper denial of late vendor bids.
B. Needlessly long delays in contract negotiation or
awards.
C. Unbiased technical evaluations.
D. Approval of necessary contract modifications.
6. According to the article, “Thwart procurement fraud,” what
has not proven to be effective when performing analytical
searches for questionable breaches in procurements?
A. Contextualization.
B. Triangulation.
C. Data quality and quantity.
D. Limited data samples.
7. According to the article, “What can fraud examiners learn
from PIs?” what skillset do private investigators possess
that can also enhance fraud examiners’ capabilities?
A. Evidence tampering.
B. Preconceived judgment.
C. Skeptical and investigative mindset.
D. Personal opinions.
8. According to the article, “What can fraud examiners learn
from PIs?” in a 2013 Google consumer survey conducted
by the firm Diligentia Group, 95% of those surveyed think
that private investigators break the law at least some of the
time, and 20% think that PIs never abide by the law.
A. True.
B. False.
9. According to the article, “5 most scandalous fraud cases
of 2022,” why have some banks been unwilling to refund
money stolen through Zelle fraud?
A. The Zelle fraud cases are so few that there’s no need to
take them seriously.
B. Hardly any of their customers are using Zelle.
C. The number of Zelle fraud cases has been decreasing.
D. They say regulations don’t require them to refund
money for authorized transactions, and many fraudsters
trick their marks into authorizing Zelle payments.
10.According to the article, “5 most scandalous fraud cases of
2022,” employees of which nonprofit were arrested for a
massive $250 million COVID-relief fund scheme?
A. Feeding Our Future.
B. Action Against Hunger.
C. The Hunger Project.
D. World Food Programme.
 CPE QUIZ

CONTINUED FROM PAGE 9
• Don’t boil the ocean with your client’s data.
Start small, demonstrate effectiveness and
quick-hit wins, then expand based on suc-
cess metrics.
• If you don’t know what you’re looking for,
you’ll never find it!
• Use the right technology tool for the right
job. Don’t force a square peg into a round
hole just because it’s your square peg. Do
what’s best for the client and be technology
agnostic.
• When it comes to applying data analytics
as an investigative tool, technology is only
as effective as the people using it and the
process designed to implement it. The devil’s
in the details — you just need the right tools
to exercise the demons.
• Make sure your data analytics specialists
have a reserved seat at the table early in the
process. Don’t underestimate the value of a
strong investigation plan centered around
carefully curated analyses.
Build it right, keep it relevant and stay
innovative. Follow this recipe and they will
indeed come for your services. n FM
The Fraud Magazine CPE Quiz has moved to an online
self-study format, making it easier for CFEs to earn 10
ACFE (non-NASBA) CPE. CFEs can earn 10 CPE by
taking quizzes online after reading featured articles in
Fraud Magazine.
Visit ACFE.com/FMQuiz
and follow the steps below:
1. Select the Online Fraud Magazine CPE Quizzes
by year from the dropdown*.
2. Click the “Add to Cart” button and complete the
checkout process.
3. Read featured articles in Fraud Magazine that
correspond to the year of the quiz set you purchased.
4. Access your quiz set by logging into your ACFE.com
account, clicking on the “My Transactions” tab and
clicking on the quiz set you purchased.
5. Pass 5 of 6 quizzes with a score of 70% or higher and
receive your CPE certificate instantly via email.

Vincent M. Walden, CFE, CPA, is the CEO of

For more information, please review
Kona AI, an AI-driven anti-fraud and compli- the “CPE Info” and “FAQs” tabs
ance technology company providing easy-to- or contact a representative:
use, cost-effective payment and transaction
analytics software around corruption, inves- MemberServices@ACFE.com
tigations, fraud prevention and compliance
monitoring. He welcomes your feedback and (800) 245-3321 / +1 (512) 478-9000
ideas. Contact Walden at vwalden@konaai.
Secure online chat service*
com.

*
Quizzes will be added to the current year’s set as issues of Fraud Magazine are pub-
lished. CPE can only be obtained from the current year’s quizzes after the fifth quiz is
made available in September.
Please Note: The Fraud Magazine CPE Service CPE credits apply only to the CFE status
and not to any other professional designations. Fraud Magazine CPE is not registered
with the National Association of State Board of Accountancy (NASBA).
The ACFE collects and stores your personal data in the U.S. to provide member services
and fulfill transactions requested by you. For a full explanation of your rights regarding
how we store and use your data, visit ACFE.com/privacy-policy.aspx.

Together, Reducing
Fraud Worldwide
 BOOKS AND MANUALS
Build your anti-fraud library with books and manuals
written by anti-fraud experts. Visit ACFE.com/books.

FRAUD EXAMINERS MANUAL FEATURED BOOKS

Bad Blood
By John Carreyrou
Paperback, 368 pages
In this book, you will learn the gripping story
of Elizabeth Holmes and Theranos — one of
the biggest corporate frauds in history — a
tale of ambition and hubris set amid the bold
promises of Silicon Valley, rigorously reported
by the author and prize-winning journalist
John Carreyrou.

$12.80 Members / $16 Non-Members

Your Essential Resource as an

Anti-Fraud Professional.
The Fraud Examiners Manual is the definitive body of
knowledge for the anti-fraud profession, providing
comprehensive guidance for anti-fraud professionals Crisis of Conscience
that no other work can match. By Tom Mueller
Hardcover, 608 pages
In this book, you will learn about the rise
The Fraud Examiners Manual is of whistleblowing through a series of
available online. riveting cases from the worlds of healthcare
With online access, the Fraud Examiners Manual is and other businesses, Wall Street and
more accessible and useful than ever. Washington.

