Tag Archives: financial fraud

Concealment Strategies & Fraud Scenarios

I remember Joseph Wells mentioning at an ACFE conference years ago that identifying the specific asset concealment strategy selected by a fraudster was often key to the investigator’s subsequent understanding of the entire fraud scenario the fraudster had chosen to implement. What Joe meant was that a fraud scenario is the unique way the inherent fraud scheme has occurred (or can occur) at an examined entity; therefore, a fraud scenario describes how an inherent fraud risk will occur under specific circumstances. Upon identification, a specific fraud scenario, and its associated concealment strategy, become the basis for fraud risk assessment and for the examiner’s subsequent fraud examination program.

Fraud concealment involves the strategies used by the perpetrator of the fraud scenario to conceal the true intent of his or her transaction(s). Common concealment strategies include false documents, false representations, false approvals, avoiding or circumventing control levels, internal control evasion, blocking access to information, enhancing the effects of geographic distance between documents and controls, and the application of both real and perceived pressure. Wells also pointed out that an important aspect of fraud concealment pertains to the level of sophistication demonstrated by the perpetrator; the connection between concealment strategies and fraud scenarios is essential in any discussion of fraud risk structure.

As an example, consider a rights of return fraud scenario related to ordered merchandise. Most industries allow customers to return products for any number of reasons. Rights of return refers to circumstances, whether as a matter of contract or of existing practice, under which a product may be returned after its sale either in exchange for a cash refund, or for a credit applied to amounts owed or to be owed for other products, or in exchange for other products. GAAP allows companies to recognize revenue in certain cases, even though the customer may have a right of return. When customers are given a right of return, revenue may be recognized at the time of sale if the sales price is substantially fixed or determinable at the date of sale, the buyer has paid or is obligated to pay the seller, the obligation to pay is not contingent on resale of the product, the buyer’s obligation to the seller does not change in the event of theft or physical destruction or damage of the product, the buyer acquiring the product for resale is economically separate from the seller, the seller does not have significant obligations for future performance or to bring about resale of the product by the buyer, and the amount of future returns can be reasonably estimated.

Sales revenue not recognizable at the time of sale is recognized either once the return privilege has substantially expired or if the conditions have been subsequently met. Companies sometimes stray by establishing accounting policies or sales agreements that grant customers vague or liberal rights of returns, refunds, or exchanges; that fail to fix the sales price; or that make payment contingent upon resale of the product, receipt of funding from a lender, or some other future event. Payment terms that extend over a substantial portion of the period in which the customer is expected to use or market the purchased products may also create problems. These terms effectively create consignment arrangements, because, no economic risk has been transferred to the purchaser.

Frauds in connection with rights of return typically involve concealment of the existence of the right, either by contract or arising from accepted practice, and/or departure from GAAP specified conditions. Concealment usually takes one or more of the following forms:

• Use of side letters: created and maintained separate and apart from the sales contract, that provide the buyer with a right of return;

• Obligations by oral promise or some other form of understanding between seller and buyer that is honored as a customary practice but arranged covertly and hidden;

• Misrepresentations designed to mischaracterize the nature of arrangements, particularly in respect of:

–Consignment arrangements made to appear to be final sales;

–Concealment of contingencies, under which the buyer can return the products, including failure to resell the products, trial periods, and product performance conditions;

–Failure to disclose the existence, or extent, of stock rotation rights, price protection concessions, or annual returned-goods limitations;

–Arrangement of transactions, with straw counterparties, agents, related parties, or other special purpose entities in which the true nature of the arrangements is concealed or obscured, but, ultimately, the counterparty does not actually have any significant economic risk in the “sale”.

Sometimes the purchaser is complicit in the act of concealment, for example, by negotiating a side letter, and this makes detection of the fraud even more difficult. Further, such frauds often involve collusion among several individuals within an organization, such as salespersons, their supervisors, and possibly both marketing and financial managers.

It’s easy to see that once a CFE has identified one or more of these concealment strategies as operative in a given entity, the process of developing a descriptive fraud scenario, completing a related risk assessment and constructing a fraud examination program will be a relatively straight forward process. As a working example, of a senario and related concealment strategies …

Over two decades ago the SEC charged a major computer equipment manufacturer with overstating revenue in the amount of $500,000 on transactions for which products had been shipped, but for which, at the time of shipment, the company had no reasonable expectation that the customer would accept and pay for the products. The company eventually accepted back most of the product as sales returns during the following quarter.

The SEC noted that the manufacturer’s written distribution agreements generally allowed the distributor wide latitude to return product to the company for credit whenever the product was, in the distributor’s opinion, damaged, obsolete, or otherwise unable to be sold. According to the SEC, in preparing the manufacturer’s financial statements for the target year, company personnel submitted a proposed allowance for future product returns that was unreasonably low in light of the high level of returns the manufacturer had received in the first several months of the year.

The SEC determined that various officers and employees in the accounting and sales departments knew the exact amount of returns the company had received before the year end, when the company’s independent auditors finished their fieldwork on the annual audit. Had the manufacturer revised the allowance for sales returns to reflect the returns information, the SEC concluded it would have had to reduce the net revenue reported for the fiscal year. Instead, the SEC found that several of the manufacturer’s officers and employees devised schemes to prevent the auditors from discovering the true amount of the returns, including 1), keeping the auditors away from the area at the manufacturer’s headquarters where the returned goods were stored, and 2), accounting personnel altering records in the computer system to reduce the level of returns. After all the facts were assembled, the SEC took disciplinary action against several company executives.

As with side agreements, a broad base of inquiry into company practices may be one of the best assessment techniques the CFE has regarding possible concealment strategies supporting fraud scenarios involving returns and exchanges. In addition to inquiries of this kind, the ACFE recommends that CFE’s may consider using analytics like:

• Compare returns in the current period with prior periods and ask about unusual increases.

• Because companies may slow the return process to avoid reducing sales in the current period, determine whether returns are processed in timely fashion. The facts can also be double-checked by confirming with customers.

• Calculate the sales return percentage (sales returns divided by total sales) and ask about any unusual increase.

• Compare returns after a reporting period with both the return reserve and the monthly returns to determine if they appear reasonable.

• Determine whether sales commissions are paid at the time of sale or at the time of collection. Sales commissions paid at the time of sale provide incentives to inflate sales artificially to meet internal and external market pressures.

• Determine whether product returns are adjusted from sales commissions. Sales returns processed through the so-called house account may provide a hidden mechanism to inflate sales to phony customers, collect undue commissions, and return the product to the vendor without being penalized by having commissions adjusted for the returned goods.

Analytics Confronts the Normal

The Information Audit and Control Association (ISACA) tells us that we produce and store more data in a day now than mankind did altogether in the last 2,000 years. The data that is produced daily is estimated to be one exabyte, which is the computer storage equivalent of one quintillion bytes, which is the same as one million terabytes. Not too long ago, about 15 years, a terabyte of data was considered a huge amount of data; today the latest Swiss Army knife comes with a 1 terabyte flash drive.

When an interaction with a business is complete, the information from the interaction is only as good as the pieces of data that get captured during that interaction. A customer walks into a bank and withdraws cash. The transaction that just happened gets stored as a monetary withdrawal transaction with certain characteristics in the form of associated data. There might be information on the date and time when the withdrawal happened; there may be information on which customer made the withdrawal (if there are multiple customers who operate the same account). The amount of cash that was withdrawn, the account from which the money was extracted, the teller/ATM who facilitated the withdrawal, the balance on the account after the withdrawal, and so forth, are all typically recorded. But these are just a few of the data elements that can get captured in any withdrawal transaction. Just imagine all the different interactions possible on all the assorted products that a bank has to offer: checking accounts, savings accounts, credit cards, debit cards, mortgage loans, home equity lines of credit, brokerage, and so on. The data that gets captured during all these interactions goes through data-checking processes and gets stored somewhere internally or in the cloud.  The data that gets stored this way has been steadily growing over the past few decades, and, most importantly for fraud examiners, most of this data carries tons of information about the nuances of the individual customers’ normal behavior.

In addition to what the customer does, from the same data, by looking at a different dimension of the data, examiners can also understand what is normal for certain other related entities. For example, by looking at all the customer withdrawals at a single ARM, CFEs can gain a good understanding of what is normal for that particular ATM terminal.  Understanding the normal behavior of customers is very useful in detecting fraud since deviation from normal behavior is a such a primary indicator of fraud. Understanding non-fraud or normal behavior is not only important at the main account holder level but also at all the entity levels associated with that individual account. The same data presents completely different information when observed in the context of one entity versus another. In this sense, having all the data saved and then analyzed and understood is a key element in tackling the fraud threat to any organization.

