The post below punctuates the importance of properly assessing and protecting your Intellectual Property and Critical Information from both internal and external risks, and from unintended consequences.

The LUBRINCO Group are specialists in this area.....

22 October 2009 - 13:21

Zurich loses personal data of 51,000 UK customers

The UK arm of insurance giant Zurich has lost a back-up tape containing the personal data of around 51,000 customers.

Zurich says the back-up tape - which in some cases contained contact information and bank details - was lost during a routine transfer within South Africa to a data storage centre in August 2008. Some details of customers in South Africa and Botswana were also on the tape.

The firm says it has written to the general insurance customers but that there is no evidence that the data has been misused by fraudsters.

In addition, it has appointed KPMG to investigate the loss, with the accountancy firm also advising on moves to strengthen security procedures. Zurich UK has also "taken steps" to improve transportation security of data tapes.

The Financial Services Authority and UK Information Commissioner's Office have also been informed.

Annette Court, CEO, Europe general insurance, Europe, Zurich, says: "We are implementing the necessary steps to minimise the impact of this situation on our customers. Protecting our customers' interest is at the top of our agenda. We are putting a great deal of investment into strengthening our internal processes to ensure that incidents of this nature do not happen again in the future."

IAT Compliance Deadline is Tomorrow (September 18, 2009)

Are you ready for the deadline???

The delay of the original compliance date for NACHA’s IAT rule is nearing an end as the revised compliance date, September 18, 2009, is around the corner. Actually, it is tomorrow! The rule requires that an international ACH transaction entry contain a list of required information as well as BSA’s "Travel Rule" data.

An International ACH Transaction is defined as an ACH entry that is part of a payment transaction involving a financial agency’s office that is not located in the territorial jurisdiction of the United States. Financial agency means an entity that is authorized by applicable law to accept deposits or is in the business of issuing money orders or transferring funds.

An office of a financial agency is involved in the payment transaction if it:

1. holds an account that is credited or debited as part of a payment transaction; or

2. receives funds directly from a Person or makes payment directly to a Person as part of a payment

transaction; or

3. serves as an intermediary in the settlement of any part of a payment transaction.

Fortunately, NACHA does provide a wealth of information on its website on the rule, including FAQs, which you can access by clicking IAT Rule Helpful Materials.

If you still need help or have questions in this area, particularly related to the AML and OFAC compliance issues that affect processing of IATs, please contact shassett@lubrinco.com

Recent Fraud Cases of Interest...

Man indicted in fraud case

posted September 10, 2009
Total Loss: $100,000

John Dennis Sedersten, 33, joined Max R. Snodgrass, 31, Bryan Thomas Ray, 32, and Karen Ann Harris, 45, as a defendant in the 25-count indictment. From April to November 2008, the defendants used stolen checking account and personal identity information to produce counterfeit identification documents and checks, federal prosecutors said.

Source:

News-Leader

http://www.news-leader.com/article/20090910/NEWS01/909100309/1007/NEWS01/Alleged-beating-victim-indicted-in-fraud-case

Md. man guilty of fraud with dead neighbor’s name

posted September 10, 2009
Total Loss: $95,000

A Fallston man has pleaded guilty to bank fraud charges for using his dead neighbor’s identity to get credit accounts. Fifty-six-year-old Jerome Malecki’s plea entered Wednesday said he and David Johnson stole about $95,000 in Social Security and state pension payments meant for his neighbor. The neighbor’s July 2004 death wasn’t reported and federal prosecutors said Malecki continued the scheme until November 2007.

