Category Archives: Asset Recoveries

Basic Cash Concealment Strategies

One of the topics in which readers of this blog have expressed consistent interest over the years regards the many strategies of cash asset concealment employed by fraudsters; especially by embezzlers of relatively small sums from employers, who seem particularly creative at such manipulations.  Regardless of the method used to hide ill-gotten assets, one fact remains constant; proceeds from illicit activities must be disguised in some way to avoid being discovered. Those the ACFE dubs ‘asset hiders’ have developed many sophisticated techniques for working the system and accomplishing the goal of concealing their gains; in attempting to track down and recover secret stores of cash, the fraud examiner is presented with a true challenge, and the first step in meeting this challenge is to understand how asset hiders work. This post will concentrate on the concealment of raw cash.

There are three primary ways to hide cash assets. They are:

— Currency hoards;
— Cashier’s checks and traveler’s checks;
— Deposits to financial institutions.

The most basic method for hiding cash is the currency hoard, in which a person simply stores cash in a hidden location, usually in his or her home or on her property. This is the proverbial ‘cash under the mattress’ technique. In a typical home, hiding places for currency or other valuables can range from the obvious to the ingenious.

For example, precious metals and jewelry can easily be hidden in a layer of cooking grease at the bottom of a pot. The space beneath the bottom drawer of bureaus, chests, and cabinets is also a commonly used hiding place. Loose bricks in the wall or fireplace can disguise small spaces for hiding things. A more complex scheme is to build a false ceiling below the original ceiling and then use the space between the two as a hiding place.

Another place to hoard currency is in furniture. The hollow spaces of upholstered furniture make these pieces a good hiding place. Many people find false bottoms in drawers or inside stereo speakers useful places for hiding cash.

The basic structure of the home itself provides many opportunities for creating hiding places. One of the most common spots for hiding objects is in the walls. Cunning hiders may construct false walls in closets or pantries, or they may build large cavities into a wall, which is then covered with a mirror or a painting. Installing false light switch plates and electrical outlets provides easy access to spaces between walls and generally appear quite normal, although amateurs often leave tell-tale marks on the plate screws. These marks often provide searchers with signs of tampering and can lead to the discovery of a cache. An even simpler method is to hide currency inside the electrical boxes behind real electrical plates. If a larger space is needed, hiders sometimes remove the box from the wall and build a shelf below it. Significant amounts of currency can be hidden in these spaces. Currency hoards can also be hidden above ceiling light boxes in the space below the attic.

The plumbing system provides other natural hiding places. For example, many bathrooms have access holes under the sink, which are usually covered with a removable chrome disk. These access holes are designed so a cleaning ‘snake’ can be inserted into the main drain when the lines are clogged. This space is easily utilized as a hiding space. Floor drains are also used for hiding currency. Excellent hiding places can be created by installing false pipes that appear to be part of the home’s plumbing. Some individuals hide objects and money in shower curtain rods. Other places frequently used for hiding are air ducts, doors, and stairways. Heating and cooling system ducts are generally easy to access and have plenty of empty space. Hollow core doors are easily rigged for hiding. The top surface of the door can simply be cut away, allowing access to the natural secret compartment inside. Enclosed staircases have dead space underneath that is accessible. If the staircase is not enclosed, there may be usable space for small objects behind each of the risers. Stairs can be hinged, creating a hidden compartment underneath.

Cashier’s and traveler’s checks are another method used to hide assets. These instruments are useful for several reasons:

–They allow asset hiders to easily disguise their financial dealings from asset seekers like law enforcement, CFEs and forensic accountants;
–They help disguise the asset hider’s financial dealings and reduce the amount of currency physically carried;
–Cashier’s checks or traveler’s checks in denominations of less than $10,000 are negotiable financial instruments that can be exchanged almost any place in the world.

Whilst efforts to control the use of wire transfers for money laundering have traditionally been focused on banks, examiners also need to be aware that there are non-bank money transmitters that fraudsters often use to conceal cash assets.  These non-bank transmitters specialize in money transfers for individuals rather than businesses. In addition to other services, most non-bank transmitters sell money orders and traveler’s checks. These companies range from large international enterprises like Western Union to small mom-and-pop neighborhood check cashing businesses.

There are several reasons fraudsters like using non-bank transmitters. First, non-bank transmitters allow individuals to cash personal checks or wire money to family members nationally or in other countries. Check cashing companies and other sellers of money orders, such as convenience stores and grocery stores, provide a much-needed service to people without bank accounts. Second, non-bank transmitters allow individuals to obtain many individual traveler’s checks and money orders in amounts less than $10,000 each. Most states regulate check cashing and the sale of money orders with licensing and bonding requirements. The Money Laundering Suppression Act of 1994 required all money transmitters to register with the U.S. Department of Treasury. Furthermore, like other financial institutions, these businesses are required to file currency transaction reports (CTRs) for transactions of $10,000 or more in currency and coins, and they are required to file Suspicious Activity Reports (SARs) with the Treasury Department for certain classes of suspect transactions.

Check cashing companies have been known to receive illegally earned or stolen currency and use it to cash legitimate checks for their customers, thus avoiding CTRs or to structure transmittals by issuing multiple traveler’s checks and money orders for less than $10,000 each. Third, the transactions of non-bank transmitters will not trigger a mechanism for identifying unreported cash. Although money transmitters are classified as financial institutions, they are not depository institutions but operate through accounts with commercial banks. And, unlike bank accounts, which contain copies of deposits and canceled checks used in locating assets, non-bank money transmitters do not maintain copies of deposits and canceled checks. Unless the money order or traveler’s check appears in the financial records of the asset hider, it will likely go undetected since there is no place for the investigator to begin a search. However, once a money order or traveler’s check has been specifically identified, it can be traced back like any other financial instrument.

Banks and other financial institutions are frequently utilized by secrecy seekers as vehicles for hiding or disguising currency. The methods used may be as simple as renting a safe-deposit box and storing currency or valuables inside.  Searching the safe-deposit box of a suspected embezzler for evidence is not easily accomplished. It requires a court order. But; even if access to the box is denied, the investigator in a hidden asset case can often make educated guesses as to the contents by observing the movements of the hider. For instance, if the subject makes a visit to her safe-deposit box after attending an antique jewelry collector’s exposition, the examiner could surmise a collection of jewelry items is stored therein. Trips made to a safe-deposit box before foreign travel may indicate that the hider is moving money from his or her native country to a foreign location.

