Post on 24-Jan-2016
description
Preventing Fraud in
Government & Industry
Solving Complex Government Problems
Using Financial Intelligence
Dave Gilles, Deloitte Financial Advisory Services LLP
Kari Crowley, Deloitte Financial Advisory Services LLP
Brandt Heatherington, Solutions Marketing Manager, i2 Group
October 13, 2010
• Welcome and introductions
• Housekeeping notes
• David Giles & Kari Crowley, Deloitte
– “The Money Trail”
• Brandt Heatherington, i2 Group
– Intelligence-led fraud investigations and the
i2 Fraud Solution
Agenda
The Money Trail
Analyzing your financial data intelligently can help your organization identify
trends, patterns and unique anomalies. These findings may be instructive
when considering how best to maximize your organization’s mission. The
findings may also be illuminating when things go wrong. In the end, “following
the money” is often the fastest way to your answer.
Today we will touch on:
• What types of benefits can be realized by “following the money”?
• How can the discipline of financial intelligence help identify an organization’s
opportunities and vulnerabilities?
• What types of tools and techniques are used to derive intelligence from financial
data?
• Going forward, how does one implement an effective program and control
environment designed to prevent, detect, and deter fraud and other illicit acts?
Regulators Shut 2 Failed
Banks in IllinoisCHARLOTTE, N.C. -- Regulators on Friday shut down
two more banks, boosting the number of federally
insured bank failures this year to 36.
The latest banks seized were Strategic Capital Bank and
Citizens National bank, both in Illinois. The Federal
Deposit Insurance Corp. will continue to insure regular
deposit accounts of up to $250,000 at both banks.
The Illinois Department of Financial and Professional
Regulation's banking division took over Strategic Capital
Bank, based in Champaign, Ill., while the Office of the
Comptroller of the Currency took control of Citizens
National Bank, based in Macomb, Ill. The FDIC was
appointed receiver of both banks.
Charities Look for Ways to Reduce
Overhead WASHINGTON – Some 37% of non-
profits with private contributions of
$50,000 or more in 2000 reported no
fundraising or special event costs, the
study found. Eighteen percent of non-
profits that raised $5 million or more
reported no such costs. Such a high
percentage of non-profits with zero
fundraising costs is implausible, the
study's authors said, because it usually
takes money to raise money.
The heightened focus on fundraising
and administrative costs may
discourage organizations from spending
money on things that could make the
charity more effective, says Patrick
Rooney, director of research at the
Center on Philanthropy. Non-profits deal
with "the most intractable problems
society faces," he says. "They need
good staff and accounting systems.
They also need roofs that don't leak and
computers that don't crash."
Current events
“Financial intelligence” generally uses advanced accounting skills, high-end
data analytics, tested business acumen and proven investigative
methodologies. Following the money greatly enhances an organization’s
ability to identify a wide spectrum of actionable anomalies.
“Follow the money”: What’s involved?
• Financial intelligence techniques allow organizations to “connect the dots” through the
generation of new information and the enrichment of existing data.
• “Following the money” is often the best tool for finding ways to maximize operational
processes and, when things go wrong, can be an effective method of uncovering
evidence of illicit activities.
Full spectrum approach
During this time of constrained budgets and under-
performing markets, the public and private sectors alike are
looking for ways to maximize their missions with fewer
resources.
Whether its finding wasteful spending in a government
program, criminal manipulation of benefit systems or even
modeling the financial backing of a terrorist group,
“following the money” plays a part.
Improved Claims Process
Standardized Cost Structure
Fraud and Waste Identified
Healthcare Spending
Tax Evasion
Trust Schemes
Unreported Income
Hidden Assets
Terrorist Financing
State Sponsorship
False Charities
Weapons Purchases
Fraud and Waste Identified
Timely Delivery of
Medical Supplies
Quality of Relief Supplies
Disaster Relief
Eliminate Redundancies
Identify Savings
Uncover Fraud
National Budget
When Things Go Wrong
Finding Efficiencies
Example: Terrorist financing
Rogue regimes, transnational criminals, illegal armed groups, violent
extremists and terrorist organizations all have one common element - money:
the need for, involvement in, and the importance of finances as the lifeblood
of their operations and, consequently, the livelihood of their ideology. In the
end, our Nation’s adversaries, both large and small, should be seen as
organized businesses focused on raising, moving, safeguarding and
expending money for the purposes of prosecuting their attacks on the US’s
national security interests.
