Global Fraud Report 2009 2010


Published on

Kroll commissioned the Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2009.

A total of 729 senior executives took part in this survey. A little over a third of the respondents were based in North and South America, 25% in Asia-Pacific, just over a quarter in Europe and 11% in the Middle East and Africa. Ten industries were covered, with no fewer than 50 respondents drawn from each industry. The highest number of respondents came from the financial services industry (12%). A total of 46% of the companies polled had global annual revenues in excess of US$1 billion.

This report brings together these survey results with the experience and expertise of Kroll and a selection of its affiliates. It includes content written by The Economist Intelligence Unit and other third parties. Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstra and all the authors for their contributions in producing this report.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Global Fraud Report 2009 2010

  1. 1. Annual Edition 2009/2010Global Fraud Report Economist Intelligence Unit survey results Sector by sector analyses of fraud Regional fraud insights The use of technology in helping & hindering fraud Regulatory updates Global & local case studies And many more articles
  2. 2. Kroll commissioned The Economist Intelligence Unit to conduct aworldwide survey on fraud and its effect on business during 2009. A totalof 729 senior executives took part in this survey. A little over a third of therespondents were based in North and South America, 25% in Asia-Pacific,just over a quarter in Europe and 11% in the Middle East and Africa.Ten industries were covered, with no fewer than 50 respondents drawnfrom each industry. The highest number of respondents came from thefinancial services industry (12%). A total of 46% of the companies polledhad global annual revenues in excess of $1billion.This report brings together these survey results with the experience andexpertise of Kroll and a selection of its affiliates. It includes contentwritten by The Economist Intelligence Unit and other third parties.Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstraand all the authors for their contributions in producing this report.The information contained herein is based on sources and analysis we believe reliableand should be understood to be general management information only. Theinformation is not intended to be taken as advice with respect to any individualsituation and cannot be relied upon as such. Statements concerning financial,regulatory or legal matters should be understood to be general observations basedsolely on our experience as risk consultants and may not be relied upon as financial,regulatory or legal advice, which we are not authorized to provide. All such mattersshould be reviewed with appropriately qualified advisors in these areas.This document is owned by Kroll and The Economist Intelligence Unit Ltd., and itscontents, or any portion thereof, may not be copied or reproduced in any form withoutthe permission of Kroll. Clients may distribute for their own internal purposes only.Kroll is a subsidiary of Marsh & McLennan Companies, Inc (NYSE:MMC), the globalprofessional services firm.
  3. 3. ContentsGlobal Fraud Report Introduction.................................................................................. 4 Healthcare, Pharmaceuticals Tim Whipple, President, Kroll Consulting Services & Biotechnology A glimpse into Mexico’s shadow pharmaceutical market....24 EIU Overview.................................................................................... 5 The Economist Intelligence Unit overview Technology, Media & telecoms IT outsourcing: Is it worth the risk?........................................26 fraud vulnerability Summary of sector fraud profiles. ............................................8 . Natural resources The Foreign Corrupt Practices Act, regional analysis the Siemens settlement, and the energy sector....................27 Asia-Pacific overview..................................................................9 . regional analysis Financial Services Middle East & Africa overview................................................29 Fighting credit card fraud: Don’t overlook the low-tech battle........................................10 Retail, Wholesale & distribution But how could they do that to us?: India’s retail sector: The growth of affinity frauds.......................................................... 11 Risks that match the potential rewards....................................... 30 When the law lets you down..................................................12 . viewpoint Buyer beware: Information security and M&A activity........13 . Multiple-source reporting: What works Financial crime: What should insurers be worrying about?.14 for tax fraud could work for Ponzi schemes.............................. 32 Professional services Consumer goods The pitfalls of arbitration.........................................................15 Chinese fakes in Korean markets................................................... 34 Tackling client and data problems..........................................16 Travel, leisure & transportation regional analysis Fraud risks in commercial aviation................................................. 36 North America overview..........................................................18 Europe overview.......................................................................19 construction Three predictions for the future: The impact of the global Manufacturing economy on construction.................................................................. 