Tag Archives: fraud hotlines

Whistle & Fish

Every CFE and forensic accountant in practice encounters companies that operate outside accounting rules and tax laws. Blowing the whistle on such companies can be risky for the employee whistleblower; we all know that doing so often results in tipsters losing their jobs and reputations and facing limited future career prospects. Yet, on every side such employees are exhorted to offer the information they do to uncover fraud.

The whistleblower programs set up by U.S. government agencies are of particular interest to our Chapter members, practicing as they do in such close proximity to Washington D.C., and to those practicing in and around Richmond, the seat of government of the Commonwealth of Virginia. State and Federal entities encourage these tips by offering hot-lines and whistleblower awards programs that pay monetary awards to tipsters if their information leads to successful enforcement and to collection of money from a violator.

The two most important of these programs likely to be encountered by our Central Virginia Chapter members are the whistleblower rewards programs of the Internal Revenue Service (IRS) and the Security and Exchange Commission (SEC). The IRS program, which began 140 years ago, authorizes the Department of the Treasury to pay amounts to individuals who provide information that allow the IRS to detect, bring to trial and punish those guilty of violating internal revenue laws. A 2006 amendment created the current IRS whistleblower program, which mandates that the government pay whistleblowers awards based on the size of the taxes collected as a result of their tips.

The seminal U.S. Federal Claims Act, enacted in 1863, allows whistleblowers a portion of reclaimed money when defendants are found guilty of defrauding the federal government. The Commodities Futures Trading Commission has also recently established a whistleblower program. As I’m sure most of you remember, in 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act established the SEC’S whistleblower awards program. The program seeks to encourage high-quality tips about securities violations with its monetary awards supplemented by protections from retaliation.

The IRS created the whistleblower awards program, codified in IRC 7623(a), to close the tax gap and fight tax fraud more aggressively. In this original program, the maximum award was 15 percent of collected taxes, penalties and other amounts not to exceed $10 million, but the decision whether to make an award at all was wholly within the IRS’ discretion. When the courts considered attempts to challenge award decisions under this law, they uniformly found that the discretion to make or not make an award is essentially not reviewable. In other words, the courts decided the IRS has the right to make an award or not, and the whistleblower can’t appeal that decision.

The Tax Relief and Health Care Act of 2006, which made major changes to the IRS awards program, mandated that the IRS pay out a substantial award whenever a whistleblower’s information leads to the collection of tax, interest and penalties based on disputes in excess of $2 million. The new section, IRC 7623(b), was intended to create strong incentives to bolster insider reporting of tax violations for claims enacted after Dec. 20, 2006. The awards are now mandatory rather than discretionary; and they range from 15 percent to 30 percent of monies collected with no cap on the dollar amount of the award. With some exceptions, a whistleblower may collect an award even if convicted of a felony.

Whistleblowers are eligible for awards based on additions to tax, penalties, interest, and other amounts collected as a result of any administrative or judicial action resulting from the information provided. The 2006 amendment added whistleblower appeal rights to the U.S. Tax Court. To implement the law, the IRS was also required to create a Whistleblower Office that reports to the IRS commissioner. Submissions that don’t qualify under the new section IRC 7623(b) (usually because the disputes are for less than $2 million) are processed under the original IRC 7623(a). The IRS will continue to consider these cases, but the award is at the discretion of the agency, and there’s no requirement that an award be issued. These whistleblowers have no minimum statutory award percentage and no appeal provision.

The Dodd-Frank bill was partly a response to financial debacles such as the Madoff fraud and widespread mortgage frauds. Many criticized the SEC for its inaction to the causative circumstances that led to the Great Recession, although it definitely wasn’t alone in its failure to uncover and stop massive frauds. The SEC had an awards program before Dodd-Frank, but it wasn’t particularly effective, and it focused solely on insider trading. The new whistleblower awards program, which is much broader, encourages tips related to all kinds of securities violations from financial statement fraud to alleged Ponzi schemes.

The Dodd-Frank whistleblower program stipulates that as long as collected monetary sanctions exceed $1 million, awards are 10 percent to 30 percent of that amount. Awards are paid to individuals who voluntarily provide original information that leads to successful SEC enforcement. The award percentage is increased or decreased based on several factors including the extent of the whistleblower’s assistance.

Section 924(d) of the Dodd-Frank Act required the SEC to create a separate office within the agency to enforce the new regulation. In May 2011, the SEC adopted the Final Rules, Regulation 21F, which included prohibitions against retaliation, defined terms and established policies for submitting tips, applying for awards and filing appeals on award decisions.