Source:

Washington Examiner

http://www.washingtonexaminer.com/local/ap/58150997.html



Man Pleads Guilty in Wal-Mart Card Phishing Scheme

posted September 10, 2009
Total Loss: $193,000

A Sacramento, California, man has pleaded guilty to charges for his role in an international scam that netted sensitive information on tens of thousands of Internet users and then used that data to open fraudulent Wal-Mart credit cards. Tien “Tim” Truong Nguyen pleaded guilty to fraud and identity theft charges on Tuesday, the day before his case was set to go to trial.Prosecutors say that, working in concert with Romanian cyber-criminals, Nguyen set up fake phishing Web sites and supplied others with stolen information that was then used to set up fake Wal-Mart instant credit accounts in stores throughout northern California.By setting up hundreds of these instant credit lines, Nguyen’s two alleged co-conspirators, Stefani Ruland and Ryan Price, netted close to $193,000 in just under two months, prosecutors say.

Tags:

Wal-Mart, GE Capital
Source:

PC World

http://www.pcworld.com/businesscenter/article/171683/man_pleads_guilty_in_walmart_card_phishing_scheme.html


Local man sentenced for loan fraud

posted September 09, 2009
Total Loss: $340,000

A Huntington-area man convicted of student loan fraud will spend one year and six months behind bars and pay $344,908 in restitution. Stephen Phillips, 38, was sentenced Aug. 27, by U.S. District Judge William W. Caldwell in Harrisburg, Pa. Phillips had pleaded guilty to the federal charge in May. A U.S. Attorney’s Office press release states the conviction arose out of a scheme in which Phillips allegedly used the identities of innocent third parties to apply for more than $340,000 in federal educational benefits.
Source:

Herald Dispatch

http://www.herald-dispatch.com/news/briefs/x1408881239/Local-man-sentenced-for-loan-fraud

check
over 100k
Bad check leads to fraud probe

posted September 09, 2009
Total Loss: $100,000

Police launched an investigation into a possible investment fraud scheme involving several victims and at least $100,000 after a 21-year-old British national was arrested Monday for passing a fraudulent check.Adam Al-Muhanna was arrested Monday, at the University of Redlands after he allegedly wrote a check to a former student there for $100,000 on a closed CitiBank account. Police say Al-Muhanna also wrote several other checks connected to bank accounts that were either closed or contained insufficient funds. At least three people say they gave money in amounts ranging from $2,000 to $65,000 to Al-Muhanna to invest and never received a return despite repeated requests for their money, according to Redlands city spokesman Carl Baker.
Tags:

Citibank
Source:

Redlands Daily Facts

http://www.redlandsdailyfacts.com/news/ci_13294132



FBI is cracking bank fraud ring

posted September 07, 2009
Total Loss: $44 million

The FBI is investigating a fraud ring accused of bilking several banks and customers — including San Antonio-based USAA and the former chief of staff of U.S. Sen. Strom Thurmond — out of at least $44 million. One person is in custody in San Antonio and agents are looking for a Nigerian man from Dallas featured on the television show “America’s Most Wanted.” The suspects are believed to have posed as customers to fraudulently withdraw money from bank accounts, including one at USAA that was tapped for $98,000.
Tags:

USAA, Citibank, Woodforest Bank
Source:

San Antonio Express News

http://www.mysanantonio.com/news/local_news/FBI_is_cracking_bank_fraud_ring.html

collusive network
credit card
over 500k
11 charged in alleged credit card fraud scheme

posted September 07, 2009
Total Loss: $650,000

Federal authorities have charged 11 people with fraud in an alleged scheme that involved creating counterfeit credit cards and using them to withdraw cash. The U.S. Attorney’s Office says the individuals charged withdrew more than $650,000 from ATMs between July 2008 through April 2009. All 11 of the suspects are from northwestern Twin Cities suburbs.According to court documents, the suspects used counterfeit credit cards to make unauthorized withdrawals, defrauding Capital One Bank. Authorities say they also used the counterfeit cards to get cash advances.
Tags:

Capital One
Source:

WQOW18

http://www.wqow.com/Global/story.asp?S=11087162

TJX pays $525,000 to settle hacking-related suit

Another example of why it is so critically important to implement a true OPSEC Program within your organization to protect your intellectual property and critical information...


