Protecting Your Clients from Fraud: Vendor Management and Due Diligence Programs

James Mottola, MS, CISM, CPP

Dr. Kim Miller, CFE March 16, 2017

1

Components of Due Diligence

Comprehensive Mid-Market Due Diligence Services

Private Equity, Banks and Law firms

2

Approach: Risk Management

As part of the Supply Chain Management (SCM), risk is assessed through a qualitative review of factors that could impact critical business processes. An investigation will look to uncover legal and reputational facts both individually and as a principal in the organization, including criminal history, bankruptcies, social media feedback and dark web activities. These factors are used to determine the risks associated with any particular vendor, client, partner or transaction to determine whether controls should be instituted to mitigate these risks, such as financial audits, site visits, reference interviews or other appropriate measures.

3

Program Objective: Business Continuity

Create a trusted process for businesses, vendors and suppliers to facilitate commerce with confidence. Facilitate financial resilience and preservation of resources. Reduce costs, improve operations, strengthen security and improve relationships with all applicable third-party entities. Enhance the customer experience by ensuring the highest quality and legitimacy of all products and services.

4

Institute a process for assessing operational, transactional, reputational and credit related risks to member businesses based upon established investigative, legal and regulatory guidelines. Positively verify the identity of any vendor, supplier or other entity and if possible to determine the legitimacy of any entity wishing to engage the member in a business transaction. At a minimum, this due diligence process will provide the member business with the information to make a business decision from an informed risk management perspective.

Implementation: Process Driven

5

According to the Association of Certified Fraud Examiners’ (ACFE) 2014 Global Fraud Study :

The typical organization loses a median of 5% of revenues each year due to fraud.

The median loss caused by fraud was $145,000, with 22% of

those cases reporting losses of at least $1 million. Reducing the duration of fraud is particularly critical, since the

longer the fraud lasts, the more financial damage it causes the organization.

Fraud Prevention Tool

6

A Quick Study on: Too good to be True.

Owned a brokerage and Investment Advisory firm

Chairman of NASDAQ

Exclusive Offering

Unusual Returns: 11% per Year

Connected to Celebs and Powerful People, i.e. Kevin Bacon

7

Red Flags

Feeder Funds Revenue: Not Generated for Returns but for Suppling Funds to Madoff Commission Based Churn: Rather than fees under asset management and performance

Various Auditor’s: Fairfield Greenwich 7 Billion under Management (Vendor) Madoff Auditor: Friehling & Horowitz: 3 Person Firm (Vendor) Close holding of the BMIS by family members and “Secrecy of Operations” Numerous SEC Investigations with no evidence Numerous Consultants (Aksia, Ltd, et al) alerted their clients and Harry Markopoulos, in 2000, 2001 and 2005 the SEC.

8

Elements of an Assessment

• Application Process, Contractual Agreement and Retention of

Records

• Open Source Intelligence Investigation (OSINT)

• Project Management

• Financial Document Analysis

• Tax Document Analysis

• Investigatory Support

• Periodic Review, Evaluation and Feed Back (Tips) to Monitor

Changing Circumstances

9

You Don’t Know What You Don’t Know

10

Using Fuzzy Logic

• Fuzzy logic is designed to solve problems in the same way that humans do: by considering all available information and making the best possible decision given the input.

Investopedia.com

11

Open Source Intelligence Investigation (OSINT)

• Proprietary Subscription Data Bases Inquiries

• Information Aggregators

• Targeted Sourcing of Financial Fraud and Criminal History

• Government Record Checks

• Dark/Deep/Surface Web On-Line Forums

• Reputational Review

• Money Laundering Checks

• Media Aggregators

• International Due Diligence

• Competitor Due Diligence

12

• Monitoring and Awareness Programs

• Legal Research

• Compliance

• Business, Client, Principal, and Employee Investigations

• Locate Evident and Hidden Assets

• Acquisition Assessments and Due Diligence

• Intellectual Property

• Social Media Aggregators

• Political and Charitable Donation Checks

Open Source Intelligence Investigation (OSINT)

13

• Dark/Deep/Surface Web

14

• Dark/Deep/Surface Web On-Line Forums

• Dark Web • Websites and services are meant to be hidden from all but

the most informed and technically savvy web user and contain criminal content vended on illicit online marketplaces.

• Deep Web • Part of the Internet not listed or indexed by the main search

engines. The contents of the Deep websites cannot be read by conventional searches.

• Surface Web • Part of the Internet that is accessible via mainstream web

browsers such as Google or Bing. Knowledge is not sensitive.

15

Red Flag #1.0 : Don't Knock On My Door

• In a recent vendor management engagement, the vendor's address appeared to be valid.

