Bank Fraud & Data Forensics


Published on

Presented at BerryDunn\'s Bank Taxation & Risk Management Forums - November 16 & 17, 2010

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bank Fraud & Data Forensics

  1. 1. Bank Fraud & Data ForensicsBank Taxation & Risk Management ForumsNovember 16, 2010 – South Portland, MaineNovember 17, 2010 – Concord, New HampshirePresented By:Bill Brown, CPA, CFFA, CFE Eigen Heald, MsIA, CISSP, GCFATodd Desjardins, CPA, CFE<br />
  2. 2. Overview<br />Introduction<br />Fraud Considerations for Banks<br />Computer Fraud and Data Forensics<br />Questions and Discussion<br />
  3. 3. Terms and Definitions<br />Fraud<br />Fraud investigation<br />Forensics<br />Forensic accounting<br />Digital forensics<br />
  4. 4. Reference<br />Statistics in this presentation, unless otherwise noted, are from:<br />The Report to the Nations - 2010 Global Fraud Study <br />Study of 1,843 cases of occupational fraud<br />published by the Association of Certified Fraud Examiners<br />
  5. 5. Small Businesses are Vulnerable<br />42.1%<br />$231,000<br />30.8%<br />$155,000<br />28.7%<br />26.1%<br />
  6. 6. Banks Have More than their Fair Share<br />
  7. 7. Other Disturbing Statistics<br />Median Losses<br />Tenure of perpetrator<br />Less than one year – $47,000<br />10 years of more – $289,000<br />Education of perpetrator<br />High School Graduate – $100,000<br />Postgraduate Degree - $300,000<br />
  8. 8. Other Disturbing Statistics<br />Percentage of Cases Reported<br />Department of Perpetrator<br />Accounting – highest – 22.0%<br />Internal Audit – lowest - 0.2%<br />Median Duration of Fraud Schemes<br />Overall – 18 months<br />Check tampering – 24 months<br />Expense reimbursements – 24 months<br />
  9. 9. Risk Factors<br />Financial Misstatement Fraud<br />Complexity<br />Perverse Incentives<br />Highly Subjective Valuation<br />Asset Misappropriation<br />Complexity<br />Inherent Lack of Accountability<br />Personal Trust<br />
  10. 10. Types of Fraud <br />External vs. Internal Fraud<br /><ul><li> External – perpetrators are outside the bank
  11. 11. Internal – fraud is committed by bank personnel</li></li></ul><li>External Fraud<br />Primarily executed by customers and outsiders, examples include:<br /><ul><li>Wire fraud
  12. 12. Mortgage fraud (material misrepresentation or omission)
  13. 13. Check fraud (forgery, check kiting, altered checks)</li></li></ul><li>Internal Fraud<br />Two Types of Internal Fraud:<br />Financial Statement Fraud<br />Highest median loss per reported case, however lowest frequency of occurrence<br />Asset Misappropriation<br />Lowest median loss per reported case, however the highest rate of frequency<br />Source: ACFE 2010 Report to the Nations<br />
  14. 14. Financial Statement Fraud<br />Asset/Revenue overstatement<br />Improper asset valuations<br />Timing differences<br />Concealed liabilities and expenses<br />Improper disclosures<br />
  15. 15. Asset Misappropriation<br />Unauthorized transfers/disbursements<br />Payroll schemes<br />Ghost employees<br />Expense reimbursement schemes<br />Theft of portable fixed assets<br />Others…<br />
  16. 16. Fraud Triangle<br />
  17. 17. Preventing and Deterring Fraud<br />Prevention and Deterrence<br />Perceived opportunity is the aspect of the fraud triangle that is most controlled by employers.<br /><ul><li> Strong internal controls and segregation of duties</li></ul>Review access rights on a consistent and periodic basis<br />Limit access to employee accounts (both solely owned or jointly owned)<br />Review employee account activity and teller activity<br />Dual control over wire transfers<br />Review of payroll change reports by someone independent of the payroll function<br />
  18. 18. Preventing and Deterring Fraud (Continued)<br />The list continues…<br />Robust review of suspense/clearing account activity – be certain the reconciliation makes sense and items are clearing timely and properly<br />Implement a fraud reporting mechanism that is anonymous<br />Maintain professional skepticism<br />Attitude and rationalization can be improved within companies by strong “tone at the top” and employee appreciation efforts<br />
  19. 19. Preventing and Deterring Fraud (Continued)<br />Best practice is to have a fraud risk management program in place<br /><ul><li> Brainstorming sessions:
  20. 20. Identify significant risk areas (multiple locations, business segments, etc.)
  21. 21. How is the importance of ethical behavior and appropriate business practices communicated?
  22. 22. What could go wrong?</li></li></ul><li>Digital Uses for Forensic Projects<br />Inappropriate and/or illegal activity<br /> E-mail and Internet abuse<br /> Unauthorized disclosure of corporate information<br /> Hacker Intrusions<br /> Intellectual property theft<br />Due diligence and valuation<br />
  23. 23. Common Sources for Accounting & Digital Forensics <br />Corporate investigations<br />• Civil litigation<br />• Attorneys<br />• State Courts<br />• Private Investigations<br />• Individuals<br />
  24. 24. Similar Procedures:<br />Discovery<br />• Timelines<br />• Parties involved<br />• Evidence gathering<br />• Reporting/testimony<br />Consider: Most fraud is committed with a computer!<br />
  25. 25. Digital Objects Used for Review<br /><ul><li> 1Computer, 1 laptop & server hard disks
  26. 26. Backup tapes</li></ul>Other Investigative Possibilities:<br /><ul><li>USB drives
  27. 27. Cell phones
  28. 28. GPS devices
  29. 29. Personal Media (iPods)
  30. 30. CD/DVDs
  31. 31. External Storage Drive</li></li></ul><li>Digital Analysis Activities<br />“Carving” out Logical Partitions for searching<br />Creating a timeline of activity<br />Keyword searches<br />Collection of relevant files<br />Recovery of deleted data<br />Documenting a history of:<br /><ul><li>Network activity – accessing server shares
  32. 32. Internet activity
  33. 33. Transfer of files to storage devices
  34. 34. Links to documents on the network</li></ul>Examining user profiles<br />Malware identification<br />
  35. 35. How Did Digital Discovery Help?<br />Identifying network activities<br />Email Review<br />Internet activities<br />Identifying collaborators<br />Ruling out other avenues of fraud<br />Identifying motivations for fraud<br />
  36. 36. Contact Information<br />Bill Brown<br /><br />Eigen Heald<br /><br />Todd Desjardins<br /><br />