Any systematic, numbers-based system of understanding of the phenomenon of fraud as a past occurring event is dependent on an accurate description of exactly what happened through the data stream that got accumulated before, during, and after the fraud scenario occurred. Allowing the data to speak is the key to the success of any model-based system. This data needs to be saved and interpreted very precisely for the examiner’s models to make sense. The first crucial step to building a model is to define, understand, and interpret fraud scenarios correctly. At first glance, this seems like a very easy problem to solve. In practical terms, it is a lot more complicated process than it seems.

The level of understanding of the fraud episode or scenario itself varies greatly among the different business processes involved with handling the various products and functions within an organization. Typically, fraud can have a significant impact on the bottom line of any organization. Looking at the level of specific information that is systematically stored and analyzed about fraud in financial institutions for example, one would arrive at the conclusion that such storage needs to be a lot more systematic and rigorous than it typically is today. There are several factors influencing this. Unlike some of the other types of risk involved in client organizations, fraud risk is a censored problem. For example, if we are looking at serious delinquency, bankruptcy, or charge-off risk in credit card portfolios, the actual dollars-at-risk quantity is very well understood. Based on past data, it is relatively straightforward to quantify precise credit dollars at risk by looking at how many customers defaulted on a loan or didn’t pay their monthly bill for three or more cycles or declared bankruptcy. Based on this, it is easy to quantify the amount at risk as far as credit risk goes. However, in fraud, it is virtually impossible to quantify the actual amount that would have gone out the door as the fraud is stopped immediately after detection. The problem is censored as soon as some intervention takes place, making it difficult to precisely quantify the potential risk.

Another challenge in the process of quantifying fraud is how well the fraud episode itself gets recorded. Consider the case of a credit card number getting stolen without the physical card getting stolen. During a certain period, both the legitimate cardholder and the fraudster are charging using the card. If the fraud detection system in the issuing institution doesn’t identify the fraudulent transactions as they were happening in real time, typically fraud is identified when the cardholder gets the monthly statement and figures out that some of the charges were not made by him/her. Then the cardholder calls the issuer to report the fraud.  In the not too distant past, all that used to get recorded by the bank was the cardholder’s estimate of when the fraud episode began, even though there were additional details about the fraudulent transactions that were likely shared by the cardholder. If all that gets recorded is the cardholder’s estimate of when the fraud episode began, ambiguity is introduced regarding the granularity of the actual fraud episode. The initial estimate of the fraud amount becomes a rough estimate at best.  In the case in which the bank’s fraud detection system was able to catch the fraud during the actual fraud episode, the fraudulent transactions tended to be recorded by a fraud analyst, and sometimes not too accurately. If the transaction was marked as fraud or non-fraud incorrectly, this problem was typically not corrected even after the correct information flowed in. When eventually the transactions that were actually fraudulent were identified using the actual postings of the transactions, relating this back to the authorization transactions was often not a straightforward process. Sometimes the amounts of the transactions may have varied slightly. For example, the authorization transaction of a restaurant charge is sometimes unlikely to include the tip that the customer added to the bill. The posted amount when this transaction gets reconciled would look slightly different from the authorized amount. All of this poses an interesting challenge when designing a data-driven analytical system to combat fraud.

The level of accuracy associated with recording fraud data also tends to be dependent on whether the fraud loss is a liability for the customer or to the financial institution. To a significant extent, the answer to the question, “Whose loss is it?” really drives how well past fraud data is recorded. In the case of unsecured lending such as credit cards, most of the liability lies with the banks, and the banks tend to care a lot more about this type of loss. Hence systems are put in place to capture this data on a historical basis reasonably accurately.

In the case of secured lending, ID theft, and so on, a significant portion of the liability is really on the customer, and it is up to the customer to prove to the bank that he or she has been defrauded. Interestingly, this shift of liability also tends to have an impact on the quality of the fraud data captured. In the case of fraud associated with automated clearing house (ACH) batches and domestic and international wires, the problem is twofold: The fraud instances are very infrequent, making it impossible for the banks to have a uniform method of recording frauds; and the liability shifts are dependent on the geography.  Most international locations put the onus on the customer, while in the United States there is legislation requiring banks to have fraud detection systems in place.  The extent to which our client organizations take responsibility also tends to depend on how much they care about the customer who has been defrauded. When a very valuable customer complains about fraud on her account, a bank is likely to pay attention.  Given that most such frauds are not large scale, there is less need to establish elaborate systems to focus on and collect the data and keep track of past irregularities. The past fraud information is also influenced heavily by whether the fraud is third-party or first-party fraud. Third-party fraud is where the fraud is committed clearly by a third party, not the two parties involved in a transaction. In first-party fraud, the perpetrator of the fraud is the one who has the relationship with the bank. The fraudster in this case goes to great lengths to prevent the banks from knowing that fraud is happening. In this case, there is no reporting of the fraud by the customer. Until the bank figures out that fraud is going on, there is no data that can be collected. Also, such fraud could go on for quite a while and some of it might never be identified. This poses some interesting problems. Internal fraud where the employee of the institution is committing fraud could also take significantly longer to find. Hence the data on this tends to be scarce as well.

In summary, one of the most significant challenges in fraud analytics is to build a sufficient database of normal client transactions.  The normal transactions of any organization constitute the baseline from which abnormal, fraudulent or irregular transactions, can be identified and analyzed.  The pinpointing of the irregular is thus foundational to the development of the transaction processing edits which prevent the irregular transactions embodying fraud from even being processed and paid on the front end; furnishing the key to modern, analytically based fraud prevention.

First Things First

About a decade ago, I attended a training session at the Virginia State Police training center conducted by James D. Ratley, then the training director for the ACFE. The training session contained some valuable advice for CFE’s and forensic accountants on immediate do’s and don’ts if an examiner strongly suspects the presence of employee perpetrated financial fraud within a client’s organization. Mr. Ratley’s counsel is as relevant today as it was then.

Ratley advised that every significant employee matter (whether a theft is involved or not) requires thoughtful examiner deliberation before any action is taken, since hasty moves will likely prove detrimental to both the investigator and to the client company. Consequently, knowing what should not be done if fraud is suspected is often more important to an eventual successful outcome than what should be done.

First, the investigator should not initially confront the employee with his or her suspicions until the investigator has first taken several important preliminary investigative steps.  Even when those steps have been taken, it may prove necessary to use a different method of informing the employee regarding her status, imminent material harm notwithstanding. False (or even valid) accusations can lead to defamation lawsuits or at the very least to an extremely uncomfortable work environment. The hasty investigator or management could offend an innocent person by questioning her integrity; consequently, your client company may never be able to regain that person’s trust or prior level of commitment. That downside is just one example of the collateral damage that can result from a fraud. Even if the employee is ultimately found to be guilty, an investigator’s insinuation gives him or her time to alter records and conceal the theft, and perhaps even siphon off more assets. It takes only a moment for an experienced person to erase a computer’s hard drive and shred documents. Although, virtually all business records can be reconstructed, reconstruction is a costly and time-consuming process that always aggravates an already stressful situation.

Second, as a rule, never terminate or suspend the suspect employee until the preliminary investigative steps referred to above have been taken.  The desire on the part of management to take decisive action is understandable, but hasty actions may be detrimental to the subsequent investigation and to the company. Furthermore, there may be certain advantages to continuing the person’s employment status for a brief period because his or her continued status might compel the suspect to take certain actions to your client’s or to the investigation’s benefit. This doesn’t apply to government employees since, unlike private sector employees, they cannot be compelled to participate in the investigation. There can be occasions, however, where it is necessary to immediately terminate the employee. For example, employees who serve in a position whose continued employment could put others at risk physically, financially, or otherwise may need to be terminated immediately. Such circumstances are rare, but if they do occur, management (and the CFE) should document the entire process and advise corporate counsel immediately.

Third, again, as a rule, the investigator should never share her initial suspicions with other employees unless their assistance is crucial, and then only if they are requested to maintain strict confidentiality.  The CFE places an arduous burden on anyone in whom s/he has confided. Asking an employee to shoulder such responsibilities is uncharted territory for nearly anyone (including for the examiner) and can aggravate an already stressful situation. An examiner may view the confidence placed in an employee as a reflection of his and management’s trust. However, the employee may view the uninvited responsibility as taking sides with management at the expense of his relationship with other employees. Consequently, this step should be taken only if necessary and, again, after consultation with counsel and management.