The banking system is, without question, the most important vehicle of both lawful and unlawful financial transactions. While most bankers are not active participants in asset hiding, it can be extremely difficult to distinguish between legitimate transactions and those conducted by secrecy seekers. Some bankers even prefer to close their eyes to the sources of their deposits and, in doing so, knowingly accept tainted funds. It’s important to understand how secrecy seekers use bank deposits and funds transfers to hide assets.  For the examiner, it’s important to know that most large banks have computer programs that can retrieve a specific wire transfer record. Many medium-sized banks cannot electronically retrieve specific wire data more than a month old, and some banks would have to search manually for records. However, even small banks usually send their international money transfers through one of the large Money Center banks, thus creating a record. Many large banks have enhanced their record-keeping systems to assure themselves and bank regulators that they are in full compliance with the Bank Secrecy Act. Some institutions have systems that monitor the wire transfer activity of certain accounts and generate periodic reports highlighting the consolidation of incoming wires followed by an outgoing wire transfer. Most of these systems are designed to monitor only customer accounts and do not record funds transfer services provided for non-depositors for which the bank serves only as an intermediary.

To conduct a successful wire transfer search, the examiner should have as much information as possible relating to the transfer in question when contacting the appropriate entity. Having the following information on hand will help make the search much more efficient:

— Date of transfer
— Amount of transfer
— Names of sending and receiving institutions
— Routing numbers of sending and receiving institutions
— Identity of sender and designated receiver
— Input sequence and/or output sequence

While most banks do not actively participate in fraudulent transfers, some signs for the examiner that could indicate collusion between a bank and its customer are:
— Allowing clients whose funds are not of foreign origin to make investments limited to foreigners;
— Acting without power of attorney to allow clients to manage investments or to transmit funds
on behalf of foreign-registered companies or local companies acting as laundries;
— Participating in sequential transactions that fall under the government reporting thresholds;
–Allowing telephone transfers of funds without written authorization and failing to keep a record of such transfers;
— Entering false foreign account number designations with regard to wire transfers.

Situational Assessment

fraud-examinationAs a follow-on to our last post, newly minted CFE’s working for their first client can find themselves at something of a loss about the best way to initiate an investigation; I know that was certainly true of me at what now seems so many years ago.

Every fraud investigation is a minefield whose first steps can impact the final outcome significantly. Insufficient care, coordination or discretion at the launch of the investigation may tip off the suspect, causing the destruction of potentially vital evidence. Moreover, information collected hastily without sufficient attention to procedure might prove inadmissible in court, or even lead to sanctions and fines. Any experienced practitioner will tell you that a whole host of challenges beset those of us responsible for looking into potential wrongdoing. But, as the ACFE also tells us, taking the right steps before an investigation can significantly reduce the risk of error, helping to ensure the entire investigation is planned correctly and carried out efficiently.

The ACFE advocates the performance of an initial fact finding or situational assessment phase of every investigation.  The CFE (and his or her employing attorney, if there is one) first need to assess whether an allegation has merit. This process should begin with consideration of the complainant’s credibility and motives (when that person’s identity is known) as well as other possible indications of the allegation’s likely validity. The examiner should avoid snap, simplistic judgments. Just because a complainant lacks credibility or may have ulterior motives doesn’t necessarily mean there is no need for an investigation. By the same token, even a highly credible individual can make an unfounded allegation. Upon close examination, allegations often contain specific facts, especially those related to the workings of the organization, that can help support assertions and provide the CFE a basis for corroboration moving forward.

The recommended initial situational assessment can be additionally vital because insider wrongdoing especially can have a significant impact on the organization, even more so when committed by a member of senior management. The assessment should include examination of monetary, regulatory, reputational, and other known risks.

An obvious goal for the CFE in every fraud case we work is to determine the extent of existing damage and prevent further losses. This can be difficult, as allegations rarely include an exact amount of stolen funds or an assessment of organizational impact. For example, the monetary impact of vendor kickbacks to employees is often hard to assess, as it involves gauging the extent to which the organization may have received insufficient value for the products it purchased. In these circumstances, the CFE may want to assess the extent to which the vendor is used and consider the common fraud risk associated with the industry, organization and type of vendor.

What’s more, in today’s gold fish bowl regulatory environment, issues of concern to regulators increasingly include insider trading, bribery of public officials, manipulation of publicly listed companies’ financial statements, money laundering, and privacy or data breaches. If an organization fails to conduct an adequate fraud investigation or take appropriate corrective measures, the regulator may initiate its own investigation or, where a funding relationship exists, withdraw support from the organization altogether. If allegations relate to an organization’s foreign operations, or involve activities in jurisdictions with extraterritorial legislation, international regulatory requirements should also be considered. Many countries have enacted anti-bribery legislation, including the United States’ Foreign Corrupt Practices Act (FCPA), Canada’s Corruption of Foreign Officials Act, and the United Kingdom’s Bribery Act. Running afoul of these laws can have significant consequences for any of our clients.

And finally, the potential reputational damage to an organization from fraud must never be taken lightly. Examples of circumstances that may pose significant reputational risks include payments to foreign government officials, circumvention of local or foreign laws, and accepting incentives from suppliers.

The CFE and the employing attorney are in a unique position in carrying out the initial situational assessment to collect and evaluate available evidence to assist the organization in its initial understanding of the case and to plan the investigative response. This process may include preparing a preliminary evaluation of the losses or follow-on risks to which the organization has apparently been exposed.  Once the attorney has communicated to the organization the facts and issues, consideration should be given to whether to pursue criminal charges or civil remedies (i.e., recovery of funds), as it will affect the CFE’s approach to the entire inquiry process. For instance, in the United States and Canada, the standard of proof for criminal charges is higher than that of civil remedies. Further, the makeup of the CFE’s investigative team may be different depending on the objectives of the investigation. Decisions may change over time and as new circumstances of the case come to light, the investigative strategy may also need to change.

Ideally, the investigative team for the initial assessment should be kept as small as possible, and participation should be on a “need-to-know” basis. Moreover, team members must not have any conflicts that would, or even be perceived to, impair their judgment or objectivity in the investigation.

ACFE Standards also require that the team be comprised of appropriately skilled and qualified individuals to perform, or at least oversee, the evidence collection process, particularly of electronic evidence. Team members need to be informed that any one of them may be called upon to testify as a witness in court and that notes and work papers are discoverable and could appear before a judge or jury. Therefore, work paper files, including interview notes and communications, should be thorough and carefully maintained. Numerous additional considerations should be kept in mind when choosing members of the investigation team on the front end, including participants’ independence, as well as the potential need for additional legal counsel, supplementary investigative experts, and other expertise. Maintaining independent oversight is crucial to the investigation’s credibility; failure in this area leaves all the investigative findings open to criticism by opposing counsel, regulators, or law enforcement agencies. In many cases, especially those involving financial matters, corporate counsel supported by CFE’s or forensic accountants might be in the best position to manage the overall investigation.

