• Like

Global Fraud Report 2009 2010

  • 1,322 views
Uploaded on

Kroll commissioned the Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2009. …

Kroll commissioned the Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2009.

A total of 729 senior executives took part in this survey. A little over a third of the respondents were based in North and South America, 25% in Asia-Pacific, just over a quarter in Europe and 11% in the Middle East and Africa. Ten industries were covered, with no fewer than 50 respondents drawn from each industry. The highest number of respondents came from the financial services industry (12%). A total of 46% of the companies polled had global annual revenues in excess of US$1 billion.

This report brings together these survey results with the experience and expertise of Kroll and a selection of its affiliates. It includes content written by The Economist Intelligence Unit and other third parties. Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstra and all the authors for their contributions in producing this report.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,322
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
32
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Annual Edition 2009/2010Global Fraud Report Economist Intelligence Unit survey results Sector by sector analyses of fraud Regional fraud insights The use of technology in helping & hindering fraud Regulatory updates Global & local case studies And many more articles
  • 2. Kroll commissioned The Economist Intelligence Unit to conduct aworldwide survey on fraud and its effect on business during 2009. A totalof 729 senior executives took part in this survey. A little over a third of therespondents were based in North and South America, 25% in Asia-Pacific,just over a quarter in Europe and 11% in the Middle East and Africa.Ten industries were covered, with no fewer than 50 respondents drawnfrom each industry. The highest number of respondents came from thefinancial services industry (12%). A total of 46% of the companies polledhad global annual revenues in excess of $1billion.This report brings together these survey results with the experience andexpertise of Kroll and a selection of its affiliates. It includes contentwritten by The Economist Intelligence Unit and other third parties.Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstraand all the authors for their contributions in producing this report.The information contained herein is based on sources and analysis we believe reliableand should be understood to be general management information only. Theinformation is not intended to be taken as advice with respect to any individualsituation and cannot be relied upon as such. Statements concerning financial,regulatory or legal matters should be understood to be general observations basedsolely on our experience as risk consultants and may not be relied upon as financial,regulatory or legal advice, which we are not authorized to provide. All such mattersshould be reviewed with appropriately qualified advisors in these areas.This document is owned by Kroll and The Economist Intelligence Unit Ltd., and itscontents, or any portion thereof, may not be copied or reproduced in any form withoutthe permission of Kroll. Clients may distribute for their own internal purposes only.Kroll is a subsidiary of Marsh & McLennan Companies, Inc (NYSE:MMC), the globalprofessional services firm.
  • 3. ContentsGlobal Fraud Report Introduction.................................................................................. 4 Healthcare, Pharmaceuticals Tim Whipple, President, Kroll Consulting Services & Biotechnology A glimpse into Mexico’s shadow pharmaceutical market....24 EIU Overview.................................................................................... 5 The Economist Intelligence Unit overview Technology, Media & telecoms IT outsourcing: Is it worth the risk?........................................26 fraud vulnerability Summary of sector fraud profiles. ............................................8 . Natural resources The Foreign Corrupt Practices Act, regional analysis the Siemens settlement, and the energy sector....................27 Asia-Pacific overview..................................................................9 . regional analysis Financial Services Middle East & Africa overview................................................29 Fighting credit card fraud: Don’t overlook the low-tech battle........................................10 Retail, Wholesale & distribution But how could they do that to us?: India’s retail sector: The growth of affinity frauds.......................................................... 11 Risks that match the potential rewards....................................... 30 When the law lets you down..................................................12 . viewpoint Buyer beware: Information security and M&A activity........13 . Multiple-source reporting: What works Financial crime: What should insurers be worrying about?.14 for tax fraud could work for Ponzi schemes.............................. 32 Professional services Consumer goods The pitfalls of arbitration.........................................................15 Chinese fakes in Korean markets................................................... 34 Tackling client and data problems..........................................16 Travel, leisure & transportation regional analysis Fraud risks in commercial aviation................................................. 36 North America overview..........................................................18 Europe overview.......................................................................19 construction Three predictions for the future: The impact of the global Manufacturing economy on construction.................................................................. 38 Tackling compliance with conviction............................................ 20 Fraud vulnerability viewpoint Fraud heatmap: where industry feels the pain, The United Kingdom’s new anti-bribery legislation.............22 and how it reacts.................................................................................. 40 Not all identity theft is high-tech, Slowdown in business expansion drives reduction and no one is immune. ............................................................23 . in fraud factors..........................................................................42 Corruption fears grow..............................................................42 Kroll Contacts................................................................43 Kroll Global Fraud Report • Annual Edition 2009/2010  |  3
  • 4. INTRODUCTIONIntroduction W e all hope that the worst of the Unfortunately, though, over one in five financial crisis is behind us – and financial services companies saw their most of us do not want to look internal controls weakened through cost back. This has been a year of painful cutting. It is understandable that in today’s adjustment in the harsh conditions of climate, they should seek economies. But recession. The prospects for 2010 look these will be false economies over the brighter, leaving us less inclined to focus on longer term if they lead to the resurgence the mistakes that brought us to this pass. of the same issues that so deeply damaged the industry in 2008-9. Yet there is ample reason to cast a glance over our shoulders as we look forward to “Tighter controls” will not be a popular the happier tasks of the new recovery. rallying cry in Wall Street, the City or Fraud, corruption, and all that go with it Nariman Point. The associated costs can may not have precipitated recession, but be hard to bear in difficult times – but the they certainly made its impact all the more cost of non-compliance can be harsher. painful. Losses, prosecutions, litigation, Compliance professionals know they have bankruptcies, were all sparked or to provide value for money.  In the risk exacerbated by the actions of groups or management world, so do we.  That means individuals in the years before; actions investment in people, systems, training and that went undetected and unpunished capabilities, to make sure that as the until too late. world’s leading global firm in the sector, Kroll can provide the best support. We have The conventional wisdom is that fraud goes continued to invest throughout the up in a recession. That isn’t necessarily recession, and next year will bring new true, as our survey shows. What goes up is ideas to the market. This report sets out the discovery of fraud, not always the same some of the reasons why those ideas have thing. Just like legitimate businesses, never been more important. fraudsters are threatened by loss of income or the financial weakness of their businesses; Ponzi schemes are especially vulnerable. But other fraudulent areas – management conflict of interest, corruption, employee theft – also come to light when business conditions sour. The data we have collected this year clearly highlights the industry hardest hit by fraud and wrongdoing: financial services. Over half of the respondents in this sector reported that the global financial crisis had increased levels of fraud at their companies – the highest figure for any industry.  Nearly 90 percent of firms reported being victims of some kind of fraud in the last three years. This sector also had the second highest proportion suffering from each of internal financial fraud and management Tim Whipple self-dealing. President, Kroll Consulting Services4  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 5. EIU OverviewThe downturn T he conventional wisdom – reinforced by the revelation in the last year of huge scams such as the Madoff and Satyam frauds – is that downturns increaseand fraud levels of fraud. This year’s annual Global Fraud Survey, commissioned by Kroll and carried out by the Economist Intelligence Unit, presents a much more complex picture. The financial crisis has changedYour sector may the effects of the risks underlying fraud. Those risks that grow as companies expand – entry into new markets, for example – have actually declined in importance. Ineven be better off simple terms, less money coming into a company and more oversight of spending despite financial constraints limit the opportunity for crime. The downturn, however, has heightened other risks. Pay stringency in the face of lower revenues, for example, has provided a motive for fraud, and perhaps even turned employees to crime. How these conflicting trends play out, however, varies markedly by sector. Those closer to the original crisis – financial services and professional services in particular – have seen an increase in their incidence and level of fraud. Those for whom the main economic news has been a pronounced drop in sales, and therefore business activity – such as construction and natural resources – have instead seen noticeable declines. Economy-wide the two trends cancel each other out to a remarkable degree. The incidence of fraud is almost identical to that found in last year’s survey, and the average loss per company has risen only slightly in the new survey, to $8.8 million from $8.2 million. Kroll Global Fraud Report • Annual Edition 2009/2010  |  5
  • 6. EIU Overview The downturn has increased From which of the following has your company suffered in the last three years? the motive for fraud, but 2009 survey 2008 survey decreased the opportunity. At least one fraud 85% 86% The economic crisis in isolation has raised some fraud risks. Thirty percent of survey Theft of physical assets or stock 38% 37% respondents say that the global financial crisis has increased the levels of fraud at Information theft, loss or attack 25% 27% their organizations, compared with just Management conflict of interest 23% 26% 5 percent who saw a decline. Lower profits heighten some risks. One in six companies Financial mismanagement 21% 22% are seeing greater vulnerability from reducing internal controls to save money, Regulatory or compliance breach 21% 25% one in seven from pay restraint, and one in eight from reduced revenues overall. Vendor, supplier or procurement fraud 20% 18% A constrained business environment, Corruption and bribery 19% 20% however, reduces other dangers as Internal financial fraud or theft 18% 19% businesses and individuals adopt more defensive behavior. Survival-focused IP theft, piracy or counterfeiting 14% 16% companies might retrench rather than expand; employees might stay in existing Money laundering 5% 4% jobs rather than take a chance on new ones. As a result, three factors which often Percentage of companies highly or moderately vulnerable increase fraud vulnerability are having noticeably less effect this year. The number 2009 survey 2008 survey reporting that high staff turnover is raising such exposure has dropped (from 32 Information theft, loss or attack 71% 65% percent to 26 percent), as has the number Regulatory or compliance breach 54% 50% seeing greater risk out of entry into new markets (from 32 percent to 24 percent) Management conflict of interest 53% 48% and from increased inter-firm collaboration (from 28 percent to 20 percent). Moreover, Financial mismanagement 52% 48% if companies take in less money in sales, Vendor, supplier or procurement fraud 51% 54% they also have less money to steal. Companies would rarely cut down on Theft of physical assets or stock 50% 53% business activity simply to reduce fraud, but at least there is a silver lining. IP theft, piracy or counterfeiting 47% 44% Corruption and bribery 44% 47% A Tale of Two Sectors: Changing risks have had vastly different Internal financial fraud or theft 44% 45% impacts in different industries. Money laundering 19% 19% The contrasting fortunes of the financial services and construction sectors illustrate Industry sector/average amount lost to fraud in previous 3 years how these shifts have had such different effects. The former, the epicenter of the 20 financial crisis, saw combined average 2008 $m 18 losses to fraud over the last three years rise 2009 $m 16 to $15.2 million, or 18 percent above the 14 2008 survey figure. The number of sector 12 companies suffering at least one fraud rose 10 to 87 percent, slightly above the survey 8 norm, from 79 percent, comfortably below. 6 Most notably, over one-half of respondents 4 indicated that the crisis had led to an 2 increase in the number of cases of fraud at 0 their companies. Professional services Financial services Technology, media and telecoms Manufacturing Natural resources Healthcare, pharmaceuticals & biotechnology Construction, engineering and infrastructure Retail, wholesale and distribution Consumer goods Travel, leisure and transportation The picture for the construction, engineering and infrastructure industry is markedly different. In this sector, the combined average fraud figure dropped by more than one-half, to $6.4 million from6  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 7. EIU Overview$14.2 million, making the sector’s losses, for K Most see only a slight change at company Similarly, the percentage of respondentsonce, below the average level. The demands level: As noted earlier, respondents who considered their companies highlyof survival in a downturn are also having believed that the financial crisis itself had or moderately vulnerable to these fraudsan impact on which types of fraud are increased levels of fraud. When asked, stayed roughly the same as last year,more prevalent for these companies. At a however, about the last year – precisely albeit with slightly greater variation.time when government contracts are of when the downturn has been taking its K The average fraud loss has risen slightlyincreasing importance, and may even mean toll – in more general terms, 31 percent in the last year, but this masks larger,the difference between survival and said that fraud levels had declined, and countervailing changes across thecollapse, corruption and bribery have seen an additional 34 percent had experienced economy: The average combined loss toa marked increase from the levels reported no change. Only 21 percent had noted a fraud per surveyed company for the lastin 2008. Conversely, with much less money rise. More importantly, any shift was three years was $8.8 million, only 7to steal, management conflict of interest is muted: 67 percent saw a slight change, at percent higher than the 2008 surveydown noticeably and, with fewer projects, most, in either direction; only 22 percent figure of $8.2 million. This hides greatereven compliance breaches have declined. reported a substantial change. underlying change. Five of the sectorsThese types of changes, albeit on a less covered in this report saw increases in K Overall, the incidence of fraud and relateddramatic scale, have occurred across the their average losses, and five saw levels of worry in this year’s survey areeconomy. Professional services, for declines. Moreover, while in this year’s almost identical to those of last year:example, another sector close to the survey larger companies – those with Suffering some kind of fraud is thefinancial crisis, has seen a marked increase over $5 billion in annual sales – reported overwhelming norm in business, butin fraud. Meanwhile, natural resources greater average losses, up to $25.8 million this has long been the case. The tablecompanies, which have also suffered in the on page 6 gives the percentage of the from $23.3 million in the 2008 survey, thelast twelve months from a decline in firms hit by the various categories of situation actually improved for smallerrevenues, have seen a drop in fraud levels. frauds in the last three years according business – those with yearly revenuesWhether the downturn brings more fraud to the current survey as well as the under $5 billion – dropping to $4.6 milliondepends on the line of work. corresponding figures from the 2008 from $5.5 million.At the economy-wide level, the survey. The relative ordering has changedcontrasting tendencies have little, and all but two of this year’s The change is likely to last onlyalmost cancelled each other out. numbers are within 2 percent of those as long as the downturn.A variety of data indicate that the net from the previous survey – the kind of differences that could easily appear in Although in the aggregate, fraud levels arechange in the fraud picture is tiny, and may two surveys taken at the same time. little changed, this reflects a substantialeven be zero. shift in business behaviour, which is increasing certain types of fraud risks and diminishing others. Much of this is driven by the downturn, which has left some sectors far more exposed to fraud than others. Just as the current economic situation is temporary, however, these shifts are likely to reverse with renewed growth. Companies should beware, that when volumes and profits start to rise, the fraud risk kaleidoscope will take another turn. Kroll Global Fraud Report • Annual Edition 2009/2010  |  7
  • 8. fraud vulnerabilitySummary of sector fraud profiles Sector Exposure Response Comment (degree to (degree to which sector which sector has is exposed to adopted fraud fraud) countermeasures) Financial services HIGH HIGH Financial services has the broadest exposure to fraud issues: money laundering, financial mismanagement, regulatory and compliance, internal financial fraud and information loss or theft. It faces the most severe threat of any sector from money laundering and regulatory or compliance breaches. Its exposure in other words, is both deep and broad. It also has the highest adoption of anti-fraud measures: it focuses on financial controls, staff background checking, reputation management, risk officers and risk management systems. Professional services LOW LOW Professional services has the most narrowly focused set of fraud issues: only information theft, loss or attack is a serious hazard. Its levels of investment in fraud management are similarly low compared to other sectors. Manufacturing HIGH HIGH Manufacturing’s issues are significant, and primarily internal and staff-related: theft of assets and stock, financial mismanagement, and IP theft, as well as (in some cases) bribery and corruption. The sector has invested in due diligences on partners, vendors and clients; staff training and whistleblower hotlines; IP protection; and physical security. Healthcare, MODERATE MODERATE This sector has a narrower set of challenges than some others: financial pharmaceuticals mismanagement, regulatory and compliance, and IP theft, piracy and counterfeiting. and biotechnology Compared with other sectors, it has invested significantly in IP protection and staff screening. Technology, media LOW LOW TMT has a narrow set of issues around information – IP theft and information loss or and telecoms theft (to which it is the most vulnerable). The sector has a greater focus than others on IT security. Natural resources MODERATE HIGH Natural resources confronts bribery and corruption, theft of assets, and management conflict of interest. Its patterns of operations raise its risk profile. The sector (which has received a lot of criticism) has invested in due diligences on partners, clients and vendors; staff training; reputation management; and risk management systems. Retail, wholesale HIGH LOW Predictably, this sector’s biggest issue is with theft of stock; it also has a persistent set of and distribution issues around internal financial fraud or theft and vendor fraud. All of these result directly from its operations and structure – reliance on large groups of suppliers, often geographically very widely set apart. The addition of information loss or theft indicates the trend towards regarding information as a highly valuable asset that is vulnerable. But its investment in fraud countermeasures is generally lower than in other sectors with the exception of asset protection and physical security systems, reflecting its focus on loss prevention as the primary approach. Consumer goods MODERATE MODERATE Consumer goods companies have a relatively narrow set of issues to face: theft of assets and stock, vendor, supplier and procurement fraud, and IP theft, piracy and counterfeiting. But they face the most serious threats of any sector in the first two categories, caused by their extended supply chains. It has strongly adopted financial controls, IP protection measures and physical asset protection. Travel, leisure and MODERATE MODERATE This diverse sector faces issues with theft of assets, management conflict of interest transportation and (especially) internal financial fraud. Very often, the businesses present complex financial flows and are vulnerable to manipulation. It focuses fraud countermeasures around staff screening, reflecting its role as a people business. Construction, HIGH MODERATE Construction, engineering and infrastructure companies face particular concerns engineering and with corruption and bribery, financial mismanagement, regulatory and compliance infrastructure breaches, and vendor, supplier and procurement fraud. It is an example of an industry with widespread fraud issues caused by its risk profile – its supply chain, but also the nature of its contracts and operations. It invests in a broad range of fraud countermeasures – but at only average levels, for the most part.8  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 9. regional analysisAsia-Pacific overviewI n the Asia-Pacific region, as elsewhere in the world, the downturn has impeded the ability of fraudsters to operate even as ithas done the same for legitimate business.K The average loss per company over the last three years fell noticeably from the 2008 figure, from $9.1 million to $6.2 million. With less money coming in, there is less money to steal.K Although the number of companies experiencing theft of physical assets in the last three years (43%) increased Spotlight on slightly from the 2008 figure (41%) and was the highest for any region, every China other category of fraud saw less Fraud remains the Achilles heel of prevalence – albeit often not much – than Chinese economic development and it in the previous survey. Overall, the goes beyond poor IP protection. In the number of respondents suffering from at latest survey, 96% of companies said least one fraud in the last three years that they had experienced at least one dipped just slightly, from 88% in the 2008 type of fraud in the last three years. survey to 84% this time. Particular areas of concern are: vendorK Only 22% of those surveyed saw an or procurement fraud (42% have increase in the prevalence of fraud at suffered in the last three years, their companies, against 37% who compared to just 21% for the whole experienced a decline. Asia-Pacific region), internal financialThe survey suggests, however, that fraud (31% to 18%), regulatoryemployee relationships continue to present breaches (31% to 21%), corruption anda challenge across the region, and that bribery (27% to 17%), and of course IPcorruption may grow as an issue. theft (23% to 13%). In all of theseK High staff turnover is again this year the cases, the regional figures are not very most common factor increasing the far off the global ones. vulnerability of Asia-Pacific companies to fraud, cited by 35% of respondents. This is the second highest of the five regional figures on staff turnover, and well above 2009 2008 the overall average of 26%. Financial Loss: $6.2 million $9.1 millionK Although reduced revenue on its own Average loss per company over (71% of average) (111% of average) increased fraud exposure at only 10% of last three years firms, the stringency around pay and remuneration which accompanied the Prevalence: downturn raised vulnerability to 18%, Companies suffering fraud loss 84% 88% over last three years also the second highest figure.K Even while the number of companies High Vulnerability Areas: Information theft, loss Information theft, loss which experienced corruption or bribery Percentage of firms calling or attack (22%) or attack (27%) themselves highly vulnerable fell slightly in this survey from the last, Corruption and bribery (15%) IP theft, piracy from 21% to 17%, the proportion or counterfeiting (17%) considering themselves highly vulnerable rose to 15% from 10%. The large amount Areas of Frequent Loss: Theft of physical assets Theft of physical assets Percentage of firms reporting or stock (43%) or stock (41%) of stimulus spending across the region loss to this type of fraud in last may account for this greater concern. three years Information theft, loss Information theft, loss or attack (26%) or attack (31%)On the ground, Kroll is seeing a substantial Vendor, supplier or procurement Regulatory or compliance breachnumber of fraud cases, not just current fraud (21%) (28%)ones but those that began much earlier – Regulatory or compliance Management conflictthe Satyam fraud, for example, had been breach (21%) of interest (28%)going on for years before the downturn Financial mismanagement (23%)made it impossible to hide. With the bigemerging economies of China and India Vendor, supplier or procurement fraud (22%)apparently starting to leave behind theeffects of the global economic crisis, the Corruption and bribery (21%)small respite which the downturn gave to Internal financial fraudfraud incidence is likely to be short-lived. or theft (21%) Kroll Global Fraud Report • Annual Edition 2009/2010  |  9
