Tag Archives: financial fraud

Governance and Fraud Detection

Originally, the business owner had the most say in decisions regarding the enterprise. Then, corporate structures were put in place to facilitate decision making, as ownership was spread over millions of shareholders. Boards of directors took over many responsibilities. But with time, the chief executive officer (CEO) ended up having a large say in the composition of the board and, in many instances, ruled and controlled the company and its strategy. The only option for shareholders appeared to be to sell their shares if they were not happy with the performance of a specific organization. Many anti-fraud professionals think that this situation contributed significantly to business demises such as that of Enron and to the horrors consequent to the mortgage meltdown and accompanying fiscal crisis.

Proposals were made to re-equilibrate the power structure by giving more power and responsibilities to the board and to specific committees, such as the audit committee, to better deal with internal control and fair financial reporting or the remuneration committee to better deal with the basis for the type and the level of remuneration of the CEO. New legislation was put into place, such as the US Sarbanes-Oxley Act and Basel II. Compliance with these pieces of legislation consumed a lot of attention, energy and cost.

Enterprises exist to deliver value to their stakeholders. This is accomplished by handling risk advantageously and using resources responsibly. Speedy direction setting and quick reaction to change are essential in such a situation so decision making must be shared among many. Therefore, governance comes into play. Successful enterprises implement an over-arching system of governance that facilitates the achievement of their desired outcomes, both at the enterprise level and at each level within the enterprise; this is especially true with regard to the problem of fraud detection.  In this context, a holistic definition of enterprise governance is in order: Governance is the framework, principles, structure, processes and practices to set direction and monitor compliance and performance aligned with the overall purpose and objectives of an enterprise.

This definition is initially implemented by the answers to and actions on the following governance related questions:

Who is accountable and responsible for enterprise governance? Stakeholders, owners, governing bodies and management are responsible and accountable for governance.

What do they do, and how and where do they do it? They engage in activities (set direction, monitor compliance and performance) in relationship with others and use enablers (frameworks, principles, structures, processes, practices) within the governance view appropriate to them (governance of the enterprise; of an organizational entity within the enterprise such as a business unit, division or function; and of a strategic asset within the enterprise or within an organizational entity).

Why do they do it? They institute governance to create value for their enterprise, determine its risk appetite, optimize its resources and use them responsibly.

In summary, accountability and stewardship are delegated to a governance body by the owner/stakeholder, expecting it to assume accountability for the activities necessary to meet expectations. In alignment with the overall direction of the enterprise, management executes the appropriate activities within the context of a control framework, balancing performance and compliance in achieving the governance objectives of value creation, risk management and resource optimization.

Fraud detection (within the context of a fully defined fraud prevention program) is a vital business process of the over-hanging governance function and can be implemented by numerous generally accepted procedures.  But a few examples …

One way to increase the likelihood of the detection by the governance function of fraud abuses is the conduct of periodic external and internal audits, as well as the implementation of special network security audits. Auditors should regularly test system controls and periodically “browse” data files looking for suspicious activities. However, care must be exercised to make sure employees’ privacy rights are not violated. Informing employees that auditors will conduct a random surveillance not only helps resolve the privacy issue, but also has a significant deterrent effect on computer assisted fraud exploits.

Employees witnessing fraudulent behavior are often torn between two conflicting feelings. They feel an obligation to protect company assets and turn in fraud perpetrators, yet they are uncomfortable in a whistleblower role and find it easier to remain silent. This reluctance is even stronger if they are aware of public cases of whistleblowers who have been ostracized or persecuted by their coworkers or superiors, or have had their careers damaged. An effective way to resolve this conflict is to provide employees with hotlines so they can anonymously report fraud. The downside of hotlines is that many of the calls are not worthy of investigation. Some calls come from those seeking revenge, others are vague reports of wrongdoing, and others simply have no merit. A potential problem with a hotline is that those who operate the hotline may report to people who are involved in a management fraud. This threat can be overcome by using a fraud hotline set up by a trade organization or commercial company. Reports of management fraud can be passed from this company directly to the board of directors.

Many private and public organizations use outside computer consultants or in-house teams to test and evaluate their security procedures and computer systems through the performance of system penetration testing.  The consultants are paid to try everything possible to compromise an enterprise’s system(s). To get into offices so they can look for passwords or get on computers, they masquerade as janitors, temporary workers, or confused delivery personnel. They also employ software based hacker tools (readily available on the Internet) and social engineering techniques.  Using such methods, some outside consultants claim that they can penetrate 90% or more of the companies they “attack” to a greater or lesser degree.

All financial transactions and activities should be recorded in a log. The log should indicate who accessed what data, when, and from which location. These logs should be reviewed frequently to monitor system activity and trace any problems to their source. There are numerous risk analysis and management software packages that can review computer systems and networks and the financial transactions they contain. These packages evaluate security measures already in place and test for weaknesses and vulnerabilities. A series of reports are then generated to explain any weaknesses found and suggest improvements. Cost parameters can be entered so that a company can balance acceptable levels of vulnerability and cost effectiveness. There are also intrusion-detection programs and software utilities that can detect illegal entry into systems along with software that monitors system activity and helps companies recover from fraud and malicious actions.

People who commit fraud tend to follow certain patterns and leave tell-tale clues, often things that do not make sense. Software is readily available to search for these fraud symptoms. For example, a health insurance company could use fraud detection software to look at how often procedures are performed, whether a diagnosis and the procedures performed fit a patient’s profile, how long a procedure takes, and how far patients live from the doctor’s office.

Neural networks (programs that mimic brain activity and can learn new concepts) are quite accurate in identifying suspected fraud. For example, Visa and MasterCard operations employ neural network software to track hundreds of millions of separate account transactions daily. Neural networks spot the illegal use of a credit card and notify the owner within a few hours of its theft. The software can also spot trends before bank investigators do.

Each enterprise needs to determine its appropriate overall governance system and the fraud detection approaches it decides to implement in support of that system. To help in that determination, mapping governance frameworks, principles, structures, processes and practices, currently in use, is beneficial. CFE’s and forensic accountants are uniquely qualified to assist in this process given their in-depth knowledge of all types of fraud scenarios and the tailoring of the anti-fraud controls most appropriate for the control of each within a specific company environment.

The Initially Immaterial Financial Fraud

At one point during our recent two-day seminar ‘Conducting Internal Investigations’ an attendee asked Gerry Zack, our speaker, why some types of frauds, but specifically financial frauds can go on so long without detection. A very good question and one that Gerry eloquently answered.

First, consider the audit committee. Under modern systems of internal control and corporate governance, it’s the audit committee that’s supposed to be at the vanguard in the prevention and detection of financial fraud. What kinds of failures do we typically see at the audit committee level when financial fraud is given an opportunity to develop and grow undetected? According to Gerry, there is no single answer, but several audit committee inadequacies are candidates. One inadequacy potentially stems from the fact that the members of the audit committee are not always genuinely independent. To be sure, they’re required by the rules to attain some level of technical independence, but the subtleties of human interaction cannot always be effectively governed by rules. Even where technical independence exists, it may be that one or more members in substance, if not in form, have ties to the CEO or others that make any meaningful degree of independence awkward if not impossible.

Another inadequacy is that audit committee members are not always terribly knowledgeable, particularly in the ways that modern (often on-line, cloud based) financial reporting systems can be corrupted. Sometimes, companies that are most susceptible to the demands of analyst earnings expectations are new, entrepreneurial companies that have recently gone public and that have engaged in an epic struggle to get outside analysts just to notice them in the first place. Such a newly hatched public company may not have exceedingly sophisticated or experienced fiscal management, let alone the luxury of sophisticated and mature outside directors on its audit committee. Rather, the audit committee members may have been added to the board in the first place because of industry expertise, because they were friends or even relatives of management, or simply because they were available.