Improved Claims Process
Standardized Cost Structure
Fraud and Waste Identified
Healthcare Spending
Tax Evasion
Trust Schemes
Unreported Income
Hidden Assets
Terrorist Financing
State Sponsorship
False Charities
Weapons Purchases
Fraud and Waste Identified
Timely Delivery of
Medical Supplies
Quality of Relief Supplies
Disaster Relief
Improved Claims Process
Standardized Cost Structure
Fraud and Waste Identified
National Budget
When Things Go Wrong
Finding Efficiencies
Money Trail: Investigative Techniques
What do forensic accountants look for?OPPORTUNITY
INCENTIVE/PRESSURE RATIONALIZATION
Fraudulent Reporting
Misappropriation of Assets
Corrupt Business Practices
Types of Fraud
Improper revenue recognition
Management override
Unusual relationships
Misapplication of accounting principles
Conflicting records
Discrepancies in records
Improper asset classification
Improper expense
capitalization
Reserve manipulation
Revenue recognitionChannel stuffing
“Side letters”
Round trip transactions
Excessive rights of return
Fictitious sales
Holding the
quarter open
Benford’s Law
Absence valid business purpose
Source: Fraud triangle was developed by Dr. Donald Cressey in 1950’s
Data analytics and forensic technology
Analytic and forensic technologies enable the Follow the Money process…
Data analytics is a key part of all financial analysis. This most frequently involves
analyzing voluminous amounts of electronic records such as: transactional data, bank
records, contracts, insurance claims, inventory logs, sales records, stock trades, etc. By
using data analytics one can:
● Locate, scope, acquire, mine, test, and normalize data in
support of anomaly detection and fraud investigations
● Filter and analyze massive transactional data sets using
business rules thus producing a focused set of anomalies
● Produce predictive analytics and human network maps
● Create analytic and statistical trending insights regarding
your company or, in the case of the military, your
adversary.
Scenario:
Your agency’s vendor payment
system has been improperly
accessed and there is a
possibility that fraudulent
payment orders have been
created. You need to analyze
thousands of payments, do due
diligence on vendor files and
trace payment flows to their
recipients to determine how
bad things are – and you need
to do it fast.
Background investigations
• PEP/Sanction list
• Adverse media • Number of subjects
• Subject’s business activities
• Subject’s contact with
government officials
• Known or prior allegations
• Jurisdictional risk (CPI score)/
Industry risk
• Country-specific common
schemes
• Project deadline
• Discreet or open?
Data Source Considerations
Level 1
Level 2
Level 3
• Includes Level 1 research
• Identify website/media profile
• D&B and other business reports
• Corporate registry checks (to
identify shareholders and
directors
• Bankruptcy-civil litigation
• Criminal records (to the extent
available)
• Includes Level 1 and 2 research
• Discreet source inquiries
•
From 50,000 feet to Full Body Scan
[s001]
DIRECTOR, VICE CHAIRMAN
DIRECTOR [s544]
DBA[s120]
DBA[s119]
DBA[s121]
ISLAND FUNDS
I.C. PARTNERS
I.C.F. GROUP
Sanctions: OFAC (December 2008) [s433]
ISLAND CAPITAL FUNDING L.P.
MARTIN, JOSEPH R.Registered in: UAE
Reg. #: 434443
ACME TRANSPORTATION GROUP [UAE]
i2 - Analyst’s notebook: Chart APosition on chart
i2 - Link analysis: Chart B
i2 analysis
Focus areas
[s303]
CURRENT OWNER[s505]
APEX IS FORMER OWNER (1998-2008)
[s663]
APEX IS LIMITED PARTNER OF STEEL
[s055] [s105]
TRADING STYLE OF APEXAPEX [UAE] IS SHAREHOLDER, 100%
[s847]
STEEL ISLIMITED PARTNER
NO. 8 CLARKADMINISTRATORS
IS GENERAL PARTNER[s547]
APEX IS SOLE SHAREHOLDER[s277]
CLARK ASSET MANAGEMENT ISGENERAL PARTNER
[s223]
CLARK IS SOLESHAREHOLDER
[s564]
Country: UNITED KINGDOM [s303]
Plate: 773 AAA, CURRENT PLATE [s303]
Plate: 992 BBF, 1998 - 2007 [s304]
VIN#: 888222FFFW3434Registered in: UNITED KINGDOM
Reg. #: AFR 775141
NO. 8 CLARK HOLDINGS LIMITED
Registered in: UNITED KINGDOM
Reg. #: 34344DE
THE STEEL GROUP LIMITED
Registered in: AUSTRALIA
Reg. #: 342342322
APEX AUSTRALIA LTD.