38 Tackling compliance with conviction............................................ 20 Fraud vulnerability viewpoint Fraud heatmap: where industry feels the pain, The United Kingdom’s new anti-bribery legislation.............22 and how it reacts.................................................................................. 40 Not all identity theft is high-tech, Slowdown in business expansion drives reduction and no one is immune. ............................................................23 . in fraud factors..........................................................................42 Corruption fears grow..............................................................42 Kroll Contacts................................................................43 Kroll Global Fraud Report • Annual Edition 2009/2010  |  3
  4. 4. INTRODUCTIONIntroduction W e all hope that the worst of the Unfortunately, though, over one in five financial crisis is behind us – and financial services companies saw their most of us do not want to look internal controls weakened through cost back. This has been a year of painful cutting. It is understandable that in today’s adjustment in the harsh conditions of climate, they should seek economies. But recession. The prospects for 2010 look these will be false economies over the brighter, leaving us less inclined to focus on longer term if they lead to the resurgence the mistakes that brought us to this pass. of the same issues that so deeply damaged the industry in 2008-9. Yet there is ample reason to cast a glance over our shoulders as we look forward to “Tighter controls” will not be a popular the happier tasks of the new recovery. rallying cry in Wall Street, the City or Fraud, corruption, and all that go with it Nariman Point. The associated costs can may not have precipitated recession, but be hard to bear in difficult times – but the they certainly made its impact all the more cost of non-compliance can be harsher. painful. Losses, prosecutions, litigation, Compliance professionals know they have bankruptcies, were all sparked or to provide value for money.  In the risk exacerbated by the actions of groups or management world, so do we.  That means individuals in the years before; actions investment in people, systems, training and that went undetected and unpunished capabilities, to make sure that as the until too late. world’s leading global firm in the sector, Kroll can provide the best support. We have The conventional wisdom is that fraud goes continued to invest throughout the up in a recession. That isn’t necessarily recession, and next year will bring new true, as our survey shows. What goes up is ideas to the market. This report sets out the discovery of fraud, not always the same some of the reasons why those ideas have thing. Just like legitimate businesses, never been more important. fraudsters are threatened by loss of income or the financial weakness of their businesses; Ponzi schemes are especially vulnerable. But other fraudulent areas – management conflict of interest, corruption, employee theft – also come to light when business conditions sour. The data we have collected this year clearly highlights the industry hardest hit by fraud and wrongdoing: financial services. Over half of the respondents in this sector reported that the global financial crisis had increased levels of fraud at their companies – the highest figure for any industry.  Nearly 90 percent of firms reported being victims of some kind of fraud in the last three years. This sector also had the second highest proportion suffering from each of internal financial fraud and management Tim Whipple self-dealing. President, Kroll Consulting Services4  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  5. 5. EIU OverviewThe downturn T he conventional wisdom – reinforced by the revelation in the last year of huge scams such as the Madoff and Satyam frauds – is that downturns increaseand fraud levels of fraud. This year’s annual Global Fraud Survey, commissioned by Kroll and carried out by the Economist Intelligence Unit, presents a much more complex picture. The financial crisis has changedYour sector may the effects of the risks underlying fraud. Those risks that grow as companies expand – entry into new markets, for example – have actually declined in importance. Ineven be better off simple terms, less money coming into a company and more oversight of spending despite financial constraints limit the opportunity for crime. The downturn, however, has heightened other risks. Pay stringency in the face of lower revenues, for example, has provided a motive for fraud, and perhaps even turned employees to crime. How these conflicting trends play out, however, varies markedly by sector. Those closer to the original crisis – financial services and professional services in particular – have seen an increase in their incidence and level of fraud. Those for whom the main economic news has been a pronounced drop in sales, and therefore business activity – such as construction and natural resources – have instead seen noticeable declines. Economy-wide the two trends cancel each other out to a remarkable degree. The incidence of fraud is almost identical to that found in last year’s survey, and the average loss per company has risen only slightly in the new survey, to $8.8 million from $8.2 million. Kroll Global Fraud Report • Annual Edition 2009/2010  |  5