A third inadequacy is that audit committee members are not always clear on exactly what they’re supposed to do. Although modern audit committees seem to have a general understanding that their focus should be oversight of the financial reporting system, for many committee members that “oversight” can translate into listening to the outside auditor several times a year. A complicating problem is a trend in corporate governance involving the placement of additional responsibilities (enterprise risk management is a timely example) upon the shoulders of the audit committee even though those responsibilities may be only tangentially related, or not at all related, to the process of financial reporting.

Again, according to Gerry, some or all the previously mentioned audit committee inadequacies may be found in companies that have experienced financial fraud. Almost always there will be an additional one. That is that the audit committee, no matter how independent, sophisticated, or active, will have functioned largely in ignorance. It will not have had a clue as to what was happening within the organization. The reason is that a typical audit committee (and the problem here is much broader than newly public startups) will get most of its information from management and from the outside auditor. Rarely is management going to voluntarily reveal financial manipulations. And, relying primarily on the outside auditor for the discovery of fraud is chancy at best. Even the most sophisticated and attentive of audit committee members have had the misfortune of accounting irregularities that have unexpectedly surfaced on their watch. This unfortunate lack of access to candid information on the part of the audit committee directs attention to the second in the triumvirate of fraud preventers, the internal audit department.

It may be that the internal audit department has historically been one of the least understood, and most ineffectively used, of all vehicles to combat financial fraud. Theoretically, internal audit is perfectly positioned to nip in the bud an accounting irregularity problem. The internal auditors are trained in financial reporting and accounting. The internal auditors should have a vivid understanding as to how financial fraud begins and grows. Unlike the outside auditor, internal auditors work at the company full time. And, theoretically, the internal auditors should be able to plug themselves into the financial reporting environment and report directly to the audit committee the problems they have seen and heard. The reason these theoretical vehicles for the detection and prevention of financial fraud have not been effective is that, where massive financial frauds have surfaced, the internal audit department has often been somewhere between nonfunctional and nonexistent.. Whatever the explanation, (lack of independence, unfortunate reporting arrangements, under-staffing or under-funding) in many cases where massive financial fraud has surfaced, a viable internal audit function is often nowhere to be found.

That, of course, leaves the outside auditor, which, for most public companies, means some of the largest accounting firms in the world. Indeed, it is frequently the inclination of those learning of an accounting irregularity problem to point to a failure by the outside auditor as the principal explanation. Criticisms made against the accounting profession have included compromised independence, a transformation in the audit function away from data assurance, the use of immature and inexperienced audit staff for important audit functions, and the perceived use by the large accounting firms of audit as a loss leader rather than a viable professional engagement in itself. Each of these reasons is certainly worthy of consideration and inquiry, but the fundamental explanation for the failure of the outside auditor to detect financial fraud lies in the way that fraudulent financial reporting typically begins and grows. Most important is the fact that the fraud almost inevitably starts out very small, well beneath the radar screen of the materiality thresholds of a normal audit, and almost inevitably begins with issues of quarterly reporting. Quarterly reporting has historically been a subject of less intense audit scrutiny, for the auditor has been mainly concerned with financial performance for the entire year. The combined effect of the small size of an accounting irregularity at its origin and the fact that it begins with an allocation of financial results over quarters almost guarantees that, at least at the outset, the fraud will have a good chance of escaping outside auditor detection.

These two attributes of financial fraud at the outset are compounded by another problem that enables it to escape auditor detection. That problem is that, at root, massive financial fraud stems from a certain type of corporate environment. Thus, detection poses a challenge to the auditor. The typical audit may involve fieldwork at the company once a year. That once-a-year period may last for only a month or two. During the fieldwork, the individual accountants are typically sequestered in a conference room. In dealing with these accountants, moreover, employees are frequently on their guard. There exists, accordingly, limited opportunity for the outside auditor to get plugged into the all-important corporate environment and culture, which is where financial fraud has its origins.

As the fraud inevitably grows, of course, its materiality increases as does the number of individuals involved. Correspondingly, also increasing is the susceptibility of the fraud to outside auditor detection. However, at the point where the fraud approaches the thresholds at which outside auditor detection becomes a realistic possibility, deception of the auditor becomes one of the preoccupations of the perpetrators. False schedules, forged documents, manipulated accounting entries, fabrications and lies at all levels, each of these becomes a vehicle for perpetrating the fraud during the annual interlude of audit testing. Ultimately, the fraud almost inevitably becomes too large to continue to escape discovery, and auditor detection at some point is by no means unusual. The problem is that, by the time the fraud is sufficiently large, it has probably gone on for years. That is not to exonerate the audit profession, and commendable reforms have been put in place over the last decade. These include a greater emphasis on fraud, involvement of the outside auditor in quarterly data, the reduction of materiality thresholds, and a greater effort on the part of the profession to assess the corporate culture and environment. Nonetheless, compared to, say, the potential for early fraud detection possessed by the internal audit department, the outside auditor is at a noticeable disadvantage.

Having been missed for so long by so many, how does the fraud typically surface? There are several ways. Sometimes there’s a change in personnel, from either a corporate acquisition or a change in management, and the new hires stumble onto the problem. Sometimes the fraud, which quarter to quarter is mathematically incapable of staying the same, grows to the point where it can no longer be hidden from the outside auditor. Sometimes detection results when the conscience of one of the accounting department people gets the better of him or her. All along s/he wanted to tell somebody, and it gets to the point where s/he can’t stand it anymore and s/he does. Then you have a whistleblower. There are exceptions to all of this. But in almost any large financial fraud, as Gerry told us, one will see some or all these elements. We need only change the names of the companies and of the industry.

Rigging the Casino

I attended an evening lecture some weeks ago at the Marshall-Wythe law school of the College of William & Mary, my old alma mater, in Williamsburg, Virginia. One of the topics raised during the lecture was a detailed analysis of the LIBOR scandal of 2012, a fascinating tale of systematic manipulation of a benchmark interest rate, supported by a culture of fraud in the world’s biggest banks, and in an environment where little or no regulation prevailed.

After decades of abuse that enriched the big banks, their shareholders, executives and traders, at the expense of others, investigations and lawsuits were finally initiated, and the subsequent fines and penalties were huge. The London Interbank Offered Rate (LIBOR) rate is a rate of interest, first computed in 1985 by the British Banking Association (BBA), the Bank of England and others, to serve as a readily available reference or benchmark rate for many financial contracts and arrangements. Prior to its creation, contracts utilized many privately negotiated rates, which were difficult to verify, and not necessarily related to the market rate for the security in question. The LIBOR rate, which is the average interest rate estimated by leading banks that they would be charged if they were to borrow from other banks, provided a simple alternative that came to be widely used. For example, in the United States in 2008 when the subprime lending crisis began, around 60 percent of prime adjustable-rate mortgages (ARMs) and nearly all subprime mortgages were indexed to the US dollar LIBOR. In 2012, around 45 percent of prime adjustable rate mortgages and over 80 percent of subprime mortgages were indexed to the LIBOR. American municipalities also borrowed around 75 percent of their money through financial products that were linked to the LIBOR.

At the time of the LIBOR scandal, 18 of the largest banks in the world provided their estimates of the costs they would have had to pay for a variety of interbank loans (loans from other banks) just prior to 11:00 a.m. on the submission day. These estimates were submitted to Reuters news agency (who acted for the BBA) for calculation of the average and its publication and dissemination. Reuters set aside the four highest and four lowest estimates, and averaged the remaining ten.

So huge were the investments affected that a small manipulation in the LIBOR rate could have a very significant impact on the profit of the banks and of the traders involved in the manipulation. For example, in 2012 the total of derivatives priced relative to the LIBOR rate has been estimated at from $300-$600 trillion, so a manipulation of 0.1% in the LIBOR rate would generate an error of $300-600 million per annum. Consequently, it is not surprising that, once the manipulations came to light, the settlements and fines assessed were huge. By December 31, 2013, 7 of the 18 submitting banks charged with manipulation, had paid fines and settlements of upwards of $ 2 billion. In addition, the European Commission gave immunity for revealing wrongdoing to several the banks thereby allowing them to avoid fines including: Barclays €690 million, UBS €2.5 billion, and Citigroup €55 million.