• A search of the address noted it was a residence owned by a different person than the vendor.

• A further search of state databases indicated that the company was registered at another address.

• The address was determined to be a closed down warehouse.

• Is the location a building or a house or does it even exist!

16

Red Flag #1.1: Don't Open the Door

17

Red Flag #2: Please Leave a Message

Sorry, I Can't Take Your Call Right Now, Please Leave a Message…. • Good vendor management consists of verifying all the

information, to include the various phone numbers.

• Are you constantly receiving voice mails and return calls from a "blocked" number?

18

Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the principals!

Who are they? Do they own assets?

o Real property Real Estate

Personal Property o Vehicles, Aircraft, Watercraft o Stolen Property o Unclaimed Assets

Tax Returns Marriage and Divorce Records

19

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company? • Vetting the principals!

Do their social media profiles match their business profiles? Why is a company name missing on the business profile of a

principal but clearly noted on the social media profile? In a recent case, the principal spelled his name differently on

different social media profiles. Do they have a online dating profile? Are they active on auction sites?

o What are they buying? o What are they selling?

20

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company? Investigate a Business Front

Is the business legally constituted, property regulated? Records of vendors, suppliers, and customers Shell company Shelf company

Trust accounts Service providers

21

Red Flag #3: Who Owns the Company?

• Is that college

degree real?

22

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company?

• Vetting the principals! Bankruptcies

o Who are the creditors? Liens Foreclosure Evictions UCCs

• Investigate a Business Front Is the business legally constituted, property

regulated? Records of vendors, suppliers, and customers

23

Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the company website • Are the company emails valid? • Misspelled key words on website • Website history

24

Red Flag #4: The Numbers Don’t Add Up

Working the numbers: • Net sales for 2015 were reported at $2.3M.

• Interesting information and worrisome at the same time when it

was revealed that the company was in business for only six months.

• Finding becomes problematic when a search of tax information indicated the business filed a welfare benefit Form 5500 to report their financial condition, investments and operations and depicted $400,000 in assets in 2014 while other documents indicated the company was not actually opened until 2016.

25

Red Flag #4: The Numbers Don’t Add Up

Working the numbers: The Form 5500 Series is an important compliance, research, and disclosure tool for the Department of Labor, a disclosure document for plan participants and beneficiaries, and a source of information and data for use by other Federal agencies, Congress, and the private sector in assessing employee benefit, tax, and economic trends and policies.

26

Red Flag #4: Example of Form 5500 Plan Information

27

Red Flag #4: Example of Form 5500 Plan Information

28

Red Flag #5: The Pieces Just Don’t Fit

• Inconsistent reporting was glaring where a merger and

acquisition was noted in 2015 yet political donations were recorded for a candidate in 2012!

• A search of patents and trademarks located a result for one principal.

• In contrast with information noted on the business profile and social media profile.

29

Red Flag #6: Show Me the Money

• A search of liens, evictions and judgments can highlight possible financial issues

• Can’t liquidate or obtain assets according to normal business practices.

• Other factors are affecting the business.

30

Red Flag #7: The Truth is Inconvenient

• Searches of residential property may not match other documents provided by the principal of the company.

Does the signature match?

• The principal states they have professional licenses and when registration was located, it had expired.

31

Red Flag #8: Associated Risks

It Is Not What You Know, But Who You Know • A search of the principal's business partner indicated a

possible criminal history for fraud

• The principal's loyalty might be compromised in favor of the partner regarding financial transactions

32

Red Flag #9: Wine, Women and Song

• Investigate the lifestyles of the principals

• Fraudsters spend money fast!

33

Red Flag #10: Social Media Sites

• Review the social media sites • Read the tweets • Who are the contacts?

• Connect the person of interest to other connections to certain key persons of interest

• Use a wider net of social media meta search engines • As 33 Million People in the Room states

• Different social media platforms exist for different purposes

• A person of interest will have accounts on multiple social media platforms fulfilling different social needs

34

Red Flag #10: Social Media Sites

35

On-Going Review: Tips are Tops

Orgnet.com

36

JAMES MOTTOLA, MS, CISM, CPP Director of Forensic Investigations and Risk Mitigation Services

Sobel & Co., LLC 293 Eisenhower Parkway, Livingston NJ 07094

973.994.9494 | james.mottola@sobel-cpa.com www.Sobel.cpa.com

DR. KIM MILLER, CFE NJ Licensed Private Detective/Subject Matter Expert

K.E. Miller Consulting, LLC 908.399.8386 | millerk123@embarqmail.com

Vendor Management Program

Contact Us