Registered in: UAE
Reg. #: 434443
Sanctions: OFAC (February 2010) [s234]
APEX TRUCKING [UAE]
Registered in: UNITED KINGDOM
Reg. #: TRF 32433
NO. 8 CLARK ADMINISTRATORS LIMITED
Registered in: UNITED KINGDOM
Reg. #: 555899FFE
CLARK ASSET MANAGEMENT
Where does the trail lead us?
Following the Money helps us learn about new trends and new key players.
Looking at the past gives us great insight into the future:
• Patterns tend to repeat
• New schemes start somewhere—usually as a modification or an improvement
of past behavior.
• Key players “groom” new people to take over their fraudulent schemes.
• Previously identified “fringe” subjects become the new epicenter of activity
• Geographies that once seemed remote or anomalous can become a new
investigative focus
Prevent, Detect, Deter
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Identify high-risk businesses, clients , transactions and individuals
Assess high-risk clients, partners and agents / Evaluate related controls
Government clients
Agents and Consultants
Intermediaries
High-risk populations
Agents / Intermediaries
Independent sanctions
screening
High-risk populations
Customer due diligence
KYC Program
Enhanced due diligence
Principals and executives
Undisclosed interests
Litigation / Reputation
Fraud Risk
Assessment
Business partners
Client / Customer fraud
Transaction monitoring and testing / Evaluate related controls
FCPA monitoring
Gifts / Entertainment
Vendors / Third Parties
Sanctions screening
Transaction authority
and controls
Escalations and
regulatory disclosures
AML transaction
monitoring systems
Suspicious / Cash
transaction reporting
Escalations and
regulatory disclosures
Related parties
Business partners
Undisclosed relationships
Fraud monitoring
Financial controls
Agents / Intermediaries
Evaluate compliance communications, training and awareness
Assess internal audit and regulatory examination reports
CorruptionEconomic
sanctionsMoney laundering
Integrity and
reputationFraud
Clients, agents,
intermediaries
Risk assessment
Transactions and
monitoring
Compliance
culture
Assessments and
testing
Compliance: Potential risk areas
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Objective
• Identify companies at risk for FCPA violations in increasingly aggressive enforcement environment due to ineffective compliance
programs and controls.
• Identify strategic/equity investors exposed to potential successor liability claims for failure to perform adequate FCPA due diligence.
Key Risk Areas
• Foreign government sales and touch points
• Use of agents and intermediaries
• Operations in high-risk countries (e.g., China, Russia)
• State-owned/-controlled customer base
• Local anti-corruption laws
• Sales behaviors and culture
Due
Diligence
Approach
• Risk assessment to identify:
− Government agencies and customers
− Employees, agents, consultants, vendors
− Payments to government
• Analysis of customers / sales processes
− Marketing and sales processes, including distributors
or resellers
− Use of consultants / third parties
• Transaction testing and documentation
− Assessment of consultant agreements
− Keyword searches
− Payments and expenses analysis
− Interrogation of relevant general ledger accounts
• FCPA Analytics™ – Proprietary FCPA transaction testing too
• Background investigations
Potential Impact
• Corrupt payments can subject a company to criminal and
civil fines and exposure (mitigated by strong compliance
program)
• Corrupt payments that may require adjustment of deal
pricing/economics:
− Exit of clients, business segments or intermediary
relationships
− Legal and investigative costs
• Pre-acquisition violations required to be disclosed to DOJ
• Cooperation with government investigations
• Robust remedial actions and compliance programs going
forward
Corruption
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Money laundering
Objective
• Identify vulnerabilities in business operations that expose the risk that funds are being used to facilitate money laundering
• Conducting enhanced due diligence on high risk clients as part of business as usual practices as well as forensic transactional and
KYC lookbacks.