Some examples of the types of losses caused by LIBOR manipulations are:

Manipulation of home mortgage rates: Many home owners borrow their mortgage loans on a variable- or adjustable-rate basis, rather than a fixed-rate basis. Consequently, many of these borrowers receive a new rate at the first of every month based on the LIBOR rate. A study prepared for a class action lawsuit has shown that on the first of each month for 2007-2009, the LIBOR rate rose more than 7.5 basis points on average. One observer estimated that each LIBOR submitting bank during this period might have been liable for as much as $2.3 billion in overcharges.

Municipalities lost on interest rate swaps: Municipalities raise funds through the issuance of bonds, and many were encouraged to issue variable-rate, rather than fixed-rate, bonds to take advantage of lower interest payments. For example, the saving could be as much as $1 million on a $100 million bond. After issue, the municipalities were encouraged to buy interest rate swaps from their investment banks to hedge their risk of volatility in the variable rates by converting or swapping into a fixed rate arrangement. The seller of the swap agrees to pay the municipality for any requirement to pay interest at more than the fixed rate agreed if interest rates rise, but if interest rates fall the swap seller buys the bonds at the lower variable interest rate. However, the variable rate was linked to the LIBOR rate, which was artificially depressed, thus costing U.S. municipalities as much as $10 billion. Class action suits were launched to recover these losses which cost municipalities, hospitals, and other non-profits as much as $600 million a year; the remaining liability assisted the municipalities in further settlement negotiations.

Freddie Mac Losses: On March 27, 2013, Freddie Mac sued 15 banks for their losses of up to $3 billion due to LIBOR rate manipulations. Freddie Mac accused the banks of fraud, violations of antitrust law and breach of contract, and sought unspecified damages for financial harm, as well as punitive damages and treble damages for violations of the Sherman Act. To the extent that defendants used false and dishonest USD LIBOR submissions to bolster their respective reputations, they artificially increased their ability to charge higher underwriting fees and obtain higher offering prices for financial products to the detriment of Freddie Mac and other consumers.

Liability Claims/Antitrust cases (Commodities-manipulations claims): Other organizations also sued the LIBOR rate submitting banks for anti-competitive behavior, partly because of the possibility of treble damages, but they had to demonstrate related damages to be successful. Nonetheless, credible plaintiffs included the Regents of the University of California who filed a suit claiming fraud, deceit, and unjust enrichment.

All of this can be of little surprise to fraud examiners. The ACFE lists the following features of moral collapse in an organization or business sector:

  1. Pressure to meet goals, especially financial ones, at any cost;
  2. A culture that does not foster open and candid conversation and discussion;
  3. A CEO who is surrounded with people who will agree and flatter the CEO, as well as a CEO whose reputation is beyond criticism;
  4. Weak boards that do not exercise their fiduciary responsibilities with diligence;
  5. An organization that promotes people based on nepotism and favoritism;
  6. Hubris. The arrogant belief that rules are for other people, but not for us;
  7. A flawed cost/benefit attitude that suggests that poor ethical behavior in one area can be offset by good ethical behavior in another area.

Each of the financial institutions involved in the LIBOR scandal struggled, to a greater or lesser degree with one or more of these crippling characteristics and, a distressing few, manifested all of them.

In Plain Sight

By Rumbi Petrozzello, CPA/CFF, CFE
2017 Vice-President – Central Virginia Chapter ACFE

Recently, I was listening to one my favorite podcasts, Radiolab, and they were discussing a series on Audible called “Ponzi Supernova”. Reporter Steve Fishman hounded infamous Ponzi schemer, Bernie Madoff, for several years. One day, Bernie called Steve, collect, and thus began the conversations between Madoff and Fishman that makes this telling of the Madoff Ponzi scheme like none other.

The tale is certainly compelling (how can a story of the largest known Ponzi scheme not be fascinating) and hearing Bernie Madoff talking about what he did and hearing what he says motivated him makes this series something I listened to from beginning to end, almost without taking a break. Through it all, as had happened just about every time I read or heard about Madoff, I was amazed that he was able to perpetrate his fraud for as long as he did, which, depending on who you believe, started somewhere between the early 1960s and 1992 (even Madoff gives different dates for when he started). This is no surprise. All too often, when fraudsters are caught, they try to minimize the extent of their wrongdoing. If they know that you’ve found $1,000, they’ll tell you that $1,000 was all they took. If you go on to find more, then the story will change a little to include what you’ve found. It’s very rare that a fraudster will confess to the full extent of her crime at the first go around (or even at the second or third).

As I listened to the series, something became very apparent. Often when people discuss the Madoff Ponzi scheme, one tends to get the feeling that, for decades, he took money from new investors to pay off old investors and carried on his multi-billion-dollar scheme without a single soul blowing the whistle on him. But that’s not the case. In a 477-page report from the U.S. Securities and Exchange Commission Office of Investigations (OIG) entitled “Investigation of Failure of the SEC to Uncover Bernard Madoff’s Ponzi Scheme – Public Version”, between June 1992 and December 2008, the Securities and Exchange Commission (SEC) received “six substantive complaints” regarding Madoff’s company and some of these complaints were submitted more than once.

One complaint mentioned in the report was received three times, with versions submitted in 2000, 2001 and 2005; the 2005 version was even entitled “The World’s Largest Hedge Fund is a Fraud”. This complaint series was submitted by Madoff’s most well-known nemesis, the whistleblower, Harry Markopolos. But, there were at least five other individuals who shared their concerns and suspicions about Madoff with the SEC. Three of these specifically used the words “Ponzi scheme”, including the first complaint, in 1992. Based on these complaints, the SEC conducted two investigations and three examinations and, even though the complaints explicitly stated that they suspected that Madoff Investments was a Ponzi scheme, none of the investigations or examinations concluded that Madoff was operating a Ponzi scheme. To add to this, the SEC was aware of two articles that questioned Madoff’s returns. Over the years, several investment companies performed their own due diligence and decided that Madoff’s company did not make sense and they believed that investing with Madoff would be a violation of their fiduciary duty to their clients. Despite all of this, none of these investigations or exams contained a finding of fraud.

Whether you’re a Certified Fraud Examiner (CFE) or a CPA, Certified in Financial Forensics (CFF), the work that you do is governed by a set of professional standards that help establish a performance baseline. This begins with competence. This means that those taking on an assignment should be able to complete the assignment successfully. This does not necessarily mean that whoever is leading the job needs to know how to do everything. It does mean that they should ensure that there is the right skill set working on the job, even if it means the use of referrals or consultation. Too many times, while reading the OIG report, the reader confronts the mention of a lack of experience. Listening to Ponzi Supernova, I learnt that at least one examiner was only three weeks out of school. The OIG report stated that, for one examination, because the person leading the investigation had no knowledge of how to investigate a suspected Ponzi scheme, they decided to just not investigate that claim; they decided instead to investigate what they knew, and that was front running (though even that investigation was carried out poorly).

Another ACFE professional standard is that of due professional care. Due professional care “requires diligence, critical analysis and professional skepticism”. It also means that any conclusion that a CFE reaches, must be supported by evidence that is relevant, sufficient and competent. Several times during the various investigations and examinations, SEC staff would ask Madoff or his employees questions and then accept any answers they were given without seeking any third-party confirmation. Sometimes, even when third-party confirmation was sought, the questions asked of those third parties were not the correct ones. Madoff himself tells the story of how, in 2006, Madoff testified that he settled trades for his advisory clients through his personal Depository Trust Company (DTC) account and he even gave the SEC his DTC account information. At this point Madoff was sure that, once the SEC checked this out, his fraud would be discovered. Instead, the SEC merely asked the DTC if Madoff had an account, and nothing more. Had they asked about account activity, they would have then discovered that Madoff’s account, even though it existed, did not trade anywhere near the volume purported by his statements. This brings up other aspects of due professional care; adequate planning and supervision. With proper supervision, the less experienced can be trained not just to ask questions, but to ask, and get adequate answers to, the correct questions. The person reviewing their work would be able to ask them, “did the answer that you got from the DTC answer the question that we are asking? Can we now confirm not that Madoff has an account with the DTC but, instead, that he is trading billions of dollars through these accounts?”