04 September 2009 - 10:39 (source: finextra.com)

Retailer TJX has agreed to pay $525,000 to settle a putative class action suit from several banks related to the massive security breach at its operations that resulted in the theft of millions of credit and debit card numbers.

The money - which comes out of the reserve put aside by TJX for breach-related costs in 2007 - will primarily reimburse the settling banks for some of their expenses.

AmeriFirst Bank, HarborOne Credit Union, SELCO Community Credit Union and Trustco Bank, the remaining financial institutions that sought to join the suit, agreed to drop all claims. TJX denied all wrongdoing.

Since revealing in January 2007 that hackers had stolen more than 45 million credit and debit card numbers from its computer system, TJX has paid out huge amounts in settlements.

In June the retailer agreed to pay around $9.75 million as part of a settlement with a group of 41 state attorneys general. It has also reached a $40.9 million settlement with Visa and a $24 million deal with MasterCard over the breach.

Last week it emerged that Albert Gonzalez, the computer hacker accused of masterminding the TJX breach, has agreed to plead guilty to the offense and attacks on several other retailers.


---------

The LUBRINCO Group can help you to accurately identify, value and protect your critical information assets!

SEC Charges Control Person Liability in Settled FCPA Action

This article is being re-posted from another source due to the critical nature of reach by the SEC in FCPA cases.


In a new twist on an old statute, the Securities and Exchange Commission brought its first Foreign Corrupt Practices Act action charging control person liability under the Exchange Act.

In a July 31 settled enforcement action, the SEC charged a parent corporation, Nature’s Sunshine Products, with violating the FCPA’s anti-bribery, books and records, and internal controls provisions and other securities law violations based on payments allegedly paid by its Brazilian subsidiary to customs brokers to facilitate the importation of unregistered products.

Notably, the agency also charged current NSP executive Douglas Faggioli and former NSP executive Craig Huff with violating the FCPA’s books and records and internal controls provisions based on their position as “control persons,” even though the SEC didn’t allege that the executives had personal knowledge of the payments

(See the SEC’s complaint.)


Without admitting or denying the allegations, all three defendants agreed to orders enjoining them from future violations. NSP agreed to pay a civil penalty of $600,000. Faggioli and Huff each agreed to pay a civil penalty of $25,000.

UrofskyWhile as an FCPA case, “this is a relatively small matter,” says Shearman & Sterling partner Philip Urofsky, ”What makes it noteworthy is that the SEC has for the first time invoked a theory of executive liability based on Section 20(a) of the Securities Exchange Act of 1934.”

Indeed, an Aug. 11 Shearman & Sterling alert notes that the case “may presage a broader enforcement effort against executives who fail to adequately supervise employees responsible for maintaining the company’s books and records and system of internal controls.”

Under Section 20, a “control person” is liable for the acts of other corporate employees under his control. “The question, of course, is what ‘control’ means and whether it includes an element of culpability,” says Urofsky. In some circuits, he says the plaintiff (here the SEC) is required to plead culpability, while in others, such as the 10th Circuit, it’s viewed as an affirmative defense where the defendant must raise good faith and lack of culpable knowledge.

While it may prove to be limited to its facts, the case “signals the SEC’s intention to hold executives liable for their company’s books and records and internal controls under all available theories,” the alert states.

The ability to bring this type of case in a jurisdiction that permits the SEC to plead 20(a) liability without pleading culpable knowledge allows the agency to impose liability and sanctions on executives “even where they don’t necessarily have the last evidentiary link between the knowledgeable and culpable subordinates and senior executives,” says Urofsky. However, he says, “Since good faith is a defense, regardless of how a particular Circuit defines ‘control,’ whether this will be a useful tool outside of a settled disposition is not clear.”

Beware of Ego Clouding One's Judgement

An academic review of 15 Canadian corporate fraud cases between 1995 and 2005 suggests that the biggest red flag for potential accounting fraud is a surprising one:

CEOs with egos inflated by media or analysts praise.

