Fraud 360 issue by CRI Middle East LLC

Employee Screening: Leave No Stone Unturned PG. 8

The Effect of Money Laundering on Business and the Global Economy PG. 12

Carnival of Fraud: Brazilians Register Disgust at Corruption Scandals PG. 25

Case Studies: Conflicts of Interest, Employee Screening and Due Diligence PG. 30

CRIGROUP.COM

ISSUE 1 2015

FRAUD RISK

MANAGEMENT An organizational approach, PG. 18

Published by

Letter from the CEO What is Your Fraud Risk Management Strategy? Welcome to the latest edition of Fraud360. I sincerely hope that you find these articles about preventing and detecting fraud valuable for you, your company and/or your clients. Our cover story, “Fraud Risk Management: An Organizational Approach,” addresses the need for every company to be “all in” on fraud prevention, from top to bottom of the organization. For some businesses, hoping they will not be affected by fraud and corruption is their prevention strategy. This is not realistic, as the latest statistics show that, according to experts, organizations worldwide lose and estimated five percent of their total revenues to fraud. What is your organization’s fraud risk management strategy? I hope our article gives you some food for thought in ways to make it better and more robust, and helps you effectively prevent more fraud. When it comes to your employees, what you don’t know can hurt you … and so we present to you “Employee Screening: Leave No Stone Unturned.” It provides a close look at why background screening is so important — not just the screening of candidates, but of your existing employees, as well. You’ll learn how one company paid the price of complacency, and how to avoid the same fate. Money laundering is a persistent, global problem. As nations and local governments adopt more regulations to try to prevent it, organizations must be attuned to changing legislation and not end up on the wrong side of the law — even by accident. “The Effect of Money Laundering on Business and the Global Economy” brings you up to speed on some of the latest rules regarding money laundering and how to stay in compliance. As always, I invite you to reach out and tell us what you think about these and other important fraud and corruption issues. Just send us an email at media@CRIGroup.com. We want Fraud360 to be your go-to source for helping prevent and detect fraud threats among your business, agency or clientele. Thank you for reading this edition of Fraud360. I hope you enjoy it.

Zafar I. Anjum, CFE, CIS, MICA, Int. Dip. (Fin. Crime), MBCI Chief Executive Officer of CRI Group

2 | FRAUD360 | ISSUE 1 2015

Spotlights & Features Fraud360 | Issue 1 | 2015

Carnival of Fraud: Brazilians Register Disgust at Corruption Scandals

Fraud Risk Management: An Organizational Approach

There is increasing pressure from national and international legislative bodies for organizations to implement fraud risk management strategies. How will business leaders respond?

FIFA Rocked by Joint Swiss-U.S. Investigation and Arrests

Employee Screening: Leave No Stone Unturned

The Effect of Money Laundering on Business and the Global Economy

Case Studies: Review of Conflicts of Interest, Pre-employment Screening and Due Diligence

Organization Profile: The Fraud Advisory Panel

CRIGROUP.COM | 3

SUBSCRIPTIONS To subscribe to Fraud360, please email us at info@Fraud360.com. Or contact one of our worldwide locations directly.

Fraud360 is created for business leaders, directors, investors and professionals who need the latest information and best practices for protecting their assets from fraud. Presenting practical tools, case studies, and articles focused on fraud prevention and detection, Fraud360 provides an insightful look at the issues impacting businesses worldwide. Fraud360 is published by Corporate Research and Investigations, LLC. (CRI Group).

WORLDWIDE LOCATIONS MIDDLE EAST & NORTH AFRICA

ASIA

Dubai CRI Group Corporate Headquarters Level 9, #917, Liberty House, DIFC P.O. Box 111794 Dubai, UAE Tel: +971-4-3589884 Fax: +971 4 3589094 Email: cridxb@CRIGroup.com Web: CRIGroup.com

Pakistan Level 12, #1210, 1211 55-B, Islamabad Stock Exchange (ISE) Towers Jinnah Avenue, Blue Area Islamabad, Pakistan Tel: +92 51 111 888 400 Toll Free: 0800 00 CRI (274) Email: pakistan@CRIGroup.com

Qatar QFC Branch Office No. 130, 1st Floor Al – Jaidah Square, 63 Airport Road P.O. Box 24369 Doha, Qatar Mobile: +974 7406 6572 Tel: +974 4426 7339 Email: doha@CRIGroup.com

Singapore 1 Raffles Place, #19-61, Tower 2 One Raffles Place Singapore 048616 Tel: +65 6808 5634(35)(36) Email: singapore@CRIGroup.com

EUROPE

London EMEA Head Office Level 37 1 Canada Square London E14 5AA, United Kingdom Tel: +44 207 712 1626 or +44 203 4782449 Email: london@CRIGroup.com

NORTH AMERICA

New York 445 Park Avenue 9th Floor – Suite 957 New York, NY 10022 United States of America Tel: +1 (212) 745-1148 Email: newyork@CRIGroup.com

4 | FRAUD360 | ISSUE 1 2015

Hong Kong Rooms 05-15, 13A/F, South Tower World Finance Centre, Harbour City 17 Canton Road Tsim Sha Tsui Kowloon, Hong Kong Tel: 852-2208-6064 Email : CRI.hongkong@CRIGroup.com Malaysia Lot 2-2, Level 2, Tower B, The Troika, 19 Persiaran KLCC,M 50450 Kuala Lumpur, Malaysia

FRAUD360 ONLINE Visit FraudInsider.com for even more fraud, compliance and due diligence coverage, including the latest news and web-only features. Want to receive Fraud360 News Brief International, our monthly magazine email newsletter? Send us an email at info@Fraud360.com or visit FraudInsider.com/Fraud360.

ADVERTISE WITH U.S. To advertise with us, please send an email to pr@CRIGroup.com. Space is available for our printed magazine as well as our email newsletter, Fraud360 News Brief International. Contact us today for more information.

EDITORIAL For editorial inquiries, questions and comments, please email us at info@Fraud360.com. Fraud360 is published by Corporate Research and Investigations LLC: Global Headquarters Level 9, #917, Liberty House DIFC, P.O. Box 111794 Dubai, UAE Tel: +971-4-3589884 Fax: +971 4 3589094 © 2015 Corporate Research and Investigations, LLC. Copyright is reserved throughout. Although Fraud360 may be quoted with proper attribution, no part of this publication may be reproduced without the express written permission of the publisher. Contributions are invited but copies of all work should be kept as Fraud360 can accept no responsibility for loss. The views expressed in Fraud360 are those of the authors and might not reflect the official policies of CRI Group.

About CRI Group Corporate Research and Investigations, LLC (CRI Group) is a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. A licensed and incorporated entity of the Dubai International Financial Centre (DIFC), CRI safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business.

MEMBERSHIPS, PARTNERS & AFFILIATES CRI Group maintains partnerships and memberships with leading global organizations in the fields of due diligence, fraud investigation, forensic accounting and more. Some of our affiliations include:

Connect with us on the web via your mobile device or social media. LinkedIn Facebook Twitter Blog: FraudInsider.com

We are proud to be named the 2013 “Business Due Diligence Firm of the Year – UAE” and “Anti-Fraud Adviser of the Year – UAE” by Acquisition International. AI’s Awards celebrate excellence and recognise investors, advisers and service providers for expertise in their specialized fields.

Professional Trade Associations

Corporate Memberships/Alliances

CRIGROUP.COM | 5

News & Media Upcoming Events Find CRI Group at the following events around the globe in 2015: 26th Annual ACFE Global Fraud Conference Silver Sponsor Baltimore Convention Center Inner Harbor Baltimore, MD June 14-19, 2015

SCCE – Compliance & Ethics Institute Exhibitor Aria in Las Vegas Las Vegas, NV October 4-7, 2015

2015 Europe Ethisphere Ethics Summit Gold Sponsor Location TBD September 2015 2015 Asia Ethisphere Ethics Summit Gold Sponsor Location TBD December 2015

6 | FRAUD360 | ISSUE 1 2015

CRI Group a Key Player at World’s Largest Anti-Fraud Event CRI Group is a Silver Sponsor and a Featured Employer for the 26th Annual ACFE Global Fraud Conference, June 14-19, 2015 in Baltimore, Maryland, U.S. The conference is the world’s largest gathering of professional fraud fighters under one roof. As a Silver Sponsor, CRI Group is a key supporter of the conference, which will draw more than 3,000 anti-fraud professionals from around the world for expert training fraud prevention and best practices. The conference will feature cybersecurity whistleblower Brian Krebs, U.S. Assistant Attorney General Leslie R. Caldwell and “60 Minutes” Co-Editor Lesley Stahl. Attendees of the conference will be able to take advantage of professional development opportunities, including one-on-one coaching sessions with leading employment consultants. CRI Group will be among select companies providing in-person networking as a Featured Employer at the Career Connection. Company CEO Zafar I. Anjum, CFE, said that CRI Group is proud to fulfill a leading role at the “preeminent conference for anti-fraud professionals.” “The Global Fraud Conference provides unsurpassed opportunities in training and career advancement for fraud fighters,” Anjum said. “We at CRI Group look forward to personally meeting as many attendees as possible, and discussing their needs and challenges in the critical work that they do.”