  • 10. Financial Services Fighting credit card fraud: Don’t overlook the low-tech battle continue to lose their battle with credit card One Brazilian bank’s outsourced ATMJohn Price fraud, particularly of an old fashioned, maintenance supplier had inserted data mundane, yet ultimately more costly type. stripping devices to copy pin numbers andI n August this year, an extraordinary case other bank data from cards used in the of identity theft and credit card fraud In 2007, card fraud globally took in an machines. A retailer in Colombia recounted came to light in the United States, estimated $5.5 billion, a startling number, but how corrupt employees had, ininvolving 130 million credit and debit card just 0.05 percent of the total card transaction volume, two percent of what card companies collaboration with criminal elements,numbers stolen between 2006 and 2008. installed devices at the register to copy dataAccording to government investigators, the charge for their services, and even less than what issuers earn in interest from customers. from cards swiped there and sell it for theculprits, including 28-year old master production of cloned cards. One Caribbeanhacker Albert Gonzalez, infiltrated the While card fraud losses are a mere pin prick bank – a leading issuer – explained howcomputer networks of Heartland Payment for United States card issuers, losses in members of its own IT department hadsystems – a leading credit card payment emerging markets are far more substantial. downloaded card holder identities from itsprocessor – and several major retailers. The In Brazil in 2008, according to Kroll’s analysis, own computers. A Mexican bank describedprominent case focused attention on the this fraud reached an estimated $300 how its ATMs were being ripped out ofincreasingly complex cyber war between million, or 0.15 percent of the transaction walls by forklifts, after which thecriminals and the credit card industry, and volume – three times the global average. computers inside the machines werewill likely spur new firewalls, state-of-the- In Colombia, where banks are arguably less hacked and the numbers stolen.art software solutions, and well-trained IT sophisticated than Brazil, losses approachsecurity consultancies. 0.25 percent of total card volume or eight What these stories highlight was that most times the United States average. of the fraud was committed by employeesAlthough such a response is necessary – or vendors. Moreover, all the guilty partiesthe fastest growing forms of card fraud are In July, this year’s annual Latin American had some criminal record that had not beenof the high-tech kind – mature market Tarjetas y Medios de Pago (Cards andbanks and their IT security apparatus are discovered in the internal background- Payments Systems) conference attractedwinning this war. In percentage terms, credit leaders from the region’s burgeoning card checking process of hiring or contracting.card theft rates in the United States and industry. At a Kroll-led workshop, about 50 In the case of the “smash and grab” forkliftEurope have steadily declined over the last participants recounted their most recent theft, the surveillance equipment anddecade. Banks in emerging markets, however, fraud “war stories”. systems were not functioning, victims of budget cuts. The most galling conclusion reached by seminar participants was how Report Card Financial services preventable most of these episodes were. Financial Loss: Average loss per company over past three years $15.2 million (173% of average) While the “arms race” between hackers and Prevalence: Companies suffering fraud loss over past three years 87% Increase in Exposure: Companies where exposure to fraud has increased 86% IT security may involve strategies High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds incomprehensible to most card industry Regulatory or compliance breech (25%) • Financial mismanagement (23%) • Information theft, loss or attack (22%) decision makers, issuers and processors Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years can prevent the majority of frauds by Theft of physical assets or stock (31%) • Internal financial fraud or theft (29%) • Management conflict of interest following disciplined protocols in areas such (26%) • Information theft, loss or attack (24%) • Financial mismanagement (23%) • Regulatory or compliance breach (21%) as third-party administered background Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: IT security (63%) checks, due diligence on key vendors, the Financial controls (57%) • Management controls (50%) • Staff training (38%) • Risk management systems (38%) handling of sensitive data, and third-party Physical asset security (37%) • Staff screening (37%) • Due diligence (36%) • Reputation monitoring (36%) audited IT security. Furthermore, a regular, 0 % 10 20 30 40 50 60 70 80 90 100 external vetting of operations for Corruption and bribery vulnerabilities will help root out the largely Theft of physical assets or stock internal sources of fraud. High-tech Money laundering defenses alone cannot beat low-tech crime. Financial mismanagement Regulatory or compliance breach John Price is a managing director for Internal financial fraud or theft Business Intelligence in Latin America. Information theft, loss or attack He has led business intelligence cases since 1992, when he moved to Mexico Vendor, supplier or procurement fraud City for seven years. As a co-author of IP theft, piracy or counterfeiting Can Latin America Compete?, and as a Management conflict of interest frequently published author on regional business risk and opportunity issues, John is a recognized Highly vulnerable Moderately vulnerable business intelligence thought leader in Latin America.10  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 11. Financial ServicesBut how could they EIU survey A bad year: It has been an annus horribilisdo that to us?: for the financial services industry in many ways, and fraud is no exception. K The average loss per company over the  last three years rose to $15.2 million,The growth of affinity frauds 173% of the survey average, and roughly one-sixth more than the 2008 survey figure ($12.9 million). K Over one-half of respondents (51%)  K an enforcement action was initiated reported that the global financial crisisPeter Turecek against an Orlando, Florida-based had increased levels of fraud at their companies – the highest figure for any individual running a pyramid schemeW sector. Moreover, 35% said that they had hether due to increased investor aimed initially at Orlando and Puerto seen an increase in fraud in general in the skepticism, regulators’ need to Rico-based investors. last year, compared with just 28% who demonstrate active enforcement, saw a decline. This made the sector one ofthe financial media’s search for good copy, Even where fraudsters do not share a only two where the former outweighedan increase in fraud in the current common trait with their victims, they work the latter, and it did so by the biggesteconomy, or a combination of all of the to co-opt influential members of the target margin.above, investment frauds have been coming group. These leaders are typically duped K 87% of firms reported being victims of to light more and more frequently. into believing in the investment some kind of fraud in the last three years, opportunity, which then spreads by word up from 79% in the previous survey.The scams, most of them classic Ponzi of mouth to the rest of the community: K Finally, the sector had the second-highest schemes, involve investment in diverse “If the pastor believes in this opportunity, proportion suffering from each of internalvehicles, including securities, hedge funds, who am I to disagree?” financial fraud (29%) and managementreal estate, investment clubs, and so on. conflict of interest (26%), as well as theMany, though, have one thing in common: Fortunately, most of these situations can be highest rate of money laundering (10%).the victims share some trait with the avoided relatively easily. All that is required Efforts to address the problem: The industryperpetrators of the fraud. This element in is a combination of a little common sense realizes it has a problem, and is devotingcommon with the fraudster lulls the and due diligence. resources to it, but not always consistently.victims and makes them more readily If an investment opportunity promises K For every type of fraud covered in the trusting of the con artist’s pitch. The returns that sound too good to be true – survey, the proportion of companiesperpetrator preys upon that inherent trust considering themselves highly vulnerable such as incredibly high rates of return orof a shared bond. After all, the fraudster is increased from last year. Moreover, the overly consistent returns despite volatile industry has the highest proportion of“one of us” and must be “looking out for market conditions – it most likely IS too highly vulnerable companies for four outme.” These are called “affinity frauds.” good to be true; of ten types of fraud – regulatory or compliance breach (25%), financialIn the past year, multiple scams have If the investment opportunity cannot be mismanagement (23%), moneytargeted specifically identifiable groups of explained to you in a way that readily laundering (17%) and managementvictims. Targets have included those who makes sense, be suspicious. Keep asking conflict of interest (16%).are geographically connected, such as high questions until you feel comfortable that K Only 2% of financial services firms are not net worth individuals resident in New York you understand the opportunity fully. making anti-fraud investments in theCity or Palm Beach; investors from certain coming year, and for nine out of the tenreligious faiths, such as the Jewish or If the opportunity is a “secret” one, with very anti-fraud strategies listed in the survey,Mormon communities; members of ethnic limited participation, run the other way; over one-third of respondents are boosting defenses – the most widespreadgroups, such as Haitian-, Chinese-, or K Check with your state securities spending of any sector. In four specificKorean-Americans; and even the elderly or regulator, the Financial Industry areas, investment will be more common inthose with disabilities. Affinity fraud can be Regulatory Authority, or the SEC to this sector than anywhere else: IT securitybased on almost any common bond: see whether the person offering the (63%), management controls (50%), riskvictims in the past have come from groups investment is registered or has a management systems (38%) and disciplinary history; reputation monitoring (36%). The first ofof pilots, former professional football these is particularly important, as complexplayers, divorcees, and members of specific- K Listen to your instincts. You would be IT infrastructures are increasing fraudinterest clubs. surprised how accurate that little voice vulnerability at 46% of sector firms, the can be. highest rate for any industry.In August of this year, the Securities andExchange Commission (SEC) moved against K Unfortunately, however, over one in five  companies (21%) saw their internalat least three alleged investment frauds Peter Turecek is a senior managing director in the New York office. He is an controls weakened as a result of costtargeting specific communities of victims: cutting – a tie for the second-worst record authority in due diligence, multinationalK a man was charged with fraud after he investigations, and hedge fund of any sector. raised over $1 million from parishioners related business intelligence services. As part of their rebuilding in the wake of the of a Redding, California church He also conducts a variety of other recent turmoil, financial services companies investigations related to asset searches, need to toughen their anti-fraud defenses. community in a Ponzi scheme; corporate contests, employee integrity, securities fraud, Many are doing so vigorously, but the bestK a complaint was filed against a Pomona, business intelligence, and crisis management. He has controls in the world will fail if, in any future California-based individual running an appeared on MSNBC, CNBC, Fox News, and NPR and crisis, they are sacrificed to save money. has served as a guest speaker on a number of topics for investment fraud aimed at mobile home various investment and professional groups. Written by The Economist Intelligence Unit park community residents; Kroll Global Fraud Report • Annual Edition 2009/2010  |  11
  • 12. Financial Services When the law lets you downCommercial solutions for bad investments in Southeast Asia assessment of the financial position of the Kroll was also called in by a hedge fundChris Leahy sponsors; their objectives, motivation, and seeking assistance with a complex debt anticipated strategy with respect to the restructuring for an IndonesianF or hedge fund, private equity, and other dispute and any potential, resultant conglomerate that had run into financial financial investors in Southeast Asia’s litigation; the views and assessments of trouble. The sponsor’s treatment of creditors, emerging markets, restructuring soured other investors and creditors; and their coupled with suspicious trading patterns ofdeals may seem straightforward enough likely appetite for a negotiated settlement. the growing debt of the group, suggestedgiven the tight legal arrangements usually This research taps into information from that the sponsor, through a friendly privatewrapped around such investments. What a variety of sources, including customers equity fund, was perhaps attempting tohappens, though, when the counterparty to and suppliers of the company, banks, other retain control of his companies. He wasthe deal, typically the controlling financiers, investors, and management. doing this by engineering a debtshareholder or sponsor of the company In such inquiries, the objectives should restructuring that would severelybehind the investment, does not cooperate?Similarly, of what practical use is the be: first, to gain a better understanding of disadvantage, and possibly even defraud,Singapore legal structure – often adopted in the practical commercial position of the existing creditors. We identified thesuch deals – if the underlying assets lie in a investor with respect to recovery and, if complicit fund and gathered intelligence possible, to improve it; second, to compile that supported the client’s theory,less legally-robust jurisdiction? In certain a list of viable options and alternatives strengthening considerably its commercialSoutheast Asian markets, questionable for the investor; and third, to provide an leverage in negotiating a successfuljudicial independence and a poor track action plan with the aim of exiting the conclusion to the restructuring.record of upholding the rights of foreign investment in a commercially acceptableinvestors mean domestic sponsors often way including, if possible, viable recovery As these two examples show, legalplay dirty to retain control of their assets. options. remedies are not the only ones which canIt is possible for hedge funds and private help when investments go sour. A detailed Kroll recently advised a client with anequity investors to formulate commercial knowledge of the positions and motives of investment that had soured in a Thaisolutions for exit and recovery when they all parties can lead to strategies which are manufacturer. The sponsor of the companyfall victim to fraudulent or suspect action effective, even where the law might be of had grown ever more uncooperative infrom sponsors and other counterparties in little practical help. attempted negotiations, and the investorwhat, for a foreign investor, can become de became suspicious of certain tradingfacto non-enforceable legal jurisdictions. patterns within the company. The latter Chris Leahy is a managing directorThe process begins once investors are were suggestive of attempts to siphon off in the Singapore office with aconvinced that legal remedies alone are money from what was clearly an particular focus on the financialunlikely, at the very least, to produce an services industry. This follows a increasingly distressed business. After a successful 23 year career as anacceptable outcome. The first step is to help complex investigation that entailed investment banker, CFO, consultantthem identify the commercial imperatives intensive source inquiries, we were able and journalist. Chris began his careerthat will drive the exit and recovery to gather intelligence and evidence that in the UK as a stockbroker before joining Peregrine/ BNP Paribas and later Crosby, based in Hong Kong,strategy. Key to any approach is the supported the investor’s suspicions and to where he was managing director with responsibilitycollation of relevant, actionable commercial assist in formulating an appropriate for the firm’s regional investment banking business.intelligence in-country. This feeds into an commercial strategy to exit the investment.12  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 13. Financial Services Points to Consider Buyer beware: 1. A seasoned and well-rounded M&A team should include internal or external Information security information security experts. Depending on the nature of the merger and and M&A activity perceived level of risk, these experts can be advisory or proactive. 2. An IT security audit and vulnerability assessment as part of M&A due diligence can assure management that the acquired organization follows best practices in this area. If not readily available, request copies of any external audit or assessment findings and work with the acquisition’s legal department to understand the laws, regulations, and standards with which it must comply. 3. An information security monitoring protected as standalone entities might protocol instituted for all phases ofStephen D. Baird the acquisition process will help expose themselves to risk during ensure the confidentiality and integrityA integration if their approaches to key goal in Mergers and Acquisitions information security are incompatible. of the process and its associated (M&A) is to create economic value communications. greater than the sum of the two An internal or external expert can help thecompanies separately. One of the M&A team to make informed decisions 4. Identifying key information assets andtransaction risks often overlooked is the by providing a security assessment, their locations through a risk assessmentinformation security footprint of the helping to evaluate the target company’s process is necessary to understand whatorganizations involved. With data security security program, integrating the two you are trying to protect, and hence itsthreats at an all time high, and with security organizations, and assessing the value to the acquirer. Accurateimperiled companies forced to make potential impact of information security information asset definitions will assistpainful and risky cuts in their information risks on competitiveness, financial loss, in the selection of controls to defendsecurity budgets, the prudent corporate and legal liability. that data. The overarching goal is tosuitor should insist on a thorough protect organizational information An information security due diligence assets, contribute to the security ofinformation security assessment as part investigation assesses a range of risks interdependent critical infrastructures,of routine due diligence. Using a company’s including: intellectual property loss; flaws and thus help protect the company’sown information security team and an in incident response methodology or intellectual property.outside expert can significantly reduce information asset identification; securityrelated cyber risks. gaps created by absorbing and integrating 5. Ensure that your security teamMany companies evaluating strategic unknown and differing technologies post- establishes metrics to measure progresstransactions consider the potential costs transaction; employee technology usage on the complete assimilation ofand benefits of integrating workforces, discrepancies; data leakage; and insider information technology and informationfacilities, functions, and IT systems. malfeasance. security management programs. TheseThe compatibility of information security should provide information about the Beyond due diligence, information securitypostures, however, is often left out. state of completion of risk assessments, expertise can assist with every phase ofA significant gap between the information security impact analyses, and the M&A process. Leakage of informationsecurity approaches of the two companies information security plans for all critical relating to the deal – anything fromcan result in substantial unanticipated systems and business entities after unsecured e-mail transmission to losscosts. Assessing compatibility in this field consolidation. of printed documents – can causeis not a simple task: very little uniformity significant damage or even jeopardize the 6. Review all contracts and third-partyin approach exists beyond the basics of transaction. Consequently, all relevant relationships. Any third party securityfirewalls and virus protection. For example, staff should be made aware of the gravity monitoring should in particular bemany companies still have not implemented of non-compliance with basic security reviewed to ensure that no lapses offull-disk encryption for corporate laptops. rules. In fact, companies should consider important security logging, review, andMany others have not deployed robust adopting special secure communication oversight occur during the M&A process.intrusion detection or prevention systems, measures for all personnel involved inlet alone maintained sufficient qualified evaluating a potential deal.staff to monitor and maintain them. Facingincreasingly sophisticated attacks – both If the risks surrounding information Stephen Baird is managing directorinternal and external – on their corporate security are ignored, a potentially profitable for Kroll Ontrack’s Information Security,intellectual property, credit card numbers, merger or acquisition may fail to deliver Computer Forensics, and ESI Consultingand other identity data, even a company anticipated returns, and the organization group. He has over 20 years of industry and law enforcement expertise inwith state-of-the-art defenses a year ago may have to incur significant costs along complex technology and risk mitigationmay be dangerously under protected today. with a loss of goodwill, reputation, and leadership.Two companies that are adequately possibly future business opportunities. Kroll Global Fraud Report • Annual Edition 2009/2010  |  13