To protect litigation privilege, the employing attorney or independent external counsel will be included in the CFE’s investigation from the beginning. These experts can also advise the CFE on legal matters such as employee suspensions or terminations and evidence gathering techniques to help ensure future court admissibility. Moreover, by adding credibility, counsel, internal or independent, provides assurance that the investigation will stand up to external legal scrutiny.

The independent, reputable CFE can add credibility to a fraud inquiry from first to last, bring current knowledge of relevant issues, and provide or coordinate the acquisition of skills that many companies lack in areas such as computer forensics, analytics, and forensic accounting. Such help is also important if opinion testimony may be required, as the testimony is admissible only if it comes from witnesses (like CFE’s) whom the courts determine are experts. When needed, for example, in cases that may lead to pursuit of criminal charges or civil remedies, supplementary experts should be retained early on. To maintain litigation privilege, investigators and experts should always be retained through the CFE’s employing attorney or external counsel.

Making It Right

restitution

Register Today for Investigating on the Internet May 18-19 2016 RVACFES Seminar!

Congratulations!  You and your investigative team did all the hard work over many months and your client company has obtained a conviction of the bad guy.  What happens next?  The restitution phase of your examination, of course!  Client’s counsel has probably already told you (if you didn’t know it before) that the primary goal of a criminal statute is punishment of the convicted defendant, and for the most part criminal procedure does not concern itself with compensation or reparation of your client, the defendant’s victim. However, there are some opportunities to pursue recovery of losses caused by criminal conduct after the defendant’s conviction of which you should be aware.  So, according to the ACFE, what are some of the main issues involved with restitution?

Where the court suspends part or all of the defendant’s jail time and substitutes instead a term of probation, the court has the authority – either by statute or by its inherent powers – to specify the conditions of that probation, including an order to make restitution to the victim or otherwise to cooperate in the victim’s efforts to recover money or property. Restitution as a condition of probation can be ordered against both individual and corporate defendants, and may include a provision for installment payments over time to the victim. Usually the court will take the defendant’s ability to pay into account in ordering restitution, so that the defendant has a reasonable chance of meeting the restitution condition.  These and all terms of probation are supervised by the defendant’s probation officer who reports any failure of the defendant to obey or comply with probation conditions to the court. Restitution and other probationary terms are enforced by the threat of withdrawing probation and returning the defendant to jail to serve out his sentence if he fails to comply with one or more conditions of probation.

The court-designated probation officer usually makes sentencing recommendations – including any special probationary terms – to the court, so you should present any request to include a term of restitution to the probation officer as early in the pre-sentence investigation/evaluation process as possible. A request from the prosecuting attorney to include restitution as a term of probation also carries weight with the probation officer and with the court, so try to cultivate the prosecutor and familiarize her with your claim and supporting evidence. Cooperation with the prosecutor and police during the criminal prosecution can pay dividends in their willingness after conviction to persuade the court to impose a term of probation with an order of restitution.

Federal law (18 USC §§3663A and 3664) and an increasing number of state statutes direct or permit judges to order convicted defendants to make restitution to victims of their crimes as part of their punishment after conviction. These restitution orders are in addition to any other penalties provided by law for the defendant’s crimes. Unlike Victim’s Compensation Funds, these statutes apply to all crimes, including purely economic crimes. They also apply to defendants who do not receive probation as part of their sentence. Typically, statutory criminal restitution orders direct the return of the victim’s property, or its monetary equivalent if the property cannot be returned. Value may be calculated as of the date of loss or the date of sentencing, whichever is greater, according to some statutes. They also may direct the return of the fruits of the crime or the victim’s actual out-of-pocket expense caused by the crime.

A criminal restitution order may not apply, or be available, for a loss for which the victim has received, or will receive, compensation from another source, e.g. insurance (although the insurer may become subrogated to the victim’s rights and a court may enter the restitution order in favor of the insurer or other representative of the victim). Some statutes set a limit to the amount of restitution that can be ordered against a defendant who did not receive probation (although the limit usually does not apply to an order to return the victim’s property or its equivalent value) and/or direct the judge to take the defendant’s ability to pay into account. The federal statute and other state statutes direct that full restitution be ordered, although the court may take the defendant’s ability to pay into consideration in creating a payment schedule.

Unlike restitution that is ordered as a condition of conditional release (probation), a criminal restitution order can be enforced against the defendant even after his discharge from probation or his release from prison. The federal statute (and some state statutes) provide that a criminal restitution order may be enforced as a civil judgment by the victim against the defendant. Restitution orders also typically survive the death of the victim and may be enforced by his heirs or representatives. Criminal restitution orders are cumulative remedies and do not preclude the victim’s separate civil lawsuit against the defendant for the same conduct for which he was criminally convicted. However, any property or money received by the victim under a criminal restitution order will be credited against any civil judgment or restitution order.

The federal courts, and an increasing number of state courts, use legislatively mandated sentencing guidelines for convicted defendants. Besides the crime itself, and attendant facts and circumstances, these guidelines consider other factors that would allow a court to depart from the guidelines to enhance or reduce a sentence. One such factor is the defendant’s voluntary restitution before trial of the fruits of the crime or other compensation of the victim(s). This is not so much a remedy for the victim as encouragement for the wrongdoer to voluntarily make restitution before trial. Keep this fact in mind when negotiating with a criminal defendant for his cooperation during your fraud recovery effort.

Finally, be aware that many states maintain funds for the compensation of crime victims. These usually are funded, in part, by surcharges or fines assessed against the criminally convicted defendants. However, by the statutory terms and definitions, these funds typically are available only for crime victims who suffer physical injury or death from the defendant’s crime. However, it never hurts to look up the law in the relevant jurisdiction to see if reimbursement in whole or part for financial loss from fraudulent criminal conduct is available.

Trust Me

GavelDuring a joint training seminar between our Chapter and the Virginia State Police held earlier this year, I took the opportunity to ask the attendees (many of whom are practicing CFE’s) to name the most common fraud type they’d individually investigated in the past year. Turned out that one form or another of affinity fraud won hands down, at least here in Central Virginia.

This most common type of fraud targets specific sectors of society such as religious affiliates, the fraudster’s own relatives or acquaintances, retirees, racial groups, or professional organizations of which the fraudster is a member. Our Chapter members indicate that when a scammer ingratiates himself within a group and gains trust, an affinity fraud of some kind can almost always be expected to be the result.