Michel Magnan, a business professor at Concordia University in Montreal and one of the authors of the report, says that the extent to which the company’s chief executive officer is lauded in the media or by analysts appears to be a key factor.

According to the Globe and Mail, Mr. Magnan's study study showed that

"generous doses of external praise can lead an egotistical executive to start to believe his or her own press, creating hubris or an exaggerated sense of self-confidence that leads CEOs to believe they can do whatever they want and get away with it.

“In most of these cases, these companies and the executives involved were quite present in the media or closely followed by analysts – they were market darlings, so to speak,” Prof. Magnan stated in a recent interview.

The study considered cases of alleged fraud at companies including Bre-X Minerals Ltd., Cinar Corp., Hollinger Inc., Livent Inc., Philip Services Corp., Mount Real Corp. and YBM Magnex International Inc., along with others.

I wonder how many of the recent cases in the news involving corporate fraud are also directly linked to the over-inflated egos of senior management and the false belief that their own press clippings as the guiding light for their present and future successes?

Note: This post originally appeared in the Compliance and Financial Oversight Blog, but because of its critical importance, I wanted to repost here:


Red Flags Rule - Could FINRA treat this like AML & the USA Patriot Act?

FINRA doesn't plan to give broker dealers more time than they've already had to deal with a Federal Trade Commission identity theft rule that's effective Aug. 1.

Guidance posted Monday by FINRA, about how to comply with the Red Flags Rule means it expects adherence from the onset. The rule will be a likely focus of upcoming FINRA examinations and sweeps, say compliance consultants.

The FTC will require broker dealers to periodically reassess whether they offer or maintain certain types of accounts covered by the rule and, if so, have a written program for identity theft prevention. Such a program should include, at a minimum, policies and procedures to detect certain "red flags" that could indicate identity theft. Broker dealers would also have to update those policies in response to changing risks to customers.

The rule applies to financial institutions and creditors who offer or maintain certain types of accounts, which could include margin accounts. The rule initially caused widespread confusion among broker dealers and other industries about exactly who was affected, and as a result, the FTC extended the compliance deadline twice from its original Nov. 1, 2008 effective date.

As quoted in A DOW JONES COLUMN, Tim Pedregon, a Los Angeles-based compliance consultant and former FINRA examiner, says the self-regulator's interest in the Red Flags Rule mirrors activity beginning in 2002 related to a Patriot Act provision requiring financial institutions to establish money laundering procedures. The National Association of Securities Dealers included Patriot Act anti-money laundering compliance as a focus in its brokerage audits. It often imposed administrative fees for small infractions and, in more egregious cases, fines, he said. An enforcement sweep in about six months is also possible, says Pedregon.

*Suzanne Barlyn (WSJ) writes Compliance Watch, a column that focuses on compliance and regulatory issues affecting financial advisers. She may be reached at 212-416-2230 or by email at suzanne.barlyn@dowjones.com)

FOR IMMEDIATE RELEASE June 5, 2009

CONTACT: Steve Hudak (703) 905-3770

FinCEN Moves to Streamline Mutual Fund BSA Requirements Proposal Would Require Mutual Funds to File CTRs

VIENNA, Va. - The Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (NPRM) that would replace a mutual fund requirement to file IRS/FinCEN Form 8300 - Report of Cash Payments Over $10,000 Received in a Trade or Business - with a requirement to file FinCEN Form 104, Currency Transaction Report (CTR), which is standard for financial institutions. Both forms document a transaction in currency above $10,000, but differ in some technical aspects.

"If adopted this proposal will bring the mutual fund industry into greater conformity with the rest of the financial industry, which currently files CTRs," said FinCEN Director James H. Freis, Jr. "The proposal would also free mutual funds from having to report applicable transactions involving certain negotiable instruments by moving to the CTR filing requirement and reduce paperwork for mutual funds and help FinCEN more directly identify suspicious activity involving money laundering and fraud."