  • 14. Financial ServicesFinancial crime:What shouldinsurers beworrying about? view to committing large-scale internalBrendan Hawthorne frauds. Strong pre-employment vetting isW crucial to address this threat. Another ith governments and regulators common employee fraud among general worldwide handing out ever insurers is the facilitation of fraudulent increasing fines for data security claims payments, usually by addingbreaches, bribery, corruption, money unauthorized payments to existing claimslaundering, and market abuse, insurance or by reopening and paying out on old ones,companies are finding it increasingly often within self-authorization limits.difficult to know on which financial crimerisks to focus their limited resources. Meanwhile, bribery and corruption are currently receiving extensive lawIn terms of pure monetary loss, they should enforcement attention worldwide. With so many issues to consider, thebegin with claims fraud. This problem is The number of Foreign Corrupt Practices following risk mitigation strategiesestimated to cost general insurance Act (FCPA) investigations and the severity should get top priority:companies up to seven percent of gross of resultant fines and prison sentences K Robust employee screening;written premium. Other estimates put theamount undetected in the United Kingdom are increasing. In addition, the British K Data security from both internalat over US$3 billion each year. Flourishing government has proposed a new Bribery and external threats;organized gangs orchestrate induced Bill. This increased focus means that insurers need to have properly implemented K Transaction monitoring for anomaliesvehicle accidents, as well as bogus arson, programs which will let them answer which may indicate money laundering,disability, and healthcare claims. These three fundamental questions if any corruption, or other fraud;groups often include doctors and lawyerswho support their frauds. employee is found to be involved in K Facilities through which employees bribery and corruption: can report all suspicions of wrongdoing –Policyholder fraud in the life insurance anonymously if required – and the K What did you do to reduce the risk ofindustry, on the other hand, tends to capacity to investigate resulting this happening?revolve around fraudulent surrenders. information independently of theThe extent is difficult to quantify because K What did you do when you suspected business areas involved;of the long-term nature of the business it had? K Appropriate due diligence onand infrequent contact with policyholders. K What did you do once you knew customers and suppliers;By the time a real policyholder comes for certain?forward to claim funds, the fraudsters are K Staff training in all areas of fraudoften long gone. Organized gangs target Where offenses are suspected, companies prevention, particularly for seniorcall centers or government offices to ellicit must ensure that independent management who set the tone forpersonal information to enable them investigations occur and, if suspicions the organization.fraudulently to surrender policies. Another prove correct, appropriate action is taken We will never remove all financial crimecommon tactic is to get gang members against the guilty and appropriate from any company, but implementing theseemployment in insurance companies in disclosure is made to the authorities. strategies can help reduce it.order to determine which policies have Money laundering and sanctions will alsoshown very little activity in recent years: continue to attract substantial attention forby targeting these, fraudsters can remain Brendan Hawthorne joined Kroll’s the foreseeable future. Most insurers have London investigations team this yearundetected for long periods. mature controls in these areas, although as managing director, bringing with some general insurers still grapple with him more than 16 years of experienceInsurance companies also cannot afford to in forensic and financial investigations.ignore employee fraud. Although its sanctions legislation due mainly to various He qualified as a Chartered Accountantmonetary cost is usually less than that of contractual arrangements under which with a big four accounting firm and hasclaims fraud, these cases often attract they lack access to payee or customer worked on many large and high profile investigations. details. Insurers cannot afford to reduce Prior to joining Kroll Brendan headed up the financialextensive negative media and regulatory crime team in a global financial services organizationinterest. Increasingly, organized crime their focus here, given ongoing based in the UKgroups place people in companies with a governmental interest.14  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 15. professional Services companies facing an arbitration claim may overlook the need to investigate vendors or subcontractors who performed related work. This could be a costly mistake: in the Kroll Global Fraud Survey 2009 25 percent of firms reported suffering vendor or procurement fraud in the previous three years. The individual arbitrator can also present problems. Most institutions require impartiality and that arbitrators disclose any ties that would compromise their independence. In such disclosures, however, arbitrators may not be thorough, omitting relevant information or even misjudging the significance of a given professional experience. In O’Flaherty v. Belgum, for example, an AAA arbitrator failed to disclose that he had once been theThe plaintiff in a dispute in which the claims mirrored those at issue in the case he was arbitrating. The parties did not learn of this conflict until after he rendered his decision. Likewise, in Azteca Construction, Inc. v. ADRpitfalls of Consulting, Inc., an arbitration award was vacated by an appellate court as a result of a challenge to the impartiality of the chosen arbitrator. The court noted that because they wield such mighty andarbitration largely unchecked power, the neutrality of arbitrators is of crucial importance and should not be left to the unfettered discretion of a “private business,” such as the AAA. decision on whether to allow e-discovery These issues are causing companies toAsuncion C. Hostin & Annie Cheney depends on what the particular arbitrator carefully consider whether to enter into decides. In this, as indeed in all questions arbitration, and to gather evidenceB usinesses are increasingly turning to at issue including the main point of through investigations that could be arbitration to settle disputes: dispute, arbitrators are not bound by rules classified as “extrajudicial discovery.” according to the American Arbitration of law, but may base their decisions on Given the complexities and problemsAssociation (AAA), the total number of broad principles of justice and equity. of arbitration, conducting swift andcases filed in 2008 rose to 138,447 – up targeted research of the counterparties,8 percent from 2007. In the same period, Most important, arbitration is, arbitrator, and the circumstancesforeign cases filed with the AAA’s fundamentally, a business. As the court underlying the claim is essential.International Center for Dispute Resolution explained in Britz, Inc. v. Alfa-Laval Food &jumped 13 percent. Of all the cases filed Dairy Co. (1995), “even though state and Asuncion C. Hostin is a managing director ofwith the AAA in 2008, a significant federal policy favors private arbitration business intelligence and investigation. A formerproportion involved employment and and the AAA is certainly a respected forum Assistant U.S. Attorney for the District of Columbia,construction disputes. for such arbitration, the AAA nevertheless Sunny has expertise in the investigation and is a business enterprise ‘in competition prosecution of complex criminal matters. Prior toTouted as an attractive alternative to this, Sunny was a staff attorney for the Antitrust not only with other private arbitration Division of the Department of Justice where sheexpensive and time-consuming litigation, services but with the courts in providing – investigated and litigated anticompetitive mergersarbitration is not without drawbacks. Its and acquisitions. She has lectured extensively on in the case of private services, selling –emphasis on speedier results and cost labor and employment and white-collar crime an attractive form of dispute settlement.effectiveness may impede a party’s ability issues and instructed on evidence at Pace School It may set its standards as high or as low of Law. Sunny regularly contributes to CNN, Tru TV,to present evidence and defend itself. as it thinks its customers want.’” Fox News, and Fox Business Channel.Unlike litigation, arbitration also severelylimits discovery and results in binding Arbitration presents particular challenges Annie Cheney is a director in the New York office.judgments with extremely few grounds in disputes where fraud is involved or Prior to joining Kroll, she worked as a freelance journalist, producing radio documentaries forfor appeal. The role of electronic discovery suspected. The limitations imposed on National Public Radio and for magazines such asis also murky. Common e-discovery issues discovery, for example, may discourage Harpers. Her work received the Deadline Club Awardraised in arbitration are the production parties from conducting independent for Best Feature Reporting by the Society ofof documents, time and cost burdens, investigative due diligence, even in disputes Professional Journalists in 2005. Annie is the author of Body Brokers: Inside America’s Underground Tradeprivilege waiver and “claw-back” where fact finding is essential to a favorable in Human Remains published in 2006.agreements. However, the ultimate outcome. In the construction sector, Kroll Global Fraud Report • Annual Edition 2009/2010  |  15
  • 16. professional ServicesTackling client and on the terms of the partnership agreement. Even if it does, however, the reputational implications of client fraud remain significant. After all, Arthur Andersen – andata problems LLP in the United States – was cleared of all wrongdoing in its association with Enron, but its business nevertheless disintegrated and its brand was fatally tainted. Moreover, the need to pursue compensation is a possibility, the employer faces a greaterTracey Stretton & Mark Surguy for fraud is also greater when finances are danger of data theft, of customer lists, tight. In the past, cases of fraud might have trade secrets, research data, or price been overlooked and the losses absorbed.An old threat sensitive information. It also remains to be Now, aggressive pursuit of redress in the seen whether the increased regulationThe professional services sector may hope of recovering some proceeds is much promulgated early this decade in the wakeexperience less fraud than others, but there more likely, putting even the innocent at of the Enron scandal will truly eliminateis still plenty around. In the UK, the Serious greater risk. so-called “cozy relationships,” where auditFraud Office recently prosecuted several and accountancy firms succumb to clientsolicitors for mortgage fraud. In the same pressure to “make the numbers work.” A new threatcountry, not so many years ago, the senior The last six years have seen considerable As the professional services sector adoptspartner of a small accounting firm forged a merger activity and the pressure to new technologies and ways of working,client’s signature on a series of stock mis-state the accounts of struggling new risks arise. The Internet andtransfer forms. His innocent fellow partners companies may well be high. e-commerce have brought substantialwere found liable as well. The latter case business benefits, but also a sharp increasefollowed a substantial fraud in Dubai As the initial examples in this article in the incidence of “e-fraud” in particular,involving a firm of London solicitors: one of illustrate, however, perhaps the biggest risk and commercial fraud in general. In Britainits partners had allegedly drafted for the professional services sector is to be alone, companies now lose in excess ofconsultancy contracts which facilitated a drawn into a client’s fraud. Recent incidents $16 billion a year because of cyber crimemassive fraud by the firm’s client. The abound: and data theft. Ninety one percent ofallegations were withdrawn, but the firm’s K India’s largest fraud in 2009, of IT respondents in a recent UK survey citedinsurers still made a substantial settlement outsourcing firm Satyam Computers, cyber crime as a major business risk,payment. They in turn sought a contribution involved the company’s auditors, who resulting in lost customers, damagedfrom the innocent partners. The court allegedly signed mis-stated accounts brands, and lawsuits.established that the dishonest partner had knowingly in return for a larger thanacted in the course of the business of the normal audit fee. The audit firm has been According to Kroll’s annual fraud survey,firm, thereby rendering the innocent joined to several lawsuits, and two over a quarter of companies in thepartners liable. partners have been arrested. professional services sector were hit by information theft in the past three years,Cases like these may be on the rise in today’s K One of the most senior partners at a New making such attacks – along with theft ofeconomic environment. Kroll’s annual fraud York law firm was recently convicted over physical assets which affected the samesurvey revealed that professional services the collapse of a commodities broker. Now number – the most widespread fraud threat.experienced one of the strongest up-ticks that firm has been drawn into litigation. Losing valuable data brings the risk of losingin fraud over the last 12 months. K The principal of another New York law clients and money as well. Professional firm became involved in fake security services firms also risk breaching the duty In some cases desperation transactions and the partnership has of confidentiality owed to clients and the is heightening the risks. collapsed into bankruptcy. responsibility to keep clients’ data secure in For example, the moment an employee thinks The recent order to protect them from fraud. redundancy popularity of Information management amid rapid the Limited technological advancement brings many Liability and varied challenges. The modern thief Partnership can steal more with a computer than with (LLP) may a gun. The days of copying a few company help reduce secrets onto a floppy disk are long gone. the danger in Increasingly complex networked practice, environments recognize no physical depending boundaries, and permit a multitude of devices to communicate and interact. These new technologies enable quick, quiet data theft on a massive scale. A thumb-sized USB drive, for example, can store the equivalent of four tons of paper documents; email can send information away instantly; gigabytes of data from desktops or servers can be burned covertly onto DVDs and PDAs; and wireless networks and Bluetooth devices increase the risk by making data access and transportation easier still.16  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 17. professional ServicesThe law and business respond spread, where organizations purposefullyThe law has not developed sufficient new delete masses of data and store only what EIU survey they need for business purposes. Suchrules to meet the challenges of these cyber firms carry a much lower risk of being Although still facing only low absolutecrimes. Instead, existing procedures and saddled with fraud. losses, professional services firms may needremedies are being applied in new contexts. to consider doing more to address theirFreezing and search orders are available in The professional services sector is not fraud problems, especially given the rolecommon law regimes, and English courts exempt from fraud, but often has less direct of these businesses in the growing battlehave the power to order an innocent party control. In the current economic against financial crime.caught up in wrongdoing to disclose the environment, it faces heightened risks, especially that of being drawn inadvertently Fraud levels, a complex story: On theidentity of a wrongdoer. Data does not into the fraud of clients. The ongoing surface, the numbers look good, butrespect jurisdictional boundaries, however, digging deeper reveals a more nuancedand so the applicable law in the event of exploitation of information technology’s story.fraud is never obvious. benefits also brings a dark side of increased vulnerability to certain crimes. Professional K  he average loss per company over the TUnlike the law itself, the context in which services organizations need not only to be last three years was $2.9 million, whichit is being applied has changed beyond aware of all these risks but, like other is well below the average. It is overrecognition. Huge volumes of electronically companies, have the right security controls twice the 2008 survey figure – $1.4stored material often have to be reviewed and incident response plans in place. million – but nevertheless an extremelyto establish a legal remedy. Moreover, this good result.electronically stored information can also K  oreover, the vast majority of Mbe readily copied, and therefore moved Tracey Stretton is a legal consultant professional services respondents are at Kroll Ontrack. She is an expert in thewithout permission; altered, and therefore from smaller companies –those with management of electronic informationfalsified; and the identity of the author can and legal technology. Before joining annual sales of under $5 billion. Thesebe easily concealed or assumed by anyone Kroll, Ms Stretton practiced as a businesses averaged a loss of onlywith access to a user’s password. This makes solicitor in South Africa and Australia $4.6 million, so size only partly explainsthe authenticity of the evidence much less working primarily on complex these low losses. More worrying, smaller commercial litigation cases. She speaks regularly atreliable and the risk of not finding it, or companies as a whole saw average conferences and has written numerous articles on thecontaminating it, high. It has become impact of technology on law and business and is a fraud losses decline last year, contraryessential for fraud lawyers to work with contributing author to the book Electronic Evidence to the trend in professional services.investigators and computer forensic experts and Discovery – What Every Lawyer Should Know Now, K  8% of sector companies saw an 2 released by the American Bar Association this summer.to uncover evidence and preserve its integrity increase in the level of fraud at theirso that it will be admissible in court. company in the last year, the second- highest proportion, and greater thanIf significant volumes of electronic Mark Surguy is a legal director in the the 24% who saw a decline.information create the risk of unauthorized Dispute Resolution & Litigation Groupaccess and even information leakage, at Pinsent Masons LLP and leads the K  lthough, as a sector, professional A firm’s fraud practice. After services had the second-lowestprofessional service firms should determine undergraduate studies at Cambridge proportion of companies hit by fraudwhat information they hold, where it is, University he qualified as a Solicitor in (77%), and the lowest incidence of theftand who has access to it. A computer use 1988. Mark writes and speaks about the risks to organizations of holding large volumes of of physical assets (27%), it still had theand document management policy is only electronically-stored information. He also contributes second-highest rate of information theftpart of the solution. Enforcing the policies to LexisPSL’s E-Disclosure Practice Notes and is (27%) and money laundering (7%).and refreshing them regularly is essential. currently the chairman of the Midlands Fraud Forum.The concept of e-health is also beginning to The response is sometimes wanting: Sector companies do not always recognize and rise to the challenge. Report Card Professional services K  hese firms are less likely to feel at risk T Financial Loss: Average loss per company over past three years $2.9 million (33% of average) to specific types of fraud, which can Prevalence: Companies suffering fraud loss over past three years 77% create blind spots. For example, only Increase in Exposure: Companies where exposure to fraud has increased 86% High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds 4% think themselves highly vulnerable Information theft, loss or attack (24%) • IP theft, piracy or counterfeiting (14%) • Vendor, supplier or procurement to internal financial fraud, yet 16% fraud (14%) suffered from it in the last three years. Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years Theft of physical assets or stock (27%) • Information theft, loss or attack (27%) • Management conflict of interest K  rofessional services companies are also P (23%) • Regulatory or compliance breach (21%) less likely than average to deploy any of Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: IT security the anti-fraud methods listed in the (42%) • Financial controls (38%) • Staff screening (38%) • Physical asset security (35%) • Staff training (34%) survey, with the exception of due 0 % 10 20 30 40 50 60 70 80 90 100 diligence, where the number is only Corruption and bribery slightly above average (48% compared Theft of physical assets or stock with 46%). Only 58% have information Money laundering security measures in place, compared with an average of 71%, even though Financial mismanagement information theft is a marked problem. Regulatory or compliance breach A smaller than average fraud problem is Internal financial fraud or theft not the same as no fraud problem. Information theft, loss or attack Professional services firms need to Vendor, supplier or procurement fraud address the weaknesses they do have, IP theft, piracy or counterfeiting especially in information security, so that Management conflict of interest losses do not grow. Highly vulnerable Moderately vulnerable Written by The Economist Intelligence Unit Kroll Global Fraud Report • Annual Edition 2009/2010  |  17