Regarding the do’s, Ratley recommended that the instant that an employee fraud matter surfaces, the investigator should begin continuous documentation of all pertinent investigation-related actions taken. Such documentation includes a chronological, written narrative composed with as much specificity as time permits. Its form can take many shapes, such as handwritten notes, Microsoft Word files, spreadsheets, emails to yourself or others, and/or relevant data captured in almost any other reproducible medium. This effort will, of course, be time consuming for management but is yet another example of the collateral damage resulting from almost any employee fraud. The documentation should also reference all direct and related costs and expenses incurred by the investigator and by the client company. This documentation will support insurance claims and be vital to a subsequent restitution process.  Other collateral business damages, such as the loss of customers, suppliers, or the negative fiscal impact on other employees may also merit documentation as appropriate.

Meetings with corporate counsel are also an important do.  An employee fraud situation is complex and fraught with risk for the investigator and for the client company. The circumstances can require broad and deep expertise in employment law, criminal law, insurance law, banking law, malpractice law, and various other legal concentrations. Fortunately, most corporate attorneys will acknowledge when they need to seek additional expertise beyond their own experience since a victim company counsel specializing in corporate matters may have little or no background in matters of fraud. Acknowledgment by an attorney that s/he needs additional expertise is a testament to his or her integrity. Furthermore, the client’s attorney may contribute value by participating throughout the duration of the investigation and possible prosecution and by bringing to bear his or her cumulative knowledge of the company to the benefit of the organization.

Next, depending on the nature of the fraud and on the degree of its fiscal impact, CFEs should meet with the client’s CPA firm but exercise caution. The client CPA may be well versed in their involvement with your client through their work on income taxes, audit, review, and compilations, but not in forensic analysis or fraud examination. Larger CPA firms may have departments that they claim specialize in financial forensics; the truth is that actual experience in these matters can vary widely. Furthermore, remember that the situation occurred under your client CPA’s watch, so the firm may not be free of conflict.

Finally, do determine from management as early as possible the range of actions it might want to take with respect to the suspect employee if subsequent investigation confirms the suspicion that fraud has indeed occurred.  Deciding how to handle the matter of what to do with the employee by relying upon advice from management and from the legal team can be quite helpful in shaping what investigative steps are taken subsequently. Ratley pointed out that the level and availability of evidence often drive actions relating to the suspect. For example, the best course of action for management may be to do nothing immediately, to closely monitor and document the employee’s activities, to suspend the employee with pay, or immediately terminate the suspect’s employment. There may be valid reasons to exercise any one of these options.

Let’s say the CFE is advised by management to merely monitor and document the employee’s activities since the CFE currently lacks sufficient evidence to suspend or terminate the employee immediately. The CFE and the client’s IT operation could both be integral parts of this option by designing a plan to protect the client from further loss while the investigation continues behind the scenes. The investigation can take place after hours or under the guise of an “efficiency audit,” “business planning,” or other designation. In any case, this option will probably require the investigator to devote substantial time to observe the employee and to concurrently conduct the investigation.  The CFE will either assemble sufficient evidence to proceed or conclude there is inadequate substantiation to support the accusation.

A fraud is a devastating event for any company but Mr. Ratley’s guidance about the first steps in an investigation of employee perpetrated financial fraud can help minimize the damage.  He concluded his remarks by making two additional points; first, few executives are familiar by experience with situations that require CFE or forensic accountant expertise; consequently, their often-well-meaning actions when confronted with the actuality of a fraud can result in costly mistakes regarding time, money and people. Although many such mistakes can be repaired given sufficient money and time, they are sometimes devastating and irrecoverable.  Second, attorneys, accountants and others in the service professions frequently lack sufficient experience to recognize the vast differences between civil and criminal processes.  Consequently, these professionals often can provide the best service to their corporate clients by referring and deferring to more capable fraud examination specialists like certified fraud examiners and experienced forensic accountants.

People, People & People

Our Chapter’s Vice-President Rumbi Petrolozzi’s comment in her last blog post to the effect that one of the most challenging tasks for the forensic accountant or auditor working proactively is defining the most effective and efficient scope of work for a risk-based assurance project. Because resources are always scarce, assurance professionals need to make sure they can meet both quality and scheduling requirements whilst staying within our fixed resource and cost constraints.

An essential step in defining the scope of a project is identifying the critical risks to review and the controls required to manage those risks. An efficient scope focuses on the subset of controls (i.e., the key controls) necessary to provide assurance. Performing tests of controls that are not critical is not efficient. Similarly, failing to test controls that could be the source of major fraud vulnerabilities leads to an ineffective audit.  As Rumbi points out, and too often overlooked, the root cause of most risk and control failures is people. After all, outstanding people are required to make an organization successful, and failing to hire, retain, and train a competent team of employees inevitably leads to business failure.

In an interview, a few decades ago, one of America’s most famous business leaders was asked what his greatest challenges were in turning one of his new companies around from failure to success. He is said to have responded that his three greatest challenges were “people, people, and people.” Certainly, when assurance professionals or management analyze the reasons for data breaches and control failures, people are generally found to be the root cause. For example, weaknesses may include (echoing Rumbi):

Insufficiently trained personnel to perform the work. A common material weakness in compliance with internal control over financial reporting requirements is a lack of experienced financial reporting personnel within a company. In more traditional anti-fraud process reviews, examiners often find that control weaknesses arise because individuals don’t understand the tasks they have to perform.

Insufficient numbers to perform the work. When CPAs find that important reconciliations are not performed timely, inventories are not counted, a backlog in transaction processing exists, or agreed-upon corrective actions to address prior audit findings aren’t completed, managers frequently offer the excuse that their area is understaffed.

Poor management and leadership. Fraud examiners find again and again, that micromanagers and dictators can destroy a solid finance function. At the other end of the spectrum, the absence of leadership, motivation, and communication can cause whole teams to flounder. Both situations generally lead to a failure to perform key controls consistently. For example, poor managers have difficulty retaining experienced professionals to perform account reconciliations on time and with acceptable levels of quality leading directly to an enhanced level of vulnerability to numerous fraud scenarios.

Ineffective human resource practices. In some cases, management may choose to accept a certain level of inefficiency and retain individuals who are not performing up to par. For instance, in an example cited by one of our ACFE training event speakers last year, the financial analysis group of a U.S. manufacturing company was failing to provide management with timely business information. Although the department was sufficiently staffed, the team members were ineffective. Still, management did not have the resolve to terminate poor performers, for fear it would not be possible to hire quality analysts to replace the people who were terminated.

In such examples, people-related weaknesses result in business process key control failures often leading to the facilitation of subsequent frauds. The key control failure was the symptom, and the people-related weakness was the root cause. As a result, the achievement of the business objective of fraud prevention is rendered at risk.

Consider a fraud examiner’s proactive assessment of an organization’s procurement function. If the examiner finds that all key controls are designed adequately and operating effectively, in compliance with company policy, and targeted cost savings are being generated, should s/he conclude the controls are adequate? What if that department has a staff attrition rate of 25 percent and morale is low? Does that change the fraud vulnerability assessment? Clearly, even if the standard set of controls were in place, the function would not be performing at optimal levels.  Just as people problems can lead to risk and control failures, exceptional people can help a company achieve success. In fact, an effective system of internal control considers the adequacy of controls not only to address the risks related to poor people-related management but also to recognize reduction in fraud vulnerability due to excellence in people-related management.

The people issue should be addressed in at least two phases of the assurance professional’s review process: planning and issue analysis (i.e., understanding weaknesses, their root cause, and the appropriate corrective actions).  In the planning phase, the examiner should consider how people-related anti-fraud controls might impact the review and which controls should be included in the scope. The following questions might be considered in relation to anti-fraud controls over staffing, organization, training, management and leadership, performance appraisals, and employee development:

–How significant would a failure of people-related controls be to the achievement of objectives and the management of business risk covered by the examination?
–How critical is excellence in people management to the achievement of operational excellence related to the objectives of the review?