Time and time again, in the OIG report, the SEC stated that they did not have experienced and adequate staff for their examinations and investigations of Madoff. This was an excuse that was used to explain why, for instance, they did not send out requests for third-party confirmations, even after drafting them. In one case, staff stated that they did not send out a request to the National Association of Securities Dealers (NASD) because it would have been too time-consuming to review the data received. Adequate planning would have made sure that there was sufficient, qualified staffing to review the data. Adequate supervision would have ensured that this excuse for not sending out the request was squashed. However, it is not the case that no third-party confirmation requests were sent out. Some were and some of those sent out received responses. Responses were received from the NASD and other financial institutions These entities all claimed that there was no activity with Madoff on the dates that the examiners were asking about. Even with that information, there was no follow-up on the part of the examiners. At every turn, there seemed to be a lot of trust and just about no verification. This is even more surprising when you hear that the examiners would write notes about how Madoff was obviously lying and how many people had reported to the SEC that Madoff was running a dishonest business. Even with so much distrust, and so many whistleblowers, it turned out that those sent to shine a light on Madoff’s operations all seemed to be looking in all the wrong places.

Part of planning an investigation is determining what is being investigated and how the investigation is going to be executed. A very important part of the process is determining, beforehand, what will be done with negative results. When third-party responses were received and they all stated Madoff had not done business with them as claimed, the responses appear to have been filed and no further action taken. When responses were not received, the SEC did not follow up to find out why nothing had been returned. They likely would have found that the institution had not responded to the inquiry because there was nothing to respond about. There does not appear to have been a defined protocol on what to do when the answer to the question, “did this happen” was “No.”

I urge you to, at the very least, read the executive summary of the OIG report. For me at least, what Madoff could get away with, time and time again, with each subsequent SEC examination or investigation, is jaw-dropping. The fact that 1) several whistleblowers shared their concerns and even accompanied them with a great deal of detail and 2) that articles were written and yet, 3) those with access to the information that could prove, with very little effort, that Madoff was not doing what he claimed to be doing, found nothing of concern is something I struggle to comprehend. This whole sad history does underline the importance of referring to, and abiding by, our professional standards, to minimize the risk of missing a fraud like this one. Most importantly, it reduces the risk that someone might get an aneurism trying to wrap their mind around how, even when so many others could see that something was amiss, the watchdog missed it all!

Overhanging Liabilities

Most experienced CFE’s are familiar with financial fraud cases involving the overhanging liabilities represented by artfully constructed schemes to avoid income taxes since multiple ACFE training courses over the years have focused on the topic in detail.  But for those new to fraud examination and to the Central Virginia Chapter, a little history.  Before 2002, accounting firms would provide multiple services to the same firm. Hired by the shareholders, they would audit the financial statements that were prepared by management, while also providing consulting services to those same managers. Some would also provide tax advice to the managers of audit clients. However, the Sarbanes-Oxley Act of 2002 (SOX) restricted the type and the intensity of consulting services that could be provided to the management of audit clients because the provision of such services might compromise the objectivity of the auditor when auditing the financial statements prepared by client management on behalf of the shareholders. Nevertheless, both before and after the passage of SOX, as subsequently reported in the financial press, both the major accounting firms Ernst & Young (E&Y) and KPMG were offering very aggressive tax shelters to wealthy taxpayers as well as to the senior managers of their audit clients.

In the 1990s, E&Y had created four tax shelters that they were selling to wealthy individuals. One Of them, called E.C.S., for Equity Compensation Strategy, resulted in little or no tax liability for the taxpayer. The complicated tax plan was a means of delaying, for up to thirty years, paying taxes on the profits from exercising employee stock options that would otherwise be payable in the year in which the stock options were exercised. E&Y charged a fee of 3 percent of the amount that the taxpayer invested in the tax shelter, plus $50,000 to a law firm for a legal opinion that said that it was “more likely than not” that the shelter would survive a tax audit. E&Y had long been the auditor for Sprint Corporation. They also took on as clients William Esrey and Ronald LeMay, the top executives at Sprint. In 2000 E&Y received:

  • $2.5 million for the audit of Sprint,
  • $2.6 million for other services related to the audit;
  • $63.8 million for information technology and other consulting services, and
  • $5.8 million from Esrey and LeMay for tax advice.

In 1999 Esrey announced a planned merger of Sprint with WorldCom that potentially would have made the combined organization the largest telecommunications company in the world. The deal was not consummated because it failed to obtain regulatory approval. Nevertheless, Esrey and LeMay were awarded stock options worth about $3ll million. E&Y sold an E.C.S. to each of the two executives. In the three years from 1998 to 2000, the options profits for Esrey were $159 million and the tax that would have been payable had he not bought the tax shelter amounted to about $63 million. The options profits for LeMay were $152.2 million and the tax thereon about $60.3 million.

Subsequently, the Internal Revenue Service rejected the E&Y tax shelter of each man. Sprint then asked the two executives to resign, which they did. Sprint also dismissed E&Y as the company’s auditor. On July 2, 2003, E&Y reached a $15 million settlement with the IRS regarding their aggressive marketing of tax shelters. Then, in 2007, four E&Y partners were charged with tax fraud. These four partners worked for an E&Y unit called VIPER, “value ideas produce extraordinary results,” later renamed SISG, “strategic individual solutions group.” Its purpose was to aggressively market tax shelters, known as Cobra, Pico, CDS, and CDS Add-Ons, to wealthy individuals, many of whom acquired their fortunes in technology-related businesses. These four products were sold to about 400 wealthy taxpayers from 1999 to 2001 and generated fees of approximately $121 million. The government claims that the tax shelters were bogus and taxpayers were reassessed for taxes owed as well as for related penalties and interest.

On August 26, 2005, KPMG in turn agreed pay a fine of $456 million for selling tax shelters from 1996 through 2003 that fraudulently generated $11 billion in fictitious tax losses that cost the government at least $2.5 billion in lost taxes. The four tax shelters went by the acronyms FLIP, OPIS, BLIPS, and SOS.  Under the Bond Linked Premium Issue Structure (BLIPS), for example, the taxpayer would borrow money from an offshore bank and invest in a joint venture that would buy foreign currencies from that same offshore bank. About two months later, the joint venture would then sell the foreign currency back to the bank, creating a tax loss. The taxpayer would then declare. a loss for tax purposes on the BLIPS investment. The way that BLIPS were structured, the taxpayer only had to pay $1.4 million to declare a $20 million loss for tax purposes. BLIPS were targeted at wealthy executives who would normally pay between $10 million and $20 million in taxes.

Buying a BLIPS, however, effectively reduced the investor’s taxable income to zero. They were sold to 186 wealthy individuals and generated at least $5 billion in tax losses. The FLIP and OPIS involved investment swaps through the Cayman Islands, and SOS was a currency swap like the BLIPS. The government contended that these were sham transactions since the loans and investments were risk-free. Their sole purpose was to artificially reduce taxes. Some argued that the KPMG tax shelters were so egregious that the accounting firm should be put out of business. However, Arthur Andersen had collapsed in 2002, and if KPMG failed, then there would be only three large accounting firms remaining: Deloitte, PricewaterhouseCoopers, and Ernst & Young. KPMG Chairman, Timothy Flynn, said “the firm regretted taking part in the deals and sent a message to employees calling the conduct inexcusable. KPMG remained in business, but the firm was fined almost a half billion dollars.