Regulators and other law enforcement personnel typically attempt to identify instances of affinity fraud in order to prosecute the perpetrator and return the fraudulently obtained goods to the victims. However, affinity fraud tends to be an under reported crime since victims may be embarrassed that they so easily fell prey to the fraudster in the first place or they may remain connected to the offender because of emotional bonding and/or cultivated trust. Reluctance to report the crime also frequently stems from a misplaced belief that the fraudster is fundamentally a good guy or gal and will ultimately do the right thing and return any funds taken. In order to stop affinity fraud, regulators and law enforcement must obviously first be able to detect and identify the crime, caution potential investors, and prevent future frauds by taking appropriate legal actions against the perpetrators.

The poster boy for affinity fraud is, of course, Bernard Madoff.   The Madoff tragedy is considered an affinity fraud because the vast majority of his clientele shared Madoff’s religion, Judaism. Over the years, Madoff’s list of victims grew to include prominent persons in the finance, retail and entertainment industries. This particular affinity fraud was unprecedented because it was perpetrated by Madoff over several decades, and customers were defrauded of approximately twenty billion dollars. It can be debated whether the poor economy, lack of investor education, or ready access to diverse persons over the internet has led to an increase in affinity fraud but there can be no doubt that the internet makes it increasingly easy for fraudsters to pose as members of any community they target. And, it’s clear that affinity frauds have dramatically increased in recent years. In fact, affinity fraud has been identified by the ACFE as one of the top five investment schemes since 1998.

Affinity frauds assume different forms, e.g. information phishing expeditions, investment scams, or charity cons. However, most affinity frauds have a common element and entail a pyramid-type of Ponzi scheme. In these types of frauds, the offender uses new funds from fresh victims as payment to initial investors. This creates the illusion that the scam is profitable and additional victims would be wise to invest. These types of scams inevitably collapse when it either becomes clear to investors or to law enforcement that the fraudster is not legitimate or there are no more financial backers for the fraud. Although most fraud examiners may be familiar with the Madoff scandal, there are other large scale affinity frauds perpetrated across the United States almost on a daily basis that continue to shape how regulators and other law enforcement approach these frauds.

Perpetrators of affinity frauds work hard, sometime over whole years, to make their scams appealing to their targeted victims. Once the offenders have targeted a community or group, they seek out respected community leaders to vouch for them to potential investors. By having an esteemed figurehead who appears to be knowledgeable about the investment and endorses it, the offender creates legitimacy for the con. Additionally, others in the community are less likely to ask questions about a venture or investment if a community leader recommends or endorses the fraudster. In the Madoff case, Madoff himself was an esteemed member of the community. As a former chair of the National Association of Securities Dealers (NASD) and owner of a company ranked sixth largest market maker on the National Association of Securities Dealers Automated Quotations (NASDAQ), Madoff’s reputation in the financial services industry was impeccable and people were eager to invest with him.

The ACFE indicates that projection bias is yet another reason why affinity fraudsters are able to continually perpetrate these types of crimes. Psychological projection is a concept introduced by Sigmund Freud to explain the unconscious transference of a person’s own characteristics onto another person. The victims in affinity fraud cases project their own morals onto the fraudsters, presuming that the criminals are honest and trustworthy. However, the similarities are almost certainly the reason why the fraudster targeted the victims in the first place. In some cases when victims are interviewed after the fact, they indicate to law enforcement that they trusted the fraudster as if they were a family member because they believed that they shared the same value system.

Success of affinity fraud stems from the higher degree of trust and reliance associated with many of the groups targeted for such conduct. Because of the victim’s trust in the offender, the targeted persons are less likely to fully investigate the investment scheme presented to them. The underlying rationale of affinity fraud is that victims tend to be more trusting, and, thus, more likely to invest with individuals they have a connection with – family, religious, ethnic, social, or professional. Affinity frauds are often difficult to detect because of the tight-knit nature common to some groups targeted for these schemes. Victims of these frauds are less likely to inform appropriate law enforcement of the problems and the frauds tend to continue until an investor or outsider to the target group finally starts to ask questions.

Because victims in affinity frauds are less likely to question or go outside of the group for assistance, information or tips regarding the fraud may not ever reach regulators or law enforcement. In religious cases, there is often an unwritten rule that what happens in church stays there, with disputes handled by the church elders or the minister. Once the victims place their trust in the fraudster, they are less likely to believe they have been defrauded and also unlikely to investigate the con. Regulators and other law enforcement personnel can also learn from prior failures in identifying or stopping affinity frauds. Because the Madoff fraud is one of the largest frauds in history, many studies have been conducted to determine how this fraud could have been stopped sooner. In hindsight, there were numerous red flags that indicated Madoff’s activity was fraudulent; however, appropriate actions were not taken to halt the scheme. The United States Securities and Exchange Commission (SEC) received several complaints against Madoff as early as 1992, including several official complaints filed by Harry Markopolos, a former securities industry professional and fraud investigator. Every step of the way, Madoff appeared to use his charm and manipulative ways to explain away his dealings to the SEC inspection teams. The complaints were not properly investigated and subsequent to Madoff’s arrest, the SEC was the target of a great deal of criticism. The regulators obviously did not apply appropriate professional skepticism while doing their jobs and relied on Madoff’s reputation and representations rather than evidence to the contrary. In the wake of this scandal, regulatory reforms were deemed a priority at the SEC and other similar agencies.

Education is needed for the investing public and the regulators and law enforcement personnel alike to ensure that they all have the proper knowledge and tools to be able to understand, detect, stop, and prevent these types of frauds. This is where Fraud Examiners are uniquely qualified to offer their communities much needed assistance. Affinity frauds are not easily anticipated by the victims. Madoff whistleblower Markopolos asserted that “nobody thinks one of their own is going to cheat them”.

Affinity frauds will not be curtailed unless the public, the auditing and fraud examination communities, and regulators and other law enforcement personnel are all involved.

Lifting the Corporate Veil

briefcases-2Not too long ago a close friend of one of our Chapter members paid a substantial sum of money to a relative, the owner of a closely held corporation, in exchange for a piece of the relative’s real estate to which, it turns out,  the relative/owner did not have clear title.  The relative apparently used a substantial portion of the funds to immediately clear some outstanding debts of his corporation of which he and his wife are the sole officers and shareholders.  He now claims that, since he used the sale proceeds for corporate purposes, the refund of the purchase price he owes our Chapter member’s friend is a debt of the corporation and not of his personally.   Our Chapter’s friend has engaged an attorney at the suggestion of our certified Chapter member.

Our legal system recognizes that corporations have a separate existence from their shareholders/owners and are treated as “individuals” under the law. There are two ways for a wrong-doer to use the existence of a corporation to avoid efforts to recover a money damages judgment from him:

–As in this case, argue that the corporation and not the shareholder/owner committed the offense, and therefore the shareholder’s personal assets and property should not be used to satisfy any judgment for the offense.
–Argue that the wrongdoer/shareholder’s property is held in the name of the corporation, and therefore he has no personal assets that can be used to satisfy a judgment against him.