  • 18. regional analysisNorth America overviewN orth America continues to show the lowest number of frauds among Spotlight on regions in the survey, with only 80%of companies having suffered at least one Canadafraud. However, specific categories of fraudsaw significant increases over the past year. Because of the large preponderance ofK For seven out of ten categories of fraud in United States respondents in the North the survey, the percentage of respondents American sample, the figures for that who experienced fraud in the last three country and the region differ very little. years was up on the 2008 findings. In Canada, on the other hand, has some several cases, these increases were distinctive features. This year, the overall substantial: the number reporting internal financial fraud rose from 10% to 15%, incidence of specific frauds, and also their and that for financial mismanagement relative growth or decline since the increased from 16% to 23%. previous survey, roughly tracked that ofThe region is also no longer the clear low- the region as a whole. On the other hand,fraud-leader. In last year’s survey, it had the Canadians are less worried. For everylowest incidence for eight out of the ten fraud but money laundering – where thefrauds; this time around it has that difference is slight – fewer Canadiandistinction for only three – theft of physicalassets (33%), corruption (13%), and vendor companies than American ones say they higher last year in Canada (25% comparedfraud (11%). are highly vulnerable. For financial to the US figure of 22%). Canadians areK In the current survey, North America mismanagement, this is particularly stark accordingly less likely to invest in anti- reported the largest proportion of (4% of Canadians compared to 15% of fraud strategies than their neighbors, with companies experiencing more fraud due respondents from the United States), even 18% planning no such spending next year, to the financial crisis than in any other though incidence of the fraud itself was compared with 9% in the United States. region (32%).K In addition to the three types of frauds where North America fared better than 2009 2008 other parts of the world, the region also Financial Loss: $12.0 million $15.1 million experienced the second lowest incidence Average loss per company over (137% of average) (184% of average) in four other categories: information theft last three years (23%), management conflict of interest (22%), regulatory breaches (18%), and Prevalence: Companies suffering fraud loss 80% 79% internal financial fraud (15%). over last three yearsK The number of companies suffering at least one fraud, 80%, was also the lowest High Vulnerability Areas: Information theft, loss Information theft, loss globally. Percentage of firms calling or attack (21%) or attack (21%) themselves highly vulnerableK Most important, the average cost of fraud Regulatory or compliance IP theft, piracy breach (17%) or counterfeiting (17%) to regional companies, although still above the survey average, was $12.0 million, Areas of Frequent Loss: Theft of physical assets Theft of physical assets down from $15.1 million last year. Percentage of firms reporting or stock (33%) or stock (28%) loss to this type of fraud in lastConcern about fraud, on the other hand, three years Information theft, loss Information theft, loss or attack (23%) or attack (22%)has unmistakably risen. Financial mismanagement (23%)K The proportion of companies that consider themselves highly vulnerable to Management conflict of interest (22%) nine out of ten frauds in the survey has either risen – in seven categories – or stayed the same compared to the 2008 results. The only exception is IP theft, K 84% of companies reported that their below average, and in six cases they are where the figure declined from 17% to 14%. exposure to fraud had increased – the less widespread than anywhere else.K For three of these frauds, more North highest survey figure. K The exception in both cases is staff American companies consider This concern is not, however, translating background screening, which 52% of themselves highly exposed than in any into more widespread investment in fraud North American firms use, the highest in other part of the world: regulatory breach prevention. the survey. (17%), management conflict of interest (16%), and money laundering (6%). This is K Perhaps because of its relatively low rates Overall, in North America, fraud has not even though the incidence in North of fraud, the proportion of North American become the problem it is elsewhere and America is low compared to elsewhere companies that have adopted nine of the investment in fraud prevention strategies for these three areas ten anti-fraud strategies in the survey is has yet to match the level of concern.18  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 19. regional analysisEurope overviewE uropean companies are confident European confidence in corporate anti- about their exposure to fraud, fraud efforts might leave it ill prepared to Spotlight on having invested widely in anti-fraud face new challenges.measures. K To cite one example, the region has a United KingdomK For every fraud covered in the survey, higher than average rate of management This year the United Kingdom saw less fewer Europeans consider themselves conflict of interest in the last three years of most kinds of fraud. Fewer British highly vulnerable than the overall (25%), but the lowest number of firms than the European average average. In two cases – information theft companies calling themselves highly suffered from eight out of ten of the (16% describe themselves this way) and vulnerable (6%), as well as the fewest frauds covered in the survey. For the management conflict of interest (6%) – spending on further management two exceptions, theft of physical assets these are the lowest figures for any region. controls in the coming year (25%). and internal financial fraud, theK Europe also has the highest proportion of K More broadly, over the next year, fewer differences were small. Moreover, the companies that believe their exposure to companies in the region will invest in average loss per company, $3.8 million fraud has not increased (30%). every anti-fraud strategy covered in the was about half the European average.K This confidence may come from survey than the global average. In five On the other hand, the problem was widespread use of anti-fraud measures. cases, spending will be less widespread more spread out, with 90% of British Of the ten strategies listed in the survey, here than anywhere else. companies experiencing some type of nine were more common in Europe than K Meanwhile, the other issues are making fraud in the last year, slightly more than average – the only exception was staff life harder. The continent had the highest background screening, which just 32% for the region as a whole. proportion of respondents indicating that have in place. Six of these measures – entry into new markets had increased IT security (83%), physical asset security vulnerability (28%), and that reduced (78%), management controls (72%), circumnavigated by collusion and revenues had done the same (16%). reputation protection (48%), risk organized fraud. Rarely do we see major management systems (47%) and IP K The decrease in fraud does not necessarily translate to there being a frauds identified by prevention controls; monitoring (43%) – were more common decreased threat, but more that there is they are usually uncovered by accident, in Europe than anywhere else. more investment in battling the causes. by whistleblowers and often when it isK The decrease in financial loss from fraud too late. The findings might indicate that Companies have responded to the very does not necessarily translate to there corporates are lulling themselves into a real threats and are investing in being a decreased threat; one might false sense of security with compliance processes and actions needed to address. argue that companies have responded to procedures and relying on regulations to these very real threats and are investing K While the results might suggest that capture misconduct. in processes and actions needed to European companies are relatively address the causes. content with their fraud measures, European companies have certainly taken Kroll’s experience suggests that however measures against fraud, but the results areThe results of these anti-fraud efforts, effective the controls, they can be less than they might be entitled to expect.however, are middling, and in some casesconfidence in them may be misplaced. 2009 2008K Despite its widespread use of anti-fraud strategies, the proportion of European Financial Loss: $7.7 million $8.3 million Average loss per company over (88% of average) (101% of average) companies hit by nine out of ten of the last three years frauds covered in the survey is within three percentage points of the survey Prevalence: average, and in five cases the difference Companies suffering fraud loss 89% 84% over last three years is under 1%.K Regulatory or compliance breaches High Vulnerability Areas: Information theft, loss Information theft, loss constitute the only fraud to vary Percentage of firms calling or attack (16%) or attack (25%) themselves highly vulnerable significantly from the norm, but here Theft of physical assets IP theft, piracy Europe has a higher proportion of firms or stock (13%) or counterfeiting (15%) that have suffered in the last three years (25%) than any other region. Areas of Frequent Loss: Theft of physical assets Theft of physical assets Percentage of firms reporting or stock (38%) or stock (34%)K Nor has there been much change from loss to this type of fraud in last three years Management conflict Regulatory or compliance last year. The average loss over the last of interest (25%) breach (29%) three years, $7.7 million, is slightly down Regulatory or compliance Management conflict from the 2008 figure, but the number of breach (25%) of interest (24%) companies suffering from at least one Information theft, loss Information theft, fraud rose to 89%, again the highest in or attack (22%) loss or attack (23%) any region. Meanwhile, six of the frauds Financial mismanagement (22%) Corruption and bribery (22%) in the survey saw an increase in incidence from the 2008 figures, and four a decrease. Vendor, supplier Financial mismanagement (20%) or procurement fraud (21%) Once more, the changes were small. Kroll Global Fraud Report • Annual Edition 2009/2010  |  19
  • 20. Manufacturing Tackling compliance with conviction cultures are far more effective at detecting solely on rules does not motivate workers;David Robillard it scares them. Integrity programs must be and preventing fraud. In today’s post- Sarbanes-Oxley world, integrity programs implemented with conviction from theT hrough many years of investigating have become de rigeur. Too many executive level down. corporate malfeasance in Mexican- companies, though, consider these simply Below are examples that illustrate how two based manufacturing companies, we a compliance requirement, not the right or companies approach integrity. Althoughhave observed that firms which make smart thing to do. A purely compliance- both describe Mexican-based operations,integrity programs an inherent part of their based approach is not enough: focusing the lessons apply globally. Report Card Manufacturing An auto parts manufacturer, has gone beyond Sarbanes-Oxley to expand the Financial Loss: Average loss per company over past three years $7.4 million (84% of average) traditional role of the audit. A Special Prevalence: Companies suffering fraud loss over past three years 89% Investigations Group reports to the CEO, Increase in Exposure: Companies where exposure to fraud has increased 80% who in turn chairs the Integrity Committee High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds – composed of Directors from Information theft, loss or attack (21%) Administration, Audit, Human Resources, Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years Finance, and Legal. The group is trained in a Internal financial fraud or theft (24%) range of investigative methods, including Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: computer forensics, investigative Staff training (31%) interviewing, and data mining, and has 0 % 10 20 30 40 50 60 70 80 90 100 been building its capabilities for over ten Corruption and bribery years. To support the team’s work, the Theft of physical assets or stock company established an integrity line Money laundering through which the audit department Financial mismanagement receives all reports of misconduct. Over Regulatory or compliance breach time, it has developed the capacity to Internal financial fraud or theft deploy resources swiftly on a range of Information theft, loss or attack issues, including conflict of interest, FCPA Vendor, supplier or procurement fraud violations, corrupt practices, discrimination, IP theft, piracy or counterfeiting harassment, financial fraud, unsafe Management conflict of interest working conditions, and substance abuse. Highly vulnerable Moderately vulnerable The company has a seven day maximum response time to classify reports and20  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 21. Manufacturing EIU survey Losses are down but concerns remain: This year’s survey indicated that the manufacturing industry had seen fraud losses decline, but also pointed to two particular areas of concern: financial mismanagement and IP theft. K  he average loss per company over the last T three years declined from that of the previous survey, both in absolute terms – to $7.4 million from $8.5 million – and in comparison to the overall average, to 84% from 104%. K  lthough the incidences of most types of A fraud in this sector were near the overall survey averages, 30% suffered from financial mismanagement in the last three years, well up from the 2008 survey (17%). K  he industry also saw the highest level of IP T theft over the last three years (22%), up from 18% in the previous survey. The ongoing problem in this area explains why manufacturers have the second-biggest percentage of respondents who feel highly vulnerable to IP fraud (16%). Serious efforts: Some of the reduction in fraud losses is a result of the industry taking the problem seriously. K  ore manufacturing companies deploy seven M out of ten of the anti-fraud strategies listed in the survey than average: 80% have management controls, the highest proportion of any industry. 81% have physical security systems and 53% have vendor due diligence programmes. K  oreover, 39% of companies are investing M further in due diligence, the most of anydetermine the best method to proceed. Because the company’s United States-based industry.Compliance-focused cultures, on the other integrity program is not used at the local The downturn may have a silver lining: As withhand, tend to get bogged down at this some other industries, however, the downturn operation, our work and that of the may be raising vulnerability to fraud whilepoint, specifically in judging which reports company’s auditors was made much more making less available to steal.merit investigation and which are difficult. In practice, the operation is K  7% say that the global financial crisis has 2nuisances, as well as in deploying disconnected from head office oversight. increased fraud levels at their organization,investigative resources efficiently. Next, An integrity line exists, but employees are while 20% say reduced revenues on theironce allegations are proven, the company unaware of it. The line also has no Spanish own have heightened vulnerability – thetakes swift decisions in addressing guilty highest figure for any industry. Meanwhile, speakers, making it useless in Mexico. for 37% entry into new, riskier markets, oftenparties. Recently, a senior executive with Local managers maintain tight control over driven by the demands of the currentmore than 15 years tenure was terminated communications going outside the plant. environment, has also raised exposure towith cause, despite his strategic importance fraud – the second-highest sector figure. Staff members fear expressing anyto the company. Immediately afterwards, K  he number of companies that considered T concerns, greatly reducing their value asthe decision and the reasons for it were themselves highly vulnerable increased on sources of information.communicated to every employee. The last year’s figures, more than doubling forimpact was swift and reinforced a culture More than ever, companies need to three categories – theft of physical assets (8%of integrity and accountability. compared with 22%); corruption and bribery integrate integrity programs into their (6% compared with 16%); and money corporate cultures to enable a greater flow laundering (2% compared with 5%)A United States-based manufacturer ofmedical devices, provides an example of of information from staff on misconduct. K  ven while perceived vulnerability has been Ea program that works less well. For years, This may not make an organization rising, however, in the last year only 19% bulletproof, but it will allow much swifter say they have seen an increase in the levelMexican manufacturing has been problem identification and decision of fraud, compared with 37% who have seensynonymous with maquiladoras, facilities a decline. Just as the industry is having aoriginally created to make products with making. tough time finding profits, it is likely thatparts imported duty free. This firm operates fraudsters are having a hard time findingsuch a plant in Mexico. A routine audit money to pilfer.there uncovered more than $1 million waste David Robillard is Kroll’s country Overall, manufacturing companies have made manager in Mexico. He advises clients some headway with fraud, although financialof raw materials. Within three weeks of this on reputational and corporate risks and mismanagement and IP theft remain significantreport becoming known, two senior plant has done so for over 15 years. issues. How much of this success is a result ofemployees who had initiated an internal Previously David was a market their own efforts, and how much from theinvestigation – the HR Manager and the intelligence specialist for ICA Fluor broader effects of the downturn, will only Daniel, a Mexico-based joint ventureQuality Control Supervisor – were murdered. become clear in an economic recovery. and leading provider of industrial engineering,The client sought Kroll’s assistance to procurement and construction services in Latin America. Written by The Economist Intelligence Unitdetermine if these incidents were related. Kroll Global Fraud Report • Annual Edition 2009/2010  |  21
  • 22. viewpointThe United Kingdom’s new The maximum penalty in the first three offenses is ten years imprisonment. In theanti-bribery legislation last offense, the penalty in the imposition of an unlimited fine. The bill also contains an extra-territorial jurisdiction clause to enable the prosecution of bribery committed abroad by United Kingdom residents, nationals, and companies. The Bribery Bill sets out that the fourth offense will take place when: K a person performing services for the commercial organization bribes another person; K the bribe is in connection with the commercial organization’s business; and K another person connected within the organization with responsibility to prevent bribery negligently failed to do so. Importantly the person offering the bribe need not be an employee, as the law would also apply to consultants or agents. Corporate directors will need to put in place adequate controls and procedures in order to demonstrate that all reasonable steps have been taken to prevent or minimize the opportunities for corrupt payments by employees or agents. Advisable steps may include, but not be restricted to: K implementing a robust compliance Companies need to be aware that new program which states the company’s regulation also covers consultants and attitude and policy toward corrupt payments, and communicating this to all agents says Richard Abbey staff, agents, consultants, and contractors globally;C K regularly training staff in the relevant orruption remains a major risk issue More important, the SFO is taking great national regulatory acts and internal for international businesses. Companies steps to persuade companies aware of compliance policies; may face pressure to engage in involvement in corrupt acts to “self report”unethical or corrupt practices in many – a model already used by authorities in the K demonstrably maintaining adequateemerging markets – and some developed United States. In return for self-reporting, books, records, and internal controls atones – but they are also seeing increased businesses receive more lenient all subsidiaries to minimize the risk ofscrutiny from regulators and governments disciplinary treatment than if the SFO corrupt payments;who are making a priority of stamping out becomes aware of the offense through K maintaining a clear trail of due diligencecorruption within the global economy. other means. How successful this approach and vetting of agents and consultants will be remains to be seen. Therefore, some used to win business; andIn the past, the United Kingdom has been organizations appear willing to take thecriticized for its attitude toward the K conducting regular risk audits of sales risk of the issue not being uncovered. Asprosecution of companies and individuals departments dealing with high risk the SFO makes examples of more firms,responsible for corrupt acts within its business opportunities or operating in however, this attitude might change.borders and abroad. British corporations, high risk jurisdictions.their directors, and overseas entities doing The Government has also published detailsbusiness in the country, however, will soon of a draft Bribery Bill, which, if passed, will The United Kingdom is tightening up itssee a major change in attitude from the come into force in 2010. The bill currently anti-bribery regime. Companies need toauthorities. Richard Alderman, head of the sets out the following general offenses: take note.Serious Fraud Office (SFO), has clearly K to offer, promise, give, or request anindicated his office’s commitment and advantage; Richard Abbey is a managing director and head ofdetermination to investigate and punish K to agree to receive or accept an financial investigations in London. He specializes inentities found guilty of bribery. Several managing complex and multi-jurisdiction frauds and advantage;United Kingdom companies and individuals international bribery and corruption investigationshave been prosecuted or fined in the past K a specific offense of bribery of a foreign and is currently leading the investigation into the public official; collapse of Glitnir Bank in Iceland. He is a qualifiedyear, and the SFO is actively encouraging accountant and prior to joining Kroll worked at onewhistleblowers to provide evidence of the K negligent failure by a commercial of the big four.wrongdoing, as opposed to just reporting it. organization to prevent bribery.22  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 23. VIEWPOINT Not all identity theft is high-tech, and no one is immune Criminals are finding new ways to accounts. They took – according to court documents in the federal case – some steal identities, including targeting $2.1 million from ten different financial institutions. Thieves generally look for the easiest means of access. Once on the employees says Brian Lapidus inside, they quickly recognize the constant business struggle to secure informationS cores of articles have breathlessly numbers, addresses, and dates of birth. contained in items like incoming mail or recounted how Anna Bernanke, wife of Data can come from practically any source. paper files that are often highly accessible United States Federal Reserve While most news stories highlighted the to employees. Missing hardcopy files or aChairman Ben Bernanke, had her purse Cannon’s pick-pocketing activities, the ring lost office key should not be dismissed asstolen and the subsequent check fraud. The also infiltrated offices, including those of a petty; these merit diligent investigation.inevitable conclusion: it can happen to United States sponsored charity and the Finally, organizations must take backgroundanybody! Identity theft is the fastest offices of a doctor, in order to obtain checks screening efforts seriously. News reportsgrowing crime in both the United States from the mailroom, personal identification indicate that one of the thieves workedand Canada. It is the leading cause of information from medical files, and credit with a corrupt employee at a doctor’s office,consumer complaints to the American card details. and federal informants from the ringFederal Trade Commission, with cases indicated that the standard was to pay The Cannon’s activities are a wake-up calltotaling 313,982 in 2008. In Canada, it is anywhere from $200 to $500 for a set of to organizations. First, data security cannotestimated that one in ten have become complete personal information. Background be left to the IT department alone. Thisvictims of identity theft. screening is no panacea, but a thorough fosters the belief that anti-virus software,High profile cases, however, often obscure firewalls, and other cyber security measures check performed by a reputable third partythe reality of identity theft. The real focus will effectively eliminate the risk of a data brings all sorts of information to light:of the story should have been the members breach. Frequently, the breaches occur due criminal histories, financial histories, and to careless or disgruntled employees, or to professional misconduct to name a few.of Cannon to the Wiz, a Chicago-based ring employees who are simply unaware that Data rich organizations, like the doctor’sthat perpetrated both high- and low-tech their actions violate security protocols. office, are prime targets and thus have anthefts of identities and financial obligation to perform thorough backgroundinformation. The ring had been in the view According to a 2008 Ponemon study, over checks.of law enforcement well before the 88 percent of data breaches involved insiderBernanke incident. In April 2009, Detroit negligence. The per-victim cost of these It is unfortunate that Ben and Anna Bernankepolice arrested four members of the ring was $199 per record; those traced to had their personal information stolen.who were targeting fans at a sporting event. malicious acts cost $225 per record. Perhaps the one positive outcome is thatIn June, Virginia federal prosecutors charged the incident can encourage discussion of Second, never assume that low-tech10 with conspiracy and bank fraud, and, the prevalence and true nature of this crime. methods mean that the identity thief is ajust as summer was winding down, novice. Authorities reported that membersauthorities arrested a check casher from of the Cannon often met for seminars to Brian Lapidus is chief operating officer of Identitythe ring in Miami. Fraud Solutions based in Tennessee. He leads a team learn more effective tactics. They used of investigators in ID theft discovery, investigation andTo identity thieves, everyone is reduced to advanced equipment to manufacture fake restoration, including helping corporations tovaluable information such as Social Security identification and employed complicated safeguard against and respond to data breaches.or Social Insurance numbers, credit card check fraud schemes to drain victims’ bank Kroll Global Fraud Report • Annual Edition 2009/2010  |  23