Because of the Ernst & Young and KPMG tax fiascos, the large accounting firms have become wary of marketing very aggressive tax shelters. Now, most shelters are being sold by tax “boutiques” that operate on a much smaller scale and so are less likely to be investigated by the IRS.  The question that remains, however, is to what extent should professional accountants be selling services that directly or indirectly abet even lawful tax avoidance which, as the ACFE tells us,  can so easily shade into what the IRS calls tax evasion?

Talking Through the Hindrances

That control self-assessment (CSA) can be used as an effective facilitation tool to develop fraud risk assessments is, I’m sure, of no surprise to many of the readers of this blog.  But, for those of you who are not so aware … typically, a control self-assessment session to identify fraud risk is a facilitated meeting of managerial and operational staff (the business process experts) coming together to openly discuss fraud risk prevention objectives related to identified risk factors associated with one or more of a company’s business processes.

Fraud prevention objectives for the business process are identified, as well as obstacles impeding the success of those objectives.  Finally, the team suggests, for upper management consideration, ways to overcome identified obstacles and a proposed corrective action plan is prepared.  At the start of the self-assessment session, the participants adopt a Team Operating Agreement to ensure that an open and honest discussion takes place in a threat free environment.  It takes a consensus of the participants to approve the operating agreement which all the participants in the session sign; no management decisions regarding actions to be taken are made during the session.

After the Operating Team Agreement is in place, team members typically develop and approve what they perceive to be a list of fraud prevention objectives for the target business process under discussion.  Once the anti-fraud objectives are defined, the participants enter a discussion (and develop a list) of what they feel to be the existing overall fraud prevention strengths of the subject process.  Next, the team discusses and develops a list of the hindrances currently preventing the process from achieving its anti-fraud related objectives.  Finally, the team develops recommendations for overcoming the identified hindrances.  Sometimes the team ranks its fraud reduction recommendations by order of importance but this step is not critical.

A CSA for fraud prevention is akin to a risk assessment brainstorming session.  For example, the scope of such a session regarding a financial reporting related business process might be tailored to the risks of financial statement fraud and misstatement as well as to the issue of management override of controls over financial statement reporting.  The objective of the CSA is for the team to identify and discuss fraud risks, fraud scenarios and mitigating controls followed by the preparation of a set of recommendations for referral to management.

For each risk factor identified the CSA team should:

–try to identify what would cause a fraud to occur, or detail the risk factor itself;
–determine the specific fraud risk;
–determine potential fraud schemes or scenarios associated with the risk;
–identify affected financial accounts;
–identify staff positions that could potentially be involved;
–try to assess the type, likelihood, significance and inherent risk involved;
–formulate the controls that could mitigate the risk;
–classify the controls by type (i.e., preventative, detective, entity, and process level);
–identify and assess residual risk.

Certified fraud examiners (CFE’s) have an active role to play in tailoring the CSA format for use in risk identification and mitigation as well as in performing actual facilitation of the CSA sessions.   Specifically, CFE’s can help client staff develop a more detailed, in-depth understanding of complex fraud risks that management and operational staff sometimes only vaguely perceive.  Armed with the knowledge developed during the CAE session(s) and coupled with their risk assessment and group facilitation skills, CFE’s can assist management and the audit committee of the client to identify, assess, and develop final fraud risk mitigation strategies to strengthen the fraud prevention program of the organization as a whole.  Following what are sometimes multiple CAE sessions, CFE’s can assist the team in detailing the menu of anti-fraud measures developed during the individual sessions in a report to client management embodying the anti-fraud recommendations of the CAE session members to the Executive Management Team and to the audit committee for their consideration.  It’s up to top management to decide which of the CSA team’s anti-fraud recommendations to implement and which of the team’s identified risks to accept.

Just a few of the advantages of conducting fraud prevention related CAE’s for critical client business processes include:

–building fraud risk awareness among those middle level managers charged with day-to- day management of our client companies business processes;
–mapping organization wide fraud prevention efforts to specific business processes;
–establishing links between information technology (IT) systems development projects and the broader fraud prevention program;
–identifying, documenting and integrating fraud prevention skill sets across all the business processes of the organization;
–support for the construction of a strong, management supported fraud prevention program that enjoys full management and board support company wide.

Finally, consider the advantages that the self assessment process brings to the ethical dimension of the utilizing enterprise.  The values that a corporation’s managers and directors wish to instill in order to motivate the beliefs and actions of its personnel need to be conveyed to provide the required guidance.  Usually such guidance takes the form of a code of conduct that states the values selected, the principles that flow from those values, and any rules that are to be followed to ensure that the appropriate values are respected.

The code of conduct itself is a worthy subject for a series of separate control self assessment sessions composed of representative levels of company staff such as the management team, lower level management and the operating staff.  The results of these sessions can be analyzed and a final comprehensive report produced documenting the comments (and even suggested revisions) that CSA participants have made regarding the code during their respective sessions.  This exercise is, thus,  an excellent vehicle to build “ownership of the code” among the staff comprising all levels of the enterprise.

Public Trust

The current round of congressional hearings involving the secretarial appointments to the Trump administration appear to be raising numerous questions about conflicts of interest and as well as instances involving possible self-interested stock trading on the part of several of the wealthy candidates.  Issues involving self-interest are no less important for assurance professionals like CFE’s, auditors and public accountants than they are for presidential appointees.

The misuse of information for personal interest by an assurance professional can be detrimental to other stakeholders of the client or company involved. For example, the use of information by any professional before others have the right to use such information is unfair and considered unethical. This is the basic problem for anyone who is privy to inside information about a company by virtue of being its auditor or an employee, that is, an insider, to use that information personally or indirectly for any self-interested purpose. To ensure the basic fairness of stock markets so that the public and other non-insiders will wish to enter the market, regulatory bodies like the SEC require management insiders to wait until the information is released to the public before allowing insiders to trade, and then they must disclose these trades so the public will know what’s happened.

The prospect of a rigged game, in which insiders have an unfair advantage, would not be in the public interest or in the interest of the corporations using the market for fund raising in the long run. Insider trading rules also apply to the families of the insider, extending even to those who are not part of the immediate family but for or over whom the insider has an obvious ability to exert influence or extract gain. Some individuals with high-profile jobs in the public service go even further to avoid such conflicts of interest. To be entirely ethical, some politicians have placed their holdings, and those of their dependents, in so-called blind trusts, which are managed by someone else with instructions not to discuss trades or holdings with the politician. The situation for we auditors is somewhat different in that the ownership of shares or financial instruments of a client is forbidden based on the real or potential conflict of interest that would be created. Most auditing firms extend this ban in two ways. First, the ban is applied to the auditor’s family and to persons who would be considered significant dependents or subject to influence. Second, the ban may also apply to any client of the firm, even if that client is serviced through a wholly separate office (for international firms, even in another country) with which the individual professional does not have contact on a normally occurring basis.

Where the ban is relaxed on trading in shares of the firm’s clients for employees not directly involved in the client’s affairs, extreme care is taken through information barriers/firewalls and reporting/scrutiny mechanisms to manage the conflict of interest created. The extent of attention paid to the prevention of insider trading and even to the perception of it is indicative of the alarm with which most firms view its prospect. Confidentiality is the term used to describe keeping confidential information that is proprietary to a client or employer. The release of such information to the public, or to competitors, would have a detrimental effect on the interests of the client, and it would be contrary to the expectations of trust of any fiduciary relationship.

In the case of a fraud examiner, this expectation of trust and privacy is vital to the client’s willingness to discuss difficult issues, which are quite germane to the investigation, to get the opinion of the examiner on how they might be dealt with in court proceedings and even, eventually, in the public eye. In the case of auditors, how frank would the discussion of a contentious contingent liability be if there were a possibility the auditor would reveal the confidence? How could a contentious tax treatment be discussed thoroughly if there was the possibility of a voluntary or involuntary disclosure to the tax collection authorities? It’s therefore argued by the ACFE, the AICPA and others that the maintenance of client confidences is essential to the proper exercise of the audit function, and to the provision of the best advice based on full discussion of possibilities.