The first reflects the classic doctrine that shareholder/owners are not liable for the debts or liabilities of the corporation. Of course, if the shareholder owner also controls the corporation and personally acted wrongfully, he may still be liable for his misconduct, and the corporation may simply be jointly and severally liable together with him. Whether the wrongful conduct was that of the corporation or that of an individual shareholder usually is a question of fact to be decided by the jury.

The second reflects the corporation’s ability, as a separate legal entity, to own its own property. If the corporation owns the property, then the individual shareholder does not.  Since both prejudgement attachment writs and writs of execution can only reach a defendant’s interest in leviable assets, a wrongdoer can appear asset-less and judgment proof – and your client can be unable to satisfy a money judgment against her- if the wrongdoer/shareholder has transferred title in her personal assets to the corporation. This does not apply to a non-money judgment to recover specific money or property which can reach proceeds or property in the hands of the wrongdoer or of third persons. Of course, if the wrongdoer’s transfer of assets to the corporation was in fraud of creditors, the injured party can seek to have the transfers set aside.

However, even where a corporation apparently shields the defendant or his or her property, the wrongdoer and her leviable property can still be reached if the court can be convinced to disregard the corporation or to regard it merely as her alter ego. The court may do so if it can be proved that the corporation is merely a sham whose sole purpose is to help the wrongdoer fraudulently avoid liability for her conduct. This is sometimes called piercing the corporate veil.

If the corporation is found to be the alter ego of the shareholder, then either or both of the following consequences apply, depending on the goal in piercing the corporate veil:

–The wrongdoer is no longer shielded from liability for the corporation’s misconduct because the wrongdoer and the corporation are viewed by the court as one and the same.
–Corporate property can be reached to satisfy a judgment against the wrongdoer because the property is now regarded, properly, as the wrongdoer/shareholder’s property.

One of the factors to consider in attempting to pierce the corporate veil is whether the corporation is closely held; i.e. owned or directed by one or a small or limited number of shareholders, officers, and directors, often all the members of the same family. Obviously, the larger the number of shareholders, and the more broadly the corporation’s directing positions are distributed, the less likely it is to be a sham or alter ego for one person. However, given the lawful goals and purposes of incorporation, even a small, closely held corporation may be legitimate. Conversely, the existence of other shareholders or other directors and officers may not mean that the corporation is not a sham.

There is no hard and fast test to determine whether a corporation is a sham. Instead, courts will look at a variety of factors to determine whether to pierce the corporate veil. These factors include:

–As in this case, does the wrongdoer exercise sole or ultimate control over the activities of the corporation?–Does the corporation’s charter describe the approved activities of the corporation with some specificity, or is it left largely to the discretion of the wrongdoer?
–Does the corporation fail to hold director’s and shareholder’s meetings, record minutes of those meetings, and otherwise observe the formalities of corporate existence?
–Is the corporation so under-capitalized as to raise questions about its viability as a separate entity?
–Are the corporation’s finances so intertwined or identifiable with those of the wrongdoer as to raise questions about its separate existence?
–Does the corporation own property which does not seem to reasonably relate to its activities, particularly as described in its charter?
–Does the wrongdoer use the corporation’s property as if they were her own, personal assets, including but not limited to whether she uses them for purposes not within the corporation’s approved activities?

These and similar or related facts can indicate that the corporation is a sham and has no true, separate existence from the wrongdoer/shareholder. In that case, the court would be justified in ruling that the corporation should be regarded as an alter ego of the wrongdoer and that the corporation and the wrongdoer be considered as one and the same “person” for purposes of determining liability or levying on assets to satisfy a money judgment.

Many thanks to our member for bringing this case to our attention!

Asset Recovery through Insurance

notepad-3Unlike many skimming victims our chain restaurant owner (see our last post – ‘Small Theft – Big Consequences’) was fortunate enough to have employee dishonesty insurance made available to him through a group policy provided by our RVACFE Chapter member’s restaurant management firm.  Most small concerns aren’t so lucky.  Any concern that can afford such a policy should invest in one because in the case of employee theft, it’s not a question of if, but when.  To the extent that you can, make you clients aware that asset recovery on most employee frauds is typically slim to none (the money’s usually been long spent by the time of the malefactor’s discovery) making insurance against the loss a good investment for any business.

Insurance companies offer employee dishonesty coverage, or fidelity bonds, as part of business insurance packages. If your client is so insured, s/he may be indemnified by their insurer for a loss caused by an employee’s dishonest or fraudulent acts (at least to the extent of the policy’s coverage limits). Dishonest or fraudulent acts typically are defined under these policies and bonds as acts committed with intent to:

–Cause the insured to sustain a loss; or
–Obtain a financial benefit for the employee or for any third party intended by the employee, other than her proper compensation.

Given the nature of this kind of insurance and how its marketed, it’s most likely to be available for internal fraud or theft in a business like our victim’s, although it is possible for a fiduciary of almost any kind to be bonded for her acts as a fiduciary and so for the bonding company to indemnify for the fiduciary’s actual or constructive fraud.  Employee dishonesty insurance is available either in an occurrence policy, which covers any loss caused by employee dishonesty which occurs during the policy period, or a claims made policy, which covers claims made only while the policy is in effect. Occurrence policies can be more expensive, but their advantage is that losses that occurred during the policy period, but were not discovered until after the policy period ended, can still be claimed. A tail can be purchased and added to the claims made policy so that after-discovered losses can still be claimed after the policy’s lapse, but this added expense can make the claims made policy nearly as expensive as the occurrence policy.

As with any other insurance agreement, these policies and bonds have deductibles (a reserved amount that is subtracted from the total loss claimed), policy limits (a limit to the amount the insurance company will indemnify the insured for a given loss; usually in the millions of dollars), and certain exclusions (specified facts and circumstances that are not covered). Deductibles and policy limits usually are applied per each occurrence, although some policies carry an aggregate policy limit which applies to all occurrences within the policy period. All of these combine to affect the degree to which the policy will cover a particular loss. To collect employee dishonesty benefits, as with any other type of claim, the insured will have to follow the claim procedures set forth in the policy. Generally, the insured is required to submit a sworn proof of loss claim within a specified time period, together with supporting proof of liability and documentation of the loss amount.