Issue analysis requires a different approach. Reviewers may have to ask the question “why” three or more times before they get to the root cause of a problem. Consider the following little post-fraud dialogue (we’ve all heard variations) …

CFE: “Why weren’t the reconciliations completed on time?”
MANAGER. “Because we were busy closing the books and one staff member was on vacation.”
CFE: “You are still expected to complete the reconciliations, which are critical to closing the books. Even with one person on vacation, why were you too busy?”
MANAGER: “We just don’t have enough people to get everything done, even when we work through weekends and until late at night.”
CFE: “Why don’t you have enough people?”
MANAGER: “Management won’t let me hire anybody else because of cost constraints.”
CFE: “Why won’t management let you hire anybody? Don’t they realize the issue?”
MANAGER: “Well, I think they do, but I have been so busy that I may not have done an effective job of explaining the situation. Now that you are going to write this up as a control weakness, maybe they will.”

The root cause of the problem in this scenario is that the manager responsible for reconciliations failed to provide effective leadership. She did not communicate the problem and ensure she had sufficient resources to perform the work assigned. The root cause is a people problem, and the reviewer should address that directly in his or her final report. If the CFE only reports that the reconciliations weren’t completed on time, senior management might only press the manager to perform better without understanding the post-fraud need for both performance improvement and additional staff.

In many organizations, it’s difficult for a reviewer to discuss people issues with management, even when these issues can be seen to directly and clearly contribute to fraud vulnerably. Assurance professionals may find it tricky, for political reasons to recommend the hiring of additional staff or to explain that the existing staff members do not have the experience or training necessary to perform their assigned tasks. Additionally, we are likely to run into political resistance when reporting management and leadership failure. But, that’s the job assurance professionals are expected to perform; to provide an honest, objective assessment of the condition of critical anti-fraud controls including those related to people.  If the scope of our work does not consider people risks, or if reviewers are unable to report people-related weaknesses, we are not adding the value we should. We’re also failing to report on matters critical to the maintenance and extension of the client’s anti-fraud program.

First Steps to Prosecution

A recent study sponsored by the financial trade press indicated some haziness among assurance professionals generally about the precise mechanism(s) underlying the process by which the authorities make the initial decision to prosecute or not to prosecute alleged financial statement fraud.

In the U.S. federal system, a criminal investigation of fraudulent financial reporting can originate in all sorts of ways. An investigation may be initiated because of a whistleblower, an anonymous tip, information supplied by a conscientious or guilt-ridden employee, or facts discovered during a routine annual audit of the company’s financial statements. In addition, the company’s public disclosure of financial misstatements may itself lead to the commencement of a criminal investigation. However initially initiated, the decision to start a criminal investigation is entirely within the discretion of the United States Attorney in each federal district.

For the prosecutor, the decision whether to open an investigation can be difficult. The main reason is the need for the prosecutor to establish criminal intent, that is, that the perpetrator not only got the accounting wrong but did so willfully. Often, bad accounting will be the result of judgment calls, which can be defended as exactly that, executive determinations or judgement calls that, while easy to second guess with the benefit of hindsight, were made in good faith at the time. Thus, a prosecutor evaluating the viability of a criminal prosecution will be looking for evidence of conduct so egregious that the perpetrator must have known it was wrong. This is not to suggest that evidence of a wrongful intent is the only consideration. A prosecutor’s exercise of his or her prosecutorial discretion may consider all kinds of factors in deciding whether criminal inquiry is warranted. Those factors may include the magnitude and nature of the accounting misstatements, whether individuals personally benefited from the misstatements or acted pursuant to the directive of a superior, whether documents were fabricated or destroyed, the probable deterrent or rehabilitative effect of prosecution, and the likelihood of success at trial. The availability of governmental resources may also be a factor.

Where the putative defendant is a corporation, partnership, or other business organization, a more settled set of factors come into play:

–The nature and seriousness of the offense, including the risk of harm to the public, and applicable policies and priorities, if any, governing the prosecution of corporations for certain categories of crime;
–The pervasiveness of wrongdoing within the corporation, including the complicity in, or the condoning of, the wrongdoing by corporate management;
–The corporation’s history of similar misconduct, including prior criminal, civil, and regulatory enforcement actions against it;
–The corporation’s timely and voluntary disclosure of wrong-doing and its willingness to cooperate in the investigation of its agents;
–The existence and effectiveness of the corporation’s preexisting compliance program;
–The corporation’s remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies;
–Collateral consequences, including whether there is disproportionate harm to shareholders, pension holders, employees, and others not proven personally culpable, as well as the impact on the public arising from the prosecution;
–The adequacy of the prosecution of individuals responsible for the corporation’s malfeasance;
–The adequacy of remedies such as civil or regulatory enforcement actions.

However, a prosecutor gets there, once s/he determines to commence a criminal investigation, there is no doubt that those who are its targets will quickly come to view it as a priority over everything else. The government’s powers to investigate are broad, and, once a determination to go forward is made, the full resources of the government, including the FBI, can be brought to bear. The criminal sentences resulting from a successful prosecution can be severe if not excessive, particularly considering the enhanced criminal sentences put in place by Sarbanes-Oxley.  The ACFE reports that one midlevel executive at a company who elected to proceed to trial was convicted and received a prison sentence of 24 years. The fact that the sentence was subsequently set aside on appeal does little to mitigate the concern that such a sentence could be imposed upon a first-time, nonviolent offender whose transgression was a failure to apply generally accepted accounting principles.

Typically, a company learns that it is involved in a criminal investigation when it receives a grand jury subpoena, in most instances a subpoena duces tecum, compelling the company or its employees to furnish documents to the grand jury. In an investigation of fraudulent financial reporting, such a subpoena for documents may encompass all the files underlying the company’s publicly disseminated financial information, including the records underlying the transactions at issue and related emails.

For a CFE’s client company counsel and for the company’s executives generally, the need to respond to the subpoena presents both an opportunity and a dilemma. The opportunity stems from the company’s ability, in responding to the subpoena, to learn about the investigation, an education process that will be critical to a successful criminal defense. The dilemma stems from the need to assess the extent to which active and complete cooperation should be pledged to the prosecutor at the outset. The formulation of a response to a criminal subpoena, therefore, constitutes a critical point in the investigatory process. Those involved are thereby placed in the position of needing to make important decisions at an early stage that can have lasting and significant effects.  The CFE can support them in getting through this process.

Once an initial review of the subpoena and its underlying substance is complete, one of the first steps in formulating a response is often for company counsel to make a phone call to the prosecutor to make appropriate introductions and, to the extent possible, to seek background information regarding the investigation. In this initial contact, the prosecutor will be understandably guarded. Nonetheless, some useful information will frequently be shared. A general impression may be gained about the scope and focus of the investigation and the timing of additional subpoenas and testimony. Thereafter, it is not unusual for an initial meeting to be arranged to discuss in greater detail the company’s response. One benefit of such a meeting is that some level of additional information may be forthcoming.

From the outset, company counsel will be undertaking a process that will be ongoing throughout the criminal proceedings: learning as much as possible about the prosecutor’s case. The reason is that, unlike a civil case, in which broad principles of discovery enable the defendants to learn the details of the adversary’s evidence, the procedural rules of a criminal investigation result in much greater secrecy. Less formal methods of learning the details of the prosecutor’s case, therefore, are critical. In these initial contacts, the establishment of a sound foundation for the company’s dealings with the prosecutor is an important aspect of the investigation. To state it simply, CFE’s should always support that those dealings be premised on a foundation of candor.

Although it may be appropriate at various stages to decline to discuss sensitive matters, counsel should avoid making a factual statement on any subject about which it may be incompletely or inaccurately informed. This admonition applies to subjects such as the existence and location of files, the burden of producing documents, and the availability of witnesses. It also applies to more substantive matters bearing on the guilt or innocence of parties. CFE’s should, again, counsel their clients that a relationship with the prosecutor based on trust and confidence is key.

The judgment regarding the extent of cooperation with the prosecutor can be a tough one. Unlike in a civil proceeding, where cooperation with regulatory authorities (such as the SEC) is generally the preferred approach, the decision to cooperate with the government in a criminal investigation may be much more difficult, insofar as a subsequent effort to oppose the government (should such a change of approach be necessary) would be impeded by the loss of a significant tactical advantage, the loss of surprise. In criminal cases, the government is not afforded the same broad rights of discovery available in civil proceedings. It is entirely possible for a prosecutor to have no significant knowledge of the defense position until after the start of a trial. On the other hand, the privileges available to a corporation are limited. There is, most importantly, no Fifth Amendment privilege against self-incrimination for companies.  Furthermore, almost any kind of evidence, even evidence that would be inadmissible at trial, except for illegal wiretaps or privileged material, can be considered by a grand jury. Therefore, the company’s ability to oppose a grand jury investigation is limited, and the prosecutor may even consider a company’s extensive zeal in opposition to constitute obstruction of justice. Moreover, the prosecutor’s ultimate decision about indictment of the company may be affected by the extent of the company’s cooperation. And corporate management may wish to demonstrate cooperation as a matter of policy or public relations.