In the IRS program, a whistleblower must be a “natural person”, in other words, not a corporation or other business organization. Because the claim form must be signed under penalty of perjury, the whistleblower can’t be anonymous, nor can the claim come from a representative of the whistleblower. Multiple whistleblowers can submit a joint claim, but each must sign under penalty of perjury. Similarly, in the SEC program the whistleblower must be a natural person or persons. However, the SEC whistleblower can be anonymous up to the point that the award is paid out, and he or she can be represented by an attorney or other person. IRS whistleblowers can’t be taxpayer’s representatives, employees of the Treasury Department, or employees of federal, state or local governments if they learned of the information as part of their job duties. The SEC whistleblower can’t be an auditor who learned of the issue as part of his or her duties during an audit or other engagement. The SEC whistleblower also must provide the information “voluntarily’ which means that the whistleblower can’t provide it in response to a request from regulators or law enforcement.

IRS claims must include the tax violator’s name and address, date of birth, Social Security number and the specific nature of the violation. If possible, it should also include the tax year(s), the dollar amounts of unreported income or erroneous deductions and supporting documentation. SEC claims must be original information about possible securities laws violations not already known to the SEC and not derived from publicly available sources. Even though the whistleblower employee might have first reported the information to his or her company’s internal hotline process, the SEC will still consider the information to be original. The content of this required information isn’t as clearly specified as in the IRS program, but it must cause the SEC to open (or expand) an investigation and bring a successful enforcement action.

The IRS protects the whistleblower’s identity as far as possible. If the whistleblower is needed as a witness in a court case, the IRS will notify the whistleblower who can then decide whether or not to proceed. The legislation that established the IRS program failed to include any protection for the whistleblower from possible retaliation. However, the alleged tax violator’s information is strictly protected, so that the whistleblower can only be told whether the case is open or closed. If the case is closed, the IRS can reveal to the whistleblower if his or her claim is payable, the amount of a payment or if a payment has been denied.

The SEC can’t disclose information that could reasonably be expected to reveal the identity of a whistleblower except if it needs to comply with law enforcement proceedings or protect investors by notifying another authority. For example, the SEC might need to notify the U.S. Department of Justice or a state attorney general or even foreign law enforcement if a criminal investigation should be opened as a result of the whistleblower’s allegations. The SEC informant must file through an attorney to remain anonymous during the process. After the SEC presents the award to the whistleblower, it will release the whistleblower’s name. Federal laws state that the whistleblower’s company can’t retaliate against the employee.

The IRS pays its awards when the proceeds are collected, and the appeals period for the taxpayer has expired. Many have said that the IRS program process is lengthy and slow. Claimants can generally expect to wait five to seven years to receive an award. While a whistleblower can’t appeal the award amount for IRC 7623(a) through the Tax Court, awards filed under the newer IRC 7623(b) are subject to appeal in the Tax Court.

The SEC will pay after the time has expired for the violator to file an appeal or after any appeals have been concluded. Then it evaluates all claims. The SEC must collect all sanctions from the violator before the SEC pays the award. A whistleblower can’t appeal an award amount but can appeal a denial.

In summary, we CFEs should inform our clients, individual and corporate, that whistleblowers can expect a long and bumpy ride to the chance, but not the promise, of monetary reward.

Bye-Bye Money

Miranda had responsibility for preparing personnel files for new hires, approval of wages, verification of time cards, and distribution of payroll checks. She “hired” fictitious employees, faked their records, and ordered checks through the payroll system. She deposited some checks in several personal bank accounts and cashed others, endorsing all of them with the names of the fictitious employees and her own. Her company’s payroll function created a large paper trail of transactions among which were individual earnings records, W-2 tax forms, payroll deductions for taxes and insurance, and Form 941 payroll tax reports. She mailed all the W-2 forms to the same post office box.

Miranda stole $160,000 by creating some “ghosts,” usually 3 to 5 out of 112 people on the payroll and paying them an average of $650 per week for three years. Sometimes the ghosts quit and were later replaced by others. But she stole “only” about 2 percent of the payroll funds during the period.