Submitting a timely Proof of Loss is entirely the responsibility of the insured; normally, the carrier is not responsible under the policy to conduct or assist in the investigation of the loss, nor to reimburse the insured’s investigative or legal costs in making the claim. Failure to comply with these policy conditions can result in denial of the claim (although many courts require the insurer to prove that it was prejudiced by the insured’s failure to submit a timely Proof of Loss before it will relieve the insurer of its duty under the policy to indemnify the insured for the claimed loss).  This is where the good efforts of our associate member were so valuable to her employer’s client; by assembling and organizing all the documentation related to the skimming incidents her client’s Proof of Loss report was wholly understandable and credible to the insurer, making for timely collection of the claim.  Without the insurance, none of the skimmed funds would have been recovered.

It’s important to note that most policies expressly give the insurer subrogation rights against the employee who caused the covered loss, i.e. the insurer acquires the insured’s claim(s) against the employee and can sue him or her to recover any sums paid to the insured employer under· the policy. Even in the absence of an express subrogation agreement in the policy, courts imply subrogation rights in these circumstances. Insureds are prohibited by the policy provisions from interfering with the insurer’s subrogation rights in any way at the risk of jeopardizing coverage. Therefore, if the insured seeks to settle with the employee directly, the insured must not execute any acknowledgment of settlement or release of liability with the employee or with any of her confederates unless the insurance company expressly consents.

One additional thing to be aware of is about liability insurance, the kind of insurance that indemnifies the insured against liability to a third person(s) as a result of the insured’s wrongful conduct.  If the defendant is a vicariously liable party (e.g. an employer or corporation who didn’t actually commit the act, but is legally responsible for the person who did) then his/its liability may not be intentional in nature and may not be excluded by the policy or statute. Similarly, there should be coverage if one of the theories of liability is negligence – for instance a trustee whose misconduct is alleged in the complaint to violate his statutory duty of due care, or a concern that is liable for negligently hiring a dishonest employee or negligently failing to take the precautions that would have avoided the loss. Additionally, intentional wrong has a special meaning for insurance purposes, and, as a practical matter, insurers cannot always say with certainty that the third party’s loss was intentional on the part of the insured. If there is room for doubt, the insurer may indemnify the insured for the liability rather than risk breaching its insurance contract with the insured (which can expose the insurer to even greater damages and expense).  When in doubt, file the claim and find out.

Fraud examiners, internal auditors and other assurance professionals can make a real contribution to the fraud control programs of our clients by understanding the key role insurance of all kinds can play in asset recovery.

That Break’s For You


vacation“We are again honored to have a seventh guest post from our friend and Richmond Chapter 2015 Vice-President, Rumbi Bwerinofa, CPA/CFF. Rumbi is a Director of the Queens/Brooklyn Chapter of the New York State Society of CPAs and a member of the NYSSCPA Litigation Services Committee. She is the editor of TheFStudent.com, where she discusses financial forensic issues.” – Charles Lawver-2015 RVACFES Chapter President…”

I live in New York City, the city that, in its own mind at least, never sleeps. Those of us who live here wear that like a badge of pride.  Rest? Only when we’re dead! If you ride the subway, death apparently includes the daily rush-hour commute. Here, we’re a city of zombies who have even figured out to sleep, standing up, crammed like sardines into whatever tin box is taking us to work. Out bosses love our never rest attitude. What could be better than workers who express shame when requesting time off? Who wouldn’t like an office full of people competing to see who can pull the longest hours?

Well, it turns out that, perhaps, a worker who never leaves his or her desk may not be such a good thing for company health, when it comes to fraud prevention and detection. That person who’s so diligent that, not only does she never need help, but she’s even willing to take on additional tasks like, say, picking up and distributing the mail or making bank deposits, may be taking on all these extra tasks for a reason, say to make sure that no one discovers she’s actively stealing from the company. That why it’s important for forensic accountants and fraud examiners to help our clients understand the criticality of enforced staff vacations for the overall integrity of their fraud prevention programs.

It’s so important to stress to the employer that, when employees do take vacations, desks mustn’t be allowed to sit idle, with work and mail just piling up, untouched for two or three weeks.  Vacation times represent the perfect point to perform targeted, concurrent fraud prevention and detection related tests. One, or more, of the vacationing employee’s cross-trained peers should take over the daily, detailed tasks of the employee. Such tests are especially important if the employee has access to assets or cash, but it’s a good prevention practice for every employee’s desk. Mail should be opened, bank statements reconciled and checks to vendors written. In this way, fraud and error stand a good chance of being caught.  Just knowing that this type of testing is mandatory during enforced annual vacations is a potent fraud deterrent in itself.

Too often fraud is caught by accident, when one employee happens to be out of the office and a question needs to be answered. Someone will dig into that employee’s work and stumbles onto something amiss. Rita Crundwell  stole almost $54 million from the city of Dixon during the nearly three decades she was that city’s comptroller. Her crime was discovered while she was out of her office, on vacation, and the acting comptroller, asked for bank statements, found a statement for an account that was not recorded in the ledger. The account held millions, had an official-sounding name wasn’t identified in any city record. Had, someone else in the city’s finance department routinely performed banking and mail duties while Crundwell was out of the office (of even at random times when she wasn’t), this embezzlement may have been caught years earlier.  Prior to the fraud’s discovery, no manager in authority seemed to see a conflict of duties issue with Crundwell, the comptroller, picking up all the city’s mail. While she was on vacation, she would have a relative or city employee pick up the mail, separate out hers’, and distribute the rest. Yes, a relative, not even a city employee, picked up and distributed the city’s mail!  Had Crundwell known that her work would be independently randomly checked and reviewed on a regular basis, she may have decided that stealing from the city was just too risky and have never perpetrated her crime.

The FDIC and SEC recommend mandatory vacations of two consecutive weeks for traders and others in the financial industry. This guarantees there’s adequate time for the employer to have another staff member perform the work of the vacationing employee and check for fraud and error. Any business would benefit from adding this process to their control systems.

An earlier post on The Inner Auditor discussed the risks and control weaknesses associated with only one person in a business holding the bulk of the information about how things work. Should that person take an extended vacation, retire or quit, the company could very well come to a confused standstill because no one else knows how to perform certain processes or where certain information is kept. A benefit of and enforced mandatory vacation and random testing policy is that other staff members will be forced to learn, through cross-training,  what their colleagues do and know; knowledge about the functioning of every desk will be shared among various employees.

Employers should be thoroughly briefed on benefits for fighting fraud, reducing error and sharing knowledge that a well-planned and executed vacation and concurrent testing policy can bring to the fraud prevention effort. They may or may not worry too much about how tired their workers are, but I’m pretty sure that they care a lot about keeping their assets safe.