To make the change, FinCEN is proposing to include mutual funds within the general definition of "financial institution" in rules implementing the Bank Secrecy Act (BSA). By being defined as such, they will be subject to the scope of rules that require the filing of CTRs and the creation, retention, and transmittal of records or information on transmittals of funds and other specified transactions. Mutual funds are already subject to many similar regulatory requirements and BSA program rules. This change will serve to streamline their reporting requirements and make the information they provide more quickly available, and formatted more consistently, for use by law enforcement investigators.

The definition of "currency" for purposes of the CTR rule is different from and less inclusive than the definition of "currency" in the rule for Form 8300, therefore, mutual funds would only be required to file CTRs on cash transactions. The $10,000 threshold applies to transactions conducted during a single business day. Under the CTR rule, a financial institution must treat multiple transactions as a single transaction if the financial institution has knowledge that the transactions are conducted by or on behalf of the same person.

The proposed rule as published in the Federal Register is available on www.FinCEN.Gov. Comments are due to FinCEN by September 3, 2009.

###

Obama overhaul could stoke risk manager demand

Wednesday, Jun 17, 2009 3:47AM UTC
By Chavon Sutton

NEW YORK (Reuters) - Risk management, an area once seen as a dreary necessity on a Wall Street obsessed with high-stakes trading bets, is suddenly hot.

Demand for risk professionals, which has already picked up, is likely to be stoked further after the Obama Administration announces what are expected to be sweeping changes to the financial regulatory framework on Wednesday.

Risk managers are charged with balancing the risk-reward equation at financial firms, by using quantitative and qualitative inputs to make investment decisions.

But in the years prior to the financial meltdown, risk managers at financial institutions lacked clout and independence. The result was the failure of banks that wagered too much using borrowed money, like Bear Stearns and Lehman Brothers.

"In many instances risk managers did perform, given the constraints presented to them by senior management, but their advice wasn't taken," said Richard Apostolik, chief executive of the Global Association of Risk Professionals.

"Organizations didn't perceive the risk function as important and a bigger concern was the lack of independence."

The Obama administration's reform will include increased reporting requirements for issuers of asset-backed securities and derivatives, require brokers to hold a certain level of financial interest in the products they sell, and reduce reliance on credit rating agencies--measures that are expected to fuel demand for a wide range of risk professionals.

"The reform's focus on the complex structured products that got us into this mess will increase demand particularly at investment banks, hedge funds, and mutual funds in the short-term," said Craig Termotto, a recruiter for financial services recruiting firm Michael Page International.

'BOMBARDED WITH CALLS'

"We'll see rapid growth over the next 12 months and then a slowing, but it will continue better than it was."

Until now, risk management has been viewed as a cost center. But that is rapidly changing in today's risk-obsessed environment and creating opportunities particularly for professionals with prior lending or risk experience.

"I've been bombarded with calls from headhunters looking for experienced risk professionals," said Kevin Blakely, former Chief Executive of the Risk Management Association.

"Last year, I would get a call every three weeks for credit risk officers, but now I get three to four calls a week."

Blakely was poached from his position at the RMA and appointed Chief Risk Officer for Columbus, Ohio-based Huntington Bancshares on June 10.

Michael Page International said the risk group is its busiest.

Both U.S. and international "credit and counterparty, market, and quantitative risk job postings are up 20-25 percent from last year," Termotto said.

But despite a glut of finance professionals available in the market place, Blakely has found that finding strong credit risk officers and credit work-out professionals is like "finding a needle in a haystack."

Recruiters say that one reason for the difficulty is that candidates are being enticed by buyside firms, bond insurers, and smaller boutique firms that are untainted by having received bailout funds from the government's Troubled Asset Relief Program (TARP).

"The institutions who need more risk professionals are the sell side," said Gustavo Dolfino, president & founder of The WhiteRock Group, a financial services recruitment firm. "Good risk people aren't attracted to these firms because TARP makes it hard to pay people."