One issue with which a company will need to wrestle is whether it is appropriate for a public company or its executives to do anything other than cooperate with the government. On this issue, it is useful for executives to appreciate that the U.S. system of justice affords those being investigated certain fundamental rights, and it is not unpatriotic to take advantage of them. As to individuals, one of the most basic of these rights is the Fifth Amendment privilege against self-incrimination. Insofar as, in fraud cases, guilt can be established through circumstantial evidence, executives need to keep in mind that it demonstrates no lack of civic virtue to take full advantage of constitutional protections designed to protect the innocent.

A challenge is that many of these judgments regarding cooperation must be made at the outset when the company’s information is limited. Often the best approach, at least as a threshold matter, will be one of courteous professionalism, meaning respect for one’s adversary and reasonable accommodation pending more informed judgments down the road. Premature expressions of complete cooperation are best avoided as a subsequent change in approach can give rise to governmental frustration and anger.

Following the initial steps of the grand jury subpoena and the preliminary contact with the prosecutor, CFE’s are uniquely positioned to assist corporate counsel and management in the remaining stages of the criminal investigation of a financial crime:

–Production of documents;
–Grand jury testimony;
–Plea negotiations (if necessary);
–Trial (if necessary).

Governance and Fraud Detection

Originally, the business owner had the most say in decisions regarding the enterprise. Then, corporate structures were put in place to facilitate decision making, as ownership was spread over millions of shareholders. Boards of directors took over many responsibilities. But with time, the chief executive officer (CEO) ended up having a large say in the composition of the board and, in many instances, ruled and controlled the company and its strategy. The only option for shareholders appeared to be to sell their shares if they were not happy with the performance of a specific organization. Many anti-fraud professionals think that this situation contributed significantly to business demises such as that of Enron and to the horrors consequent to the mortgage meltdown and accompanying fiscal crisis.

Proposals were made to re-equilibrate the power structure by giving more power and responsibilities to the board and to specific committees, such as the audit committee, to better deal with internal control and fair financial reporting or the remuneration committee to better deal with the basis for the type and the level of remuneration of the CEO. New legislation was put into place, such as the US Sarbanes-Oxley Act and Basel II. Compliance with these pieces of legislation consumed a lot of attention, energy and cost.

Enterprises exist to deliver value to their stakeholders. This is accomplished by handling risk advantageously and using resources responsibly. Speedy direction setting and quick reaction to change are essential in such a situation so decision making must be shared among many. Therefore, governance comes into play. Successful enterprises implement an over-arching system of governance that facilitates the achievement of their desired outcomes, both at the enterprise level and at each level within the enterprise; this is especially true with regard to the problem of fraud detection.  In this context, a holistic definition of enterprise governance is in order: Governance is the framework, principles, structure, processes and practices to set direction and monitor compliance and performance aligned with the overall purpose and objectives of an enterprise.

This definition is initially implemented by the answers to and actions on the following governance related questions:

Who is accountable and responsible for enterprise governance? Stakeholders, owners, governing bodies and management are responsible and accountable for governance.

What do they do, and how and where do they do it? They engage in activities (set direction, monitor compliance and performance) in relationship with others and use enablers (frameworks, principles, structures, processes, practices) within the governance view appropriate to them (governance of the enterprise; of an organizational entity within the enterprise such as a business unit, division or function; and of a strategic asset within the enterprise or within an organizational entity).

Why do they do it? They institute governance to create value for their enterprise, determine its risk appetite, optimize its resources and use them responsibly.

In summary, accountability and stewardship are delegated to a governance body by the owner/stakeholder, expecting it to assume accountability for the activities necessary to meet expectations. In alignment with the overall direction of the enterprise, management executes the appropriate activities within the context of a control framework, balancing performance and compliance in achieving the governance objectives of value creation, risk management and resource optimization.

Fraud detection (within the context of a fully defined fraud prevention program) is a vital business process of the over-hanging governance function and can be implemented by numerous generally accepted procedures.  But a few examples …

One way to increase the likelihood of the detection by the governance function of fraud abuses is the conduct of periodic external and internal audits, as well as the implementation of special network security audits. Auditors should regularly test system controls and periodically “browse” data files looking for suspicious activities. However, care must be exercised to make sure employees’ privacy rights are not violated. Informing employees that auditors will conduct a random surveillance not only helps resolve the privacy issue, but also has a significant deterrent effect on computer assisted fraud exploits.

Employees witnessing fraudulent behavior are often torn between two conflicting feelings. They feel an obligation to protect company assets and turn in fraud perpetrators, yet they are uncomfortable in a whistleblower role and find it easier to remain silent. This reluctance is even stronger if they are aware of public cases of whistleblowers who have been ostracized or persecuted by their coworkers or superiors, or have had their careers damaged. An effective way to resolve this conflict is to provide employees with hotlines so they can anonymously report fraud. The downside of hotlines is that many of the calls are not worthy of investigation. Some calls come from those seeking revenge, others are vague reports of wrongdoing, and others simply have no merit. A potential problem with a hotline is that those who operate the hotline may report to people who are involved in a management fraud. This threat can be overcome by using a fraud hotline set up by a trade organization or commercial company. Reports of management fraud can be passed from this company directly to the board of directors.

Many private and public organizations use outside computer consultants or in-house teams to test and evaluate their security procedures and computer systems through the performance of system penetration testing.  The consultants are paid to try everything possible to compromise an enterprise’s system(s). To get into offices so they can look for passwords or get on computers, they masquerade as janitors, temporary workers, or confused delivery personnel. They also employ software based hacker tools (readily available on the Internet) and social engineering techniques.  Using such methods, some outside consultants claim that they can penetrate 90% or more of the companies they “attack” to a greater or lesser degree.

All financial transactions and activities should be recorded in a log. The log should indicate who accessed what data, when, and from which location. These logs should be reviewed frequently to monitor system activity and trace any problems to their source. There are numerous risk analysis and management software packages that can review computer systems and networks and the financial transactions they contain. These packages evaluate security measures already in place and test for weaknesses and vulnerabilities. A series of reports are then generated to explain any weaknesses found and suggest improvements. Cost parameters can be entered so that a company can balance acceptable levels of vulnerability and cost effectiveness. There are also intrusion-detection programs and software utilities that can detect illegal entry into systems along with software that monitors system activity and helps companies recover from fraud and malicious actions.

People who commit fraud tend to follow certain patterns and leave tell-tale clues, often things that do not make sense. Software is readily available to search for these fraud symptoms. For example, a health insurance company could use fraud detection software to look at how often procedures are performed, whether a diagnosis and the procedures performed fit a patient’s profile, how long a procedure takes, and how far patients live from the doctor’s office.

Neural networks (programs that mimic brain activity and can learn new concepts) are quite accurate in identifying suspected fraud. For example, Visa and MasterCard operations employ neural network software to track hundreds of millions of separate account transactions daily. Neural networks spot the illegal use of a credit card and notify the owner within a few hours of its theft. The software can also spot trends before bank investigators do.

Each enterprise needs to determine its appropriate overall governance system and the fraud detection approaches it decides to implement in support of that system. To help in that determination, mapping governance frameworks, principles, structures, processes and practices, currently in use, is beneficial. CFE’s and forensic accountants are uniquely qualified to assist in this process given their in-depth knowledge of all types of fraud scenarios and the tailoring of the anti-fraud controls most appropriate for the control of each within a specific company environment.

The Initially Immaterial Financial Fraud

At one point during our recent two-day seminar ‘Conducting Internal Investigations’ an attendee asked Gerry Zack, our speaker, why some types of frauds, but specifically financial frauds can go on so long without detection. A very good question and one that Gerry eloquently answered.