Former SECP Assistant Director Joins CRI Group as Head of Investigations In April, compliance and capital market expert Aamir Yaqoob of Rawalpindi, Pakistan joined CRI Group in as Head of Investigations. Yaqoob previously served as the Assistant Director, Securities Market Division for the Securities and Exchange Commission of Pakistan (SECP), where he conducted financial investigations and analyses, and scrutinized financial records, statutory submissions and daily trading activity in the capital market. He also ensured compliance of corporate/ capital market laws and corporate governance measures by management of companies and capital market stakeholders. Yaqoob also served as the SECP’s Management Executive, Enforcement Depart-

ment, from 2009-2012. Prior to that, in 2008, Yaqoob worked for Zarai Taraqiati Bank Limited in their operations division. CRI Group CEO Zafar I. Anjum, CFE, said that Yaqoob brings a high level and expertise to help serve the company’s clients all over the globe. “We are pleased to welcome Mr. Yaqoob, and we feel that our clients will benefit immediately from his vast knowledge of fraud and compliance issues,” Anjum said. “As our head of investigations, Mr. Yaqoob is able to assist our clients by thoroughly uncovering and analyzing threats to their business, while also helping them protect their investments by preventing and detecting fraud.”

CRI Group Background Screeners Earn NAPBS Certification Two officials from CRI Group’s Background Screening Services recently passed the National Association of Professional Background Screeners (NAPBS) Research Provider Exam with 100 percent accuracy scores: Anab Gul, Assistant Manager QA, and Qurat Ul Ain, Assistant Manager, Background Screening. The certification shows a mastery of the “methods for conducting research per the NAPBS Provider Guidelines,” which exist to promote ethical business practices, compliance with the Fair Credit Reporting Act (FCRA), equal employment opportunity and state and international consumer protection laws relating to the background screening profession. Company CEO Zafar I. Anjum, CFE, said that the background screeners’ NAPBS certification is an important mark of distinction for the company’s work in this field. “We are especially proud that Ms. Gul and Ms. Ul Ain scored perfect marks on the Research Providers Exam,” Anjum said. “The

NAPBS certification demonstrates expertise and excellence in the field of background screening.”

Advertise With Us

To advertise with us, please send an

email to pr@CRIGroup.com. Space is available for Fraud360 magazine and our monthly newsletter, Fraud360 News Brief International.

CRIGROUP.COM | 7

Employee Screening Leave No Stone Unturned BY ZAFAR I. ANJUM, CFE, CIS, MICA, INT. DIP. (FIN. CRIME), MBCI, CII, MIPI

s a longtime contractor for a small construction company, “John”* was like a part of the family. In fact, it was a family business,

8 | FRAUD360 | ISSUE 1 2015

owned by two brothers, and they had met John through a fundraiser held by their children’s school. An accountant, John handled most of the bookkeeping during a

time when business was growing and the company, “ABC Enterprises,” added more clients — and consequently, more staff. Over a period of about two years, ABC formalized some of its hiring policies and implemented a background screening process for new, full-time employees. The measures were recommended by a consulting company that had identified vulnerabilities to fraud and other unethical actions, and the brothers were quick to embrace the suggestions. They didn’t want to fill any positions at ABC with someone off the street who might have something to hide. Meanwhile, John continued his work on a part-time basis and enjoyed a good relationship with the brothers and most of ABC’s staff. Though he didn’t work in the office, he was invited to holiday parties and had, on several occasions, gone to dinner with the brothers. The only mild complaint about John, in fact, was that he was only a part-time employee and business was stacking up — there were invoices to handle, checks that needed to be written. There were times when John was simply unavailable, which was understandable given that he was only supposed to be a 20-hours-a-week employee.

The Brothers Make an Offer To solve this dilemma, the brothers presented John with an offer for a full-time position. To come aboard as ABC’s controller, he would be given a generous salary, and would be free to keep his private business on the side, if he wished. John agreed — he knew the company was growing, and he felt that in time he might even rise to having an ownership stake. The brothers were relieved, as they’d been worried that John was too happy with his part-time flexibility and would decline their offer. Had he been unwilling to go full-time and help them get on top of the growing workload,

they knew they would have had to replace him altogether. Instead, in John they kept a longtime, trusted employee in the fold and they formalized his new position quickly. Human resources updated his paperwork and the brothers agreed that there was no need to drag the process out — in case he might change his mind! John settled into his new job and the company kept expanding — but it was

Nearly two years after John accepted his full-time position, ABC was officially losing money. The brothers were exasperated. A recent audit hadn’t discovered any serious regularities, but it noted some control deficiencies that were problematic. showing some growing pains. Payroll rapidly expanded. Problems with vendors left a lot of payables outstanding. Within a year, profits had sharply decreased and the brothers started looking hard at ways to make the business more efficient. John was always helpful with suggestions and always seemed to have a resolution for any financial problem that would arise, but it always seemed that a new problem would pop up in its place Nearly two years after John accepted his full-time position, ABC was officially losing money. The brothers were exasperated. A recent audit hadn’t discovered any serious regularities, but it noted some control deficiencies that were problematic. Some of them led straight to the accounting department. John handled most of the responsibilities aside from some purely clerical tasks. In fact, the audit noted there

CRIGROUP.COM | 9

was very little separation of duties and John had overlapping control over different functions including check signing, bank statement reconciliation, approval of purchase orders, etc.

Searching for Clues Concerned, and desperate to stem their increasing losses, the brothers started staying after hours to pore over ABC’s paperwork. They weren’t sure what they were looking for, and couldn’t be sure that they would know it if they found it. But immediately, one of the brothers pulled a stack of invoices out and couldn’t make sense of half of them. There were vendors that neither of the brothers had ever heard of — and they’d been in the construction business for nearly 20 years. Several invoices had orders for duplicate equipment — it appeared, for example, that ABC had purchased a wheel trencher (a very expensive construction vehicle) from three different vendors. The brothers knew that only one such item had been delivered within the past year. When they looked closer, they saw more instances of such multiple ordering with smaller items: drills, circular saws… and some things that were never delivered into inventory, like a new chain saw. Then there were problems with payroll. Checks issued to contract employees who hadn’t been on the job in months (or, in one case, several years). Money had been moved around between expense accounts in suspicious ways. It dawned on the brothers that John, their trusted controller, had been ripping them off. Rather than confront John, the brothers went straight to the police with the evidence. Officers were waiting at the office the next morning to take him into custody. He denied everything, even when the brothers pleaded with him to come clean

10 | FRAUD360 | ISSUE 1 2015

with what he had done. He insisted it was all a mistake, and then suggested he was being set up.

A Lesson Hits Home That afternoon, the brothers told the rest of their employees what was happening with John. They explained that their trust had been violated, that in fact, John had betrayed all of them — presumably for years. They said that there was no way anyone could have seen this coming. The police detective who investigated the case felt otherwise, however. He asked the brothers if they were He insisted it aware that John had a criminal record. was all a misThey were astoundtake, and then ed, they had no clue. John had been suggested he convicted of embez- was being set up. zling funds from one of his clients 11 years earlier. That wasn’t all, however. The detective contacted another company, the last one for which John worked full-time before going freelance. The employer told him that John had been fired under suspicion of fraud. He had been suspected of stealing nearly $25,000. That information was like a bombshell for the brothers. They hadn’t conducted a background check on John, it wasn’t even a thought. He’d worked with them for years as a part-time contractor. Had he been stealing back then, too? Likely yes, according to the detective. While working with the detective and going through their own

books, the brothers eventually guessed that John had stolen more than $120,000 from ABC Enterprises. They had put a hiring policy into place that included background checks. Unfortunately, they didn’t use it when they needed it most. The brothers’ past relationship with John, and their strong desire to make him a full-time employee, caused them to circumvent their own protective system.

The Danger is Real ABC’s story is not unique. According to the Association of Certified Fraud Examiners (ACFE), organizations lose an estimated 5 percent of revenues to fraud. The typical fraud lasts 18 months before it is discovered, and is usually committed by a single, trusted actor. Robust employee screening is a company’s first line of defense against this type of theft. Once fraud has occurred, it is difficult to recover losses (assuming the fraud is detected at all). But by identifying problem employees before they are put in positions of trust, ownership can add a level of protection to help decrease fraud and theft in their business. There are three key truths that every hiring manager should be aware of: • Some job candidates will seek an advantage through fraudulent means • In certain cases, the hidden truth might even include criminal behavior • Always verify information provided by individuals you seek to hire What information is important? The more that can be gathered, the better. At CRI Group, our experts know that the most effective pre-employment screening includes as many of the following checks as permitted by law in your jurisdiction: • Verify current & former address

• Verify name, date-of-birth, national ID number • Credit checks • Background information on former employers • Analytic research of credential breaches • Bankruptcy checks • Criminal record checks • Civil litigation checks • Financial regulatory checks • Directorships & significant shareholdings • Professional qualifications and memberships • Criminal watch lists • Employment references • Media checks (including social media) • Entitlement-to-work • FACIS database check Hiring new employees doesn’t have to be a scary endeavor. By conducting comprehensive pre-employment screening, any company can increase their protection from fraud and unethical behavior. As the brothers at ABC Enterprises discovered, not doing so can have severe consequences. In the end, John was prosecuted but only a fraction of company losses were recovered. Successful companies deserve better. To learn more about CRI Group’s pre-employment screening services, visit CRIGroup.com. Some names in this article have been changed.