Still, the government's insistence on strong risk controls is making risk management -- once seen as a Wall Street backwater -- an increasingly lucrative career path.

"Three years ago, a managing director in investment banking made three times more than his risk counterpart," said Alan Johnson, managing director of compensation consultancy Johnson Associates. "Today, they only make twice as much and a lot of investment bankers don't have jobs, while risk managers do."

(Reporting by Chavon Sutton; Editing by Christian Plumb)

Does the recent Level 6 Influenza Pandemic Announcement Indicate a Force Majeure Event?

The World Health Organization (WHO) has announced a Level 6 flu pandemic, which may prompt many businesses to call a force majeure on their contracts. The Level 6 pandemic is being called by WHO because the swine flu (H1N1 virus) has developed into an out-of-control, world-wide pandemic and drastic measures must be taken.

The announcement came at 10:00 GMT in a closed-door meeting emergency meeting in Geneva, Switzerland -- representing the first time a Level 6 pandemic has been announced in 41 years. The last time such a pandemic was announced was in 1968 when the Hong Kong flu of 1968 claimed an estimated one million deaths.

The effect reaches far beyond the immediate impact on local, regional or global health. There is a lot of chatter in blogs and elsewhere about the effect on the global economy and the abilities of organizations to provide contracted goods and services. One of the ripple effects could likely be realized within many business contracts, under the force majeure clause.

A force measure usually indicates an Act of God, be it earthquake, landslide, flood, or any other act or occurance that is 'beyond human control'. Acts of Terrorism and other forms of violent conflict also would often fall under this same contractual provision.

A force majeure clause is usually placed within business contracts to allow one or more parties in a contract to stop meeting their obligations for that contract, because a situation has occurred that is beyond everyone’s control. Pandemics are typically listed as one of the reasons for calling a force majeure.

So how will this affect commerce and business contracts in place?

This could have significant (and potentially far-reaching) consequences that go far beyond the immediate impact of the moment. What would be the impact -- either regionally or locally -- from large numbers of employees at firms who have the flu?

Day-to-day performance levels of companies are already being affected - sometimes drastically - in parts of the world by high levels of employee absenteeism due to H1N1 outbreaks, either because employees are sick themselves or because they are caring for family members who are. Add to this the by still more employees who stay home to avoid getting sick.

With the world seemingly becoming smaller by the day, the far-reaching effects of this situation remain to be fully realized. There is no doubt that this will likely have a markedly negative impact on the global economy. Many experts are comparing the current outbreak of H1N1 virus to the 2003 outbreak of Severe Acute Respiratory Syndrome (SARS), which is estimated to have cost cost the region between $18bn and $60bn in lost output - or 0.5-2.0% of regional GDP (according to estimates by the Asia Development Bank).

As this story continues to unfold, it certainly seems that the time has already come for firms to review contracts that are in place to determine how this escalating situation could affect their operations and their abilities to provide goods and services. Likewise this situation should sound a gong within organizations concerning performing due diligence both on existing contracts and on future relationships and agreements. The impact on the operational security of organizations and the effect on the bottom line are too great not to assess how this situation may touch your organization.

The following article from ACFE highlights an issue that in distressed economic times is of critical importance:

ACFE Report Says AP-Related Insider Fraud Is Costing a Bundle

October 2008

Don’t look now, but there’s a good chance your own organization’s employees are creating phony invoices, tampering with checks, and padding their expense reports. It’s tough to think that a co-worker is trying to slip a fraud past AP, but it does happen.

Dishonest employees cost U.S. organizations an estimated $994 billion a year in occupational fraud losses. The average company loses 7 percent of its annual revenues to this type of fraud, according to the 2008 Report to the Nation on Occupational Fraud & Abuse, from the Association of Certified Fraud Examiners (ACFE).