First, consider the audit committee. Under modern systems of internal control and corporate governance, it’s the audit committee that’s supposed to be at the vanguard in the prevention and detection of financial fraud. What kinds of failures do we typically see at the audit committee level when financial fraud is given an opportunity to develop and grow undetected? According to Gerry, there is no single answer, but several audit committee inadequacies are candidates. One inadequacy potentially stems from the fact that the members of the audit committee are not always genuinely independent. To be sure, they’re required by the rules to attain some level of technical independence, but the subtleties of human interaction cannot always be effectively governed by rules. Even where technical independence exists, it may be that one or more members in substance, if not in form, have ties to the CEO or others that make any meaningful degree of independence awkward if not impossible.

Another inadequacy is that audit committee members are not always terribly knowledgeable, particularly in the ways that modern (often on-line, cloud based) financial reporting systems can be corrupted. Sometimes, companies that are most susceptible to the demands of analyst earnings expectations are new, entrepreneurial companies that have recently gone public and that have engaged in an epic struggle to get outside analysts just to notice them in the first place. Such a newly hatched public company may not have exceedingly sophisticated or experienced fiscal management, let alone the luxury of sophisticated and mature outside directors on its audit committee. Rather, the audit committee members may have been added to the board in the first place because of industry expertise, because they were friends or even relatives of management, or simply because they were available.

A third inadequacy is that audit committee members are not always clear on exactly what they’re supposed to do. Although modern audit committees seem to have a general understanding that their focus should be oversight of the financial reporting system, for many committee members that “oversight” can translate into listening to the outside auditor several times a year. A complicating problem is a trend in corporate governance involving the placement of additional responsibilities (enterprise risk management is a timely example) upon the shoulders of the audit committee even though those responsibilities may be only tangentially related, or not at all related, to the process of financial reporting.

Again, according to Gerry, some or all the previously mentioned audit committee inadequacies may be found in companies that have experienced financial fraud. Almost always there will be an additional one. That is that the audit committee, no matter how independent, sophisticated, or active, will have functioned largely in ignorance. It will not have had a clue as to what was happening within the organization. The reason is that a typical audit committee (and the problem here is much broader than newly public startups) will get most of its information from management and from the outside auditor. Rarely is management going to voluntarily reveal financial manipulations. And, relying primarily on the outside auditor for the discovery of fraud is chancy at best. Even the most sophisticated and attentive of audit committee members have had the misfortune of accounting irregularities that have unexpectedly surfaced on their watch. This unfortunate lack of access to candid information on the part of the audit committee directs attention to the second in the triumvirate of fraud preventers, the internal audit department.

It may be that the internal audit department has historically been one of the least understood, and most ineffectively used, of all vehicles to combat financial fraud. Theoretically, internal audit is perfectly positioned to nip in the bud an accounting irregularity problem. The internal auditors are trained in financial reporting and accounting. The internal auditors should have a vivid understanding as to how financial fraud begins and grows. Unlike the outside auditor, internal auditors work at the company full time. And, theoretically, the internal auditors should be able to plug themselves into the financial reporting environment and report directly to the audit committee the problems they have seen and heard. The reason these theoretical vehicles for the detection and prevention of financial fraud have not been effective is that, where massive financial frauds have surfaced, the internal audit department has often been somewhere between nonfunctional and nonexistent.. Whatever the explanation, (lack of independence, unfortunate reporting arrangements, under-staffing or under-funding) in many cases where massive financial fraud has surfaced, a viable internal audit function is often nowhere to be found.

That, of course, leaves the outside auditor, which, for most public companies, means some of the largest accounting firms in the world. Indeed, it is frequently the inclination of those learning of an accounting irregularity problem to point to a failure by the outside auditor as the principal explanation. Criticisms made against the accounting profession have included compromised independence, a transformation in the audit function away from data assurance, the use of immature and inexperienced audit staff for important audit functions, and the perceived use by the large accounting firms of audit as a loss leader rather than a viable professional engagement in itself. Each of these reasons is certainly worthy of consideration and inquiry, but the fundamental explanation for the failure of the outside auditor to detect financial fraud lies in the way that fraudulent financial reporting typically begins and grows. Most important is the fact that the fraud almost inevitably starts out very small, well beneath the radar screen of the materiality thresholds of a normal audit, and almost inevitably begins with issues of quarterly reporting. Quarterly reporting has historically been a subject of less intense audit scrutiny, for the auditor has been mainly concerned with financial performance for the entire year. The combined effect of the small size of an accounting irregularity at its origin and the fact that it begins with an allocation of financial results over quarters almost guarantees that, at least at the outset, the fraud will have a good chance of escaping outside auditor detection.

These two attributes of financial fraud at the outset are compounded by another problem that enables it to escape auditor detection. That problem is that, at root, massive financial fraud stems from a certain type of corporate environment. Thus, detection poses a challenge to the auditor. The typical audit may involve fieldwork at the company once a year. That once-a-year period may last for only a month or two. During the fieldwork, the individual accountants are typically sequestered in a conference room. In dealing with these accountants, moreover, employees are frequently on their guard. There exists, accordingly, limited opportunity for the outside auditor to get plugged into the all-important corporate environment and culture, which is where financial fraud has its origins.

As the fraud inevitably grows, of course, its materiality increases as does the number of individuals involved. Correspondingly, also increasing is the susceptibility of the fraud to outside auditor detection. However, at the point where the fraud approaches the thresholds at which outside auditor detection becomes a realistic possibility, deception of the auditor becomes one of the preoccupations of the perpetrators. False schedules, forged documents, manipulated accounting entries, fabrications and lies at all levels, each of these becomes a vehicle for perpetrating the fraud during the annual interlude of audit testing. Ultimately, the fraud almost inevitably becomes too large to continue to escape discovery, and auditor detection at some point is by no means unusual. The problem is that, by the time the fraud is sufficiently large, it has probably gone on for years. That is not to exonerate the audit profession, and commendable reforms have been put in place over the last decade. These include a greater emphasis on fraud, involvement of the outside auditor in quarterly data, the reduction of materiality thresholds, and a greater effort on the part of the profession to assess the corporate culture and environment. Nonetheless, compared to, say, the potential for early fraud detection possessed by the internal audit department, the outside auditor is at a noticeable disadvantage.

Having been missed for so long by so many, how does the fraud typically surface? There are several ways. Sometimes there’s a change in personnel, from either a corporate acquisition or a change in management, and the new hires stumble onto the problem. Sometimes the fraud, which quarter to quarter is mathematically incapable of staying the same, grows to the point where it can no longer be hidden from the outside auditor. Sometimes detection results when the conscience of one of the accounting department people gets the better of him or her. All along s/he wanted to tell somebody, and it gets to the point where s/he can’t stand it anymore and s/he does. Then you have a whistleblower. There are exceptions to all of this. But in almost any large financial fraud, as Gerry told us, one will see some or all these elements. We need only change the names of the companies and of the industry.

Rigging the Casino

I attended an evening lecture some weeks ago at the Marshall-Wythe law school of the College of William & Mary, my old alma mater, in Williamsburg, Virginia. One of the topics raised during the lecture was a detailed analysis of the LIBOR scandal of 2012, a fascinating tale of systematic manipulation of a benchmark interest rate, supported by a culture of fraud in the world’s biggest banks, and in an environment where little or no regulation prevailed.

After decades of abuse that enriched the big banks, their shareholders, executives and traders, at the expense of others, investigations and lawsuits were finally initiated, and the subsequent fines and penalties were huge. The London Interbank Offered Rate (LIBOR) rate is a rate of interest, first computed in 1985 by the British Banking Association (BBA), the Bank of England and others, to serve as a readily available reference or benchmark rate for many financial contracts and arrangements. Prior to its creation, contracts utilized many privately negotiated rates, which were difficult to verify, and not necessarily related to the market rate for the security in question. The LIBOR rate, which is the average interest rate estimated by leading banks that they would be charged if they were to borrow from other banks, provided a simple alternative that came to be widely used. For example, in the United States in 2008 when the subprime lending crisis began, around 60 percent of prime adjustable-rate mortgages (ARMs) and nearly all subprime mortgages were indexed to the US dollar LIBOR. In 2012, around 45 percent of prime adjustable rate mortgages and over 80 percent of subprime mortgages were indexed to the LIBOR. American municipalities also borrowed around 75 percent of their money through financial products that were linked to the LIBOR.

At the time of the LIBOR scandal, 18 of the largest banks in the world provided their estimates of the costs they would have had to pay for a variety of interbank loans (loans from other banks) just prior to 11:00 a.m. on the submission day. These estimates were submitted to Reuters news agency (who acted for the BBA) for calculation of the average and its publication and dissemination. Reuters set aside the four highest and four lowest estimates, and averaged the remaining ten.