Key Risk Areas
• Operations in high-risk jurisdictions (e.g., countries not
applying FATF standards, offshore tax havens, etc.)
• High-risk industries: gaming, financial and money services
businesses, real estate agencies, precious metals/stones
• High risk individuals such as Politically Exposed Persons
(PEPs)
• Vendors and joint venture partners
• Cash intensive businesses
• Products that can be monetized easily (e.g., consumer
electronics, vehicles)
• Company formation agents and professional services providers.
• Stored value cards, payments processors, money services
businesses, etc.
• Trade finance and corresponding banking transactions
Due
Diligence
Approach
• Identification of high-risk clients, products/services,
geographies and distribution channels
• Analysis of high-risk customers (including their KYC
profile and transactional patterns), products and services
and operations:
• Identify high-risk customer segments
• Independent screening and assessment especially in the
context of economic and trade sanctions (e.g. OFAC)
• Transaction testing and documentation
− Assessment of high-risk clients, intermediaries and
transactions
− Review of documentation and agreements
• Assessment of controls around payments and money laundering
prevention
Potential Impact
• Money laundering, sanctions compliance and terrorist
financing exposes your organization to potential criminal
and civil liability as well as reputational injury
• Changes to business operations to mitigate risk of money
laundering
• Identification of additional controls to be implemented for high
risk clients and products
• Estimates of remedial costs to protect the business going
forward.
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Fraud
Objective
• Incorporate fraud risk factors and schemes in corporate risk assessments to capture factors that may directly impact operations,
transactions, etc.
• Link risk assessments across the organization regardless of focus (e.g.., Fraud, Operational, Anti-Corruption risk assessments)
• Establish and update understanding of business relationships within and external to the company
• Be prepared to address fraud events when they occur
Key Risk Areas
• Various statutory and regulatory guidance
− Domestic
− International
• Size, locations, and nature of subsidiaries and external
relationships
• Industry
• Quality/integrity of management and employees – “tone at the
top”
• Private vs. public company requirements
Due
Diligence
Approach
• Fraud risk assessment to identify
• Fraud risk factors
• Specific fraud schemes/scenarios
• Scenario assessment:
• Likelihood of occurrence and magnitude of impact
• Link schemes and scenarios to mitigating controls
• Analyze identified fraud risks and evaluate mitigating
controls
• Evaluate residual fraud risk
• Action plan to address residual risk
• Align fraud risk assessment with all other risk assessments
conducted by the enterprise
• Create and evaluate fraud response management protocol
• Conduct regular due diligence on business partners
• Leverage human resources as a fraud risk mitigation control
Potential Impact
• More effective business operations
• Avoid delays in regulatory approval
• Identification of compliance and control matters before
resulting in potential losses
• Expanded diligence across multiple locations for large
deals if fraud risk factors identified – saves time and cost
to deal
• Savings in deal cost due to issues identified early on
• Perception/reputation maintained or increased
• Savings in audit/compliance costs
Copyright © 2009 Deloitte Development LLC. All rights reserved.
Illustrative examplesRisk Area / Diligence Finding Impact Outcome
• Suspect payments to consultants
identified and linked to acquisition
of government related business
• Significant investigation and remediation
costs
• Long term loss of large client
relationships
• Disclosures to Department of Justice and
other regulatory bodies
• Purchase price reduced by $200
million
• Investigation /remedial costs in the
range of $10 million
• Weaknesses in private banking
unit “know your customer” and
economic sanctions screening
procedures and controls
• Large client population from high
risk jurisdiction for economic and
trade sanctions and corruption
(PEPs)
• Recommended remediation of private
banking unit clients to acquirer’s KYC
standards.
• Expected exit of certain private banking
client relationships
• Significant efforts required to integrate
and update sanctions screening
technology
• Discounted future maintainable
earnings of private banking unit by
5%
• Identification of $3 million required
remedial and integration related
compliance costs.
• Principal has undisclosed business
relationship with competing entities
• Principals associated with target had
moved to re-direct client relationships to
competing entities.