ABOUT THE AUTHOR Zafar I. Anjum, CFE, CIS, MICA, Int. Dip. (Fin. Crime), MBCI is Chief Executive Officer of CRI Group. He can be reached at zanjum@CRIGroup.com. CRI Group maintains offices in the UAE, Pakistan, Qatar, Hong Kong, Malaysia, Singapore, London and New York.

CRIGROUP.COM | 11

The Effect of Money Laundering on Business and the Global Economy BY JAVERIA ADEEL

he term money laundering has several interpretations, but there is broad agreement on the key objective of money laundering: to make possible the legitimate use of the proceeds of crime while maintaining, to the extent possible, the value of the acquired assets. In short, money laundering

12 | FRAUD360 | ISSUE 1 2015

describes the process by which “dirty” money is turned into “clean” money. Money launderers seek to convert money or other property that has been acquired through illegal activity into money or property that appears legitimate, thereby concealing its illegitimate source. The financing of much criminal activity, including terrorist

acts, originates with laundered proceeds — generally in the form of cash. Money laundering is the practice of engaging in financial transactions in order to conceal the identity, source, or destination of money and represents a large segment of the economy. Although money laundering attracts the most attention when it is associated with trafficking in illicit narcotics, and more recently with terrorist activities, enterprising criminals of every sort from stock cheaters to corporate embezzlers to commodity smugglers launder money for two reasons. First, the money trail itself can become evidence against the perpetrators of the offense. Second, money per se can be the target of investigation and action (United Nations 2000). Money laundering may occur almost anywhere in the world, and has become a significant global problem in the past few years, with serious social and economic consequences. Money laundering can include: • Drug Trafficking • Extortion • Corruption • Fraud Illegally obtained funds are laundered and moved around the globe by using and abusing shell companies, intermediaries and money transmitters. In this way, the illegal funds remain hidden and are integrated into legal business and into the legal economy. Rapid developments in financial information, technology and communication allow money to move anywhere in the world with speed and ease. This makes the task of combating money laundering more urgent than ever. The deeper “dirty money” gets into the international banking system, the more difficult it is to identify its origin. Because

of the clandestine nature of money laundering, it is difficult to estimate the total amount of money that goes through the laundry cycle. The estimated amount of money laundered globally in one year is 2-5 percent of global GDP, or U.S. $800 billion — $2 trillion (source: World Economic Forum 2003). Though the margin between those figures is huge, even the lower estimate

INTERPOL’s definition of money laundering is: “any act or attempted act to conceal or disguise the identity of illegally obtained proceeds so that they appear to have originated from legitimate sources.” underlines the seriousness of the problem governments have pledged to address. For most countries, money laundering and terrorist financing raise significant issues with regard to prevention, detection and prosecution. Sophisticated techniques used to launder money and finance terrorism add to the complexity of these issues. Such sophisticated techniques may involve many different types of financial institutions; many different financial transactions using multiple financial institutions and other entities, such as financial advisers, shell corporations and service providers as intermediaries; transfers to, through and from different countries; and the use of many different financial instruments and other kinds of value-storing assets. Money laundering is, however, a fundamentally simple concept. Basically,

CRIGROUP.COM | 13

money laundering involves the proceeds of criminally derived property rather than the property itself.

Money Laundering Basics The most common types of criminals who launder money are drug traffickers, embezzlers, corrupt politicians and public officials, mobsters, terrorists and con artists. Drug traffickers are in serious need of good laundering systems because they deal almost exclusively in cash, which causes all sorts of logistical problems. The basic money laundering process has three steps: 1. Placement — At this stage, the launderer inserts the dirty money into a legitimate financial institution. This is often in the form of cash bank deposits. This is the riskiest stage of the laundering process because large amounts of cash are pretty conspicuous, and banks

are required to report high-value transactions. 2. Layering — Layering involves sending the money through various financial transactions to change its form and make it difficult to follow. Layering may consist of several bank-to-bank transfers, wire transfers between different accounts in different names in different countries, making deposits and withdrawals to continually vary the amount of money in the accounts, changing the money’s currency, and purchasing high-value items (boats, houses, cars, diamonds) to change the form of the money. This is the most complex step in any laundering scheme, and it’s all about making the original dirty money as hard to trace as possible. 3. Integration — At the integration stage, the money re-enters the mainstream economy in legitimate-looking form —

Stages of Money Laundering

PLACEMENT Collection of dirty money

LAYERING BANK Dirty money integrates into the financial system

A TYPICAL MONEY LAUNDERING SCHEME

Purchase of luxury assets, financial investments, commercial/industrial investments

INTEGRATION

Transfer on the bank account of company “X” Payment by “Y” of false invoice to company “X” Wire transfer

Loan to company “Y” BANK

Offshore bank

Source: http://www.imolin.org/imolin/gpml.html

14 | FRAUD360 | ISSUE 1 2015

it appears to come from a legal transaction. This may involve a final bank transfer into the account of a local business in which the launderer is “investing” in exchange for a cut of the profits. At this point, the criminal can use the money without getting caught. It’s very difficult to catch a launderer during the integration stage if there is no documentation during the previous stages. Money laundering is a crucial step in the success of drug trafficking and ter-

Multilateral Initiatives Against Money Laundering Large-scale money laundering schemes invariably contain cross-border elements. Since money laundering is an international problem, international cooperation is a critical necessity in the fight against it. A number of initiatives have been established for dealing with the problem at the international level. International organizations, such as the United Nations or the Bank for International

Process of Money Laundering PLACEMENT

LAYERING

rorist activities, and there are countless organizations trying to get a handle on the problem. In the United States, the Department of Justice, the State Department, the Federal Bureau of Investigation, the Internal Revenue Service and the Drug Enforcement Agency all have divisions investigating money laundering and the underlying financial structures that make it work. State and local police also investigate cases that fall under their jurisdiction.

International Organizations Fighting Against Money Laundering Global financial systems play a major role in most high-level laundering schemes, the international community is fighting money laundering through various means, including the Financial Action Task Force on Money Laundering (FATF), which as of 2005 has 33 member states and organizations. The United Nations, the World Bank and the International Monetary Fund also have anti-money laundering divisions.

INTEGRATION

Settlements, took some initial steps at the end of the 1980s to address the problem. Following the creation of the FATF in 1989, regional groupings — the European Union, Council of Europe, Organization of American States, to name just a few — established anti-money laundering standards for their member countries. The Caribbean, Asia, Europe and southern Africa have created regional anti-money laundering task force-like organizations, and similar groupings are planned for western Africa and Latin America in the coming years.

The Role of the FATF The FATF is a multi-disciplinary body that brings together the policy-making power of legal, financial and law enforcement experts from its members. The FATF monitors members’ progress in implementing antimoney laundering measures; reviews and reports on laundering trends, techniques and counter-measures; and promotes the adoption and implementation of FATF antimoney laundering standards globally.

CRIGROUP.COM | 15

The following are member countries of the FATF: Australia, Austria, Belgium, Canada, Denmark, Finland, France, Germany Greece, Hong Kong, Iceland, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Portugal, Singapore, Spain, Sweden, Switzerland, Turkey, United Kingdom, United States, European Commission and the Gulf Cooperation Council. (Source: www.worldbank.org.)

How Does Money Laundering Affect Business? The integrity of the banking and financial services marketplace depends heavily on the perception that it functions within a framework of high legal, professional and ethical standards. A reputation for integrity is the one of the most valuable assets of a financial institution. If funds from criminal activity can be easily processed through a particular institution either because its employees or directors have been bribed or because the institution turns a blind eye to the criminal nature of such funds, the institution could be drawn into active complicity with criminals and become part of the criminal network itself. Evidence of such complicity will have a damaging effect on the attitudes of other financial intermediaries and of regulatory authorities, as well as ordinary customers. As for the potential negative macroeconomic consequences of unchecked money laundering, one can cite inexplicable changes in money demand, prudential risks to bank soundness, contamination effects on legal financial transactions, and increased volatility of international capital flows and exchange rates due to unanticipated cross-border asset transfers. Also, as it rewards corruption and crime, successful money laundering damages the integrity of the entire society and undermines democracy and the rule of the law.

16 | FRAUD360 | ISSUE 1 2015

Recognizing the Red Flags of Money Laundering There are many signs that the enormity of the world money laundering problem is causing increased concern among a growing number of U.S. and foreign regulatory bodies. But while bureaucrats may be stepping up efforts to force financial institutions to comply with anti-money laundering laws, it is in the interest of those institutions to take their own actions to prevent money laundering. Failing to do so greatly increases the risk of costly compliance problems as well as the chance of substantial financial loss.