There are, however, limits to privacy that some professions have enshrined in their codes of conduct, or where these limits are spelled out in regulatory frameworks. Engineers, for example, must disclose to appropriate public officials when they believe a structure or mechanism is likely to be harmful to the users, as in the potential collapse of a building due to violations of the building code.  In most western countries, money laundering for drugs and terrorism must be reported to financial authorities by banking professionals. For auditors as well there appears to be an increasing focus on their public responsibility and an increasing expectation of action rather than silence. This trade-off between the interests of client, management, public, regulators, the profession, and management promises to be an ever growing conundrum for all professionals in the future. One issue that is not as well understood as is often thought is the consequence of a professional accountant observing strict confidentiality about the malfeasance of his or her employer, and being directed by the professional code to resign if the employer cannot be convinced to change their behavior. This would follow from the codes of conduct that require no disclosure of client/employer confidences except in a court of law or subject to a disciplinary hearing, and at the same time requiring resignation to avoid association with a misrepresentation. In the event of a resignation in silence, the ethical misdeed goes unrecognized by all stakeholders except the perpetrators and the silent professional. How does this protect the interests of the public, the shareholders, or the profession?

It has been suggested, as a topic for discussion, that strict confidentiality codes be modified to allow for the introduction of the possibility of consultation on such matters with officials of the professional’s certifying institute. Perhaps through such confidential dialogue, a means could be found to better judge what needs to be kept confidential, when and how disclosure ought to be made, and how the professional’s and the public’s interests can be protected. For an auditor, the situation is different. When an auditor is discharged, or replaced, the incoming auditor has the right to ask the outgoing auditor (and the client) what the circumstances were that led to the dismissal or resignation. In some jurisdictions, the removed auditor even has the right to address the shareholders at their annual meeting, or by mail, at the expense of the corporation involved.

CFE’s and other assurance professionals of all types are sophisticated enough to know that our professional codes don’t cover every ethical challenge and that investigations and engagements involving potential or suspected insider trading and conflicts of interest are no exception.  We must all, therefore, continue to develop judgement, values and character traits that embrace the public expectations inherent in emerging stakeholder oriented accountability and governance frameworks.

Empire Lost

marthastuart2Last week my wife and I were confronted with the challenge of  hosting a Christmas party for 24 of our relatives.  We thought we’d serve a standing prime rib roast to the guests and turned to a Martha Stewart Cooking School episode on PBS for preparation guidance.  Needless to say, the roast was delicious but seeing Stuart again after all this time got me thinking about her classic insider trading case of what now seems so long ago.

In June 2002, Martha Stewart began to wrestle with allegations that she had improperly used inside information to sell a failed personal stock investment to the unsuspecting investing public. That was when her personal friend Sam Waksal was defending himself against Securities and Exchange Commission (SEC) allegations that he had tipped off his family members so they could sell their shares of ImClone Systems Inc. just before other investors learned that ImClone’s stock was about to tank. Observers presumed that Stuart was also tipped off and, even though she proclaimed her innocence, the rumors would not go away. On daily TV as the reigning guru of homemaking, Ms. Stuart was the multimillionaire proprietor, president, and driving force of Martha Stewart Living Omnimedia Inc. (MSO), of which, on March 18, 2002, she owned 30,713,475 (62.6 percent) of the class A, and 30,619,375 {100 percent) of the class B shares.

On December 27, 2001, her class A and class B shares were worth approximately $17 each, so on paper her MSO class A shares alone were worth over $500 million. Class B shares were convertible into class A shares on a one to-one basis. What was not known was that Stewart had sold 3,928 shares of ImClone for $58 each on December 27, 2001.  This was not public until the information surfaced in June 2003.  The sale generated $227,824, and she avoided losing $45,673 when the stock price dropped the next day.  The whole sorry episode over this relatively small amount of money wound up causing her endless personal grief and humiliation, dealt a devastating blow to her reputation, and precipitated a punishing drop to $5.26 in the MSO share price.

As some of your probably remember, it turned out that Stuart had made an investment in ImClone, a company that was trying to get the approval of the U.S. Food and Drug Administration (FDA) to bring to market an anti-colon cancer drug called Erbitux. Samuel Waksal, then the CEO of ImClone and a friend of Stuart’s, was apparently warned on or close to December 25, 2001, that the FDA was going to refuse to review Erbitux. Per later SEC allegations, Waksal relayed the information to his family so they could dump their ImClone shares on the public before the official announcement. Martha claimed (and still claims) that she didn’t get any early inside information from Waksal, but regulators believed that she may have either gotten it from her broker or from her broker’s aide. The activities of several of Waksal’s friends, including Stuart all came under almost immediate investigation by the SEC.

Waksal was arrested on June 12, 2002, and charged with “nine criminal counts of conspiracy, securities fraud and perjury, and then freed on $10 million bail. In a related civil complaint, the SEC alleged that Waksal “tried to sell ImClone stock and tipped family members before ImClone’s official FDA announcement on Dec. 28.”  Per the SEC, two unidentified members of Waksal’s family sold about $10 million worth of ImClone stock in a two-day interval just before the announcement. Moreover, Waksal also tried for two days to sell nearly 80,000 ImClone shares for about $5 million, but two different brokers refused to process the trades. Stuart denied any wrongdoing. She was quoted as saying: “In placing my trade I had no improper information…. My transaction was entirely lawful.”  She admitted calling Waksal after selling her shares, but claimed: “I did not reach Mr. Waksal, and he did not return my call.”  She maintained that she had an agreement with her broker to sell her remaining ImClone shares “if the stock dropped below $60 per share.” Stuart’s viewing public, however, was skeptical. She was asked embarrassing questions when she appeared on TV for a cooking segment, and she declined to answer saying: “I am here to make my salad.”

Martha’s interactions with her broker, Peter Bacanovic, and his assistant, Douglas Faneuil, quickly came under scrutiny. Merrill Lynch & Co. suspended Bacanovic (who was also Sam Waksal’s broker) and Faneuil, with pay, in late June. Later, since all phone calls to brokerages are taped and emails kept, it appeared to be damning when Bacanovic initially refused to provide his cell phone records to the House Energy and Commerce Commission for their investigation. Then, on October 4, 2001, Faneuil “pleaded guilty to a charge that he accepted gifts from his superior in return for keeping quiet about circumstances surrounding Stewart’s controversial stock sale.”  Faneuil admitted that he received extra vacation time, including a free airline ticket from a Merrill Lynch employee in exchange for withholding information from SEC and FBI investigators.

Per court records:

“On the morning of Dec. 27, Faneuil received a telephone call from a Waksal family member who asked to sell 39,472 shares for almost $2.5 million. Waksal’s accountant also called Faneuil in an unsuccessful attempt to sell a large block of shares. Prosecutors allege that those orders “constituted material non-public information.” They also allege that Faneuil violated his duty to Merrill Lynch by calling a “tippee” to relate that Waksal family members were attempting to liquidate their holdings in ImClone. That person then sold “all the tippee’s shares of ImClone stock, approximately 3,928 shares, yielding proceeds of approximately $228,000.”

One day later, on October 5th, it was announced that Stuart had resigned from her post as a director of the New York Stock Exchange (a post she held only four months) and the price of MSO shares declined more than 7 percent to $6.32 in afternoon trading. From June 12th to October 12th, the share price of MSO declined by approximately 61 percent. Stuart’s future took a further interesting turn on October 15th, when Sam Waksal pleaded guilty to six counts of his indictment, including: bank fraud, securities fraud, conspiracy to obstruct justice, and perjury. But he did not agree to cooperate with prosecutors, and did not incriminate Stuart. Waksal’s sentencing was postponed until 2003 so his lawyers could exchange information with U.S. District Judge William Pauley concerning Waksal’s financial records.  After October 15th, the price of MSO shares rose, perhaps as the prospect of Stuart’s going to jail appeared to become more remote, and/or people began to consider MSO to be more than Stuart and her reputation. The recovery from the low point of the MSO share price in October to December 9, 2002, was about 40 percent.