• Research identified significant integrity
and jurisdiction/sector-specific risk issues
• Acquirer abandoned pursuit of
target
Corruption
Economic and trade sanctions
Integrity and reputation
Money laundering
Fraud
The importance of effective compliance:
Programs and internal controls
• Tone at the top
• Comprehensive training
• Due diligence procedures for business partners and acquisition targets
• Readily available resources
• Good communication channels
• Methods for employees to report violations
• Periodic reviews/audits
• Penalties for non-compliance
• “Following the money” can be an effective way to identify both
opportunities and risks.
• As evidenced by the recent legislation, the Federal government and
private sector alike recognize that identifying and eliminating improper
payments and fraud is imperative to an organization’s fiscal health.
• Advanced technologies and algorithms are important tools in the effort
to detect and deter illicit financial activity.
• Recent investigations and enforcement actions by DOJ and the SEC
demonstrate an intensifying focus on white collar crime, including
actions against individuals
• Invest in risk assessment, compliance, prevention and detection
• Know your business partner!
Key takeaways
i2 Fraud SolutionCapture, management & analysis of intelligence
Fraud landscape and challenges
• $2.9 Trillion lost to fraud globally (5% of revenue)*
• Large volumes of disparate data
• A variety of mediums to connect to – e.g. human intelligence, paper
trails, etc
• Hidden in complex layers of transactional data
• Lack of time to collate information
• Rapidly shifting environment
• Diverse perpetrators
• Sophisticated tools and methods
• Secure information sharing
• All data searchable and accessible
Technology-enhanced investigative workflow
Analysis and Visualisation
Fraud network mapping
Cyber fraud
IP analysis
Transaction timeline
mappingFraud risk heat maps
Fraud Visual Analytic Output Examples
Intelligence from World-Class i2 Partners
World-Check
Portland Risk
NCFTA
Spamhaus
Maxmind
i2 Fraud Analytical Capabilities
• Rapidly search multiple internal or external data sources
simultaneously including peer-to-peer networks
• Pool data in common investigative platform to identify entities,
relationships, patterns and timelines
• Advanced push/pull data sharing allows sharing of intelligence
across work groups in near-real-time
• Detect fraud in multiple mediums: Cyber/internet, electronic
networks, telecom networks and more
i2 Fraud Solves Business Challenges
• Rich extraction, analysis and visualization capabilities
• Sophisticated analytical database for managing and
analyzing large volumes of multi-source data
• Advanced push/pull data sharing allows analysts and
investigators to share evidence and analytic results in
near-real-time
• End-users can design intelligence templates to suit their
data and workflow – specialized IT skills not required
• Augments existing infrastructure, does not replace it
• Rapid deployment and low startup and total cost of
ownership
Save Money & Increase Productivity
• i2 tools offer powerful, comprehensive and rapid
investigation
• Fusion of complex data in a centralized environment
• i2 data correlation and visual analysis solutions reduce
expenditure of capital and allow for faster closure of
cases, more efficient deployment of human resources
• i2 analysis charts for fraud cases are the industry
standard in law enforcement, legal and prosecutorial
arenas
• Over 400,000 users globally
• Support, maintenance and updates are seamless
Key Commercial ClientsSectors include:
• Telecoms
• Financial Institutions
• Insurance
• Legal firms
• Pharmaceutical
• Retail
• And many more…
Fraud Case Studies
Case Study: Fraudulent Insurance ClaimsChallenge:
• An increase in the number of fraudulent mobile insurance claims from new FIU
• In-house single point claims system could not cross-reference data sets which required manual
analysis of data involving millions of records.
• How to differentiate between legitimate and fraudulent claims?
Solution:
• Create a centralised intelligence repository by importing data from legacy systems.
• Integrate 3rd party data to enhance intelligence.
• Search historical data to find hidden suspect patterns.
• Map and cross reference all data sets to show hidden fraud by individual and organised rings.
• Allow analysts to concentrate on fraud detection by providing near time results.
Result:
• Instant connection of 5,000 fraud alerts to over 100,000 customers and 1500 individuals connected
to false claims and organized fraud rings
• ID repeat claim submissions from known fraudsters changing minor details
• Proactively terminated policies before further claims could be made
• 50% increase in fraud detection with £150,000 savings
“ Within five months of utilising i2 software, the fraud investigation unit has seen an approximate 50% increase in fraud detection, equating to roughly £150,000 in
savings for both CPP and its customers.”