Triggers of Suspicion Because money laundering has been around for literally centuries, law enforcement and international regulatory agencies have had plenty of time to study the patterns and techniques of the practitioners of this illegal activity. Over the years, a list of red flags of possible money laundering activity has emerged. Among the most common triggers of suspicion: • A customer fails to provide phone or fax numbers, or the numbers provided are maintained by third-party office services. • A prospective customer presents a diplomatic passport from an obscure country — particularly one in Africa, where such passports are easily obtained for modest amounts of money. The passport may be genuine but the holder may be a criminal. • A customer presents a photocopy of his or her passport when opening a new account. Train employees to refuse to accept photocopies of passports or other identification documents presented to open new accounts. Today’s photocopying technology makes it all

too easy to apply a new photo to an original document so that it appears genuine when copied.

Anti-Money Laundering Investigations To reduce suspicion before conducting any business with a new partner, it is best to contact experts who can provide the specialized intelligence needed by global financial institutions and multinational corporations to guarantee complete compliance with anti-money laundering (AML) regulations and legislation involving transnational implications. Effective investigators will take the following steps: • Identify and do background checks on depositors • Report all suspicious activity • Build an internal taskforce to identify laundering clues • Financial institutions should not keep anonymous accounts or accounts that are obviously fictitious Financial institutions should, in relation to politically exposed person, and in addition to performing normal due diligence measures: • Have an appropriate risk management system to determine whether the customer is a politically exposed person • Obtain senior management approval for establishing business relationship with such customer • Take reasonable measures to establish the source of wealth and source of funds

• Conduct enhanced ongoing monitoring of the business relationship • Pay special attention to all complex, unusually large transactions, which have no apparent economic or visible lawful purpose • Maintain, for at least five years, all necessary records on transactions, both domestic and international, to enable them to comply swiftly with information • If a financial institution has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, directly by law regulation, to report promptly its suspicion

Conclusion Money laundering is a serious problem that affects businesses and economies all over the world. The negative economic effects of money laundering on economic development are difficult to quantify, just as the extent of money laundering itself is difficult to estimate. However, with the proper expertise and anti-money laundering controls in place, organizations can be better protected while also maintaining compliance with international laws and regulations. ABOUT THE AUTHOR Javeria Adeel is a Media Researcher and Fraud360 Correspondent for CRI Group. She can be reached at mediadxb@CRIGroup.com. CRI Group maintains offices in the UAE, Pakistan, Qatar, Hong Kong, Malaysia, Singapore, London and New York.

CRIGROUP.COM | 17

FRAUD RISK

MANAGEMENT

An organizational approach

Let us first understand, in the simplest words, “what is fraud?”

By Javeria Adeel

“Fraud is when trickery is used to gain a dishonest advantage which is most often financial. Fraud can be committed against individuals or businesses.”

There are many words used to describe fraud. For instance, scam, con, swindle, extortion, sham, double-cross, hoax, cheat, ploy, ruse, hoodwink, and confidence trick are just a few terms you might hear in relation to fraud. Black’s Law Dictionary defines fraud as: Fraud consists of some deceitful practice or willful device, resorted to with intent to deprive another of his right, or in some manner to do him an injury. As distinguished from negligence, it is always intentional.

Fraud Risk Management Strategy Aside from an organization’s own desire to manage fraud risk, there is increasing pressure from national and international legislative bodies for organizations to implement fraud risk management strategies. So, in recent years, a variety of laws and regulations emerged worldwide. These laws and regulations provide organizations with the criteria to incorporate into their anti-fraud efforts. Some of these laws are described on page 20.

Risk Management in an Organization For an organization, risks are potential events that could influence the achievement of the organization’s objectives. Risk management is about understanding the nature of such events and, where they represent threats, making positive plans to mitigate them. Fraud is a major risk that threatens the business, not only in terms of financial health but also its image and reputation.

CRIGROUP.COM | 19

Anti-fraud laws worldwide UAE

Anti-Commercial Fraud Law was first introduced in early 2013 and the draft law has now passed through the Federal National Council (FNC). Also: The UAE Trade Marks Law (Federal Law No. 37 of 1992 in relation to trade marks); the UAE Commercial Fraud Law (Federal Law No. 4 of 1979 preventing fraud and deceit in commercial dealings).

Pakistan

Anti-Fraud Hotline (January 21, 2011), a project of U.S. Agency for International Development (U.S.AID) and Transparency International Pakistan.

Qatar

2/ 1999 law in the fight against fraud in commercial transactions (Source : Qatar Labor Laws and Regulations Handbook).

Singapore

The Law Society of Singapore Council’s Practice Direction 1 of 2008 on the Prevention of Money Laundering and the Funding of Terrorist Activities (the Practice Directions 2008).

Australia

The Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004.

Canada

The Criminal Code of Canada (Lois du Canada).

European Union

Financial Services Action Plan (FSAP).

Companies (Audit, Investigations and Community Enterprise) Act 2004, the Bribery Act 2010.

United States

The U.S.A. Patriot Act, the Foreign Corrupt Practices Act, SAS 99, various NYSE and NYSDAQ listing standards, and the Public Company Accounting Oversight Board (PCAOB).

The most effective fraud risk management empowers an organization to control the level of fraud risk. A good place to start for a Fraud Risk Manager wishing to implement a strategy is to look at any previous cases of fraud, both internal and external to the organization, and draw up a list of the major elements which should be in place to reduce the risk of similar events occurring in the future.

sheep” are present in the organization. There are numerous modes of fraud in any organization, but the most common methods are:

Modes of Fraud in an Organization

• Cash on hand

The size of an organization does not matter in terms of whether fraudulent “black

20 | FRAUD360 | ISSUE 1 2015

• Billing • Corruption • Expense reimbursement • Skimming • Non-cash fraud • Check tempering • Payroll

Anti-fraud Control Measures It is not possible for an organization to completely eliminate the chances of fraud, but there are certain ways by which the organization can reduce the risk of fraud to a great extent. The most common measures taken by organizations to reduce the risk of fraud include the following: • External audit • Code of conduct

• Cash larcency

• Management of certificates

• Financial statement fraud

• Internal fraud audit

• Register disbursement

• Fraud hotline

Benefits of a culture that encourages whistleblowing

MODES OF FRAUD IN AN ORGANIZATION

Billing

Corruption

Expense reimbursement

Non cash

Cash larceny

Skimming

Cash on hand

• Deter wrongdoing • Pick up potential problems early

Financial statement fraud

Payroll

• Enable critical information to get to the people who need to know and can address the issue Check tampering

• Fraud training of managers and executive • Anti-fraud policy • Formal fraud risk assessment • Surprise audit • Job rotation • Mandatory vacations • Rewards for whistleblowers

Why do people commit fraud? There is no single reason, and any explanation of why fraud occurs needs to take account of various factors: • Motivation of potential offenders

• Demonstrate to stakeholders, regulators, and the courts that they are accountable and well managed • Reduce the risk of anonymous and malicious leaks

Figure 1: Modes of fraud in an organization

Causes of Fraud in an Organization

An organization in which the value of whistleblowing is recognized will be better able to:

• Conditions under which people can rationalize away their prospective crime(s) • Opportunities to commit crime(s) • Technical ability of the fraudster • Expected and actual risk of discovery after the fraud has been carried out

• Minimize costs and compensation from accidents, investigations, litigation and regulatory inspections • Maintain and enhance its reputation. Enlightened organizations implement whistleblowing arrangements because they recognize that it makes good business sense. Source: BSI from PAS 1998:2008 Whistleblowing Arrangements Code of Practice.

• Expectations of consequences of discovery (including non-penal consequences such as job loss and family stigma, proceeds of crime confiscation, and traditional criminal sanctions)

CRIGROUP.COM | 21

• Actual consequences of discovery A common model that brings together a number of these aspects is the Fraud Triangle. This model is built on the premise that fraud is likely to result from a combination of three factors: motivation, opportunity and rationalization. Motivation: In simple terms, motivation is typically based on either greed or need. Stoy Hayward’s (BDO) most recent

In the case of deliberate acts of fraud, the aim of preventative controls is to reduce opportunity and remove temptation from potential offenders. FraudTrack survey found that greed continues to be the main cause of fraud, resulting in 63 percent of cases in 2007 where a cause was cited. Other causes cited included

22 | FRAUD360 | ISSUE 1 2015

problems from debts and gambling. Many people are faced with the opportunity to commit fraud, and only a minority of the greedy and needy do so. Personality and temperament, including how frightened people are about the consequences of taking risks, play a role. Some people with good objective principles can fall into bad company and develop tastes for the fast life, which tempts them to commit fraud. Others are tempted only when faced with financial ruin. Opportunity: In terms of opportunity, fraud is more likely in companies where there is a weak internal control system, poor security over company property, little fear of exposure and likelihood of detection, or unclear policies with regard to acceptable behavior. Research has shown that some employees are totally honest, some are totally dishonest, but that many are swayed by opportunity. Rationalization: Many people obey the law because they believe in it and/or they are afraid of being shamed or rejected by people they care about if they are caught. However, some people may be able to rationalize fraudulent actions as:

• Necessary — especially when done ostensibly for the benefit of the business • Harmless — because the victim organization is perceived as large enough to absorb the impact • Justified — because ‘the victim deserved it’ or ‘because I was mistreated’

An Anti-fraud Strategy A fraud risk framework is intended to detect, prevent and identify frauds and to develop an organizational response to its risks. An effective anti- fraud strategy has four main components: • Prevention: Reduce the risk of fraud and misconduct from occurring in the first place • Detection: Discover fraud and misconduct when it occurs • Deterrence: dissuade a potential fraudster from committing an elicit act by communicating and/ or demonstrating the consequences of such action • Response: Take corrective action and remedy the harm caused by fraud Figure 3 on page 23 summarizes these components and the context with in which an anti-fraud strategy exists.