  • 24. Healthcare, PHARMACEUTICALS & BIOTECHNOLOGY and difficult-to-tackle problems – counterfeit goods, theft, and irregular sales practices chief among them. Overall, illicit activity amounts to about $1.9 billion per year, or 12 percent of the formal market. Counterfeiting affects all companies and represents 81 percent of the illicit market. A glimpse Theft – including stealing from pharmacies and warehouses, cargo theft, and pilferage – constitutes an additional 12 percent, while the illegal sale of drug samples accounts for into Mexico’s 5 percent. Counterfeit drugs shadow Sales of counterfeit drugs in Mexico were estimated to exceed $1.5 billion in value in 2008, or 10 percent of the formal market. They are the product of a complex and pharmaceutical lucrative shadow industry with a global reach. Well coordinated rings, often working closely with organized crime, slip fake medication into Mexico’s legitimate drug market supply. Such shadow players replicate operations parallel to the legitimate industry, including importing, manufacturing, packaging, and distributing their false merchandise. Counterfeiting usually takes place in small laboratories,Guillaume Corpart, Manuela D’Andrea vigilance and were asked to keep faultless often located in residential buildings,& Enrique Orellana inventory records to avoid theft. supported by an entire network of suppliers These measures helped with a crisis, but and intermediaries. Legitimate businessA mid Mexico’s recent influenza activities can be used as a front, while in the same underlying threats besiege the pandemic, the real danger that fake other cases fictitious corporations or ghost industry every day. Kroll recently conducted medication could imperil the health companies provide cover. an in-depth investigation into the growingof the population was acknowledged. The problems afflicting this sector in Mexico.country’s health ministry warned the public Here are some of the key findings. Two types of counterfeitingof the risks of buying medications, such as practices are rampant in Mexico:Tamiflu and Relenza, online. Armed guards The country’s pharmaceutical industry K Partial or total product substitution:protected warehouses storing medications. faces substantial fraud risks. The $15.5 Counterfeit medication often includesPharmacies and hospitals maintained strict billion market is plagued by widespread the original active ingredient but in a smaller dosage than indicated on the Report Card Healthcare, pharmaceuticals and biotechnology packaging, thus creating a sub-potent drug. Even when the active ingredient is Financial Loss: Average loss per company over past three years $11.7 million (133% of average) present, the medication may still be laced Prevalence: Companies suffering fraud loss over past three years 88% with potentially hazardous material. In one case, counterfeit pills for erectile Increase in Exposure: Companies where exposure to fraud has increased 71% dysfunction were found to have traces of High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds LSD, a semi-synthetic psychedelic drug. Regulatory or compliance breach (21%) K Repackaging of expired drugs: Criminal Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years rings also acquire expired medicine in Information theft, loss or attack (21%) order to repackage it and then reinsert it Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: into the distribution channel. The IP protection (32%) absence of a formal waste management 0 % 10 20 30 40 50 60 70 80 90 100 system for expired drugs makes this Corruption and bribery “recycling” easier. Theft of physical assets or stock Money laundering The growing presence of illicit, online pharmacies is further increasing the Financial mismanagement proliferation of counterfeit medication. In Regulatory or compliance breach 2004, the United States Drug Enforcement Internal financial fraud or theft Agency found over 200 online pharmacies Information theft, loss or attack operating along the United States-Mexico Vendor, supplier or procurement fraud border. It is calculated that these businesses IP theft, piracy or counterfeiting sent over 11 million pills to American Management conflict of interest buyers between 2003 and 2008. Furthermore, Highly vulnerable Moderately vulnerable over two percent of Mexico’s 110 million inhabitants are said to have purchased24  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 25. Healthcare, PHARMACEUTICALS & BIOTECHNOLOGYmedication online. In order to address the Sale of medical samplesrisks inherent in such purchases, Mexico’s The commercialization of medical samples EIU surveyFederal Commission for Protection Against hurts companies in two ways: first as anHealth Risks banned all online pharmacies, Lower incidence, higher costs: The health, unprofitable use of resources in producingincluding legitimate ones. pharmaceuticals and biotechnology sector has them, and second as a missed sales had some success in reducing the incidence of opportunity. It is calculated that the fraud, but the level of crime still taking place isTheft practice represents a lost market costing more and keeping executives worriedDrug theft, estimated to have cost opportunity of $90 million per year. about their level of vulnerability.companies $235 million in Mexico in 2008, With drug sample production taking up K  or eight out of ten categories of fraud Fremains the leading risk in the minds of between one and eight percent of covered in the survey, the proportion ofexecutives especially as, beyond the direct pharmaceutical manufacturing capacity, sector companies affected over the last three years was less than that of the 2008 survey.losses, it provides the counterfeit market some 20 million units are produced each Some of these declines were particularlywith raw material and packaging. The year. Sales reps and doctors then sell the notable. The proportion involved inproblem comes in three primary forms: samples to “specialized collectors.” regulatory or compliance breaches droppedcargo theft, break-ins, and pilferage. These, in turn, channel the products onto from 37% to 22%; that for vendor, supplier the black market, reaching clients mainly or procurement fraud from 24% to 10%;Pharmaceutical cargo is an attractive target through street markets, irregular and for corruption and bribery from 20%for organized crime. The latter can exploit pharmacies, and online sales. to 10%. The results for the last twovulnerabilities throughout the distribution categories were the best of any sector.network. High value, quick marketability, Looking forward Management conflict of interest was theease of rechanneling, and relatively small Pharmaceutical companies operating in most widespread problem in the industrypenalties if caught make this kind of theft Mexico are realizing that the risks outlined rising from 28% to 31%.good business for criminals. Insurance here erode their market position and long K  t the same time, however, the average loss Acompanies estimate that every month one term competitiveness. It is no longer possible per company over the last three years waspercent of all cargo trucks on Mexican to dismiss the problem as simply a cost $11.7 million, or 133% of the overall which companies have to endure. The long average. This represented a substantialroads are attacked, and Kroll puts the loss increase from the 2008 levels of $7.8 millionto the pharmaceutical industry in 2008 term profitability of manufacturers and and 94%, although is more a return to thefrom this activity at $80 million. distributors requires the implementation of 2007 figures of $11.7 million and 175%. preventive measures and anti-counterfeitingGangs often have accomplices within K  ccordingly, more companies than average A technologies, such as monitoring systemsdistribution and transport companies who considered themselves highly vulnerable to and authentication methods. eight out of ten categories of fraud coveredhelp identify targeted drugs, as well as Technology, however, is not enough. in the survey.provide shipping information and truck Pharmaceutical companies are now K n particular, despite having fewer companies Iitineraries. Kroll has found that, in over 80 acknowledging that good distribution suffer from information loss than in the surveypercent of thefts, a company employee is as a whole (21% compared with 25%), 27% channel management – that prevents thedirectly involved. Jalisco, Mexico State, of sector companies rated themselves highly infiltration of counterfeit medication andGuanajuato, Mexico Distrito Federal, and stops the detour of products into vulnerable to information theft, the highestMichoacán see 65 percent of all these illegitimate channels – is just as important. figure of any industry. Similarly, the numbercrimes, largely because these same states considering themselves highly vulnerable toserve as distribution and command centers Above all, most companies agree that they IP theft, at 24%, was the highest of any cannot tackle these problems alone. sector, yet the number of healthcare,for organized crime. Whether partnering with law enforcement pharmaceuticals and biotech companies hitWhile cargo theft can affect all players, authorities to avert cargo theft, or with by this type of fraud was only slightly abovebreak-ins mainly target warehouses and other companies to lobby the government average (16% compared with 14%).retail drug stores. According to the National on anti-counterfeiting laws, leading Little change in spending: These concerns areAssociation of Pharmacies, every pharmacy industry players are becoming more having an uneven impact on spending proactive in understanding and mitigating priorities.in Mexico experiences theft on averagetwice a year. Countrywide, this results in the substantial fraud risks which they face. K  ector companies are slightly more likely S than average to have in place IT securityover forty thousand break-ins annually, and measures (74% compared with 71%), andestimated losses of $62 million. Guillaume Corpart is an associate managing noticeably more likely to have IP monitoring director and expert in the field of market intelligencePilferage, on the other hand, usually takes in Latin America. He joined Kroll in 2008 following (47% compared with 36%).place further down the distribution the integration of InfoAmericas, the leading K  ore sector firms than in any other industry Mnetwork and is particularly rampant within independent market intelligence firm in Latin plan to invest in IP protection in the coming America. He is a strategic advisor to clients, providing year (32%), but only an average number willgovernment institutions. Although there advice on market positioning, market entry, do so for management controls (34% for theare no official figures, Kroll estimates that competitive trends, and partnering. industry and for all sectors combined).losses in Mexico are approximately $93 Healthcare, pharmaceuticals andmillion per year. Manuela D’Andrea is an analyst in market intelligence in Latin America. She joined Kroll in 2008 biotechnology companies have been successfulIn seeking drugs, whatever the means, following the integration of InfoAmericas. in keeping down the prevalence of fraud and, Manuela is responsible for primary and secondary in particular, the number of IT attacks andorganized crime commonly focuses on research about market positioning, market incidents of IP theft, in an industry where bothmedication of which the sale is restricted in penetration, competitive trends and associations. can have a devastating impact. Their continuedthe open market – such as psychotropic efforts should help to bring down the cost ofdrugs – or on products with high market Enrique Orellana was until recently a senior analyst fraud, but executives should now consider howdemand – such as lifestyle medicines. On within Kroll’s market intelligence division, focusing to address the problem of managementthe black market, these drugs are less on political and market analysis. He is now studying conflict of interest more effectively. International Policy Management at Georgetownexpensive and easier to obtain, with no University. Written by The Economist Intelligence Unitprescription required. Kroll Global Fraud Report • Annual Edition 2009/2010  |  25
  • 26. technology, Media & telecoms EIU survey Fraud levels are relatively low: The technology, media and telecommunications sector performed well last year compared to its peers. IT outsourcing: K t had the third-lowest average loss per I company, $4.7 million, or 54% of the overall average. Although this is partly the Is it worth the risk? result of an unusually high number of smaller companies in the industry, the figure is still low. K  he sector had the lowest prevalence of T fraud, with just 73% of companies hit in some way in the last three years. services. The Satyam case presents a strong Paulo R. Silva reminder that technology companies, K  or eight out of ten categories of fraud, the F including IT outsourcing ones, are vulnerable I percentage of companies falling victim in T outsourcing has long been an accepted the last three years was below the survey to the same common frauds – such as solution for companies to streamline internal financial fraud, vendor or average. processes, reduce costs, and provide procurement fraud, and theft of physical K  oreover, fewer industry firms suffered M flexibility to meet the changing demands of assets – that can occur in any other business. from internal financial fraud (8%) than any their operations. With the global economic other sector, and it came in second best on crisis forcing business leaders to squeeze Moreover, even though IT outsourcing theft of physical assets (29%). companies, as obvious targets, invest out additional operational efficiencies to Threats remain: IT and IP theft mar an survive, more outsourcing seems inevitable. heavily to prevent cyber crime, they can otherwise good performance, but also of The decision, however, on what functions also be victims of fraud typically related to concern is a tendency not to look beyond to outsource is often made without a the cyber world, such as information theft these risks. and intellectual property theft. 29 percent thorough assessment of the risks involved K  he two obvious threats to the industry are T in determining what is to be outsourced, of IT, media, and telecommunication firms information theft and IP theft. In the last and to whom. have suffered from the former in the last three years, 29% suffered from the former three years, and 16 percent from the latter, – the highest sector figure – and 16% from In January 2009, India’s Satyam Computer according to the 2009 Kroll Global Fraud the latter. Services, then the fourth largest Survey. The survey also shows that roughly K  ompanies defend themselves accordingly. C outsourcing company in the world, shook a fifth of sector companies feel themselves The sector has the most widespread the sector by admitting that it had highly vulnerable in these areas. deployment of IT security (in place for 83% systematically inflated revenue and profits for years. The corporation was eventually In February 2008, the Bank of New York of companies) as well as above average use of IP monitoring (41% compared with an sold to another Indian firm, Tech Mahindra, Mellon was a victim of data breach while average of 36%). In both cases, more under the responsibility of an outsourced to restore confidence in the market and technology, IT and media companies than company. Unencrypted back-up tapes ensure the continuity of its operations. average are also looking to invest in these containing personal information of over 12 areas in the coming year. In previous years, Satyam’s fraud and lack of internal integrity million customers disappeared during concern about these issues seemed very should serve as a wakeup call for transport to an off-site facility. Although no high compared to their actual incidence, companies intending to use IT outsourcing misuse of information from the tapes was but now the two seem more aligned. K  y contrast, in the coming year, fewer B Report Card Technology, media and telecoms sector companies will be investing in every other anti-fraud strategy listed Financial Loss: Average loss per company over past three years $4.7 million (54% of average) Prevalence: Companies suffering fraud loss over past three years 73% K  his may be justifiable in some cases, given T Increase in Exposure: Companies where exposure to fraud has increased 81% the low incidence of many types of fraud, High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds but the sector suffers from the same rate of Information theft, loss or attack (21%) • IP theft, piracy or counterfeiting (19%) financial mismanagement as the overall Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years survey average (21% of companies over the Theft of physical assets or stock (29%) • Information theft, loss or attack (29%) last three years), yet notably fewer firms Management conflict of interest (21%) • Financial mismanagement (21%) have financial controls in place (69% Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: compared with 82%), and fewer also plan IT security (59%) • Financial controls (39%) • Physical asset security (34%) • Management controls (33%) to invest in this area (39% compared with IP and trademark monitoring program (31%) 46%). 0 % 10 20 30 40 50 60 70 80 90 100 Fraudsters are nothing if not inventive, and Corruption and bribery even industries that are achieving good Theft of physical assets or stock results will need to be vigilant in the face of Money laundering new challenges – 31% of sector companies, Financial mismanagement for example, say that the downturn has Regulatory or compliance breach increased the incidence of fraud. Technology, Internal financial fraud or theft media and telecommunications companies might therefore improve on this relative Information theft, loss or attack success by looking beyond the obvious fraud Vendor, supplier or procurement fraud risks, while continuing their efforts against IT IP theft, piracy or counterfeiting attack and IP theft. Management conflict of interest Highly vulnerable Moderately vulnerable Written by The Economist Intelligence Unit26  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 27. Natural resourcesidentified, this incident caused large lossesfor the bank since it had to take actions The Foreign Corruptsuch as internal investigations andassistance for those who had personalinformation stored in the back-up tapes. Practices Act, theSuch frauds frequently occur whencompanies presume that the IT outsourcingbusiness, which they hired, has the samesecurity procedures as their own. If custody Siemens settlement,of, or responsibility for, sensitiveinformation is outsourced, the contractingcompany may be compromised in any and the energy sectorsubsequent security breach.Other outsourced services are also subjectto frauds. Companies must, therefore,strategically and cautiously decide whatwill be outsourced, and then carefully selectwhich company will get the contract. Hereare some factors that should be considered:Determine what should or should not beoutsourced: Many companies outsourceactivities which are not related to their corebusiness, such as management of their ITinfrastructure, in order to gain competitiveadvantage through streamlined processes,increased flexibility, and reduced costs.Companies must be careful when passingcrucial information or processes to thirdparties; the sharing of such informationbrings information security risks.Select the appropriate services provider:Consider the capacity of the supplier tohandle the volume of services required.Conduct a pre-screening investigationbased not only on suppliers’ credentials butalso on a thorough understanding of theservices offered. Supplier benchmarking isan effective way to weigh provider options.Consider multisourcing: This model canincrease flexibility and reduce risks in theoutsourcing project. And, while it doesdemand greater effort to manage contractswith several suppliers, the selection ofchoosing a single supplier – full outsourcing– requires more careful selection processes,since that firm will share more heavily inthe risks of the company. The most recent example of an energy David A. HolleyOutsourcing can provide great benefits, but company undergoing an FCPA investigation Tit may cause problems when the company and prosecution ended in a December 2008 he energy industry has long beenloses direct control over the management settlement between Siemens AG, the United fertile ground for corruption andof outsourced services. The Satyam incident States Department of Justice (DOJ), and the bribery and, therefore, ripe for Foreignwarns us of the risks run when we put all Securities and Exchange Commission (SEC). Corrupt Practices Act (FCPA) enforcementour eggs into the same basket. The case provides lessons for every activity. By its very nature, the international international energy firm on how to remain energy business, including the oil and gas FCPA compliant as it develops business and Paulo Renato Silva is an associate sector, requires a high degree of government director in Kroll’s São Paulo office. He establishes a presence overseas. involvement and cooperation, particularly specializes in information security and has coordinated many projects in the when entering markets overseas, Cooperation with Government computer forensic field in Brazil as well constructing facilities in new territories, investigations: Siemens’ approach to the as across Latin America. He has a applying for permits from foreign agencies, FCPA investigation has been universally Bachelor’s Degree in Computer Science or reaching distribution agreements with recognized as the “right way” and can servefrom the University of the State of São Paulo, and is a countries. Such cooperation can be as a model for those facing similar actions.member of the Information Systems SecurityAssociation. achieved in many ways, and some firms Siemens retained a multi-national team resort to methods with FCPA implications. of accountants and lawyers to establish Kroll Global Fraud Report • Annual Edition 2009/2010  |  27