So huge were the investments affected that a small manipulation in the LIBOR rate could have a very significant impact on the profit of the banks and of the traders involved in the manipulation. For example, in 2012 the total of derivatives priced relative to the LIBOR rate has been estimated at from $300-$600 trillion, so a manipulation of 0.1% in the LIBOR rate would generate an error of $300-600 million per annum. Consequently, it is not surprising that, once the manipulations came to light, the settlements and fines assessed were huge. By December 31, 2013, 7 of the 18 submitting banks charged with manipulation, had paid fines and settlements of upwards of $ 2 billion. In addition, the European Commission gave immunity for revealing wrongdoing to several the banks thereby allowing them to avoid fines including: Barclays €690 million, UBS €2.5 billion, and Citigroup €55 million.

Some examples of the types of losses caused by LIBOR manipulations are:

Manipulation of home mortgage rates: Many home owners borrow their mortgage loans on a variable- or adjustable-rate basis, rather than a fixed-rate basis. Consequently, many of these borrowers receive a new rate at the first of every month based on the LIBOR rate. A study prepared for a class action lawsuit has shown that on the first of each month for 2007-2009, the LIBOR rate rose more than 7.5 basis points on average. One observer estimated that each LIBOR submitting bank during this period might have been liable for as much as $2.3 billion in overcharges.

Municipalities lost on interest rate swaps: Municipalities raise funds through the issuance of bonds, and many were encouraged to issue variable-rate, rather than fixed-rate, bonds to take advantage of lower interest payments. For example, the saving could be as much as $1 million on a $100 million bond. After issue, the municipalities were encouraged to buy interest rate swaps from their investment banks to hedge their risk of volatility in the variable rates by converting or swapping into a fixed rate arrangement. The seller of the swap agrees to pay the municipality for any requirement to pay interest at more than the fixed rate agreed if interest rates rise, but if interest rates fall the swap seller buys the bonds at the lower variable interest rate. However, the variable rate was linked to the LIBOR rate, which was artificially depressed, thus costing U.S. municipalities as much as $10 billion. Class action suits were launched to recover these losses which cost municipalities, hospitals, and other non-profits as much as $600 million a year; the remaining liability assisted the municipalities in further settlement negotiations.

Freddie Mac Losses: On March 27, 2013, Freddie Mac sued 15 banks for their losses of up to $3 billion due to LIBOR rate manipulations. Freddie Mac accused the banks of fraud, violations of antitrust law and breach of contract, and sought unspecified damages for financial harm, as well as punitive damages and treble damages for violations of the Sherman Act. To the extent that defendants used false and dishonest USD LIBOR submissions to bolster their respective reputations, they artificially increased their ability to charge higher underwriting fees and obtain higher offering prices for financial products to the detriment of Freddie Mac and other consumers.

Liability Claims/Antitrust cases (Commodities-manipulations claims): Other organizations also sued the LIBOR rate submitting banks for anti-competitive behavior, partly because of the possibility of treble damages, but they had to demonstrate related damages to be successful. Nonetheless, credible plaintiffs included the Regents of the University of California who filed a suit claiming fraud, deceit, and unjust enrichment.

All of this can be of little surprise to fraud examiners. The ACFE lists the following features of moral collapse in an organization or business sector:

  1. Pressure to meet goals, especially financial ones, at any cost;
  2. A culture that does not foster open and candid conversation and discussion;
  3. A CEO who is surrounded with people who will agree and flatter the CEO, as well as a CEO whose reputation is beyond criticism;
  4. Weak boards that do not exercise their fiduciary responsibilities with diligence;
  5. An organization that promotes people based on nepotism and favoritism;
  6. Hubris. The arrogant belief that rules are for other people, but not for us;
  7. A flawed cost/benefit attitude that suggests that poor ethical behavior in one area can be offset by good ethical behavior in another area.

Each of the financial institutions involved in the LIBOR scandal struggled, to a greater or lesser degree with one or more of these crippling characteristics and, a distressing few, manifested all of them.

In Plain Sight

By Rumbi Petrozzello, CPA/CFF, CFE
2017 Vice-President – Central Virginia Chapter ACFE

Recently, I was listening to one my favorite podcasts, Radiolab, and they were discussing a series on Audible called “Ponzi Supernova”. Reporter Steve Fishman hounded infamous Ponzi schemer, Bernie Madoff, for several years. One day, Bernie called Steve, collect, and thus began the conversations between Madoff and Fishman that makes this telling of the Madoff Ponzi scheme like none other.

The tale is certainly compelling (how can a story of the largest known Ponzi scheme not be fascinating) and hearing Bernie Madoff talking about what he did and hearing what he says motivated him makes this series something I listened to from beginning to end, almost without taking a break. Through it all, as had happened just about every time I read or heard about Madoff, I was amazed that he was able to perpetrate his fraud for as long as he did, which, depending on who you believe, started somewhere between the early 1960s and 1992 (even Madoff gives different dates for when he started). This is no surprise. All too often, when fraudsters are caught, they try to minimize the extent of their wrongdoing. If they know that you’ve found $1,000, they’ll tell you that $1,000 was all they took. If you go on to find more, then the story will change a little to include what you’ve found. It’s very rare that a fraudster will confess to the full extent of her crime at the first go around (or even at the second or third).

As I listened to the series, something became very apparent. Often when people discuss the Madoff Ponzi scheme, one tends to get the feeling that, for decades, he took money from new investors to pay off old investors and carried on his multi-billion-dollar scheme without a single soul blowing the whistle on him. But that’s not the case. In a 477-page report from the U.S. Securities and Exchange Commission Office of Investigations (OIG) entitled “Investigation of Failure of the SEC to Uncover Bernard Madoff’s Ponzi Scheme – Public Version”, between June 1992 and December 2008, the Securities and Exchange Commission (SEC) received “six substantive complaints” regarding Madoff’s company and some of these complaints were submitted more than once.

One complaint mentioned in the report was received three times, with versions submitted in 2000, 2001 and 2005; the 2005 version was even entitled “The World’s Largest Hedge Fund is a Fraud”. This complaint series was submitted by Madoff’s most well-known nemesis, the whistleblower, Harry Markopolos. But, there were at least five other individuals who shared their concerns and suspicions about Madoff with the SEC. Three of these specifically used the words “Ponzi scheme”, including the first complaint, in 1992. Based on these complaints, the SEC conducted two investigations and three examinations and, even though the complaints explicitly stated that they suspected that Madoff Investments was a Ponzi scheme, none of the investigations or examinations concluded that Madoff was operating a Ponzi scheme. To add to this, the SEC was aware of two articles that questioned Madoff’s returns. Over the years, several investment companies performed their own due diligence and decided that Madoff’s company did not make sense and they believed that investing with Madoff would be a violation of their fiduciary duty to their clients. Despite all of this, none of these investigations or exams contained a finding of fraud.

Whether you’re a Certified Fraud Examiner (CFE) or a CPA, Certified in Financial Forensics (CFF), the work that you do is governed by a set of professional standards that help establish a performance baseline. This begins with competence. This means that those taking on an assignment should be able to complete the assignment successfully. This does not necessarily mean that whoever is leading the job needs to know how to do everything. It does mean that they should ensure that there is the right skill set working on the job, even if it means the use of referrals or consultation. Too many times, while reading the OIG report, the reader confronts the mention of a lack of experience. Listening to Ponzi Supernova, I learnt that at least one examiner was only three weeks out of school. The OIG report stated that, for one examination, because the person leading the investigation had no knowledge of how to investigate a suspected Ponzi scheme, they decided to just not investigate that claim; they decided instead to investigate what they knew, and that was front running (though even that investigation was carried out poorly).

Another ACFE professional standard is that of due professional care. Due professional care “requires diligence, critical analysis and professional skepticism”. It also means that any conclusion that a CFE reaches, must be supported by evidence that is relevant, sufficient and competent. Several times during the various investigations and examinations, SEC staff would ask Madoff or his employees questions and then accept any answers they were given without seeking any third-party confirmation. Sometimes, even when third-party confirmation was sought, the questions asked of those third parties were not the correct ones. Madoff himself tells the story of how, in 2006, Madoff testified that he settled trades for his advisory clients through his personal Depository Trust Company (DTC) account and he even gave the SEC his DTC account information. At this point Madoff was sure that, once the SEC checked this out, his fraud would be discovered. Instead, the SEC merely asked the DTC if Madoff had an account, and nothing more. Had they asked about account activity, they would have then discovered that Madoff’s account, even though it existed, did not trade anywhere near the volume purported by his statements. This brings up other aspects of due professional care; adequate planning and supervision. With proper supervision, the less experienced can be trained not just to ask questions, but to ask, and get adequate answers to, the correct questions. The person reviewing their work would be able to ask them, “did the answer that you got from the DTC answer the question that we are asking? Can we now confirm not that Madoff has an account with the DTC but, instead, that he is trading billions of dollars through these accounts?”