OPPORTUNITY

Missing or ineffective controls

FRAUD MOTIVATION

RATIONALIZATION

Personal or financial situations

Low morale, corporate culture

Figure 2: The Fraud Triangle

Fraud detection

Fraud prevention

Opposing double standards

ANTI-FRAUD STRATEGY

Fraud response

Fraud deterrence

Figure 3: Anti-fraud strategy

Fraud Prevention Based on the earlier discussion of why people commit fraud, it would seem that one of the most effective ways to deal with the problem is to adopt methods that will decrease motive, restrict opportunity and limit the ability for potential fraudsters to rationalize their actions. In the case of deliberate acts of fraud, the aim of preventative controls is to reduce opportunity and remove temptation from potential offenders. Prevention techniques

potential perpetrators, organizations should ensure that systems are in place that will highlight occurrences of fraud in a timely manner. This is achieved through fraud detection. A fraud detection strategy should involve use of analytical and other procedures to highlight anomalies, and the introduction of reporting mechanisms that provide for communication of suspected fraudulent acts.

include the introduction of policies, procedures and controls, and activities such as training and fraud awareness, to stop fraud from occurring. It is worth bearing in mind, though, that fraud prevention techniques, while worth the investment, cannot provide 100 percent protection. It is difficult, if not impossible, to remove all opportunities for perpetrating fraud.

It is too often presumed that there should be one set of rules for ordinary people and another for their leaders. Such attitudes breed cynicism and resentment. Though there will be some valid exceptions, leaders must almost always live by the rules they impose on others. Amongst other things this means taking a firm line on fraud by senior executives. Source: Fraud Advisory Panel Ninth Annual Review 2006-2007 â&#x20AC;&#x2DC;Ethical behavior is the best defense against fraudâ&#x20AC;&#x2122;.

DAVE ATEL, CEO

Fraud Detection As fraud prevention techniques may not stop all

CRIGROUP.COM | 23

Making the company policy known to employees is one of the best ways to deter fraudulent behavior. Key elements of a comprehensive fraud detection system would include exception reporting, data mining, trend analysis and ongoing risk assessment. Fraud detection may highlight ongoing frauds that are taking place or offenses that have already happened. Such schemes may not be affected by the introduction of prevention techniques and, even if the fraudsters are hindered in the future, recovery of historical losses will only be possible through fraud detection. Potential recovery of losses is not the only objective of a detection program though, and fraudulent behavior should not be ignored just because there may be no recovery of losses. Fraud detection also allows for the improvement of internal systems and controls. Many frauds exploit

24 | FRAUD360 | ISSUE 1 2015

deficiencies in control systems. Through detection of such frauds, controls can be tightened, making it more difficult for potential perpetrators to act. Fraud prevention and fraud detection both have roles to play and it is unlikely that either will fully succeed without the other. Therefore, it is important that organizations consider both fraud prevention and fraud detection in designing an effective strategy to manage the risk of fraud.

Recommendations to Combat Fraud • The board of directors is ultimately responsible for the detection and prevention of fraud and for setting up internal controls. • The second responsibility lies on the shoulders of external auditors. It is their responsibility to examine financial statements and to express opinions on them. • The internal audit department is also responsible for detecting fraud. • At the end of the audit, the auditors report to the shareholders. But they also report to management, in which they mention any weaknesses they found in the system and their recommendations.

Conclusion Those who are willing to commit fraud do not discriminate. It can happen in large or small companies across various industries and geographic locations. Occupational fraud can result in huge financial loss, legal costs and ruined reputations that can ultimately lead to the downfall of an organization. Having the proper plans in place can significantly reduce fraudulent activities from occurring or cut losses if a fraud already occurred. Making the company policy known to employees is one of the best ways to deter fraudulent behavior. Following through with the policy and enforcing the noted steps and consequences when someone is caught is crucial to preventing fraud. The cost of trying to prevent fraud is less expensive to a business than the cost of the fraud that gets committed. ABOUT THE AUTHOR Javeria Adeel is a Media Researcher and Fraud360 Correspondent for CRI Group. She can be reached at mediadxb@CRIGroup.com. CRI Group maintains offices in the UAE, Pakistan, Qatar, Hong Kong, Malaysia, Singapore, London and New York.

l a v i n r Ca

d u a r of F st ister Disgu g e R s n B razilia r ption Sca ndals at Co r u

BY SCOTT PATTERSON, CFE

ecent fraud scandals within their country appear to have pushed a significant number of Brazilians over the brink. A massive corruption investigation involving government officials and Petrobras, the sixth-largest energy company in the world, lit the spark for what became an outpouring of discontent this year

that manifested in demonstrations and protests involving millions of Brazilians. The focus of their ire isnâ&#x20AC;&#x2122;t Petrobras, entirely. The scandal, and others, allegedly involves prominently placed officials at the highest levels of the Brazilian government. In fact, the appearance of impropriety goes straight to the top: President Dilma

The Corruption Perceptions Index spelled out the following recommendations for Brazil • Political and campaign financing regulations need to be enforced to maintain integrity in the electoral process. Additional steps need to be taken to ensure transparency in donations. For example, the identities of political party donors should be revealed earlier in the election process. • Influence peddling needs to be stopped. This can be done by strengthening the code of ethics. And strict enforcement is needed to ensure accountability and instil integrity in government and politics. • Although right to information mechanisms are now in place, the government and relevant monitoring institutions need to implement these provisions. • Transparency in local governments needs to be improved. This can be done by enforcing relevant legislation such as the law that obliges all levels of government to disclose their budgetary data in real time. • To improve integrity in public contracting, the current laws in place need to be enforced. Stronger monitoring mechanisms and oversight are needed to deter corruption in procurement. • The passage of a lobby law is needed to ensure free competition, clear rules and to decrease the opacity between the private and the public sector. • The Clean Company Act and laws aiming to increase business integrity need to be actively enforced. Source: http://www.transparency.org/country#BRA_Overview.

Rousseff sat on the board of directors for Petrobras from 2003-2010, a time during which bribes-for-contracts, skimming, illegal gifts, bid-rigging and other alleged corruption was reportedly rampant between company officials and politicians.

26 | FRAUD360 | ISSUE 1 2015

While the Petrobras scandal has left Brazilians reeling, it is not the only high profile case to consume the headlines within even just the last few months. In late March, German construction firm Bilfinger announced that it was investigating claims of bribes paid by some of its Brazilian employees to secure business for last year’s World Cup in Brazil. For the Fédération Internationale de Football Association (FIFA), international football’s premier governing body, the news represented just the latest black eye in a long string of them (in regards to alleged corruption). For football-loving Brazil, it likely struck an even deeper chord among the populace: why was FIFA’s corrupt culture finding a natural fit in the business environment of Brazil?

A Reputation for Corruption To outside observers, it would appear that some degree of national pride, comingling perhaps with a strong sense of justice, is rising to the surface in a country that is too often spotlighted for failures rather than successes in the fight against fraud. In its highly cited Corruption Perceptions Index, European-based corruption monitor Transparency International ranked Brazil 69th (out of 175 countries), with a score of 43 points (with 100 being the highest/best possible). While Transparency International noted in its report President Rousseff’s strong public stance against fraud, the organization points out that “risks in the sector have lingered. For example, a number of public officials have been charged with demanding bribes, particularly to hurry bureaucratic processes. From 2003 to 2012, the federal auditor’s office fired nearly 4,000 employees from public service. And most of these charges stemmed from corruption or dishonesty.”

São Paulo, Brazil — March 15, 2015. More than a million people took the streets of Sao Paulo, Brazil to protest against the corruption on the government of Partido dos Trabalhadores. iStock © Willbrasil21. The Corruption Perceptions index was released in December, before the latest scandals came to light in Brazil. These new developments, and public reaction to them, are likely to figure heavily in the 2015 rankings.

“Order and Progress” The Federal Republic of Brazil is the largest country in South America, and the fifthlargest in the world by both population and land mass. It boasts a robust economy with an estimated 2015 Gross Domestic Product of nearly U.S. $3.26 trillion (seventh-largest in the world). For hundreds of years, Brazil was a Portuguese colony, finally achieving independence in 1822. Traditionally, Brazil is known to much of the outside world as a king of coffee exportation, forestry and other agricultural production — but within the last few decades it has been at the forefront of technology, energy and banking, among other fastchanging industries.

Brazil’s national motto, “Ordem e Progresso,” translates to “Order and Progress.” While that sounds, arguably, a bit dry for a country so rich in culture and vibrance, the motto represents the importance that Brazilians place on having a reputation as a forward-thinking society with a strong sense of justice. And as the protests of March and April have shown, many living and working in Brazil appear to feel that a sense of order and justice has been betrayed.