  • 28. Natural resourcesthe facts and circumstances surrounding bribe payments and inadequate controlsall of the allegations. The company was were “accepted by senior management.” EIU surveyalso reportedly timely and forthcoming The DOJ admonished Siemens’ seniorwith all of the DOJ’s requests for documents leadership for failing to instill ethics into its Fraud levels: The latest survey containedand information. The settlement agreement business by, for example, not making a both positive and negative results on thecalls Siemens’ level of cooperation clear statement of company policy to incidence of fraud levels among natural employees on the payment of bribes. In resources companies.“exceptional.” This behavior is said to bewhy the company secured the terms it did. essence, the government was condemning K  n the positive side, the average loss to O a failure of corporate leadership to create a fraud over the last three years, at $8.0Approaching an FCPA investigation million, was less than one-half of thecooperativly, rather than contentiously, is “tone at the top” consistent with effective amount from the 2008 survey, at $18.1the single greatest lesson coming from the compliance. Management buy-in involves million. Moreover, even though naturalcase. more than just promulgation of FCPA- resources companies are larger as a group related rules: senior executives must be than those in other surveyed sectors, theDue diligence failures: Siemens’ failure to actively engaged to ensure not merely industry’s average loss this year wasperform meaningful due diligence on some conformity with the letter of the law, but below that for the whole survey (92%).third-party consultants led to many of its also an ethos of compliance. K n addition, only 13% of industry IFCPA-related problems. Numerous “red companies report an increase in fraudflags” relating to their hiring and use went The Siemens case provides numerous FCPA levels during the last year, compared withmostly undetected because of a failure to compliance lessons for the energy industry. 32% which cite a decline. Both of thesecentralize the due diligence and third-party As expansion in foreign markets makes improvements probably reflect the globalretention processes. For example, Siemens contracting with unfamiliar governments decline in exploration and investment inengaged certain consultants with no inevitable, energy concerns will sometimes oil, gas and mining in the last 12 months.relevant experience in their contracted face unfamiliar cultural expectations and K  n the negative side, 52% of sector Otasks and many received unusually high challenges. Meeting these ethically and companies suffered from theft of physicalfees relative to the going rate for such work. legally will certainly test even the most assets in the last three years, the greatestIn addition, the company used third parties compliant entities. In these efforts, the proportion hit by any fraud in any sector. Siemens case can provide some guidance Moreover, one in four experienced eachconcurrently employed by the governments and may even become an example for of information theft, vendor orwith which it was seeking a business regulators in future enforcement activities. procurement fraud, and corruption orrelationship. Engagement of a third party bribery – in the last case this was theshould always be preceded by a level of due second-highest figure of any sector.diligence which will yield full knowledge of David A. Holley is a senior managing K  verall 93% of natural resources Oits proposed activities, remuneration, and director and the head of Kroll’s companies were hit by some sort of fraud Boston office. Since joining Krollexpertise to carry out its mission. in the last three years, the highest in 2000, David has led investigations including environmental matters, proportion of any sector, although not aManagement’s role in compliance: contests for corporate control, significant change from last year’s survey.Siemens was harshly taken to task for internal investigations and white- Consistent spending: The problem is notmanagement’s apparent failure to ensure collar crime investigations. Prior to joining Kroll, David worked for a mid-sized investigative firm one of insufficient attention.FCPA compliance in parts of its overseas and the Environmental Enforcement Section of the K  f the ten categories of anti-fraud Obusiness. The SEC complaint criticized US Department of Justice. measures covered in the survey, nineSiemens’ FCPA compliance program, saying were more widespread among natural resources firms than on average. For staff screening, the only exception, the Report Card Natural resources difference was just 1%. Financial Loss: Average loss per company over past three years $8.0 million (92% of average) K  wo of these measures were more widely T Prevalence: Companies suffering fraud loss over past three years 93% deployed in this sector than anywhere Increase in Exposure: Companies where exposure to fraud has increased 79% else: staff training (59% use it compared High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds with 45% on average); and partner, client Corruption and bribery (23%) • Information theft, loss or attack (21%) • Theft of physical assets or stock (21%) and vendor due diligence (57% Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years Theft of physical assets or stock (52%) • Information theft, loss or attack (27%) compared with 46%). Vendor, supplier or procurement fraud (25%) • Corruption and bribery (25%) K  ust 7% had weakened internal controls J Regulatory or compliance breach (20%) as a cost-saving measure, the second- Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year lowest result in the survey. IT security (50%) • Financial controls (39%) • Management controls (32%) • Staff training (32%) Inherent fraud risks: Instead, the sector’s 0 % 10 20 30 40 50 60 70 80 90 100 perennial problem is exacerbating fraud Corruption and bribery risk – the need to go wherever the raw Theft of physical assets or stock materials are, however problematic the Money laundering operating environment. Entry into new, Financial mismanagement riskier markets had increased fraud Regulatory or compliance breach vulnerability for 38% of natural resources firms, making it the sector most affected by Internal financial fraud or theft this issue. Information theft, loss or attack This year’s results present a mixed picture Vendor, supplier or procurement fraud for natural resources – one of a sector with IP theft, piracy or counterfeiting serious fraud risks that it is working to Management conflict of interest address, with some success. Highly vulnerable Moderately vulnerable Written by The Economist Intelligence Unit28  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 29. regional analysisMiddle East & Africa overviewI t is difficult, at first glance, to see K 36% of respondents saw a drop in fraud investing in every anti-fraud strategy anything positive in the fraud survey at their companies, against 28% who listed in the survey, including notably figures from the Middle East and observed an increase. IT security (58% of regional companiesAfrica. Once again the region is by far K The number of firms reporting increased compared with 51% on average), andthe worst affected. vulnerability to fraud as a result of high physical asset security (56% to 37%).K For seven out of ten frauds covered in staff turnover and weaker internal It would be wrong to characterize the the survey – corruption and bribery controls was also down. fraud situation in this region as anything (affecting 34% of regional respondents); K With the exception of IP protection but extremely serious. It is, however, fair to vendor fraud (33%); management note some improvements. Moreover, measures, a greater proportion of conflict of interest (31%); financial companies certainly have not given up. regional companies than average will be mismanagement (31%); internal financial fraud or theft (27%); IP theft 2009 2008 (22%); and money laundering (12%) – the Middle East and Africa had the highest Financial Loss: $11.5 million $5.6 million Average loss per company over (147% of average) (68% of average) incidence of any region. The number of last three years companies hit by the remaining three frauds was, in each case, also above Prevalence: Companies suffering fraud loss 88% 91% average. over last three yearsK For five out of ten frauds, the region also High Vulnerability Areas: Corruption and bribery (27%) IP theft, piracy has the most companies considering Percentage of firms calling or counterfeiting (24%) themselves highly vulnerable: corruption themselves highly vulnerable Vendor, supplier or procurement fraud (22%) Information theft, and bribery (27%); vendor fraud (22%); loss or attack (23%) theft of physical assets (17%); IP theft Management conflict (16%); and financial mismanagement of interest (22%) (14%). Corruption and bribery (21%)K The Middle East and Africa saw the most Areas of Frequent Loss: Theft of physical assets Theft of physical assets companies whose vulnerability Percentage of firms reporting or stock (38%) or stock (46%) increased due to high staff turnover loss to this type of fraud in last three years Corruption and bribery (34%) Management conflict (36%); weaker internal controls to save of interest (43%) Vendor, supplier or procurement money (27%); pay restraint resulting fraud (33%) Financial mismanagement (38%) from reduced income (21%), and reduced Management conflict Corruption and bribery (34%) revenue in general (16%). of interest (31%) Information theft, lossK The average loss per company over the Financial mismanagement (31%) or attack (29%) last three years more than doubled from Internal financial fraud Internal financial fraud or theft (27%) or theft (27%) the 2008 survey figure, from $5.6 million to $11.5 million, although this came as a Information theft, loss Vendor, supplier or attack (26%) or procurement fraud (24%) result of an increase in the number of Regulatory or compliance Regulatory or compliance respondents with losses over $100 breach (23%) breach (23%) million rather than as a result of an IP theft, piracy across the board shift upward. or counterfeiting (22%)On the other hand, last year’s surveyfigures were in some respects even worse,and companies are taking steps to address Spotlight on their region or globally to feel highlythe problem. vulnerable to both frauds, they areK Of the ten categories of fraud, three were Nigeria tackling money laundering more actively than IP theft. more prevalent among survey Fraud incidence in Nigeria broadly mirrors respondents this year, including notably that in the region as a whole. The two Some 93% of companies in the country vendor fraud which rose in incidence biggest exceptions are: money laundering, have financial controls in place (compared from 24% to 33%. Three, however, stayed which affected 19% of Nigerian with 82% globally), but only 30% of roughly the same, and four actually respondents in the last three years Nigerian respondents have IP protection compared to 12% across the region and measures in place (compared with 36% dropped. The latter included last year’s just 5% of the whole survey; and IP theft worldwide). As IP theft, piracy, and two most widespread frauds: theft of (30%, compared to 22% and 14% counterfeiting are rising in the Middle physical assets (down from 46% to 38%), respectively). Although Nigerian East and Africa, this could make them and management conflict of interest companies are more likely than those in even more vulnerable than they are now. (from 43% to 31%). Kroll Global Fraud Report • Annual Edition 2009/2010  |  29
  • 30. Retail, Wholesale & distribution India’s retail sector: Risks that match the potential rewards Report Card Retail, wholesale and distribution Richard Dailly Financial Loss: Average loss per company over past three years $12.7 million (145% of average) F Prevalence: Companies suffering fraud loss over past three years 92% or years rumors in the retail industry Increase in Exposure: Companies where exposure to fraud has increased 71% have predicted the imminent, complete High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds opening of the Indian retail sector to Theft of physical assets or stock (19%) • Corruption and bribery (17%) non-Indian operators. Since the economic Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years liberalization measures of 1990 were Theft of physical assets or stock (42%) • Vendor, supplier or procurement fraud (27%) legislated, the amount of foreign direct IP theft, piracy or counterfeiting (21%) investment (FDI) flowing into this sector, Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year together with many others, such as banking, Financial controls (44%) • IT security (40%) • Physical asset security (37%) insurance, and print media, has been 0 % 10 20 30 40 50 60 70 80 90 100 closely controlled by the Indian government. Corruption and bribery Partly as a result, India’s retail sector Theft of physical assets or stock remains highly fragmented: 97 percent of Money laundering the market belongs to unorganized outlets; Financial mismanagement just three percent to organized ones. India’s Regulatory or compliance breach retail sector remains one of the few large Internal financial fraud or theft unconsolidated markets in the world. Information theft, loss or attack Change will not happen overnight. Echoing Vendor, supplier or procurement fraud various previous statements of Indian IP theft, piracy or counterfeiting policy makers, on August 15, 2009, India’s Management conflict of interest minister of state for commerce and Highly vulnerable Moderately vulnerable industry, the governor of its central bank – the Reserve Bank of India – and the head of30  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 31. Retail, Wholesale & distributionthe government’s economic advisory An important source of shrinkagecouncil unanimously stated that there was originates from within the retailer, i.e. its EIU survey“no proposal to implement full capital employees. Amid widespread poverty,account convertibility.” Full capital account significant loyalty to a faceless corporation The retail, wholesale and distributionconvertibility allows long term investors to of apparently limitless wealth is unlikely. sector has a serious fraud problem, ofrepatriate all their profits, whereas partial Countering this demographic reality are which it is insufficiently aware.capital account convertibility requires them good practices that large retailers canto reinvest in the business a significant part High levels: Fraud has risen to high employ such as background checks on allof their profits. This ensures that a large levels of staff and the construction of a levels.part of foreign investment stays within strong, identifiable and magnanimous K  lthough companies in this sector, as AIndia. Such a step strikes Indian business culture. a group, are smaller than average, thepolicymakers as extreme towards opening Despite India’s reputation for churning out loss to fraud per company in the lastup Indian markets. high caliber professionals, there is a three years was $12.7 million or 145%Nevertheless, it is widely believed that the of the norm. This exceeded the overall shortage of managerial talent at the top ofgovernment is committed to increasing the average for the first time since these the Indian retail sector. Stories abound ofamount of FDI in the retail sector, albeit unprofessional management, even among surveys began, and was alsoincrementally. The government believes some of the biggest names in the country, dramatically greater than the 2008that the absorption of investment into the probably because many major Indian figure of $3.3 million.retail sector needs to be slow, in order not retailers began as family businesses.to dislocate existing family-run stores, but K  total of 92% of sector companies A Like many family run companies aroundrather to create jobs for the children of were affected by fraud, the second-these merchants. For the government, it is the world, the prize C-suite positions in Indian retailers are reserved for family highest rate in the survey.not a question of FDI versus no FDI; it is aquestion of big against small. members and close friends. The absence The increased incidence of fraud seems of meritocracy prevents the hiring of to have appeared suddenly in the lastInvestors bold enough to be first movers face experienced managers or the promotion year. When asked about ten specificdaunting operational risks in an immature of able mid-managers. The lack of types of fraud suffered over the lastmarket including an inefficient and corrupted professionalism, mixed with family politicssupply chain and logistics industry upon three years, respondents reported lower leads to under-performance andwhich it relies. Abundant but poorly written figures for seven of these, sometimes unsupervised fraud and waste. Oneand enforced industry standards are noticeably. Those affected by theft of un-named Indian retailer revealed that theycumbersome to comply with, dragging on had not measured stock in several years. physical assets in the last three years, forefficiency. Suppliers are fragmented and example, dropped from 67% to 42%.susceptible to counterfeit product, stock- As with every other Indian sector, any new On the other hand, when asked in aouts, and quality inconsistencies. retailer must navigate the maze of regulatory interference. Regulations require separate question about fraud in theOne of the leading threats to retailers, last twelve months, for two categories upwards of 30 license approvals, and anyof both Indian and mixed capital, is this sector was more affected than any license approval in India is subject to abuse.shrinkage. In more mature markets, At the political level, local strong-arm other – theft of stock and financialshrinkage typically ranges from 1-2% of parties frequently demand employment for mismanagement – and for four more itCost of Goods Sold (COGS). In India, themetric is estimated to be much higher. members. Large retailers entering the performed second worst – internalSupply chains are not at the mercy of the market would be perceived as a significant financial fraud, corruption and bribery,inherent weaknesses of India’s threat to the traditional way of life in some IP theft, and money laundering.infrastructure and distribution networks. areas. This, combined with populist, Insufficient attention: Perhaps becauseThey are also vulnerable to the officials aggressive political leaders and strong unionization, could provoke physical risks the upswing appears to be recent, thewho oversee infrastructure operations and to high profile investors and managers. sector as a whole seems to be giving theto any other individual with whom goodscome into contact. An example of this is issue less attention than its peers. In a world of modern retail, India standsthe practice of transport companies that out as one of the last great investment K  espite its high level of fraud Dare hired because they have family links to prevalence, a below average number opportunities. The first investors will bethe key official who controls the state of sector companies deploy every anti- attracted by the seemingly limitlessborder crossings. Kroll investigated one fraud measure covered in the survey. opportunities. However, the risks they face,company who used this tactic to whether they are be they political, sectoral, K  pending on nine out of ten of these Sdramatically reduce the transit time from physical, labor, or regulatory in nature, are measures is also predicted to be lessthe south of India to Delhi – from three equally daunting. Market entry must bedays to one and a half. Other sources of widespread in this sector than for the carefully planned with a steady flow ofshrinkage include: short-weighing, survey as a whole, with only 8%, forpilferage, insecure vehicles, and poor business intelligence feeding the business decision process. example, spending to bolster IPproduct handling, all producing losses to be security – less than the numbercovered by the retailer. affected by IP theft, and about one- Richard Dailly is a managing directorTracing shrinkage is an enormous challenge. third of the survey average (23%). in Mumbai. He has many years ofGiven that most transactions are still experience working in international The retail, wholesale and distributionhandled on paper-based systems, the audit politics and political risk for the British government and Kroll. Richard has a sector needs to act to address the recenttrail for the movement of goods is oftenimpossible to follow. Large retailers reveal deep understanding of investigative uptick in fraud. Otherwise, levels of and intelligence techniques and fraud risk may only increase.that they have not been able to achieve any analysis, in support of corporate investigations, duemore success than their smaller competitors diligence, political risk and litigation support. Written by The Economist Intelligence Unitwhen it comes to combating shrinkage. Kroll Global Fraud Report • Annual Edition 2009/2010  |  31