Stuart still had a lot to think about, however. Apparently, the SEC gave Stuart notice in September of its intent to file civil securities fraud charges against her. Stuart’s lawyers responded and the SEC deliberated. Even if Martha were to get off with a fine, prosecutors could still bring a criminal case against her in the future. It is an interesting legal question, however, that if Stuart had simply pled guilty to the civil charges, would she have avoided criminal liability completely? On June 4, 2003, Stewart was indicted on charges of obstructing justice and securities fraud. She then quit as Chairman and CEO of her company, but stayed on the Board and served as Chief Creative Officer. She appeared in court on January 20, 2004, and watched the proceedings throughout her trial. In addition to the testimony of Mr. Faneuil, Stewart’s friend Mariana Pasternak testified that Stewart told her Waksal was trying to dump his shares shortly after selling her ImClone stock. Ultimately, the jury did not believe the counterclaim by her broker, Peter Bacanovic, that he and Stuart had a prior agreement to sell ImClone if it went below $60. Although the judge dismissed the charge of securities fraud for insider trading, on March 5, 2004, the jury found Stewart guilty on one charge of conspiracy, one of obstruction of justice, and two of making false statements to investigators.

The announcement caused the share price of her company to sink by $2.77 to $11.26 on the NYSE. Stuart immediately posted the following on her website:

“I am obviously distressed by the jury’s verdict, but I continue to take comfort in knowing that I have done nothing wrong and that I have the enduring support of my family and friends. I will appeal the verdict and continue to fight to clear my name. I believe in the fairness of the judicial system and remain confident that I will ultimately prevail.”

Stuart was subsequently sentenced to 5 months in prison and 5 months of home detention-a lower than maximum sentence under the U.S. Sentencing Guidelines-and she did appeal. Although she could have remained free during the appeal, on September 15, 2004, she asked for her sentence to start immediately so she could be at home in time for the spring planting season. Martha’s appeal cited “prosecutorial misconduct, extraneous influences on the jury and erroneous evidentiary rulings and jury instructions” but on January 6, 2006, her conviction was upheld.

Stuart may continue to disagree with the verdict to this day but there is little doubt that the allegations and her subsequent convictions had a major impact on her personally, and on the fortunes of MSO and the shareholders that had faith in her and in her company. Assuming a value per share of $13.50 on June 12th, the decline to a low of $5.26 in early October 2003 represents a loss of market capitalization (reputation capital) of approximately $250 million, or 61 percent. The value of MSO’s shares did return to close at $35.51 on February 7, 2005, but fell off to under $20 in early 2006. Per a New York brand-rating company, the Martha Stewart brand reached a peak of 120 (the baseline is 100) in May 2002, and sank to a low of 63 in March 2004.

As my wife and I can attest, Stuart has returned to TV with a version of her usual homemaking and design shows, her new Martha Stewart Cooking School and related books.  Her products and magazines continue to be sold.  Still, what a catastrophe for so many to save just $45,000.

The Equity Strip Tease and Flip

home-equityThe recent troubles at Deutsche Bank and Wells Fargo and the many
come-ons on television targeting senior citizens attest to the fact that the traditional scams and schemes among conventional and shadow lenders are as alive and well as ever.   If you thought sub-prime loans and equity stripping were financial ghosts of the past, think again.

It generally takes years for any borrower to build equity in a home. Fraud examiners should help consumers be aware that fraudsters employ several common ways to take that equity away. The most common technique used by fraudsters to steal consumers’ equity is known as equity stripping.  In equity stripping schemes, lenders promote ways consumers, especially the elderly and recent immigrants, can obtain cash by borrowing against the equity established in their home. The fraudulent lender is not concerned about whether the payments can be made once the loan is granted, and may even encourage consumers to fudge on their loan application to obtain the loan. If monthly payments cannot be met on the loan, consumers are subject to foreclosure on, and the subsequent loss of, their home, including all their equity.

Subprime loans have recently become a significant and growing part of the auto financing market and have never completely dried up in the home equity market. Subprime lending refers to the extension of credit to higher risk borrowers or to those with non-existent credit histories at interest rates and fees higher than conventional loans. Some companies make auto and home equity loans to minorities, the elderly, and low-income borrowers at interest rates as high as 20 to 24 percent in states without usury statutes.  As the ACFE tells us, as a rule, loans made to individuals who do not have the income to repay them are intentionally designed to fail; they typically result in the lender acquiring the borrower’s financed property. In the case of a home, the borrower is likely to default on the loan and ultimately lose his home through foreclosure or by the signing over of the house deed to the lender in lieu of such foreclosure.

Another frequent lender scam to separate home owners from their equity is credit churning. Churning, or loan flipping, is directed toward consumers who own a home and have been making mortgage payments for years. A lender calls to talk about refinancing a loan, and using the availability of extra cash as bait, claims it’s time the equity in the consumer’s home started working for him or her. When the consumer agrees to refinance his loan, the borrower’s troubles begin.  After the consumer has made a few payments on the loan, the lender calls to offer a bigger loan for, say, a family vacation to Disney World. If the consumer accepts the offer, the lender refinances the original loan and then lends the consumer additional money. In this practice, often called flipping, the lender charges the homeowner high points and fees each time s/he refinances, and may increase the interest rate as well. If the loan has a prepayment penalty, which is often the case, the consumer must pay that penalty as well each time a new loan is taken out.  The bottom line is that now the consumer has some extra money and a lot more debt, stretched out over a longer payment period. With each refinancing, the consumer has increased her debt and should she get in over her head and not be able to make the mortgage payments, she risks losing her home and all the equity in it.

Who hasn’t seen the kindly-looking, aging celebrity shilling on TV for his employer- lender’s reverse mortgage product?  Reverse mortgages are aggressively pitched to older individuals who are seeking money to finance a home improvement, pay off a current mortgage, supplement their retirement income, or pay for health care expenses. A typical reverse mortgage allows older homeowners to convert part of the equity in their homes into cash without having to sell their homes or take on additional monthly bills. In a regular mortgage, the homeowner makes payments to the lender. But in a reverse mortgage, the homeowner receives money from the lender and generally does not have to pay it back for as long as he lives in his home. Instead, the loan must be repaid when the homeowner dies, sells the home, or no longer lives there as his principal residence.

The amount of such a loan depends upon the consumer’s age (s/he must be at least 62), the equity in the home, and the interest rate the lender is charging. Among the facts for your clients to consider before applying for a reverse mortgage are:

  • Reverse mortgages are rising-debt loans. This means that interest is added to the loan’s principal balance each month because interest is not paid on a current basis. Therefore, as the interest compounds over time, the amount owed increases.
  • Reverse mortgages and their associated expenses use up some or all the equity in the home, leaving fewer assets for the homeowner and his heirs.
  • Lenders are providing the loan as an investment, which they aim to collect on at a profit, not out of goodwill or charity.

Another lender initiated scam against borrowers is credit insurance packing which occurs during the process of obtaining a mortgage or other loan, whereby the lender includes charges for credit insurance or other “benefits” that the borrower did not request or does not desire, and requests that the borrower sign the documents to close the deal. The fraudulent lender hopes that the borrower will not notice the additional charges that are listed or that s/he will believe that they are part of the loan terms that were originally agreed upon. Thus, the lender can imply that this “benefit” is provided at no extra charge. The lender does not explain in detail the additional cost or obligations. If the borrower agrees to the charge, s/he will be paying for additional fees that may not be required or desired. If the borrower questions the charge and does not want the credit insurance, the lender may attempt to intimidate the borrower; the lender may indicate that to obtain the loan, the loan documents must be rewritten, which may take several days, and that the possibility even exists that the loan may not be approved without the insurance.