Special Chapter Event – Trends in Advanced Data Analytics

CommercialOur guest speaker, Kevin Jones, a Director at the health care analytics concern HMS, made a number of excellent points during a special presentation entitled ‘Trends in Advanced Data Analytics’ given yesterday at the Virginia State Police Training Academy in Richmond, Virginia.  Specifically, Kevin addressed the challenges facing organizations new to the utilization of big data as a fraud investigation tool.  Kevin rightly pointed out that even though every sophisticated computer assisted fraud scheme leaves traces on the victimized system(s), those data are often over-looked, collected incorrectly or analyzed ineffectively as a result of simple, wholly preventable, ignorance.

Kevin provided a number of examples of the difficulties for the prosecutorial process arising if relevant evidence isn’t gathered appropriately at the very beginning of an investigation; evidence not gathered initially will likely become evidence foregone.  Not only do many organizations underestimate how often they may need to produce reliable fraud related evidence of exactly what happened in their information system during the commission of a fraud or irregularity, but they woefully underestimate the demands that the legal system will make in terms of ensuring the admissibility and reliability of any digital evidence.

Kevin emphasized that concerns new to the use of analytics to begin the complex process of fighting routine incidents of fraud, waste and abuse need to develop a detailed response plan to address those fraud related incidents found to involve their data.   Lacking such a plan, much potential evidence will either never be collected or will be found worthless (as a result of contamination) in the support of any future prosecution.  To specifically address this type of enterprise risk, Kevin advises that fraud examiners and auditors should get the concerned departments of the enterprise (like information management and financial operations) talking to each other about how they want to manage information security incidents, including the responsibilities and procedures they will jointly follow in responding to a fraud challenge.

The involvement of fraud examiners and auditors is especially important when developing the part of the response plan governing legal action to be taken against a person or organization after discovery of an information security incident.  This part of the plan needs to address exactly what evidence should be collected, retained and presented in conformance with the rules of evidence promulgated by the relevant jurisdictions concerned.  Kevin pointed out that it’s often over-looked that the same sorts of defined plans need to be developed when collecting and presenting evidence supporting internal disciplinary actions.

According to Kevin, in most jurisdictions, the legal admissibility of digital evidence in a court of law is governed by three fundamental principles: relevance, reliability and sufficiency.  Evidence is relevant when it can prove or disprove an element of a specific case being investigated.  Reliability relates generally to the evidence being what it purports to be, i.e., that it has not been spoiled or altered in some way.  In many jurisdictions the concept of sufficiency means that enough evidence has been collected to prove or disprove the elements of the matter.

To reduce the threat of legal challenges, Kevin suggests that management needs to consider providing assurance that the organization has performed due diligence by implementing security measures over its data.  If security is lax or non-existent, it can be hard to prove that any wrong doing even occurred in the absence of well-defined rules.  There need to be reviews of the organization’s information security systems and procedures at defined intervals to determine whether their control objectives, controls, processes and procedures conform to the requirements of information security standards and relevant regulations.  Management needs to obtain assurance that its information security procedures are implemented and maintained effectively and that they are performing as expected.

Kevin’s message to fraud examiners is that we can help client management on a number of fronts to develop a coordinated approach to developing readiness to employ digital information and analytics as tools to combat the inter-related threats represented by fraud, waste and abuse:

— As fraud experts, do we feel that the organization has adequately identified the main fraud related risk scenarios commonly faced in its industry or business sector?
–Has the client identified the types of evidence it’s going to need in a civil litigation or criminal proceeding and the steps it will need to take to secure those data?
–Has the client inventoried the data that it routinely collects and the ready availability of those data in a crisis?
–What’s the client’s degree of general familiarity with common legal issues and problems such as admissibility, data protection, human rights, limits to surveillance, and legal obligations to staff members and others?
–Is there an action plan in place to assure the coordinated action of organizational components in the face of a crisis involving major instance(s) of fraud, waste and abuse?

The sincere thanks of all our Chapter members to Kevin and to the members of his team at HMS for making this special RVA_CFES event on developing trends in advanced analytics and data mining a success!

Getting it Back

couple-sailing-12“We are again honored to have a fourth guest post from our friend and Richmond Chapter member, Rumbi Bwerinofa, CPA/CFF.  Rumbi is a Director of the Queens/Brooklyn Chapter of the New York State Society of CPAs and a member of the NYSSCPA Litigation Services Committee. She is the editor of TheFStudent.com, where she discusses financial forensic issues.” – Charles Lawver-2014 RVACFES Chapter President…”

Financial Frauds come in many shapes and hues but at the end of the day, money is come by through some devious means employed by the ethically challenged. During trying financial times, all the many varieties of the classic Ponzi scheme have proven especially popular.  As exampled by the shenanigans of Bernie Madoff and/or the bitcoin investment schemes recently in the news, the mechanics of this devastating con always work in essentially the same general way. A charismatic person with a great sounding get-rich-quick pitch enters on the scene. Her presentation can be as various and sophisticated as the imagination of the fraudster or the gullibility of the mark can make it and, indeed, may vary in particulars of content, but one thing never varies; guaranteed financial returns way above market rates. Always the promised returns are so good as to induce incredulity even in the most vulnerable or desperate would be investor, but, if the Ponzi is to succeed, the allure of the pitch has to be strong enough to overcome any doubts. In the end, people sign up and pass over their hard earned money by the hand-full.

The charismatic salesman takes the money, uses part of it to pay the fantastic returns promised to some of the initial investors and a large percentage of the rest to fund the extravagant lifestyle expected of a super successful business person. By continuing to charm and attract new investors, cash flow is soon surging through the scheme at an ever increasing rate as more and more would-be investors are attracted by the news of such a fantastic level of return.  Because the claimed returns aren’t being made our fraudster is soon in constant need of new funds to pay existing investors and to carry that ever more extravagant lifestyle. This cycle can sometimes go on for a surprising length of time but the longer it goes on, the more money the fraudster needs to take from her new marks just to make her nut. Although 18 months is the median time a Ponzi scheme typically lasts before discovery, a sophisticated, charismatic operator like Madoff can operationally carry one (or several) for decades.   We now know that the Madoff scenario apparently started somewhere between 1970 and the early 1990’s, depending on whose version of the depressing story you’re inclined to believe.  However, at a certain point, sooner or later,  the Ponzi is discovered and the fraudster inevitably must face the arm of law enforcement and defend against whatever charges are brought.

Had you have been tracing the flow of the money through the Ponzi, you would have quickly noticed that our salesman is only continuing the monotonous process of  taking money from Peter in order to pay Paul, never failing to skim his commission off the top. Since the point of the whole exercise is the financing of a life style not about investing, no returns are being earned on the money taken in and the business plan has to be about recruiting more people in order just to keep the scam going. This means that, when she or he is inevitably caught and everyone finally sees and can discuss the fruits of the extravagant shopping sprees – fancy homes, expensive cars, the boat – the pricy adventures – trips by private jet, membership in exclusive clubs, the rubbing of shoulders with celebrities – his immoral ways – his hubris, his dishonesty and maybe even his pornography … I’m willing to bet that not once will you hear mention of his investment acumen  and the smart ways he made his ill-gotten gains grow!