  • 32. viewpoint Multiple-source reporting: What works for tax fraud could work for Ponzi schemes Third, the current system has no Using IRS-type reporting mechanisms, requirement for investment advisors to use an independent custodian. BMIS truthfully Ponzi schemes such as Madoff’s could disclosed that it did not do so. By have been uncovered sooner, permitting advisers to provide self-custody, current law facilitates misrepresentations says Dr. Marcia Kramer Mayer. about assets under management. The danger is compounded if the advisor usesH ow does $65 billion in assets Clearly, we need a better way. From the a captive, no-name auditor, as did BMIS. purportedly under management go standpoint of early monitoring rather than Finally, in the current system oversight is missing? That was the sum of the probable-cause investigation, the current resource-intensive. Large numbers ofaccount values that Bernard Madoff regulatory regime for investor advisor fraud financially sophisticated inspectors wouldInvestment Securities (BMIS) reported to detection falls short on four counts. be needed to conduct routine,clients throughout North America, Europe, First, most investment advisors are not comprehensive reviews competently. Budgetand Latin America on their November 2008 required to register with the SEC. Some constraints preclude such an approach.statements. Virtually none was real, as the are exempt because they manage less thanworld learned days later when the biggest- Two proposals of note try to address the $25 million, but a significant number areever Ponzi scheme came to light. Some problem. The Obama Administration’s5,000 direct investors and untold thousands exempt because they have fewer than 15 regulatory reform bill would require hedgewith money in feeder funds saw their clients, as each hedge fund advisee counts fund advisors to register with the SEC ifsupposed net worth collapse in an instant. as just one client for registration purposes. they managed at least $30 million in assets. Second, SEC registration is not a game- A pending SEC proposal would effectivelyAn exhaustive report issued on 31 August2009 by the SEC Office of the Inspector ender for Ponzi operators. Madoff was mandate a qualified independentGeneral (OIG) tells the story of how the SEC registered but lied in his disclosures. On his custodian. Both measures would help inwas fooled by Madoff’s machinations last Form ADV, filed January 7, 2008, he Ponzi scheme detection, but they do not godespite the creditable and detailed reported $17 billion in assets under far enough.complaints and significant red flags that management: far below the $65 billion he One concern about the SEC plan is that awhistleblowers and journalists brought to told investors later that year – even though supposedly independent custodian mightits attention as early as 1992, and the two markets had crashed in the interim – but be complicit with a scheming advisor.investigations and three examinations that higher than the negligible amount he Another is that a Ponzi artist might directensued. The OIG report rules out actually held on their behalf. Another huge substantial incoming customer assets ininappropriate connections or influence as falsehood was his reported client count: 23, such a way that the custodian neverfactors in the bungled investigation. versus the 4,903 active accounts that learned of them, and so could not see themRather it finds the problem to have been administrators found upon the firm’s getting siphoned off.inexperience and financially naive staff, demise. The SEC simply has no ready waymisplaced priorities, internal communication to validate the representations of registered As for the Administration bill, investmentfailures, and lack of appropriate follow-up investment advisors or even to know when advisors to funds are covered but thoseand the repeated failure to seek third-party they are giving contradictory stories to with discretion over non-pooled monies arecorroboration of Madoff’s claims. customers and regulators. not. Madoff did not operate a hedge fund;32  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 33. viewpointhe purported to invest on behalf of clients individual investors encouraged, to provide assets that the custodian did see. Anindividually. Another weakness is that the the SEC with data about each advisor’s advisor engaged in such asset diversionbill gives the SEC no means to test the managed assets, would be preferable. would report to the SEC only those assetsveracity of a registrant’s disclosures. If a under management to which its custodian Investment advisors with at least $30custodian were complicit with or deceived was privy. If the SEC had no ready means million under management would beby an advisor client, the task of asset of learning that the advisor was reporting required to report quarter-end assets byvalidation would fall to the SEC. larger numbers to investors, the scheme account – identified by code, not name. might go undetected. An asset-divertingThe law should better equip the agency Custodians would have to report quarter- advisor, however, would have no protectionto perform its investigations. If Congress end assets under management for each under this plan from random investorsand the SEC are serious about protecting advisor-client. To give teeth to this reporting their individual account assetinvestors from Ponzi schemes, they need mandate, advisors would be required to values. Unless the advisor informed thelook no further than the Internal Revenue use an independent custodian. SEC of all account-level assets, any oneService (IRS) for an approach that is both investor report could trip it up.simple and well tested: multiple-source Investors would be invited – but not required – to report quarter-end assets In the end, Ponzi scheme preventionreporting of entity-specific data. Rather under management by advisor and account. and detection requires keeping an eyethan accept at face value the incomecomponents that taxpayers report on This data would be fed into software that on customer assets. If investor self-interesttheir personal tax returns, the IRS made comprehensive comparisons can be harnessed to motivate at least somecomprehensively cross-checks those efficiently, checking whether the total advisory clients to report their assets underclaims against statements of wages, assets under management per an advisor’s management. And if advisors can be madeinterest, dividends, and gross sale aggregate reported account-level assets to fund the system, securities regulatorsproceeds submitted by employers, matched the overall sum given by the who adopt a multiple-source reportingfinancial institutions, and other income custodian, and whether account-level system such as the one proposed here canpayers. It then attempts to reconcile any assets as per the advisor agreed with those tackle the Ponzi problem quickly, effectively,identified discrepancies. Routine cross- reported by participating investors. and at minimal cost to tax payers.checking improves the accuracy of the For any given date and level of aggregation,final numbers not only by correcting Dr. Marcia Kramer Mayer is a senior the values should agree. If there were large, vice president of NERA Economicerrors but also by motivating honest numerous, or recurrent discrepancies for Consulting, where she directs projectsreporting in the first place. an advisor, a well-focused SEC inquiry in the areas of securities and finance. could be launched to determine whether She has examined issues of marketThe SEC must be similarly empowered to efficiency, class certification, liability,routinely and cost-effectively validate the any claimed assets were missing. materiality, damages, settlementdata that it needs to police investment The involvement of individual investors is prediction, and claiming rates in hundreds of shareholder class actions. Dr. Mayer came to NERA fromadvisors. Instead of having it rely the linchpin of this plan. Even with a truly the American Stock Exchange, where she was a Viceexclusively on the most self-interested independent custodian, an advisor could President. In her prior academic career, Dr. Mayer was aparty – the advisor – for routine run a Ponzi scheme by having some Lecturer in the Department of Community Medicine atinformation on assets under management, investment monies deposited into accounts the State University of New York at Stony Brook and an Instructor at Swarthmore College. She holds a Ph.D ina system under which multiple of which the custodian was unaware, while economics from Harvard University.organizations would be required, and the firm ran a legitimate operation with Kroll Global Fraud Report • Annual Edition 2009/2010  |  33
  • 34. Consumer goodsChinese fakes in Kor Anyone traveling to Asia can find illegal the Notorious Markets List. For the firstNicholas Blank immitations simply by walking through time, however, South Korea is not on even local marketplaces. With vendors and hiddenT the USTR Watch List, and neither he global apparel market is predicted showrooms spread through mazes of alleys, Dongdaemun nor nearby Namdaemun to reach nearly $1,800 billion by 2011.1 these places attract tourists on buying Markets are listed as notorious markets. Globalization has shifted production sprees for cheap designer fashions. Sometoward developing countries, especially counterfeit garments are outright unlicensed Despite Seoul’s persistent intellectualChina. That country’s National Garment property rights efforts, major problems copies; others are made by authorizedAssociation estimates Chinese production remain. Recently Korean Customs, for manufacturers that fail to prevent rejectscapacity at 52 billion pieces per year. The from “going out the backdoor.” example, acted against an online dealercountry’s 120,000 manufacturers give who sold, over two years, 70 thousandUnited States and European fashion China is struggling to clean up. Accordingcompanies a wide variety of potential counterfeit luxury items worth $1.26 to Kroll’s Global Fraud Survey, nearly asuppliers. Along with the benefits of quarter of companies in this region have million. The dealer procured his stock fromincreased competition, however, a dark experienced IP theft in the last three years. Namdaemun Market. Anotherside has emerged: counterfeit apparel. The country is on the United States Trade counterfeiting operation sold 10,000 pairs Representative’s (USTR) Special 301 Priority of grade ‘A’ copies of shoes at Dongdaemun1  ttp://www.fashionproducts.com/fashion-apparel- h overview.html Watch List and has two marketplaces on and Namdaemun Markets.34  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 35. Consumer goodsean markets EIU survey Above average results: The efforts made by the consumer goods sector to reduce levels of fraud are above average compared with other industries, and the economic downturn is notMany of Korea’s counterfeits originate in were Chinese-made. As proof of local origin, having an undue impact on fraud incidence.China. Guangzhou is a key location for they said that orders could be delivered to K  onsumer goods companies suffered below C average financial damage from fraud, withprocuring fakes to ship back to Seoul. their stalls in two to three days. Yet none the typical firm losing only $2.8 million, orSeveral years ago, working with the local gave further details about their factories in 31% of the survey average in the last threeAdministration of Industry and Commerce Korea. It seemed plausible that their garments years, the lowest amount for any sector. The 2008 survey yielded a much higher figure for(AIC), Kroll organized raids against stalls in were actually imported from China. the preceding three years of $12.7 million.Guangzhou’s Wan Tong garment market. The fall may be exaggerated, as last year’sSeveral times, Korean nationals arrived on One vendor at Namdaemun, selling soccer figure is also far out of line with that of uniforms, did admit that he bought them 2007 – $0.7 million – suggesting a statisticalthe scene during the raid. Unable to speak from a Chinese factory and then had them blip. Nevertheless, there was clearlyMandarin, they would argue with AIC movement in the right direction.officers through translators. One Korean, modified. It is easy to buy, or even custom K  nly 13% of industry respondents believe Owearing dark sunglasses, demanded to see order, “Made in Korea” tags and sew them that the global economic crisis has led to athe AIC officers’ badge; another became onto imported garments. deterioration in the overall incidence of fraud, compared with 30% for the survey asphysically aggressive. Clearly the raids were a whole. Moreover, just 13% again say that Corporate brand protection efforts todisrupting a profitable trade route. they have seen a rise in fraud in the last year, address these issues can include, among compared with 32% who have seen aTraditionally Koreans have a stronger other things, training programs for officials decrease.presence in Northern China. Investigations to familiarize them with English language K  he percentage of companies that report Taround Qingdao indicate Korean brand names; garment tracing from major being hit by fraud in the previous threeinvolvement in counterfeiting there. During distributors back to factories; review of all years has decreased from the last survey for seven out of ten categories covered,our investigations in the region, Kroll also licensee relationships; and preventive sometimes substantially. For example, 22%found smuggling routes from Northern measures, such as regular audits of OEM report suffering from information theft,China into South Korea, with smugglers and in-house factories. An audit that down from 32%, and 13% had experienced IT theft according to this year’s figures,posing as passengers on ferries from Dalian prevents T-shirts and jeans from being lost down from 30%.to Inchon. Cargo agents, based in a cheap “out the back door” in China could very well Weak points: Small-scale fraud is widespread,hotel near Dalian, often help with visas and save time and money in Korea. and the industry has two particular weakshipping arrangements. The Korean Customs points: loss of physical assets; and vendor,Service, in a crackdown from January to supplier or procurement fraud.May 2009, dealt with 186 cases from China. Nicholas Blank is an associate K  verall, 87% of sector companies O managing director and head of Kroll’s experienced fraud in the last three years,To learn more about the origins of fake Seoul office. Nick is fluent in little changed from the 2008 survey figure of Mandarin and has over ten years of 88%.apparel in Korea, we surveyed vendors at experience working in China. K  hysical security is the sector’s most PNamdaemun and Dongdaemun Markets. widespread problem, and one thatThey almost all denied that their garments companies need to afford more attention. K  8% of consumer goods firms have suffered 4 from theft of physical assets in the last three Report Card Consumer goods years. Financial Loss: Average loss per company over past three years $2.8 million (31% of average) K  nly 9%, however, consider themselves O highly susceptible to this type of fraud Prevalence: Companies suffering fraud loss over past three years 87% Increase in Exposure: Companies where exposure to fraud has increased 68% Moreover, although 83% of consumer goods companies have physical asset security High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds measures in place – the best figure of any Information theft, loss or attack (15%) • IP theft, piracy or counterfeiting (15%) industry – in the near future only 30% expect Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years to bolster these measures. The latter figure is Theft of physical assets or stock (48%) • Vendor, supplier or procurement fraud (35%) less than the survey average (37%), even Management conflict of interest (26%) • Information theft, loss or attack (22%) though losses in this area are far more Regulatory or compliance breach (20%) • Corruption and bribery (20%) frequent in this sector than elsewhere. Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year K  5% of sector respondents have suffered 3 IT security (47%) • Financial controls (44%) • Staff training (37%) • Management controls (33%) Physical assets security (30%) from vendor, supplier or procurement fraud in the last three years, compared with 20% 0 % 10 20 30 40 50 60 70 80 90 100 overall. Corruption and bribery K  ewer consumer goods companies than F Theft of physical assets or stock average have client and vendor due diligence measures in place (41% compared Money laundering with 46%), and investment in such Financial mismanagement protection is also likely to be less widespread Regulatory or compliance breach than average over the next year. Internal financial fraud or theft The threat of fraud is less severe for consumer goods firms than for those in many other Information theft, loss or attack sectors, and the financial losses are the lowest. Vendor, supplier or procurement fraud Nevertheless, fraud remains a widespread IP theft, piracy or counterfeiting problem, and two particular areas – theft and vendor fraud – merit greater attention. Management conflict of interest Highly vulnerable Moderately vulnerable Written by The Economist Intelligence Unit Kroll Global Fraud Report • Annual Edition 2009/2010  |  35
  • 36. Travel, leisure & transportation Fraud risks in commercial aviationVander Giordano Fraud, too, is a danger in this sector. Finance: Although companies tend to According to Kroll’s recent Global Fraud dedicate the bulk of their anti-fraudT Survey, the problem is increasing in the resources to protection against financial he aviation sector is among the most transportation and leisure industry. crime, this remains the most exposed area. exposed to the world economic crisis. Operational costs are high and Moreover, economic and operational Currency exchange rates are essential tomargins very low. Exchange rate developments such as those noted above airline activity, especially for internationalfluctuations in countries with unstable can make fraud more complex and harder firms. As such, relationships withcurrencies, for example, or fuel price to address. Aviation firms need well-thought- brokerages require careful monitoring andvolatility can lead to increased debt or poor out management strategies with up-to-date companies should make sure that alleconomic performance. Financial risks controls and continuous monitoring to activity fits strictly within the company’scan also come from non-economic factors: prevent fraud wherever possible. foreign exchange policy. Aircraft leasingair disasters, even when a company’s own contracts can also be a source of problems;planes are not involved, can bring an Here are some common situations and the managers should therefore regularly reviewimmediate fall in every airline’s seat sales, related potential fraud risks industry contract terms and service performance.impacting the whole industry. executives should consider. Background checks usually uncover red flags that are often not raised by day-to-day Report Card Travel, leisure and transportation monitoring systems. Financial Loss: Average loss per company over past three years $10.2 million (116% of average) Marketing: The results of marketing are Prevalence: Companies suffering fraud loss over past three years 89% often the most intangible of any purchased Increase in Exposure: Companies where exposure to fraud has increased 83% service, so they are the hardest to evaluate High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds and control. Service measurement Information theft, loss or attack (21%) • Regulatory or compliance breach (19%) techniques should include microeconomic Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in past three years Theft of physical assets or stock (47%) • Internal financial fraud or theft (32%) • Regulatory or compliance analysis and market studies previously breach (30%) • Management conflict of interest (26%) • Information theft, loss or attack (23%) • Financial agreed in the contract with the service mismanagement (21%) provider. Without these, although a contract Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year IT security (60%) • Financial controls (57%) • Physical asset security (47%) • Management controls (38%) may be technically fulfilled, companies Staff training (30%) • Due diligence (30%) might well pay more than the activities are 0 % 10 20 30 40 50 60 70 80 90 100 worth. Corruption and bribery Cargo: Cargo transportation has always Theft of physical assets or stock been an important revenue source for Money laundering airlines. Some, mainly small companies, Financial mismanagement however, do not have extensive cargo Regulatory or compliance breach transportation departments and many Internal financial fraud or theft airports lack proper storage facilities, Information theft, loss or attack making theft easier. Airway bills also Vendor, supplier or procurement fraud require strict control. Incorrect weights IP theft, piracy or counterfeiting or taxes on these bills can lead to losses. Management conflict of interest Moreover, false content declarations are Highly vulnerable Moderately vulnerable both illegal and can put the whole company at risk.36  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 37. Travel, leisure & transportation Handling: The implementation of contracts for the use of equipment such as EIU survey boarding ladders, push backs, power plants, and loaders for baggage handling must be A worrying increase: Surveys from previous thoroughly checked. Recording the time years indicated that fraud within the travel, and equipment actually used provides leisure and transportation industry was a smaller problem than for many other useful data for certifying the fulfillment of sectors. This year the data are more of a contracted services. In a recent project, for cause for concern. example, it was noticed that during the loading of an A319 aircraft a luggage K While the average loss over the preceding  conveyor belt was not used, but the airline’s three years has been growing slightly auxiliary service provider charged for its across the survey, in this sector it rose to $10.2 million, or 116% of the average, use nonetheless. dramatically up on the 2008 figures of Luggage: The logistics involved in luggage $2.5 million and 32%. handling must be as efficient as all the K The proportion of companies hit by any  other processes relating to the arrival and type of fraud declined only slightly, to departure of aircraft. Mistakes can happen, 89% from 91%. This too exceeded last and bags get diverted from the right year’s survey average (85%). destination. In some cases, however, we K Travel, tourism and leisure sector firms  have found frauds varying from false suffer from a broad range of incidences of content declarations to the issuing of fraud, rather than a dominant one. In the refunds for supposedly lost luggage that last three years, 47% experienced theft of was never checked. Moreover, despite physical assets – the third-highest rate of automatic controls, repeated fraud related any industry; 32% faced internal financial to excess baggage weight can cause fraud and 30% regulatory or complianceTicketing: The rapid evolution of ticketing breaches, in both cases the greatest considerable long-term losses.systems and related software has helped proportion of any sector; and 26%reduce fraud in this area. The ticketing Frequent Flyer Programs: Although not suffered from management conflict ofprocess is still vulnerable to attack at the most common cause of fraud in the interest, the second worst performance.numerous points, however, especially when sector, the abuse of mileage programs has Contradictory spending: The industry ispayment is by credit card. Gangs specializing seen considerable growth. In a recent addressing the issue through greater anti-in card cloning use repeated ticket buying investigation, we documented the improper fraud spending, but efforts are inconsistentto obtain money. Corporate internal control transfer of miles to friends and relatives, and hampered by cost-saving measures.systems should thus be synchronized with data manipulation to improperly credit K This sector is traditionally near or above alerts issued by card companies. Moreover, miles to unqualified individuals, and the average in its deployment of anti-fraudcredit approval systems must block sending of malicious emails to obtain data measures covered in the survey. Thissuspicious transactions that are abnormal illegally and misappropriate the points of should improve over the next 12 months.given the usual rate of regional card activity program members. More sector firms than average expect toand the card holder’s profile. spend on seven out of ten of these Information Technology: IT supports measures, and in two of the other casesMaintenance: The acquisition of aircraft numerous aviation company procedures, the difference is less than 1%. Inparts is crucial to an airline’s success, often from aircraft navigation, through ticketing, particular, more companies plan to investrequiring precise logistical execution in the to financial management. Information in enhanced asset security (47%) than inface of great urgency. Businesses in the systems are therefore targets for fraud. An any other sector.sector live or die by their agility, and investigation for an airline headquartered K Cost-cutting elsewhere, however, is grounded aircraft mean lost income. in Latin America identified a US$10 million leading to problems: 25% admit thatFor maintenance technicians, Aircraft on fraud that used a fake register of suppliers efforts to save money have weakenedGround (AOG) – means a top priority in the Enterprise Resource Planning system. internal controls and increasedsituation. Urgency, however, must not lead Well designed policies, controls, password vulnerability to fraud, the worst result forto those responsible for procurement protocols, and accessibility rules, mainly for any industry.compromising on the quality of parts or management software, can minimize risks. K The same number of companies say that suppliers. Fake parts are distributed by This brief review underscores that airline pay restraint in the current environmentsuppliers which very often have no companies need appropriate controls has also raised such exposure, again acertification from civil aviation regulatory specific to each area of operation. They also problem that is more widespread in thisagencies. Checking a supplier’s sector than anywhere else. This may, in need to align such controls with thedocumentation, as well as researching turn, exacerbate the industry’s traditional creation of a compliance culture. Only problem of high staff turnover, which 36%market prices, can reveal irregularities. through the commitment and support of say has made them more susceptible toCatering: Although on-board food services every employee is it possible to reduce the fraud this year.have seen reduced menus in recent years levels of fraud within the aviation industry. Fraud is a growing problem for travel,to allow airlines to lower ticket prices, transport and leisure companies, so theyeffective controls in this area can still help need to look not only at anti-fraud Vander Giordano is a managingcompanies avoid fraud and other losses. director based in São Paulo and measures – which are already beingOne useful approach is to occasionally specializes in business development for undertaken by many companies – butreconcile, by route and type of aircraft, the Latin America. He is a member of the also at consistent behaviour that minimizesnumber of on-board meals with the Brazilian and International Bar fraud risks. Associations and has worked in anumber of passengers. This practice often number of areas in the airline industry. Written by The Economist Intelligence Unitraises red flags of potential fraud. Kroll Global Fraud Report • Annual Edition 2009/2010  |  37