Petrobras, Bilfinger Scandals in Focus Petrobras, the sixth-largest energy company in the world, is a mainstay in Brazilian business and its global reach includes exploration, production, refining and sale of oil and gas. Three major factors help frame Petrobras in terms of the scandal: • It is backed by government funds • It has close links with government officials and agencies • Until recently, it held a monopoly over the country’s oil industry

CRIGROUP.COM | 27

So, when it was revealed that the company was involved in bribes-for-contracts, skimming, illegal gifts, bid-rigging and other alleged corruption, it was, for many Brazilians, only shocking in terms of scale. The energy giant’s close ties with the government only fueled the perception of corruption and has helped lead to the massive protests we are seeing today. In a Financial Times article, “Petrobras shows corruption is now a high-stakes game in Brazil,” Samantha Pearson argued that the massive network of fraudulent actions alleged with Petrobras indicates, among other things, the lengths to which the conspirators went to hide their actions: • Cash was allegedly siphoned through more than 300 Swiss bank accounts • Money was laundered through everything from petrol stations to art works Pearson explained that until recently, payments of bribes and other corrupt acts occurred much more out in the open. Hiding illicit payments was often no more than a matter of concealing cash under one’s coat. In the Bilfinger scandal, such a case might be old hat for FIFA — but that doesn’t mean that it sits well with Brazilians. According to a Reuters article, “Germany’s Bilfinger announces probe into possible Brazil 2014 World Cup bribes,” the company released a statement about its “comprehensive investigation” stating that, specifically, it relates to alleged bribes being paid to officials in connection with orders to supply security command centers at 12 host cities during the month-long event. So who are the “officials?” According to the article, bribes were allegedly paid to both “Brazilian officials and officials from the world’s football governing body, FIFA.”

The Fallout Spreads Corruption can be a cancer to any organization. What is happening in Brazil, however,

28 | FRAUD360 | ISSUE 1 2015

shows that it can be considered a cancer to a country, as well. The fallout from these recent scandals appears to demonstrate how much public perception has become shaped around the issue, and the role of government officials in Brazil. People responded by gathering, marching and demanding government officials’ resignations. The first major protests ignited on March 15, with between one and three million demonstrators taking to the streets across the country. They were wearing green and gold, or were draped in Brazilian flags, calling for as much as military intervention to remove President Rousseff and his administration from power. On April 12, protestors surfaced again with more mass demonstrations. Police estimated up to a million Brazilians were part of the organized gatherings against Rousseff and government corruption. The government, for its part, blamed the protests on political foes — but also introduced newly proposed anti-corruption measures, including stiffer penalties and prison sentences for those convicted of corruption schemes. Whether these events will have a lasting impact on the level of corruption between government officials and industry leaders in Brazil remains to be seen. But it is impossible to ignore the fact that the citizenry are tuned in and showing an acute awareness that “business as usual,” at least for the time being, is not to be tolerated. Business leaders and politicians — both within Brazil and beyond — should take heed. The atmosphere appears to be an unforgiving one for those caught cheating. ABOUT THE AUTHOR Scott Patterson, CFE, is a freelance writer for Fraud360. He can be reached at scotthpatterson@gmail.com.

Global Review FIFA Rocked by Joint Swiss-U.S. Investigation and Arrests How do you spell “fraud?” “Bribery?” “Corruption?” Try spelling it this way: F-I-FA. On Wednesday, May 5, Swiss police — acting on indictments from the U.S. Department of Justice as well as some of their own charges — arrested seven executives of the Fédération Internationale de Football Association (FIFA) at its meeting in Zurich, with 14 individuals facing charges altogether. Authorities have stated this action was only the beginning — more individuals could certainly end up in the crosshairs of the investigation as it unfolds. FIFA has long been tied to corruption. Suspicions often surround the bid processes for World Cup locations, most recently awarded to Russia for 2018 and Qatar for 2022. But critics have also alleged corruption and bribery around officer elections, regional tournaments, marketing and sponsorship contracts and, well, just about anything

attached to the worldwide football governance giant. At the head of the organization sits Sepp Blatter, president of FIFA since 1998. Blatter is Swiss, and FIFA’s headquarters are in Zurich — which makes it all the more significant that the legal action was initiated on FIFA’s home turf. Blatter was not arrested nor has he been indicted, and in a prepared statement he claimed that “as unfortunate as these events are, it should be clear that we welcome the actions and the investigations by the U.S. and Swiss authorities and believe that it will help to reinforce measures that FIFA has already taken to root out any wrongdoing in football.” Blatter also went so far as to suggest that a dossier presented by FIFA to Swiss authorities kicked off the investigation. However, there was no statement to that effect from Swiss or U.S. authorities, and what they were saying instead is significant. A prepared statement

Zurich, Switzerland — May 28, 2011. Entry to the global headquarters of the world football association FIFA (Fédération Internationale de Football Association) in Zurich, Switzerland. iStock © thamerpic. from the U.S. Department of Justice quotes Attorney General Loretta E. Lynch: “The indictment alleges corruption that is rampant, systemic, and deep-rooted both abroad and here in the United States … It spans at least two generations »» continued on page 39

CRIGROUP.COM | 29

Case Studies CASE STUDY: Conflict of Interest Investigation Reveals Family Connection

An international client requested that CRI Group undertake discreet, local inquiries and background investigations on certain individuals in order to uncover any conflicts of interest. Specifically, the client wanted investigators to examine: • Employment details (including hiring dates, roles/duties) for two individuals, “Mr. A” and “Mr. B.” • The circumstances surrounding Mr. A’s employment and whether he was hired because of an arrangement between organizations or family relations. • To determine whether Mr. A and Mr. B are related. Undercover local agents were tasked with conducting inquiries to ascertain the facts. Therefore, after extensive local resources research with public records and human inquiries, investigators presented the client with the following facts and intelligence: • There is no recruitment policy for upper management

30 | FRAUD360 | ISSUE 1 2015

• Nepotism occurs at the company • After just a short internship, the project manager hired his son as a project engineer • Mr. A is a son of Mr. B Conflicts of interest can present significant fraud risks for corporations, government agencies, fiduciaries, customers and suppliers. It is also one of the most difficult areas of fraud to investigate and obtain adequate evidence. Improper investigations can create counterclaims and civil actions against organizations and fraud examiners. Experts are needed to conduct effective internal investigation services, including conflict of interest investigations, to help organizations manage their risk. Investigators should work directly with key personnel to lead and conduct internal investigations, including the board of directors, audit committee, ethics and compliance officers, general and in-house counsel, corporate security, human resources, and C-level executives. A comprehensive investigative approach will: • Ensure that executive management and board members are fully informed • Expose potential crimes while fortifying internal controls • Exemplify the company’s good-faith attempt to address internal crime • Protect senior management and board members against outsider or shareholder allegations • Promote a culture of transparency and compliance to the organization’s employees

• Demonstrate that corporate internal investigations, when done right, can greatly benefit an organization

• Verify previous jobs

CASE STUDY: Pre-Employment Screening Investigation Exposes Fake Degrees

• Conduct criminal checks

• Verify highest degree obtained • Address verification

• Verify national ID number • Research into past financial behavior • Verify past five years of employment • Conduct discreet, in-depth reputation interviews • Conduct litigation checks • Examine businesses owned, licenses held, legal/disciplinary actions • Conduct media research • Research property assets

One of CRI Group’s regular clients in the UAE is a manufacturing company, and it is working on a new construction project for which engineers are needed. They received numerous applications after advertising the positions in the media. The client “shortlisted” the best candidates after conducting initial interviews and were planning to appoint them, but before doing so, they wanted to confirm the education degrees of their prospective employees. There is a diverse mix of nationalities living in the UAE, and it can be very challenging for an employer to conduct background screening on their own. So, to solve this problem, they requested expert assistance for their pre-employment screening needs. The best pre-employment screening services will include a comprehensive list of checks. For example, experts are needed to:

• Research liens and bankruptcy records In this case, the client needed degree verification in particular. So, the investigation team put “boots on the ground” and started a screening investigation and research. The first challenge with checking the applicants was that they were of multiple nationalities, including British, Irish, Indian and Pakistani engineers. When investigators checked the engineers’ degrees, they learned that seven out of 10 are from Pakistan (the majority from Lahore) and four out of seven of them had claimed fake degrees. Also, when an investigator contacted the universities in question, they found that the degrees were bogus — none of them ever enrolled in those universities, much less graduated from them. When this evidence was presented to the client, the screening saved the company from making bad decisions that could have endangered thousands of lives (being that it is a construction company) while also potentially damaging the reputation of the company.

CRIGROUP.COM | 31

CASE STUDY: Lack of Integrity Due Diligence Has Painful Consequences

Due diligence is used to investigate and evaluate a business opportunity. The term due diligence describes a general duty to exercise care in any transaction. As such, it spans investigation into all relevant aspects of the past, present and predictable future of the business of a target company.