Benefits of Online Access Include:

$20.00 Members / $25 Non-Members
• Real-Time, Ongoing Content Updates — Access the most
up-to-date anti-fraud information available.
• Supplemental Information — Access an expanding collection
of country- and region-specific information.
• Optimized for Multiple Devices — Access the Fraud Examiners
Manual on all your internet-connected devices. Rise of the Robots:
Technology and the Threat
The Fraud Examiners Manual: of a Jobless Future
• Describes hundreds of fraud schemes By Martin Ford
• Reviews legal principles involved with prosecuting fraudsters Paperback, 352 pages
• Provides tools and techniques for gathering information and This book will provide you with an
evidence when investigating fraud understanding of what accelerating
• Explores why people commit fraud and what can be done technology means for the workplace of the
to prevent it not-too-distant future and the economic
prospects for you and future generations.

$119.20 - $239.20 Members / $149 - $299 Non-Members $10.40 Members / $13 Non-Members

ACFE.com/books
 SELF-STUDY COURSES
Expand your anti-fraud knowledge with our comprehensive,
ACFE.com/selfstudy.
NASBA-compliant self-study CPE courses. Visit

WORKBOOK SELF-STUDY Available in digital or print formats

CPE Credit: 20 CPE Credit: 8 CPE Credit: 4

Investigating by Inside the Using Benford's Law to
Computer, Second Fraudster's Mind Detect Fraud
Edition This course takes an inside look This self-study course will teach
Investigating by Computer, Second at the fraudster’s mind, exploring you the history behind Benford’s
Edition will help you turn your psychological information that is key to Law and how to apply it while
computer into the most powerful the successful development of a fraud undertaking a fraud audit or
investigative tool you own. Along prevention and detection program. fraud examination.
with basic computer skills, this
course can be used as a guide to
every aspect of digital investigations. Members ⊲ $151.20 Members ⊲ $135.20
Non-Members ⊲ $189 Non-Members ⊲ $169
Members ⊲ $199.20
Non-Members ⊲ $249

ONLINE SELF-STUDY Get immediate, 24/7 access to premier anti-fraud training

CPE Credit: 2 CPE Credit: 10 CPE Credit: 2

Alternative Currencies and Fraud Consumer Fraud Shell Companies

In this course, explore the rapidly expanding world
of alternative currencies and their associated fraud
schemes. Topics include cryptocurrencies, blockchain,
ransomware and many others.
This course will provide you with an increased
awareness and understanding of common consumer
fraud schemes and will provide you with resources
and remedies to detect, deter, report and prevent
these schemes.
In this course, you will learn how shell companies
work, how they are used to commit fraud and how
to investigate shell companies.

Members ⊲ $71.20 Members ⊲ $159.20 Members ⊲ $71.20

Non-Members ⊲ $89 Non-Members ⊲ $199 Non-Members ⊲ $89

NANO SELF-STUDY 10-minute explorations of anti-fraud topics

NEW NEW
CPE Credit: 0.2 CPE Credit: 0.2 CPE Credit: 0.2

Red Flags of a Ponzi Scheme Trade-Based Money Laundering Signs of Deception

In this course, you will discover several red flags of In this course, you will learn about the types and red In this course, you will learn indicators of deception in
a Ponzi scheme that can be used to help prevent flags of trade-based money laundering and tips for written or verbal statements that you can use when
unwitting investors from becoming victims of fraud. combating it. evaluating statements.

Members ⊲ $8.80 Members ⊲ $8.80 Members ⊲ $8.80

Non-Members ⊲ $11 Non-Members ⊲ $11 Non-Members ⊲ $11

For more information on ACFE self-study courses, including refund and ordering policies,
= This course fulfills the annual ethics CPE requirement for CFEs.
fields of study, learning objectives and course levels, visit ACFE.com/selfstudy.
 CALENDAR OF EVENTS
ADVANCE YOUR CAREER WITH TRAINING FROM THE
GLOBAL LEADER IN ANTI-FRAUD EDUCATION.
ACFE.COM/CALENDAR

VIRTUAL AND IN-PERSON

Jan FEB mar

INVESTIGATIVE INTERVIEW UNDERSTANDING THE MINDSET CFE EXAM REVIEW COURSE
TECHNIQUES OF A FRAUDSTER
Virtual Virtual Virtual
January 17-19, 2023 February 7-8, 2023 March 6-9, 2023

CFE EXAM REVIEW COURSE DETECTING FRAUD WITH DATA 2023 ACFE WOMEN’S SUMMIT
ANALYTICS WORKSHOP
Virtual Washington D.C. + Virtual
January 23-26, 2023 Virtual March 8, 2023
February 14-16, 2023

FRAUD RISK MANAGEMENT 2023 ACFE FRAUD CONFERENCE

Virtual EUROPE
January 24-26, 2023 Virtual
March 27-29, 2023

VISIT ACFE.COM/CALENDAR
for the latest list of UPCOMING EVENTS.
Calendar subject to change.
*All in-person events will be held following safety precautions for the city and venue of the event.

For information or to register, visit ACFE.com/training.

 For Anti-Fraud Training.
For Your Team.
For Your Organization.

Group Membership. Discounted Anti-Fraud Training. Executive Roundtables.

ACFE.COM/CORPORATE
WWW.FORTHEPEOPLE.COM