Consumers who have financial difficulties and are unable to maintain their monthly mortgage or other loan payments may be faced with lenders who begin threatening foreclosure or repossession. Fraudulent lenders may then approach the consumer with offers to assist in refinancing. The new financing, however, never comes to fruition. To “help,” the fraudulent lender may offer the consumer a temporary solution to prevent foreclosure. In an act of desperation, consumers are lured into deeding their property over to the fraudulent lender with claims that it is only temporary. However, the consumer should be aware that, in the case of a mortgage or automobile, once the lender has the deed or title, the lender owns the property, may borrow against it, and may even sell it. The consumer’s monthly payments become rent payments that come with the possibility of eviction by the lender, as the consumer becomes the fraudulent lender’s tenant.

Finally, a word about balloon payments and title loans.  Lenders offer consumers balloon payment loans, which require low, interest-only payments during the life of the loan, and payment of the entire principal in one lump sum at the end of the loan term.  Consumers are enticed by fraudulent lenders to refinance their loans with a balloon payment loan so that their monthly payments will be low, allowing extra funds for other debts. A fraudulent lender may not explain the loan in its entirety or the hidden terms in the agreement. Without a thorough understanding of this type of agreement, consumers face the possibility of foreclosure at the end of the loan term if the lump-sum repayment of the principle proves to be more than they can afford.

A title loan enables a consumer to borrow against the equity in her motor vehicle. A lender determines the amount eligible to be borrowed based on the market value of the motor vehicle. The lender retains tide to the motor vehicle, as well as a set of keys. If monthly loan payments are not made, the motor vehicle can be repossessed. Consumers must understand the contract terms of the loan to avoid any misunderstanding regarding delinquency and repossession.

As practicing CFE’s we have a responsibility to educate our clients and the general public about fraud schemes in general and about emerging threats in particular.  As the ACFE tells us, an educated public is the best defense we have against all lender frauds both old and new.

The Class Action Machine

lawsuitThe recent troubles at Wells Fargo raised a number of questions in the mind of one of our Chapter members about the class action lawsuits that seem to immediately follow public announcement of such financially involved frauds.  Specifically, she asked about who among the various classes of defendants in a typical financial fraud case are most likely to get sued after the fact.

As I’m sure most financial professionals know, a class action is a type of lawsuit in which a single representative individual is permitted to sue on behalf of an entire group of similarly situated individuals known as a “class.” A class action theoretically comes about when an aggrieved shareholder (or in Wells Fargo’s case a shareholder or perhaps a type of defrauded account holder) contacts a lawyer and explains that s/he has been harmed. The law then generally permits that single party to sue on behalf of all similar share or account holders. Although the common conceptual justification for class action litigation begins with a single aggrieved affected individual reaching out to a lawyer to seek redress, the reality is somewhat different. As our Chapter member indicated she is aware, shareholder class action litigation tends to be prosecuted by a small number of highly specialized law firms and, over the years, these firms have developed practices and relationships that enable them to take the lead in commencing shareholder litigation almost on their own. A practical consequence is that, within days after issuance of a press release revealing financial fraud, the class action lawyers will normally have their lawsuits already prepared.

The catalyst for commencement of the litigation will often be the company’s initial press release announcing the fraud. Among other things, the lawyers may glean from the press release that accounting irregularities have surfaced, that earlier SEC filings are false, which line items on the financial statements are affected, and the board of directors’ preliminary information as to how far back the accounting irregularities go. With that information in hand, the class action lawyers will quickly extract from their word processors an earlier complaint filed in a similar case and quickly insert the specifics regarding the particular company at hand. In their haste to be the first firm to file a lawsuit, the process of revision is not always completely thorough and factual errors are common in almost all initial filings.

Although an exposition in detail of all the steps involved in such a suit are beyond the scope of this short post, the following are the typical steps that unfold during the process:

  • The company’s initial press release;
  • The company’s receipt of a series of complaints;
  • Production of a single consolidated complaint;
  • Motion to dismiss by the defendant company;
  • Document productions;
  • Depositions;
  • Settlement (if necessary);
  • Trial (almost never).

From the perspective of the board of directors, the result will be that, within several days of the issuance of the company’s initial press release, the company will begin receiving a number of seemingly duplicative lawsuits in which the only significant difference seems to be the name of the representative shareholder seeking to represent the interests of the class. In truth, a shareholder gains no meaningful strategic advantage over the defendants in rushing to be named the class representative. In the end, only one class of similarly situated shareholders will be certified and only one complaint ordinarily will survive.  Rather than trying to get a strategic advantage over the defendants, the interest of a plaintiff in rushing to be named the class representative is to get an advantage over the other plaintiff shareholders—or, more precisely, their lawyers. For a class action plaintiff’s lawyer, having one’s client named the class representative opens the door to the lion’s share of the legal fees.

So, to answer our reader’s question, who are the main candidates most likely to get sued in one of these actions?

  • The company. The corporate entity will almost inevitably be named a defendant. Also named may be a parent company or holding company. The plaintiffs will argue that the corporate entity or entities are responsible for the wrongdoing of their individual officers and directors;
  • Officers who have resigned, been terminated, or placed on leave. It may be that the initial press release will have identified particular officers who have resigned, been terminated by the board, or been placed on paid or unpaid leave. The plaintiffs’ lawyers will infer from any such corporate action the officers’ complicity in wrongdoing;
  • The CEO and the CFO. Prime candidates to be included as defendants are the chief executive officer and the chief financial officer. The plaintiffs will infer from their positions some level of complicity. Also, they will have signed what have now turned out to be incorrect SEC filings, such as a Form 10-K or Forms 10-Q;
  • Particular officers. Beyond the CEO and CFO, other officers may be named as defendants depending on the nature of the fraud (as described in the press release) and a particular officer’s proximity to it. For example, if the fraud involved improper revenue recognition (on fraudulently opened accounts, for example), the plaintiffs may seek to include as a defendant the officer or officers with responsibility in the new account generation area. Similarly, if the fraud involved improprieties at some remote location, those responsible for operations or the financial reporting function of that location may be named;
  • Outside directors. These days, outside directors tend not to be included as defendants. Historically, all outside directors would be named as defendants almost as a matter of course. Congress’s passage of federal securities law tort reform in the mid-1990s, however, has operated as an important impediment to the inclusion of the entire board—at least in the absence of evidence suggesting an individual director’s knowledge or complicity;
  • Underwriters. Where the company has publicly issued stock within the last three years, the underwriters may be included. For the corporate issuer, this is particularly unfortunate insofar as typical underwriting documents will provide for corporate indemnification of the underwriter in the absence of the underwriter’s own wrongdoing;
  • Selling shareholders. An issuance of public stock within the prior three years may also open the door to the inclusion as defendants of shareholders who participated as sellers in the offering. Plaintiffs may seek to show their complicity based on inferences drawn from their natural desire to see the stock price sustained or increased during the period prior to their sale;
  • The outside auditor. Several years ago, inclusion of the outside auditor in an accounting irregularities case occurred as a matter of course. Today, the inclusion of the outside auditor as a defendant, at least in the first complaint, has become less automatic. As with the inclusion of outside directors, the federal securities law tort reform legislation in the mid-1990s erected barriers to naming the outside auditor, at least without particularized facts showing auditor complicity. However, the auditor may not be left out forever. An important objective of the plaintiffs will be assembling detailed evidence sufficient to make claims against the auditor stick.

As to the outcome of these type of suits, in the great majority of cases, the parties will come (sooner or later) to a negotiated settlement dollar number.  A canned form of a settlement agreement will emerge from the files of the plaintiff’s law firm marked up to meet the circumstance of the present case and signed, effectively ending the process.

Our thanks to our Chapter member for a thought provoking question!  Please, keep them coming!