Time and time again, in the OIG report, the SEC stated that they did not have experienced and adequate staff for their examinations and investigations of Madoff. This was an excuse that was used to explain why, for instance, they did not send out requests for third-party confirmations, even after drafting them. In one case, staff stated that they did not send out a request to the National Association of Securities Dealers (NASD) because it would have been too time-consuming to review the data received. Adequate planning would have made sure that there was sufficient, qualified staffing to review the data. Adequate supervision would have ensured that this excuse for not sending out the request was squashed. However, it is not the case that no third-party confirmation requests were sent out. Some were and some of those sent out received responses. Responses were received from the NASD and other financial institutions These entities all claimed that there was no activity with Madoff on the dates that the examiners were asking about. Even with that information, there was no follow-up on the part of the examiners. At every turn, there seemed to be a lot of trust and just about no verification. This is even more surprising when you hear that the examiners would write notes about how Madoff was obviously lying and how many people had reported to the SEC that Madoff was running a dishonest business. Even with so much distrust, and so many whistleblowers, it turned out that those sent to shine a light on Madoff’s operations all seemed to be looking in all the wrong places.

Part of planning an investigation is determining what is being investigated and how the investigation is going to be executed. A very important part of the process is determining, beforehand, what will be done with negative results. When third-party responses were received and they all stated Madoff had not done business with them as claimed, the responses appear to have been filed and no further action taken. When responses were not received, the SEC did not follow up to find out why nothing had been returned. They likely would have found that the institution had not responded to the inquiry because there was nothing to respond about. There does not appear to have been a defined protocol on what to do when the answer to the question, “did this happen” was “No.”

I urge you to, at the very least, read the executive summary of the OIG report. For me at least, what Madoff could get away with, time and time again, with each subsequent SEC examination or investigation, is jaw-dropping. The fact that 1) several whistleblowers shared their concerns and even accompanied them with a great deal of detail and 2) that articles were written and yet, 3) those with access to the information that could prove, with very little effort, that Madoff was not doing what he claimed to be doing, found nothing of concern is something I struggle to comprehend. This whole sad history does underline the importance of referring to, and abiding by, our professional standards, to minimize the risk of missing a fraud like this one. Most importantly, it reduces the risk that someone might get an aneurism trying to wrap their mind around how, even when so many others could see that something was amiss, the watchdog missed it all!

Overhanging Liabilities

Most experienced CFE’s are familiar with financial fraud cases involving the overhanging liabilities represented by artfully constructed schemes to avoid income taxes since multiple ACFE training courses over the years have focused on the topic in detail.  But for those new to fraud examination and to the Central Virginia Chapter, a little history.  Before 2002, accounting firms would provide multiple services to the same firm. Hired by the shareholders, they would audit the financial statements that were prepared by management, while also providing consulting services to those same managers. Some would also provide tax advice to the managers of audit clients. However, the Sarbanes-Oxley Act of 2002 (SOX) restricted the type and the intensity of consulting services that could be provided to the management of audit clients because the provision of such services might compromise the objectivity of the auditor when auditing the financial statements prepared by client management on behalf of the shareholders. Nevertheless, both before and after the passage of SOX, as subsequently reported in the financial press, both the major accounting firms Ernst & Young (E&Y) and KPMG were offering very aggressive tax shelters to wealthy taxpayers as well as to the senior managers of their audit clients.

In the 1990s, E&Y had created four tax shelters that they were selling to wealthy individuals. One Of them, called E.C.S., for Equity Compensation Strategy, resulted in little or no tax liability for the taxpayer. The complicated tax plan was a means of delaying, for up to thirty years, paying taxes on the profits from exercising employee stock options that would otherwise be payable in the year in which the stock options were exercised. E&Y charged a fee of 3 percent of the amount that the taxpayer invested in the tax shelter, plus $50,000 to a law firm for a legal opinion that said that it was “more likely than not” that the shelter would survive a tax audit. E&Y had long been the auditor for Sprint Corporation. They also took on as clients William Esrey and Ronald LeMay, the top executives at Sprint. In 2000 E&Y received:

  • $2.5 million for the audit of Sprint,
  • $2.6 million for other services related to the audit;
  • $63.8 million for information technology and other consulting services, and
  • $5.8 million from Esrey and LeMay for tax advice.

In 1999 Esrey announced a planned merger of Sprint with WorldCom that potentially would have made the combined organization the largest telecommunications company in the world. The deal was not consummated because it failed to obtain regulatory approval. Nevertheless, Esrey and LeMay were awarded stock options worth about $3ll million. E&Y sold an E.C.S. to each of the two executives. In the three years from 1998 to 2000, the options profits for Esrey were $159 million and the tax that would have been payable had he not bought the tax shelter amounted to about $63 million. The options profits for LeMay were $152.2 million and the tax thereon about $60.3 million.

Subsequently, the Internal Revenue Service rejected the E&Y tax shelter of each man. Sprint then asked the two executives to resign, which they did. Sprint also dismissed E&Y as the company’s auditor. On July 2, 2003, E&Y reached a $15 million settlement with the IRS regarding their aggressive marketing of tax shelters. Then, in 2007, four E&Y partners were charged with tax fraud. These four partners worked for an E&Y unit called VIPER, “value ideas produce extraordinary results,” later renamed SISG, “strategic individual solutions group.” Its purpose was to aggressively market tax shelters, known as Cobra, Pico, CDS, and CDS Add-Ons, to wealthy individuals, many of whom acquired their fortunes in technology-related businesses. These four products were sold to about 400 wealthy taxpayers from 1999 to 2001 and generated fees of approximately $121 million. The government claims that the tax shelters were bogus and taxpayers were reassessed for taxes owed as well as for related penalties and interest.

On August 26, 2005, KPMG in turn agreed pay a fine of $456 million for selling tax shelters from 1996 through 2003 that fraudulently generated $11 billion in fictitious tax losses that cost the government at least $2.5 billion in lost taxes. The four tax shelters went by the acronyms FLIP, OPIS, BLIPS, and SOS.  Under the Bond Linked Premium Issue Structure (BLIPS), for example, the taxpayer would borrow money from an offshore bank and invest in a joint venture that would buy foreign currencies from that same offshore bank. About two months later, the joint venture would then sell the foreign currency back to the bank, creating a tax loss. The taxpayer would then declare. a loss for tax purposes on the BLIPS investment. The way that BLIPS were structured, the taxpayer only had to pay $1.4 million to declare a $20 million loss for tax purposes. BLIPS were targeted at wealthy executives who would normally pay between $10 million and $20 million in taxes.

Buying a BLIPS, however, effectively reduced the investor’s taxable income to zero. They were sold to 186 wealthy individuals and generated at least $5 billion in tax losses. The FLIP and OPIS involved investment swaps through the Cayman Islands, and SOS was a currency swap like the BLIPS. The government contended that these were sham transactions since the loans and investments were risk-free. Their sole purpose was to artificially reduce taxes. Some argued that the KPMG tax shelters were so egregious that the accounting firm should be put out of business. However, Arthur Andersen had collapsed in 2002, and if KPMG failed, then there would be only three large accounting firms remaining: Deloitte, PricewaterhouseCoopers, and Ernst & Young. KPMG Chairman, Timothy Flynn, said “the firm regretted taking part in the deals and sent a message to employees calling the conduct inexcusable. KPMG remained in business, but the firm was fined almost a half billion dollars.

Because of the Ernst & Young and KPMG tax fiascos, the large accounting firms have become wary of marketing very aggressive tax shelters. Now, most shelters are being sold by tax “boutiques” that operate on a much smaller scale and so are less likely to be investigated by the IRS.  The question that remains, however, is to what extent should professional accountants be selling services that directly or indirectly abet even lawful tax avoidance which, as the ACFE tells us,  can so easily shade into what the IRS calls tax evasion?