  • 38. Construction Three predictions for the future: The impact of the global economy on construction During one of the initial debriefings of the Coppotelli: How did you do that?Blake Coppotelli CI, he explained the circumstances under CI: We contacted people who worked withI which his participation in the cartel began. n 1998, as part of the investigation into and for our clients, and who were responsible The dialogue went something like this: for procuring contracts – project the metropolitan area’s interior construction industry by the New York Coppotelli: What brought about the consultants and managers, designers,County District Attorney’s Office, I cooperated bid-rigging? architects, engineers, and facility managersone of the largest general contractors (CI) in within our potential customer base. Wethe United States. The CI was a participant CI: In 1989, the United States real estate talked to anyone who could steer the awardin the biggest kickback and bid-rigging market crashed. From 1989 through 1991 of a contract and we offered to give themcartel in the history of the New York City the opportunities dried up, but the a cut of the action. We also hedged our betsconstruction industry. He, along with competition remained the same. The larger and beat up on subcontractors to kick usapproximately forty other individuals and firms were competing for practically no back about 10 percent of their contractscompanies, subsequently pled guilty to work, and struggling to win enough work enabling us, among other things, to reducevarious felony crimes, including commercial to stay afloat, make payroll, and maintain our pricing. It was easy. Everyone was inbribery, after the inquiry uncovered our standard of living. We had to do the same boat because of the collapse.pervasive bid-rigging on billions of dollars something, so some of us decided to make Almost no one refused.worth of private and public contracts. sure that we won what work was out there. Over the course of the investigation, we negotiated the cooperation of over a dozen Report Card Construction high level industry executives. Each told Financial Loss: Average loss per company over past three years $6.4 million (73% of average) the same story. Most provided the Prevalence: Companies suffering fraud loss over past three years 91% following additional guidance, “You should Increase in Exposure: Companies where exposure to fraud has increased 86% High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds also be focusing on the unions and Information theft, loss or attack (21%) • Corruption and bribery (21%) • Vendor, supplier, or procurement fraud (20%) organized crime. They have been affected Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years just as much by the collapse of the market, Corruption and bribery (38%) • Theft of physical assets or stock (36%) • Financial mismanagement (29%) Vendor, supplier or procurement fraud (25%) • Information theft, loss or attack (23%) • Regulatory or compliance and they have been hammering us. breach (23%) • Management conflict of interest (21%) They are the ones controlling the labor Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: Financial controls (59%) • IT security (54%) • Physical asset security (39%) • Staff training (39%) costs. If organized crime controlled Management controls (36%) • Due diligence (34%) companies can cut their labor costs, it 0 % 10 20 30 40 50 60 70 80 90 100 won’t matter what we are doing, and Corruption and bribery they can do it easily by controlling, Theft of physical assets or stock threatening or greasing the unions.” Money laundering The investigation confirmed one critical Financial mismanagement fact: once the structure of fraud was in Regulatory or compliance breach place, the criminal activity continued well Internal financial fraud or theft past 1991 in spite of a market recovery. Information theft, loss or attack The schemes did not stop until they were Vendor, supplier or procurement fraud uncovered by the investigation. IP theft, piracy or counterfeiting Since October, 2008, public and private Management conflict of interest construction around the world has suffered Highly vulnerable Moderately vulnerable in unparalleled ways due to the global financial crisis. By January, 2009, the38  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 39. ConstructionAmerican Institute of Architects Consensus law enforcement efforts currently in placeNonresidential Construction Forecast Panel to combat this behavior as well as the EIU surveypredicted that office, hotel, and retail accountability initiatives of the federal andprojects would decrease over the next two state agencies overseeing the distribution Fraud levels are down: This sector traditionallyyears by 28.8, 25.8, and 32.4 percent and use of the stimulus funds are outdated has a widespread fraud problem. Since the last survey, the level of financial loss to fraudrespectively. Global Insight said that the and arguably inadequate. has abated significantly, owing most likely tosame sectors over the next two years would the substantial decline in construction contractsdecline by 38.1, 40.0, and 34.1 percent. So, what recourse is there? Federal and in 2009.Moody’s Economy.Com put the expected state agencies need to do more than just K  he average loss per company to fraud over Tdrops at 45.6, 21.5, and 35.7 percent, and institute the safeguards promulgated by the the last three years was $6.4 million, or 73%FMI at 36.3, 31.8, and 56.7 percent. All four Recovery Accountability and Transparency of the survey average. This represents a Board. Those requirements, and the Board’s significant decline on the 2008 survey figurehave increased their pessimism in one of $14.2 millionsector or another as the year has checklist, will not prevent collusive bidding, kickbacks, public corruption, and labor or K  he prevalence of the problem, however, is Tprogressed. These numbers reflect the not declining at nearly the same speed: 91%condition and future of the United States material misusage abuses. These agencies of construction, engineering andconstruction industry. Clearly, its current and the private sector need to supplement infrastructure companies were hit by somestate has eclipsed that of the 1989 to 1991 their current resources and enlist or form of fraud in the last three years, down employ construction fraud experts to: slightly from the 2008 proportion of 95%, butcollapse, and looks set to worsen in the still well above the survey average of 85%.years to come. K monitor procurement proactively; K  he types of fraud incidences are also T K forensically analyze the scope of work changing, sometimes dramatically. ForSo, what can history teach us? and costs submitted in bids; example, 38% experienced corruption and bribery, up from 28% in the last survey. ThisHere are three predictions K conduct detailed anti-fraud related was the highest figure of any sector, no doubtfor the next three years: background investigations on vendors because so much of current available work is and their principles or key managerial government funded.Fraud will increase dramatically in the agents; K  ther frauds declined in prevalence, such as Oprivate commercial construction industry. management conflict of interest from 29% toCollusive bidding, bid-rigging, kick-backs, K forensically examine the legitimacy of 21%.and billing schemes for core and shell and costs in all requisitions or invoices as Awareness of the problem: Although sectorinteriors work will increase significantly well as of those underlying change orders companies realize that they have a problem,by necessity. There will be a resurgence of and “time and material” work; these shifts help to explain why their efforts are“pay to play” practices or companies will not always focused in the right areas. K institute investigative oversight of workbe forced out of business. K  he sector has the highest proportion of firms T performed, including the integrity of calling themselves highly vulnerable to vendorFraud will increase substantially on public labor and materials used on the project; fraud (20%) and the second highest to K require complete transparency in the corruption and bribery (21%),contracts, particularly infrastructureprojects. The federal stimulus package will disclosure and tracking of all vendor costs; K  ector companies are more likely than S average to invest in eight of the ten anti-act like a magnet, drawing ethical and K enhance intra- and inter-agency fraud strategies in the survey, and are leadingcorrupt alike, and will favor the dishonest communication to facilitate the sharing all others in spending on financial controlsas political and public corruption, collusive of critical information related to vendors (59%) and staff training (39%).bidding, bid-rigging, and prevailing wage and, to the extent possible, information K  onversely, although regulatory breaches are Cviolations flourish. relatively widespread in this industry, only 9% related to active or planned criminal of firms believe that they are highlyLabor Racketeering and organized crime investigations. vulnerable to the problem – below the surveyactivities will rise sharply on both public average of 13%. Agencies and the private sector should notand private contracts. Unscrupulous union Contradictory effects of the downturn: The rely on project auditors, project consultants, impact of the downturn and the demands ofrepresentatives and/or organized crime or construction managers to conduct this survival are throwing up particular challengescontrolled unions will increase their work. Although they say that they provide beyond greater levels of corruption.activities, allowing corrupt and/or integrity monitoring services, project K  4% believe that the financial crisis has 3organized crime controlled companies to auditors reconcile contracts against work increased the level of fraud at theirviolate their collective bargaining organizations and 16% say reduced revenues completed and costs incurred, and do notagreements, particularly their union wage or growth are in themselves making them conduct fraud analysis. Construction more vulnerable to fraud.rates, or prevailing wage requirements, so managers and project consultants have K  ome of the demands of the industry, Sthat they can lower their labor costs and numerous conflicts of interest in handling exacerbated by current conditions, are causingunderbid honest competitors. these anti-fraud tasks, do not have any particular difficulties: the sector has the fraud detection or prevention expertise, highest percentage of companies where highMake no mistake. Consistent with historical staff turnover is increasing vulnerability toprecedent, corrupt contractors, labor and potentially should be part of the group fraud (38%), as well as the highest figure forofficials, and organized crime have spent monitored. those saying greater collaboration isthe past nine months planning, organizing, contributing to the problem (27%). The message, then, is “praemonitus,and coordinating their activities to survive As the downturn reshapes the fraud picture and praemunitus,” forewarned is forearmed. increases vulnerability, it may also be responsiblethe current economic downturn. These for the reduction in financial losses. Whereasplayers look to government stimulus over one-third said that the economic situationcontracts as a vital source of revenue, a Blake Coppotelli is a senior managing was creating more fraud, only 20% had seen an director of Business Intelligence & overall increase in levels of fraud at theironce in a decade opportunity that they will Investigations and head of Real Estateseize at any cost. They have been actively companies, compared with 31% who had seen a Integrity services based in New York. decrease in the last year. Here, as elsewhere,planning and coordinating their efforts, and A former prosecutor for 13 years, there simply may be less money to steal.cultivating political connections. Their he served as chief of the Labor Racketeering Unit and Construction Overall, the sector’s vulnerabilities are growingtactics and planning place them well ahead even while its losses are declining. Industry Strike Force in the Manhattan Districtof their competition’s legitimate business Attorney’s office. Written by The Economist Intelligence Unitinitiatives. What is more, federal and state Kroll Global Fraud Report • Annual Edition 2009/2010  |  39
  • 40. Fraud vulnerabilityFraud heatmap: wherpain, and how it reactA s in previous surveys, we have laundering a high threat to financial services attempted to plot significant areas of reflects the fact that it experiences this more “Corruption and bribery and fraud loss for particular sectors using than other sectors, not that money regulatory and compliancea heatmap. The pattern that emerges is clear laundering is common in banking (it isn’t).and straightforward – each sector has its What also emerges is that some fraud breaches apply to sectorsown risk profile, typically caused by its threats are relatively pervasive – mostexposure to risk from clients, suppliers, staff sectors experience them at different times: with government as aand governments or regulators. These dictate theft of assets or stock, financial regulator or client”the types of threat it faces from fraud. mismanagement, and (a sign of changingThe grid in Figure 1 averages the findings times) information theft, loss or attack andfrom Kroll’s Global Fraud Surveys in 2007, IP theft, privacy or counterfeiting. These are a regulator or client. Internal financial fraud2008 and 2009 and it shows specific fraud the most basic forms of fraud. Others are or theft affect businesses in particular wherethreat by sector. We have regarded a sector more specific to certain sectors: corruption cash and cash handling is importantas especially highly exposed if its exposure is and bribery, regulatory and compliance (financial services, retail, wholesale andhigher than other sectors. So calling money breach apply to sectors with government as distribution, and travel, leisure andFigure 1: Fraud experienced by survey respondents by sector Professional services Technology, media pharmaceuticals & Natural resources Retail, wholesale Financial services Consumer goods & transportation Manufacturing biotechnology & distribution Travel, leisure Construction Healthcare, & telecoms Corruption 16% 14% 24% 13% 16% 24% 20% 22% 19% 33% and bribery Theft of physical 28% 23% 46% 35% 30% 43% 43% 51% 44% 37% assets or stock Money 11% 4% 4% 4% 3% 4% 6% 2% 1% 5% laundering Financial 25% 17% 24% 24% 17% 17% 22% 21% 15% 30% mismanagement Regulatory or 28% 17% 21% 30% 17% 21% 21% 14% 21% 25% compliance breach Internal financial 27% 10% 19% 18% 9% 20% 28% 22% 18% 17% fraud or theft Information theft, 25% 28% 23% 22% 29% 24% 23% 25% 22% 19% loss or attack Vendor, supplier or 12% 16% 21% 18% 17% 21% 19% 25% 28% 23% procurement fraud IP theft, piracy, or 7% 15% 21% 20% 19% 11% 9% 14% 21% 9% counterfeiting Management 23% 23% 18% 24% 15% 33% 30% 18% 18% 24% conflict of interestWe have calculated the “hot spots” relative to how common a fraud threat is. So: a small proportion of financial services companies are confronted by money laundering,but this is very high compared to every other sector, so it is a “hot spot”. And: a relatively high proportion of financial services companies face theft of physical assets orstock, but this is much lower than, say, manufacturing or retail, so it is not a “hot spot”.40  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 41. Fraud vulnerabilityre industry feels thets transportation). Vendor fraud strikes those (financial controls, physical security, IT businesses with extended or complex supply security and protection of assets) are generic “Banks need more elaborate chains (construction and engineering, protection against several kinds of threat. measures to safeguard consumer goods, and retail, wholesale and Others (due diligence, staff screening, IP distribution). Money laundering is quite protection) are specific to sectors that face their finances than specific to financial services, with lower complex supply chains, sensitive internal levels of incidence in a couple of other areas. issues or regulation or high-value IP. consumer goods It figures, therefore, that each industry has Together, this mixture of threat and counter- companies, but they don’t its own profile when it comes to fraud measure makes for the risk profile of the countermeasures. Banks need more industry concerned. Each has prioritized the need to spend as much on elaborate measures to safeguard their threats it faces and the measures it is ready IP protection” finances than consumer goods companies, to take to prevent, detect or mitigate them. but they don’t need to spend as much on IP protection. Figure 2 shows the pattern of measures they have taken. Some areas Figure 2: Fraud countermeasures adopted by survey respondents by sector Professional services Technology, media pharmaceuticals & Natural resources Retail, wholesale Financial services Consumer goods & transportation Manufacturing biotechnology & distribution Travel, leisure Construction Healthcare, & telecoms Financial: financial controls, fraud detection, internal audit, external audit, anti-money 92% 69% 89% 85% 69% 89% 85% 73% 93% 86% laundering policies Staff: background screening 60% 41% 41% 53% 48% 43% 53% 42% 26% 36% Staff: training, whistleblower hotline 48% 25% 50% 51% 34% 59% 43% 38% 50% 45% Partners, clients and vendors: due diligence 49% 48% 53% 50% 38% 57% 40% 37% 41% 46% Reputation: media monitoring, compliance controls and training, 55% 31% 46% 44% 48% 50% 43% 31% 46% 38% legal review Risk: risk officer and risk management system 67% 25% 36% 44% 35% 54% 45% 27% 35% 38% IP: intellectual property and trademarks monitoring 26% 21% 47% 47% 41% 39% 25% 21% 57% 32% programme Assets: physical security systems, stock inventories, tagging, asset 63% 66% 81% 65% 58% 80% 70% 69% 83% 73% register Information: IT security, technical countermeasures 76% 58% 74% 74% 83% 80% 77% 67% 70% 68% Management: management controls, incentives, external 70% 48% 80% 62% 56% 73% 58% 54% 59% 73% supervision eg, audit committee Kroll Global Fraud Report • Annual Edition 2009/2010  |  41
  • 42. Fraud vulnerability Corruption fears grow Corruption and bribery are rising rapidly up the list of fraud issues worrying companies, the Kroll Global Fraud Survey shows. This year, concern about it has increased from around 11 percent of respondents to nearly 14 percent. The greatest concern remains information theft, loss or attack. Just over 20 percent of respondents consider themselves highly vulnerable to this issue, but that is down from nearly 25 percent last year. IP theft, piracy and counterfeiting have also declined as concerns. Slowdown in Theft of physical assets or stock – which, the survey shows, is the most business expansion common form of loss – is also rising up the list of corporate concerns. Percentage of companies which drives reduction consider themselves highly vulnerable to specific frauds in fraud factors 2009 2008 Corruption and bribery 13.9% 10.9%W Theft of physical assets 13.5% 11.5% hy should fraud fall during a The chart below illustrates the answers. or stock downturn? The answer is The answers vary by sector, but clearly that as economic activity – complexity of IT infrastructure is a Money laundering 4.8% 4.7%particularly the more risk-seeking, significant factor especially for financialenterprising sort – falls, so do the services. Entry to new and riskier Financial 10.7% 9.6%opportunities and drivers for fraud. markets is important for several sectors mismanagement – manufacturing, natural resources, and Regulatory or 12.8% 12.3%We asked respondents to our survey to a lesser extent construction and compliance breach which activities they believed had engineering, and financial services. Highincreased their exposure to fraud. staff turnover hits a number of sectors. Internal financial fraud 8.8% 7.7% or theft Three drivers of fraud Information theft, 20.1% 24.5% loss or attack Complexity of IT infrastructure (eg, proliferation of points of attack) Vendor, supplier or 11.5% 10.3% procurement fraud Increased collaboration between firms IP theft, piracy or 12.8% 16.9% counterfeiting Entry to new, riskier markets Management conflict 10.7% 13.2% of interest 0% 5% 10% 15% 20% 25% 30% 35%42  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  • 43. KROLL CONTACTSNorth America Latin America Asia Europe, Middle EastConsulting Services Consulting Services Consulting Services & Africa (EMEA)David Holley Sam Anson Tadashi Kageyama Consulting ServicesBoston Miami Hong Kong Richard Abbey1 617 350 7878 305 789 7100 852 2884 7725 Londondholley@kroll.com sanson@kroll.com tkageyama@kroll.com 44 207 029 5000Jeff Cramer Andres Otero Tsuyoki Sato rabbey@kroll.comChicago Miami Tokyo Brendan Hawthorne1 312 681 1500 +1 305 789 7100 81 3 3218 4875 Londonjcramer@kroll.com aotero@kroll.com tsato@kroll.com 44 207 029 5482Ken Mate Vander Giordano Nick Blank bhawthorne@kroll.comLos Angeles São Paulo Seoul Max Cawdron1 213 443 6090 +55 11 3897 0900 82 2 2021 2700 Madridkmate@kroll.com vgiordano@kroll.com nblank@kroll.com 34 91 274 79 53Robert Brenner Eduardo Gomide Violet Ho mcawdron@kroll.comNew York São Paulo Beijing Bechir Mana1 212 593 1000 +55 11 3897 0900 86 10 5964 7666 Parisrbrenner@kroll.com egomide@kroll.com vho@kroll.com 33 1 42 67 81 46Blake Coppotelli Matias Nahon Richard Dailly bmana@kroll.comNew York Buenos Aires Mumbai Tom Everett-Heath1 212 593 1000 +54 11 4706 6000 91 22 4244 0501 Dubaibcoppotelli@kroll.com mnahon@kroll.com rdailly@kroll.com 971 43050620Bill Nugent Glen Harloff Chris Leahy teverettheath@kroll.comPhiladelphia Grenada Singapore Marianna Vintiadis1 215 568 2440 +473 439 7999 65 6327 7642 Italybnugent@kroll.com gharloff@kroll.com cleahy@kroll.com 39 02 8699 8088Betsy Blumenthal David Robillard Background Screening mvintiadis@kroll.comSan Francisco Mexico City David Liu Background Screening1 415 743 4800 +52 55 5279 7250 Hong Kong Tony Shepherdbblument@kroll.com drobillard@kroll.com 852 2884 7716 London dliu@kroll.com 44 7917 857913David HessReston, VA Kroll Ontrack tshepherd@kroll.com1 703 796 2880 Data Recovery Kroll Ontrackdhess@kroll.com Adrian Briscoe Tim PhillipsKroll Ontrack Brisbane LondonTony Cueva 61 732 551 199 44 207 549 9600Eden Prairie abriscoe@krollontrack.com tphillips@krollontrack.co.uk1 952 949 4156 Legal Technologytcueva@krollontrack.com Ben PascoIdentity Theft Hong KongBrian Lapidus 852 2884 7769Nashville bpasco@kroll.com1 615 320 9800blapidus@kroll.comBackground ScreeningScott ViebranzNashville1 615 320 9800sviebranz@kroll.com Kroll Global Fraud Report • Annual Edition 2009/2010  |  43
  • 44. Headquartered in New York with offices in more than 60 citiesin over 29 countries, Kroll has a multidisciplinary team ofmore than 3,000 employees and serves a global clientele oflaw firms, financial institutions, corporations, non-profitinstitutions, government agencies, and individuals. Kroll is asubsidiary of Marsh & McLennan Companies, Inc.(NYSE: MMC), the global professional services firm.Experts in fraud intelligence Kroll also provides services inand investigations K Security ConsultingFor over 35 years, we have helped our K Background Screeningclients to prevent, investigate and recover K Data Recovery & Legal Technologiesfrom fraud. We specialize in investigation,forensic accounting and computer K Business Intelligenceforensics. Whether your problem is global, K Hostile Takeover, M&A andlocal or cross-border, we design solutions Hedge Fund Intelligencefrom our range of services, which include: K Employee & Vendor ScreeningK Corporate Internal InvestigationsK FCPA, Regulatory & Corporate Governance InvestigationsK Forensic AccountingK Compliance MonitoringK Asset Tracing & RecoveryK Intellectual Property ProtectionK Litigation SupportK Fraud Prevention TrainingK Process & Internal Controls AssessmentK Computer ForensicsK Expert TestimonyK Investigative Due DiligenceK Electronic DiscoveryK Government Contractor Advisory Services www.kroll.comK Identity Theft RestorationK Real Estate Integrity ServicesK Anti-Money Laundering ProgramsK Loss Prevention