"Upon utilizing i2 products, we revealed far more useful intelligence that allowed us to not only detect more fraud, but more importantly, we were able to stop it.”
"One of my main concerns when purchasing an intelligence system was cost and after sales support, both of which have been outstanding with i2."
Card Protection Plan
Case #2: ATM FraudCanadian Imperial Commerce Bank
Challenge:
• One of “Big 5” Canadian banks experienced persistent ATM fraud from hacked
machines
• Stolen data being used at banks and point-of-sale
• High frequency and geographic dispersal made trending difficult without advanced
data correlation
Solution:
• Imported all data for ABM/POS (automated banking machines / point of sale devices)
relating to hacked
• Established parameters for frequency of fraud based on number of “data stolen”
events in a month period
• Compared to banks and locations of devices where stolen data was used
Result:
• Established trends for fraudulent use and notified law enforcement of likely times /
places to apprehend fraudsters
Case #3: Internet Credit Card FraudDCPJ/OCLCTIC (France)
Challenge:
• GIE (French economic interest group for bank cards) alerted to 44,700 payment authorizations
over three days for test authorization amounts ($1 to $2) on a US e-commerce website involving
25,548 stolen credit card numbers
• 13,274 use authorizations were granted
• Fraudulent use began several days later and banks were alerted when victims disputed the
charges
Solution:
• IP addresses, domains and bank information involved with the suspicious transactions were
loaded into a central analysis pool. This covered several years of bank data involving 25,000,000
records
• Connected domain names to registrants
• One fraudulent site alone in this ring was responsible for almost $300,000 or 192,000
• Small amounts at a time were low risk but high yield
• Links are established using IP addresses, emails, pseudonyms, bank cards and addresses
Result:
• One principal group of 1233 members is identified as well as 27 sub groups and organized
criminality established
Case #4: Auto Insurance FraudTop 5 US Auto Insurance Company
Challenge:
• A major US insurance company was presented with a suspicious $250,000 claim for a stolen
Ferrari
• Company analyst had only 30 days to investigate the claim
Solution:
• Public records search on owner and link other individuals
• Link uncovered to auto export company
• Link uncovered to previous claims related to same company
• Suspicious of fraud, analyst checks US customs to discover that the car was exported several
weeks prior to claim
• Tracked car to Italy and procured service records signed for by a female lawyer who initially
connected claimant to the export company
• Further analysis proves the lawyer to be the claimants wife using a different last name
• Once requested to be deposed, claimant flees the country
Result:
• Claim denied and law enforcement alerted
Case #5: Procurement FraudSRA International / US Army
• During the Iraq War, manual tracking and billing processes made it easy for some
military personnel and local contractors to fraudulently bill the government
• Without much of the data in electronic format, it was difficult to pinpoint relationships
between people and places
• A contractor was hired to enter the data and trace the patterns
• Data was complicated and transactions were global and carefully hidden
• Through use of data correlation and visualization tools, intricate relationships were
discovered which illustrated who was taking bribes, what units were involved, and to
whom illegal contracts were being awarded
• Visualization enabled comparison of legal and illegal operations and exposed how
illegal activities were hidden
• Created solid evidence and open-and-shut cases
• Out of 3 years of investigation only one case went to trial
• Over $80M USD recovered thus far; $80M total expected
Fraud Resources
Need more info on fraud? Visit www.i2group.com and click on
“Fraud” under Solutions
Need help evaluating your fraud readiness?
Take our free no-obligation Fraud Assessment at:
www.i2group.com/fraudsurvey
Want to schedule a 1:1 meeting with an i2 Analyst’s Notebook
Fraud Expert? Email us at sales@i2group.com
Questions & Answers
This presentation contains general information only and is based on the experiences and
research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering
business, financial, investment, or other professional advice or services. This presentation is not a
substitute for such professional advice or services, nor should it be used as a basis for any
decision or action that may affect your business. Before making any decision or taking any action
that may affect your business, you should consult a qualified professional advisor. Deloitte, its
affiliates, and related entities shall not be responsible for any loss sustained by any person who
relies on this presentation.