Why Conduct Due Diligence? There are many reasons for conducting due diligence, including the following: • Confirm that the business is what it appears to be • Identify potential “deal killer” defects in the target and avoid a bad business transaction Recently, an investor group put its trust — and its funds — in the hands of an outside business partner without conducting a due diligence check on this individual. Eighteen months into the partnership, the individual had succeeded in fleecing the group of more than U.S. $6 million (and is still at large). The fact is, a proper integrity due diligence investigation on the individual would have revealed his criminal past, false associations with key banking resources and even the nonexistence of his stated home address. In the high-stakes world of investing, not everything is as it appears to be. Handshake agreements built solely on trust are a thing of the past, as fraudsters take on complex identities and utilize far-fetched (but very believable) schemes to boldly fleece seemingly intelligent and highly educated victims. This case study is a prime example of what happens when parties focus too much on trust and dollar signs, and not enough on the outside sources that are promising those dollars. Given the importance of integrity due diligence, let’s first understand what it is.

32 | FRAUD360 | ISSUE 1 2015

• Gain information that will be useful for valuing assets, defining representations and warranties, and/or negotiating price concessions • Verify that the transaction complies with investment or acquisition criteria Of course, doing due diligence research prior to executing a business deal with high profile clients or business partners is not that easy. For that reason, expert investigators are needed who bring a multifaceted research approach, which involves a global array of databases, courts and public record searches, local contacts, industry and media resources, and in-depth web-based research. These resources should include: • International business verification • Individual business interest search • Personal profile on individual subjects • Company profile on corporate entities • Historical ownership analysis • Identification of subsidiaries and connected parties • Global and national criminality and regulatory records check

• Politically Exposed Person database • International media research • Country-specific databases that include litigation checks, law enforcement agencies and capital market regulators • Company background analysis • Industry reputational assessment • FCPA, UK Anti-Bribery and corruption risks databases • Global terrorism check • Global Financial regulatory authorities check • Money laundering risk database • Financial reports Returning to our case study: in 2013, the U.S. investor group sought expert help, claiming it had been defrauded of more than U.S. $6 million by an outside business partner with whom the group had established what appeared to be a solid and trusting relationship. Over the 18-month lifetime of the fraud, the subject, who we will call “Mr. X,” was introduced to and became very close to the members of the investor group — slowly and steadily earning their trust and eventually siphoning their dollars. Mr. X had passed himself off as a global investment professional with impeccable credentials who worked out of Dubai and whose close contacts included the brother-in-law of the Prime Minister and Vice President of the UAE. He was deceiving the group with an impressive-looking website that showcased his various accomplishments and capabilities. Mr. X proceeded to describe in detail the joint venture he had formed with the PM’s brother-in-law, which offered investors lucrative lines of credit that would be backed by the group’s various investments in global gold mines, fine artwork, precious metals and other valuable assets.

Mr. X convinced the group that ABC bank, which was owned in part by his business partner, the brother-in-law of His Highness PM, would supply the group with Safe Keeping Receipts for the assets and provide lines of credit with those receipts. This mechanism would produce liquidity for the group, the proceeds of which would be used to invest in a variety of economic and humanitarian projects that had been earmarked by the investor group. Mr. X established a financial mechanism which would temporarily transfer ownership of the group’s assets to a bank account owned by him. He deceived the investor group by telling them that he was transferring money into a company account, ostensibly for the purpose of establishing business in a Free Trade Zone (FTZ) in Dubai. In truth, there was no such company account — he was embezzling the money. Mr. X further explained that, in order to provide maximum return on the investment, the group would have to open “Premier Level Bank Accounts” which would mandate a U.S. $300,000 minimum balance for each asset deposited. Each of the group’s assets would also be subject to incorporation in the Free Trade Zone of Dubai, which charged a fee of U.S. $10,000 per asset. Enamored with this deal, the group sent Mr. X a total of U.S. $4.03 million representing the value of 13 different assets (it was later discovered that one of the group members forwarded an additional U.S. $2 million, which was unbeknownst to the rest of the group). The funds would stay safe in the ABC account and $130,000 was charged as an expense to set up the incorporations in the Free Trade Zone. The formal contract cementing this business transaction required Mr. X to refund all of the group’s deposited funds on demand if certain performance measures were not met.

CRIGROUP.COM | 33

After seven months, the group soon realized that Mr. X was not going to meet those benchmarks, and by January of 2013 the ugly truth was starting to reveal itself. After repeated requests to terminate the contract and retrieve the funds, the group contacted the Compliance Officer at ABC and learned that Mr. X had in fact never opened the accounts, had lied outright in his communications with the group, and had absconded with their funds. To add insult to injury, it turned out that his high-ranking resources at the bank were fictional characters as well. As one group member stated: “It suddenly became clear that his intention was to steal the money from us from the start and, unfortunately, we didn’t bother to undertake any due diligence before entering into this deal.”

The Investigation Begins The investors contacted CRI Group after the crime had taken place. An investigation was launched in Dubai, where, during the course of several discreet inquiries with close sources representing the Royal Family, it was discovered that the brotherin-law to which Mr. X had referred never actually existed, though an individual with a similar name was in fact a director at a local national bank. Further, through interviews with the compliance officer at ABC and through court-procured documents, it was learned that each round of funds that Mr. X deposited into his personal account was quickly followed up with an identical transfer of funds the following day to an offshore account owned by a female accomplice in Monte Carlo. Additionally, in-depth background checks on Mr. X turned up three separate prior criminal cases involving fake checks, and showed that he was wanted by the Federal Police in Dubai. Moreover, the

34 | FRAUD360 | ISSUE 1 2015

address to the Dubai residence he had given to the investor group led investigators to a demolished building at that site. The ongoing investigation brought experts to Western Australia, where records uncovered a company registered to

As one group member stated: “It suddenly became clear that his intention was to steal the money from us from the start and, unfortunately, we didn’t bother to undertake any due diligence before entering into this deal.” Mr. X which had gone out of business due to failure-to-file laws. Investigators also located property in that region owned by the subject worth AUD $5.9 million, along with an AUD $94,000 luxury car. Investigators conveyed this information to the legal counsel for the investor group and suggested that they appeal to the UAE Courts to secure a judgment for the recovery of the assets in Australia. Thanks to quick work by the UAE police who worked closely with the local Interpol office, the Australian Federal Police were brought in and the assets that were identified by the due diligence investigation were promptly seized. That group is presently working with the FBI to locate Mr. X and bring him and his accomplices to justice.

Lessons Learned In high-dollar transactions with outside »» continued on page 38

Organization Profile The Fraud Advisory Panel The Fraud Advisory Panel (FAP) is the charity which champions best practices in fraud prevention, detection, investigation and prosecution. Its vision is for everyone to have the knowledge, skills and resources they need to protect themselves against fraud and to help protect others too. Panel members are antifraud professionals from all sectors united by a common concern about fraud. CRI Group is a Corporate Member of the Fraud Advisory Panel. CRI Group had the pleasure of speaking with David Kirk, chairman of the Fraud Advisory Panel. He is a lawyer specializing in fraud matters with a particular emphasis on bribery, corporate liability and financial services regulation. CRI: How do you define fraud? DK: Fraud is the deliberate use of deception or dishonesty to deprive, disadvantage or cause loss (usually financial) to another person or party. Legal definitions of fraud vary across jurisdictions. For example in the UK the Fraud Act 2006 creates a criminal offense of fraud with three ways of committing it: by false representation, failing to disclose information or by abuse of position. The U.S. has similar provisions in Chapter 47 of the U.S. Code — Fraud and False Statements. In a European context, Germany’s Criminal Code, sections 263 and 266, penalizes a range of fraud and embezzlement offenses using similar terms to those in UK law. Apart from the theft and deception offenses, the wider definition of fraud includes bribery, money laundering, cartels and markets offenses.

www.fraudadvisorypanel.org

CRI: Who should be responsible for an organization’s fraud control framework? DK: Fraud control culture and tone must be set from the top, and the board must have ultimate responsibility for protecting the organization from fraud, but in addition every employee in an organization has a role to play in managing the risk of fraud. Nothing less than an organization-wide approach to fraud risk management can ever be truly effective. Anti-fraud strategy should be a boardlevel responsibility. The board has a duty to safeguard its assets, people and data, and should take an active interest in preventing fraud by setting the ’tone’ and policies for the organization. Senior management should implement and monitor compliance with these, and staff should adhere to them and report any concerns. CRI: What do you recommend to an organization on how to prevent fraud in first place? DK: Strong ethical leadership, coming straight from the very top, is often the best defense against fraud. Getting the tone from the top right will go a long way toward creating a good corporate culture, instil integrity and guide ethical behavior throughout an organization.

CRIGROUP.COM | 35

The risks faced by all businesses come both from outside and from within. Insider fraud is as much of a threat as fraud committed by external forces. Therefore, the defenses every organization must set up to protect it from fraud range from sound and secure physical systems and controls through to a strong audit function and a simply articulated anti-fraud policy. The latter should clearly set out the organization’s stance of fraud (i.e. zero tolerance) and the behavior expected of staff and others. Increasingly investors, customers, employees and regulators are looking to organizations that actively promote ethical behaviors and trading practices. Good fraud risk management can act as an enabler to business — enhancing reputation, staff and customer loyalty, and improving the bottom line.