A tip from a fellow employee received by the company hotline resulted in the engagement of Tom Hudson, CFE.  Tom’s objective was to obtain evidence of the existence and validity of payroll transactions on the control premise that different people should be responsible for hiring (preparing personnel files), approving wages, and distributing payroll checks. “Thinking like a crook” lead Tom to readily see that Miranda could put people on the payroll and obtain their checks just as the hotline caller alleged. In his test of controls Tom audited for transaction authorization and validity. In this case random sampling was less likely to work because of the small number of alleged ghosts. So, Tom looked for the obvious. He selected several weeks’ check blocks, accounted for numerical sequence (to see whether any checks had been removed), and examined canceled checks for two endorsements.

Tom reasoned that there may be no “balance” to audit for existence/occurrence, other than the accumulated total of payroll transactions, and that the total might not appear out of line with history because the tipster had indicated that the fraud was small in relation to total payroll and had been going on for years.  He decided to conduct a surprise payroll distribution, then followed up by examining prior canceled checks for the missing employees and then scan personnel files for common addresses.

Both the surprise distribution and the scan for common addresses quickly provided the names of 2 or 3 exceptions. Both led to prior canceled checks (which Miranda had not removed and the bank reconciler had not noticed), which carried Miranda’s own name as endorser. Confronted, she confessed.

The major risks in any payroll business cycle are:

•Paying fictitious “employees” (invalid transactions, employees do not exist);

• Overpaying for time or production (inaccurate transactions, improper valuation);

•Incorrect accounting for costs and expenses (incorrect classification, improper or inconsistent presentation and disclosure).

The assessment of payroll system control risk normally takes on added importance because most companies have fairly elaborate and well-controlled personnel and payroll functions. The transactions in this cycle are numerous during the year yet result in lesser amounts in balance sheet accounts at year-end. Therefore, in most routine outside auditor engagements, the review of controls, test of controls and audit of transaction details constitute the major portion of the evidence gathered for these accounts. On most annual audits, the substantive audit procedures devoted to auditing the payroll-related account balances are very limited which enhances fraud risk.

Control procedures for proper segregation of responsibilities should be in place and operating. Proper segregation involves authorization (personnel department hiring and firing, pay rate and deduction authorizations) by persons who do not have payroll preparation, paycheck distribution, or reconciliation duties. Payroll distribution (custody) is in the hands of persons who do not authorize employees’ pay rates or time, nor prepare the payroll checks. Recordkeeping is performed by payroll and cost accounting personnel who do not make authorizations or distribute pay. Combinations of two or more of the duties of authorization, payroll preparation and recordkeeping, and payroll distribution in one person, one office, or one computerized system may open the door for errors and frauds. In addition, the control system should provide for detail control checking activities.  For example: (1) periodic comparison of the payroll register to the personnel department files to check hiring authorizations and for terminated employees not deleted, (2) periodic rechecking of wage rate and deduction authorizations, (3) reconciliation of time and production paid to cost accounting calculations, (4) quarterly reconciliation of YTD earnings records with tax returns, and (5) payroll bank account reconciliation.

Payroll can amount to 40 percent or more of an organization’s total annual expenditures. Payroll taxes, Social Security, Medicare, pensions, and health insurance can add several percentage points in variable costs on top of wages. So, for every payroll dollar saved through forensic identification, bonus savings arise automatically from the on-top costs calculated on base wages. Different industries will exhibit different payroll risk profiles. For example, firms whose culture involves salaried employees who work longer hours may have a lower risk of payroll fraud and may not warrant a full forensic approach. Organizations may present greater opportunity for payroll fraud if their workforce patterns entail night shift work, variable shifts or hours, 24/7 on-call coverage, and employees who are mobile, unsupervised, or work across multiple locations. Payroll-related risks include over-claimed allowances, overused extra pay for weekend or public holiday work, fictitious overtime, vacation and sick leave taken but not deducted from leave balances, continued payment of employees who have left the organization, ghost employees arising from poor segregation of duties, and the vulnerability of data output to the bank for electronic payment, and roster dysfunction. Yet the personnel assigned to administer the complexities of payroll are often qualified by experience than by formal finance, legal, or systems training, thereby creating a competency bias over how payroll is managed. On top of that, payroll is normally shrouded in secrecy because of the inherently private nature of employee and executive pay. Underpayment errors are less probable than overpayment errors because they are more likely to be corrected when the affected employees complain; they are less likely to be discovered when employees are overpaid. These systemic biases further increase the risk of unnoticed payroll error and fraud.

Payroll data analysis can reveal individuals or entire teams who are unusually well-remunerated because team supervisors turn a blind eye to payroll malpractice, as well as low-remunerated personnel who represent excellent value to the organization. For example, it can identify the night shift worker who is paid extra for weekend or holiday work plus overtime while actually working only half the contracted hours, or workers who claim higher duty or tool allowances to which they are not entitled. In addition to providing management with new insights into payroll behaviors, which may in turn become part of ongoing management reporting, the total payroll cost distribution analysis can point forensic accountants toward urgent payroll control improvements.