Yet when our fraudster is convicted and sentenced to some kind of punishment, you will also always learn that he has been ordered by the court, and agreed, to make restitution; to pay back all that money wrongfully taken from so many people over all those years. At times, there is even a fine added to the restitution amount. It looks good on paper but it begs the question – from whence is all the money to pay these penalties supposed to come?

Let’s look at a real case that made the news recently. Sandy Jenkins plead guilty to embezzling over $16 million from Collin Street Bakery, where he worked as the corporate controller from 1998 until 2013 (when his fraud was discovered). While employed by the bakery, his annual salary was never more than about $50,000 per annum. With the money he stole, he and his wife lived lavishly, buying a vacation home, taking flights on private jets and indulging in all kinds of expensive luxuries. In addition to facing up to 60 years in prison, Jenkins was fined up to $2.75 million, over and above the money he stole from his employers. As part of his plea deal, Jenkins additionally agreed to pay full restitution. Prosecutors will certainly seek to get back as much as they can from the property they seized from Jenkins and his wife (she too faces charges) but I, for one, will be shocked if the value of all their property comes anywhere near the $16 million dollars he stole.  As with the majority of such cases, the bulk of the money stolen was spent in ways never subject to reclamation; on vacations, private jet flights and luxury cars that started to lose value as soon as they were driven off the lot.  In light of all this, it’s hardly surprising then that the Association of Certified Fraud Examiners (ACFE) reports that 58% of defrauded organizations recover none of their losses and only 14% make a full recovery (the median recovery amount is 20% of the value of the assets stolen).

The fact that money stolen will not likely be recovered, can only emphasize the importance of fraud prevention and, if fraud should occur, of early detection. It makes sense that the earlier a fraud is discovered, the smaller the losses will be and, of course, if fraud is prevented in the first place, there no losses will be suffered at all.  As fraudsters continually seek new ways to perpetrate their crimes, it’s vital that forensic accountants and fraud examiners constantly improve and develop methods of fraud prevention and detection. It’s equally important that organizations understand that employing effective fraud prevention and detection measures will save them many times the cost of such measures in the long run. Forensic accountants have the skills and training to perform the very difficult, and often expensive, task of tracing money and assets that have been acquired through dishonest means, but they can’t re-manufacture the funds already lost to fraud. After all, we’re not magicians.

What Even that Humble Check Can Tell Us!

A Notice to the Followers of Our Blog

“Last week our Chapter moved site hosting services for theinnerauditor blog from WordPress.com to our own Chapter servers. Those who were following us at WordPress.com hosting must now follow us at our new hosting location. You’ll notice at the right of this post a box entitled ‘Subscribe to this Blog Via E-Mail’. Just  fill in your name and e-mail address and we’ll see that you continue to get each new post automatically … sorry for the inconvenience but we’ll now have much better site backup and security services – Charles Lawver – RVA_CFES Chapter President”

royal-flushThe topic of the examination of simple bank account records as primary documentation for various types of fraud investigations has come up in several contexts these last few months and so I thought the development of this type of evidence might be a good subject for a post.  The ACFE, our parent organization, has published a number of reports over the years on the subject of what kinds of bank records to look at for what purposes during the conduct of an examination as well as guidance on just what record features of each of these instrument types are the most important for an investigator to review.

As a general point, the cardinal rule when gathering evidence of any kind is to document, document, and then document again; so it’s no surprise that any check related records related to your case are no exception.  Make copies of the front and back of every record you look at … this includes deposit tickets, memo entries and cancelled checks. When examining individual checks, be sure to look at the back of each instrument for information on the account into which the check was deposited, the date the check was deposited and all the banks that are listed as parties to the transaction.

Your investigation of check records should start with a look at the subject’s monthly account statement(s) for the period under review.  Generally, review what significant deposits have been made to the account and then give a look at what checks have been written on the account.  Look for any unusually high monthly balances.  If you find any, this fact might be useful as circumstantial evidence of the existence of illicit funds even if the associated individual deposits can’t be specifically identified.  Are there any unusually large deposits, even dollar number deposits, deposits made on regular dates or deposits which you can’t associate with any apparent sources of legitimate income?  Legitimate income deposits for an employee can be verified by comparing dates and amounts to the payer company payroll information.  Be on the lookout for large or unusual currency transactions or credit memo entries; memo entries might indicate wire transfers, loans, certificates of deposit, investments or some other type of hidden asset.

After looking at these items, be sure to get client permission to request copies of any suspicious deposit items from the bank.  Depending on the bank, this information will usually be in the form of a microfilm copy of the deposited check, or the deposit slip or other internal bank record indicating that the deposit was in currency.  Remember that banks are only required to keep deposit tickets on microfilm or in digital form for two years.  The deposit slip will indicate whether the deposit was a check or currency, and if in check form, might show the ABA code number identifying the bank on which the deposited check was drawn.  If a copy of the deposited check is unavailable in paper, microfilm or (in the case of on-line banking) in electronic form, ask to see the bank’s proof sheet (again as an electronic printout to PDF or in paper form) which should identify the source of the deposit.

Examine all the checks written during the period under review if you can.  Why?  Let’s say you find a $45.00 check written to pay for a utility hook up to an out of town power company which leads you to the existence of a half-a-million dollar beach house you had no idea the subject owned! … you get the point.  So, in summary, what types of useful facts can checks reveal?  They can reveal the existence of other 1) bank accounts controlled by the subject; 2) the existence of credit cards, 3) the purchase or location of major assets (through the payment of real estate taxes), 4) broker’s fees or utility payments, and 5) loans (which can provide valuable leads through examination of the details of the loan applications and financial statements which might be attached).

A speaker at one of our recent quarterly Chapter special events suggested the following simple approach to sorting through the information to be found on a subject’s checks during a forensic  review.   First, schedule (list) the checks, by number and date, in the left column of an Excel worksheet with the payee, the amount and purpose of the check (if known) in a column to the right.  Upon inspection, this listing should reveal the subject’s routine monthly and annual expenditures.  Look for things like the absence of a check for a recurring payment which might indicate the payment was made in cash, which could be an indication of undisclosed cash income.  Also, always examine the reverse of any check made out to cash and note where the check was cashed.  Look for the depository bank’s stamp; that information could provide a lead to another bank account.

Those humble checks are among the fraud examiner’s best friends and the outcome of many a case has turned on patterns and other elements revealed during their detailed review.