DK: Fraud should be managed in much the same way as any other business risk. The core function of the control framework should be to identify and assess the greatest risks to the organization; introduce appropriate controls, policies and training to manage these; and establish mechanisms to review and revise these to

CRI: Why is prevention so important? DK: Prevention is always better than cure — especially when it comes to fraud. Undeniably, the creation, adoption and maintenance of an anti-fraud capability will cost money. But it can have benefits too — acting as a deterrent to would-be fraudsters, reassuring customers, investors and staff, and resulting in savings. With law enforcement resources stretched — in the UK at least — most organizations are left to recover fraud losses on their own, meaning that the true cost of becoming a victim can be much more than the initial amount lost once regulatory penalties, investigatory and recovery actions, and reputational damage have been taken into account. CIFAS research estimates that the true cost can be as much as 14 percent higher than the original loss in the case of staff fraud. And low-value, highvolume frauds cost more.

David Kirk, Chairman of the Fraud Advisory Panel.

CRI: What are the functions of a fraud control framework?

36 | FRAUD360 | ISSUE 1 2015

make sure they remain appropriate and relevant to the business’ needs. Of course, an organization’s anti-fraud defenses will be proportionate to the risks faced and appropriate to their size and circumstances, and the level of fraud that an organization is prepared to tolerate. These defenses can be built into every aspect of an organization’s operations using hard and soft controls, engaging staff at every level, and reaching down through the supply chain to the front-line customer experience. CRI: What role does internal audit play in this regard? DK: The role of internal audit is to evaluate the potential for fraud and how it is managed as part of the audit process. This may include the review of fraud prevention controls and detection processes and making recommendations on how these can be improved.

Internal auditors are also sometimes expected to perform additional activities that are ancillary to their primary role and responsibilities in respect of fraud, such as managing or leading investigations into allegations of suspected fraud, especially where no dedicated fraud function exists within the organization. The role and responsibilities of the internal auditor are set out in the International Standards for Professional Practice of Internal Auditing. These include 1210.A2, 2060, 2110.A1, 2120.A2 and 2210.A2. CRI: What is fraud reporting in an organization? DK: A well-run organization will have procedures in place to ensure that fraud is reported to the appropriate person or department, where decisions can be made about the right action to take to deal with the problem. The decisions will include whether any formal reporting must be made, whether to involve the police, whether to take recovery action in the civil courts and whether disciplinary action against any employee is merited. Organizations have a number of formal responsibilities for reporting fraud externally. They may be required by their regulator to notify the regulator of fraud committed against or by them. They may be obliged to make a suspicious activity report (SAR) to the National Crime Agency. There may be duties to shareholders and customers. They may consider it their public duty to report to the police, not least. Auditors may need to be informed. Internally, reports will be used for the essential task of formulating strategies to prevent a repetition of the fraud. CRI: What about protection for employees reporting suspected fraud? DK: All organizations should have a dedicated means, which may be a confidential hotline or a line management formula, for

employees to report fraud. It should be in the DNA of every organization to ensure that all employees know how to report fraud and to whom. Where the system breaks down, an employee may consider that reporting a fraud to their line manager or other person in authority is simply not possible. In those circumstances that employee may decide to blow the whistle. Such a report is known as a protected disclosure. Whistleblowers are a vital tool in alerting organizations to the existence of fraud, particularly where the fraud is internal. Internal fraud may be fraud against the organization, or it may be fraudulent, dishonest or unethical conduct by the organization or its employees.

Advertise With Us

To advertise with us, please send an email to pr@CRIGroup.com.

Space is available for Fraud360 magazine as well as our monthly email newsletter, Fraud360 News Brief International. Contact us today for more information.

CRIGROUP.COM | 37

A whistleblower who makes a protected disclosure that is in the public interest is protected by law (The Enterprise and Regulatory Reform Act 2013, sections 17ff ) from being dismissed or disciplined, or ‘subject to detriment’ in his or her employment.

internal control in an organization contribute to reduce the risk of fraud? DK: It is imperative for those at the top of an organization to set the tone and install an anti-fraud culture to reduce the risk of fraud.

CRI: How do you perceive rewards for whistleblowers as effective in reducing the risk of fraud in an organization? Are they worthy to adopt? DK: The U.S. has adopted a system of rewarding whistleblowers in certain circumstances, mainly in the tax and financial sectors. The rewards can be very significant, with a bank employee who reported his firm for tax fraud in which he was also implicated receiving a prison sentence and a reward of over U.S. $100 million. The UK has not yet taken this step, and I take the view that this is the correct approach. While every effort should be made both to encourage people to report fraud in their employment, and to safeguard them, there is a risk that the promise of a reward will create a false market in whistleblowing reports. It might also complicate the process of bringing perpetrators to justice, a process which is complicated enough already.

CRI: What do you recommend for combating fraud in an organization? DK: Effective risk management is an essential part of good governance. Failure to adequately manage the risk of fraud may increase the chances of financial loss, reputational damage, share price volatility and unbudgeted investigation, accountancy and legal costs.

CRI: Does setting the tone of top management for a healthy culture and

»»

CRI: How can the Fraud Advisory Panel assist organizations that want to learn more about managing the risk of fraud? DK: Our website is a key tool for advising, supporting and educating anti-fraud professionals and organizations on fraud. It contains comprehensive information on how to prevent fraud, as well as guidance for UK victims on what do in the aftermath. The Fraud Advisory Panel also regularly publishes self-help factsheets for businesses on a broad range of subjects including fraud risk management, fraud indicators, and how to secure board level support for anti-fraud measures. These can be downloaded for free from our website, www.fraudadvisorypanel.org.

Case Study: Lack of Integrity Due Diligence Has Painful Consequences, continued from page 34

business partners, always conduct an integrity due diligence investigation before disclosing any financial information. Further, if an outside partner claims to have the backing and assistance of a high-ranking political official, be aware that that type of affiliation could trigger

38 | FRAUD360 | ISSUE 1 2015

FCPA alarms down the road. Lack of an integrity due diligence investigation from the investor group on Mr. X prior to initiating any dealings with him resulted in losses of more than U.S. $6 million, with the perpetrator still at large. It is strongly recommended that due

»»

Global Review, continued from page 29

of soccer officials who, as alleged, have abused their positions of trust to acquire millions of dollars in bribes and kickbacks.” Those arrested are expected to be extradited to the U.S., where they will be

interrogated and, presumably, the investigation will expand from there. This is most likely just the first chapter in what may be a long, and intriguing, story of justice. And as for any individuals with significant

connections to FIFA — if they have been engaging in bribery, corruption, or any other manner of fraud (and they are not as yet charged or arrested), they have some nervous weeks and months of waiting ahead.

A Case of Massive Online Degree Fraud? An explosive report in the New York Times exposed a Pakistani software company that has been allegedly making millions on fake, “U.S.style” college degrees complete with bogus websites, certificates, testimonials, videos and other elements to support the enterprise. On Tuesday, law enforcement officials responded with a raid on Axact, the company in Karachi where the alleged scheme was orchestrated.

The fraud is on a sweeping scale. More than 370 websites tout college degrees with Western-sounding names, like “Newford University” and “Columbiana University,” with costs ranging from U.S. $350 for a high school diploma to $4,000 for a doctoral degree. It all adds up to “tens of millions of dollars.” Arrests followed the raid on Axact’s offices in Pakistan. In a statement, the Interior Ministry said that investigators would

diligence be conducted on any substantial business transaction with an outside party or potential business partner. Integrity due diligence investigations can confirm the legitimacy of any individual and can reduce potential business risks by revealing everything from false

determine whether Axact “is involved in any such illegal work which can tarnish the good image of the country in the world.” In cases of alleged fraud, we often see that where there is smoke, there is fire. It seems apparent that a major deception is taking place, and cases like this perfectly illustrate why thorough background checks on employees that include education history are absolutely essential.

names, titles and certifications to ascertaining past business dealings, criminal records, executive stability and suspect associations. — Case studies compiled by Javeria Adeel, Media Researcher and Fraud360 Correspondent for CRI Group.

CRIGROUP.COM | 39

Fraud Investigations and Risk Management Are you protected?

Did you know? is the estimated amount of revenue that the typical organization loses each year to fraud.*

TRILLION

3.7

in fraud losses occur worldwide (if applied to the estimated Gross World Product).* *Source: The ACFE’s 2014 Report to the Nations.

CRI Group’s Third-Party Risk Management (3PRM™) services provide a proactive approach to mitigating risks from third-party affiliations, protecting your organization from liability, brand damage and harm to business. Our 3PRM strategy focuses on: ✓ Providing third-party risk assessments ✓ Meeting contracting requirements ✓ Conducting due diligence ✓ Providing management oversight

Our fraud experts will work with your team to: ✓ Identify fraud risks at your organization ✓ Implement proactive controls to prevent fraud ✓ Investigate cases of unethical behavior ✓ Measure effectiveness and results

CRIGroup.com newyork@CRIGroup.com / london@CRIGroup.com / +1 (646) 513-4266 / +44 20 3478 2449 UAE / Qatar / Pakistan / Singapore / Malaysia / Hong Kong / United Kingdom / USA