The detail inside payroll and personnel databases can reveal hidden information to the forensic examiner. Who are the highest earners of overtime pay and why? Which employees gained the most from weekend and public holiday pay? Who consistently starts late? Finishes early? Who has the most sick leave? Although most employees may perform a fair day’s work, the forensic analysis may point to those who work less, sometimes considerably less, than the time for which they are paid. Joined-up query combinations to search payroll and human resources data can generate powerful insights into the organization’s worst and best outliers, which may be overlooked by the data custodians. An example of a query combination would be: employees with high sick leave + high overtime + low performance appraisal scores + negative disciplinary records. Or, reviewers could invert those factors to find the unrecognized exemplary performers.

Where predication suggests fraud concerns about identified employees, CFEs can add value by triangulating time sheet claims against external data sources such as site access biometric data, company cell phone logs, phone number caller identification, GPS data, company email, Internet usage, company motor fleet vehicle tolls, and vehicle refueling data, most of which contain useful date and time-of-day parameters.  The data buried within these databases can reveal employee behavior, including what they were doing, where they were, and who they were interacting with throughout the work day.

Common findings include:

–Employees who leave work wrongfully during their shift;
–Employees who work fewer hours and take sick time during the week to shift the workload to weekends and public holidays to maximize pay;
–Employees who use company property excessively for personal purposes during working hours;
–Employees who visit vacation destinations while on sick leave;
–Employees who take leave but whose managers do not log the paperwork, thereby not deducting leave taken and overstating leave balances;
–Employees who moonlight in businesses on the side during normal working hours, sometimes using the organization’s equipment to do so.

Well-researched and documented forensic accounting fieldwork can support management action against those who may have defrauded the organization or work teams that may be taking inappropriate advantage of the payroll system. Simultaneously, CFEs and forensic accountants, working proactively, can partner with management to recover historic costs, quantify future savings, reduce reputational and political risk, improve the organization’s anti-fraud policies, and boost the productivity and morale of employees who knew of wrongdoing but felt powerless to stop it.

Not Just the Hotline

Prior to our Chapter’s last scheduled live training event, I was invited as a presenter to an orientation session for a group of employees serving as staff to a local government fraud, waste and abuse hotline. Anonymous communications, often called “tips,” may take various forms, including a posted letter, telephone call, fax, or e-mail. Long gone are the days when any governmental or private organization receiving such a communication would feel comfortable disregarding it. In today’s environment, such communications are almost always taken seriously, and significant efforts are made to resolve every credible allegation. By their very nature, such investigations are triggered suddenly and generally require a prompt and decisive response, even if only to establish that the allegations are unfounded or purely mischievous. The allegations may be in the form of general statements or they may be very specific, identifying names, documents, situations, transactions, or issues. From the CFE’s or forensic investigator’s perspective, no matter what form they take or how they are received, anonymous communications addressed to the client can pose challenging investigative issues in themselves whose complexity is often under-estimated.

The initiators of such tips can be motivated by a variety of factors, which range from the possibility of monetary gain (substantial monetary recovery is available to whistleblowers under the U.S. False Claims Act), to moral outrage, to genuine concern over an issue or simply from the desire of a disgruntled employee to air an issue or undermine a colleague. Adding to the complication, legislation such as Sarbanes-Oxley and the raft of on-going private and governmental scandals, the increased scrutiny of health care providers and of defense contractors have all served to raise public awareness of whistle-blower programs specifically and of the importance of anonymous reporting mechanisms in general.

With hotlines now so ubiquitous, it’s equally important for investigators to be aware that anonymous tips come in not only to formal public hotlines but in a wide variety of forms and through many channels; such communications can come addressed to various individuals and groups within the company or to outside entities, to government agencies, and even via outside news agencies. Typical recipients within the company of non-hotline tips can be expected to be legal counsel, audit committee members, senior management, department supervisors, human resources managers and the compliance or ethics officer. A tip may take the form of a typical business letter addressed to the company, an e-mail (usually from a nontraceable account), or an official internal complaint. It may also duplicate tips submitted to news agencies, competitors, web site postings, chat rooms, or government agencies. It may also be a message to an internal ethics hotline phone number. Whatever form it takes, a tip may contain allegations that, while factually correct at its core, may also include embellishments or inaccurate information, wildly emotional allegations, or poor grammar. Further, the communication structure of the tip may be disorganized, repetitive, display unprioritized thoughts and mix key issues with irrelevant matters and unsupported subjective opinions. In other cases, while the tip’s information about specific issues may not be correct, it may contain a grain of truth or may identify elements of several unrelated but potentially troubling issues.