Occupational fraud that affects AP is categorized as asset misappropriation, which is one of the three categories the ACFE uses to describe this type of fraud. The other two are corruption and fraudulent financial statements. Asset misappropriation is, by far, the most common, occurring in 89 percent of the 959 cases the ACFE reviewed.

Bogus Invoices Most Common

Fraudulent invoicing, what the ACFE calls "billing" fraud, involves any scheme in which a person causes his or her employer to issue a payment by submitting invoices for fictitious goods or services, inflated invoices, or invoices for personal purchases. Typically, an employee will create a shell company and then bill the employer for nonexistent services. Or an employee will purchase personal items and submit an invoice for payment.

This type of disbursement fraud is the most common, occurring in 23.9 percent of the cases ACFE studied (see the graphic on page 1). However, the median loss is higher for check tampering, which occurred in 14.7 percent of the cases with a median loss of $138,000. The median loss from phony invoices was $100,000. Expense reimbursement abuse yielded a median loss of $25,000.

Who Is Doing This?

As Exhibit 1 illustrates, most of the fraudsters were either employees (39.7 percent) or managers (37.1 percent). Owners and executives made up about a quarter of the perpetrators.

Not surprisingly, the higher the position of the employee committing a fraud, the greater the loss to the business. Those with significant authority have more access to business resources and, therefore, more ability to override controls that might otherwise disclose fraud.

The ACFE study found that fraud committed by owners and executives resulted in a median loss of $834,000. That’s over five times greater than the median loss caused by managers and nearly 12 times higher than that perpetrated by employees.

The study also compared the type of scheme committed with the department in which the perpetrator worked. The goal was to provide data that could be useful to organizations in structuring their anti-fraud controls by identifying the departments most commonly associated with certain types of occupational fraud.

Employees in accounting or executives and upper management were the ones most likely to commit the four types of fraud that most affect AP. For example, over half (54.1 percent) of all billing and invoice schemes were committed by accounting personnel or the top brass (see Exhibit 2 below).

Accounting staffers were the most likely to commit expense reimbursement fraud, followed by executives and upper management and employees in operations and sales. How does the accounting staff—who are less likely to be traveling on company business—get involved with this scheme? Most likely on the other end of the fraud by processing knowingly false expense reports for payment—reports filed by executives, sales personnel, and others.

Two-thirds (67.4 percent) of check tampering is perpetrated by someone in the accounting department (see Exhibit 2). This typically happens when an employee steals blank-check stock and then makes them out to himself or herself or an accomplice. It can also commonly occur by the employee stealing an outgoing check to a vendor, then depositing it in his or her own bank account. Executives who engage in check tampering are typically those with signatory authority who write company checks to pay personal expenses.

Detecting the Fraud

More often than not, occupational fraud goes undetected for years before it’s discovered. When it is detected, it usually comes to light by tips rather than by other means, including internal and external audits. Tips account for almost half (46.2 percent) of the initial detection of occupational fraud. One in five is detected "by accident"; internal and external audits account for 19.4 percent and 9.1 percent of the detection, respectively; and 23.3 percent of cases are discovered by internal controls.

What to do: Because the most common detection method is by a tip, anonymous fraud reporting mechanisms are a key component to effective anti-fraud prevention. For instance, organizations with anonymous fraud reporting hotlines suffer fewer losses than those without hotlines.

The majority of tips (57.7 percent) were received from employees (see Exhibit 3). However, a significant number of tips came from outside sources.

What to do: When designing a fraud reporting system, be sure to include not only employees but also third parties, such as customers and vendors.

For More Information

The full 68-page 2008 Report to the Nation on Occupational Fraud & Abuse is available at www.acfe.com.

Exhibit 2. AP-Related Fraud Perpetrators, by Department
		Expense
	Billing	Reimbursement	Check
	Schemes	Schemes	Tampering
Accounting	33.2%	26.9%	67.4%
Executive /Upper Management	20.9	25.0	15.5
Operations	12.2	10.2	3.1
Sales	10.2	10.2	1.6
Purchasing	5.6	3.7	–
Finance	4.1	4.6	5.4
Manufacturing and Production	4.1	3.7	1.6
Information Technology	2.6	2.8	–
Customer Service	2.0	2.8	0.8
Marketing/Public Relations	1.5	3.7	–
Board of Directors	1.0	0.9	1.6
Research & Development	1.0	1.9	–
Human Resources	0.5	–	0.8
Internal Audit	0.5	2.8	0.8
Legal	0.5	0.9	1.6
(Source: 2008 ACFE Report to the Nation)

Perhaps an assessment of such issues within your organization might be in order?

"Ready... Fire... Aim!"

<

It seems that the faster the pace of business, and of life itself, the more we all seem to be in a rush to "get the deal done"... from the way that Congress rushed through financial bailout -- er, I mean "stimulus" legislation -- to the uber-instant way that business demands most everyone to "give me an answer - and, right now".

Unfortunately, this ultra-high speed frenetic race to an arbitrary and often imaginary finish line induces us not only to get there before the other guy (wherever 'there' is), but it also lulls us into a false sense of settling for less than - or, what I refer to as "good enough is good enough".

Obviously, cases in news, such as Bernard Maddoff, Sir Robert Allen Stanford, and that of Samuel Israel III (a markets whizz at Bayou Management, the hedge fund that collapsed in 2005 after defrauding investors out of $450M), remind us - albeit often way too late - that DUE DILIGENCE is much, much more important than most individuals and business give it credence, and that "good enough" often is actually not good enough.

We must fight the urge to haphazardly approach business issues from the perspective of "Ready, Fire, Aim!" when it comes to performing the proper types of DUE DILIGENCE investigations.

The current market climate demands all of us to really know who our customers, consultants, suppliers, directors and employees are. Risks abound in business at rates never before seen.

While certainly not an all-inclusive list, some risks that come to mind range from internal or external risks of theft of a firms intellectual property and critical information, to understanding whether a "potential business partner" has a skeleton or two (or three, or four) in the closet that would --at the very least -- raise some ethical questions from the Board of Directors if known, to deciding whether the investment plan is almost too good to be true, to protecting one's business from cyber threats from Romania or Korea or some other corner of the globe where a hacker would rather break into the system for what they can easily steal, instead of watching syndicated reruns of "The Jerry Springer Show", to knowing whether the key employee candidate that is the front-runner is actually who s/he represents themselves to be.

DUE DILIGENCE is more than checking a person's general information to verify that they live or work where they said they do... nor can all of the work required to obtain the degree, accuracy or depth of information necessary to make a cogent decision be obtained with a few Google™ searches (no offense to Google).

It often requires that you verify the secondhand or third hand information by investigating first-hand sources of information. And, when business goes global, the need for International DUE DILIGENCE increases exponentially... as do the complexities of obtaining the information necessary to garner a fact-based decision.

"So, who has the time and who has the where-with-all to do this? We've got day jobs, you know..."

Today's business climate is moving at Warp Factor 9. Costs are rising and the need to support and bolster the bottom line is a formidable opponent to the one commodity we seem to have the least of -- time.

However, costs arising from regulatory scrutiny and in some cases legal actions (as well as impact to a firm's reputation) are also on the rise... How will you answer the tough questions that will arise concerning your customer, partner, vendor, director, lawyer, investor or key employee – once the stuff hits the fan? And how will you explain why proper DUE DILIGENCE was not performed to avoid the problem in the first place?

Fortunately some of us are privileged to help firms that face situations like these within the course of our day jobs... And, while much of the work is not glamorous (no... we actually don't get a date with "the Bond Girl"), it is critically important to engage the right resources to help you perform the proper type and degree of DUE DILIGENCE to get the answers you need.

If you're feeling a bit inundated by the "Ready, Fire, Aim!" approach that the rush and clamor of the world seems to demand - take heart... some of us can help make a difference...