In some situations, the allegations aired in an anonymous tip may be known within the company and labeled as rumors or gossip. Some whistle-blowers are neither gossip hounds nor disgruntled employees but, rather, frustrated employees who have tried to engage management about a problem and have gone unheard. Only then do they file a complaint by sending a letter or an e-mail or by making a phone call.  While one should never leap to a specific conclusion upon receipt of an anonymous communication, inaction is never a recommended option. One of the dangers of ignoring an anonymous tip that wasn’t initially received via the hotline is that a situation that can be satisfactorily addressed with prompt action at lower levels or locally within the organization may become elevated to higher levels or to third parties and even to regulatory bodies outside the entity because the whistle-blower believes the communication has been side-lined or shunted aside. This can have damaging consequences for an organization’s reputation and brands if the allegations become public or attract media attention and a cover-up appears to have occurred, however well-intentioned the organization may have been. Ignoring an anonymous tip also may negatively impact staff morale and motivation, if suspicions of impropriety are widespread among staff and it appears that the employer is uninterested or doing nothing to rectify the situation. Ultimately, management may leave itself open to criticism or perhaps the danger of regulatory censure or legal action by stakeholders or authorities if it cannot demonstrate that it has given due consideration to the issues raised in an anonymous communication.

Once notified by a client of the receipt of an anonymous tip, the CFE or forensic accounting investigator should obtain an understanding of all the circumstances of that receipt. While the circumstances on the surface may appear unremarkable and trivial, that information is often a key factor in determining the best approach to dealing with a tip and, more broadly, often provides clues that are helpful in other areas. Initial facts and circumstances to be established include:

• How? This refers to how the information was conveyed—for example, whether it was in a letter, phone call, or e-mail and whether the letter was handwritten or typed. Additionally, the forensic accounting investigator seeks to determine whether the message includes copies of corporate documents or references to specific documents and whether the tip is anonymous, refers to individuals, or is signed.
• When? This includes establishing the date on which the message was received by the entity, the date of the tip, and in the case of a letter, the postmark date and postmark location.
• Where? This involves establishing where the tip was sent from, be it a post office, overseas, a private residence, within the office, a sender’s fax number, or an e-mail account.
• Who? To whom was the tip sent? Was it a general reference such as “To whom it may concern”? A specific individual? A department such as the head office or internal audit? The president’s office? The press? A competitor? Sometimes an anonymous notification will indicate that another entity has been copied on the document; this requires verification. Always consider the possibility that the tip may have been sent to the auditor and/or to the U.S. Securities and Exchange Commission.
• What? This refers to understanding the allegations and organizing them by issue. Often, a tip will contain many allegations that are variations on the same issue or that link to a common issue. For this reason, it is often helpful to formally summarize in writing the tip by issues and related sub-issues. Does the information in the tip contain information that may be known only to a certain location or department? If so, that may point to a group of individuals or former employees as the source of the tip.
• Why? What is the possible motivation for the tip? Issues with misreporting financial information? Ethical decisions? Disgruntled employee? Former employee airing grievances?

For many organizations, whistle-blower communications have become almost daily phenomena. But many of the most serious allegations don’t arrive via a hotline.  This is largely because in the wake of corporate scandals, lawmakers and ethics authorities are responding to public concern by encouraging employee monitoring of corporate ethics and affording some statutory protections for whistle-blowers. Dealing with the unexpected anonymous tip that triggers a CFE conducted investigation can be a challenging matter, even for the most seasoned investigator. Objective analysis and the strategic approach taken by professionals skilled in corporate investigations can assist clients in successfully addressing issues that may have serious legal and financial implications. Protection of employees from retaliatory action and the
company’s need to decide whether and to whom to disclose information are among the many issues created by the receipt of anonymous tips.  For the CFE, the key to resolving cases of anonymous tips usually involves a detailed examination of copious amounts of data obtained from various sources such as interviews, public records searches, data mining, hard-copy document review, and electronic discovery. A careful, experience-based investigative strategy is imperative to address the circumstances surrounding the transmittal and receipt of any anonymous tip and to tackle its allegations prudently and thoroughly.