  6. 6. EIU Overview The downturn has increased From which of the following has your company suffered in the last three years? the motive for fraud, but 2009 survey 2008 survey decreased the opportunity. At least one fraud 85% 86% The economic crisis in isolation has raised some fraud risks. Thirty percent of survey Theft of physical assets or stock 38% 37% respondents say that the global financial crisis has increased the levels of fraud at Information theft, loss or attack 25% 27% their organizations, compared with just Management conflict of interest 23% 26% 5 percent who saw a decline. Lower profits heighten some risks. One in six companies Financial mismanagement 21% 22% are seeing greater vulnerability from reducing internal controls to save money, Regulatory or compliance breach 21% 25% one in seven from pay restraint, and one in eight from reduced revenues overall. Vendor, supplier or procurement fraud 20% 18% A constrained business environment, Corruption and bribery 19% 20% however, reduces other dangers as Internal financial fraud or theft 18% 19% businesses and individuals adopt more defensive behavior. Survival-focused IP theft, piracy or counterfeiting 14% 16% companies might retrench rather than expand; employees might stay in existing Money laundering 5% 4% jobs rather than take a chance on new ones. As a result, three factors which often Percentage of companies highly or moderately vulnerable increase fraud vulnerability are having noticeably less effect this year. The number 2009 survey 2008 survey reporting that high staff turnover is raising such exposure has dropped (from 32 Information theft, loss or attack 71% 65% percent to 26 percent), as has the number Regulatory or compliance breach 54% 50% seeing greater risk out of entry into new markets (from 32 percent to 24 percent) Management conflict of interest 53% 48% and from increased inter-firm collaboration (from 28 percent to 20 percent). Moreover, Financial mismanagement 52% 48% if companies take in less money in sales, Vendor, supplier or procurement fraud 51% 54% they also have less money to steal. Companies would rarely cut down on Theft of physical assets or stock 50% 53% business activity simply to reduce fraud, but at least there is a silver lining. IP theft, piracy or counterfeiting 47% 44% Corruption and bribery 44% 47% A Tale of Two Sectors: Changing risks have had vastly different Internal financial fraud or theft 44% 45% impacts in different industries. Money laundering 19% 19% The contrasting fortunes of the financial services and construction sectors illustrate Industry sector/average amount lost to fraud in previous 3 years how these shifts have had such different effects. The former, the epicenter of the 20 financial crisis, saw combined average 2008 $m 18 losses to fraud over the last three years rise 2009 $m 16 to $15.2 million, or 18 percent above the 14 2008 survey figure. The number of sector 12 companies suffering at least one fraud rose 10 to 87 percent, slightly above the survey 8 norm, from 79 percent, comfortably below. 6 Most notably, over one-half of respondents 4 indicated that the crisis had led to an 2 increase in the number of cases of fraud at 0 their companies. Professional services Financial services Technology, media and telecoms Manufacturing Natural resources Healthcare, pharmaceuticals & biotechnology Construction, engineering and infrastructure Retail, wholesale and distribution Consumer goods Travel, leisure and transportation The picture for the construction, engineering and infrastructure industry is markedly different. In this sector, the combined average fraud figure dropped by more than one-half, to $6.4 million from6  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  7. 7. EIU Overview$14.2 million, making the sector’s losses, for K Most see only a slight change at company Similarly, the percentage of respondentsonce, below the average level. The demands level: As noted earlier, respondents who considered their companies highlyof survival in a downturn are also having believed that the financial crisis itself had or moderately vulnerable to these fraudsan impact on which types of fraud are increased levels of fraud. When asked, stayed roughly the same as last year,more prevalent for these companies. At a however, about the last year – precisely albeit with slightly greater variation.time when government contracts are of when the downturn has been taking its K The average fraud loss has risen slightlyincreasing importance, and may even mean toll – in more general terms, 31 percent in the last year, but this masks larger,the difference between survival and said that fraud levels had declined, and countervailing changes across thecollapse, corruption and bribery have seen an additional 34 percent had experienced economy: The average combined loss toa marked increase from the levels reported no change. Only 21 percent had noted a fraud per surveyed company for the lastin 2008. Conversely, with much less money rise. More importantly, any shift was three years was $8.8 million, only 7to steal, management conflict of interest is muted: 67 percent saw a slight change, at percent higher than the 2008 surveydown noticeably and, with fewer projects, most, in either direction; only 22 percent figure of $8.2 million. This hides greatereven compliance breaches have declined. reported a substantial change. underlying change. Five of the sectorsThese types of changes, albeit on a less covered in this report saw increases in K Overall, the incidence of fraud and relateddramatic scale, have occurred across the their average losses, and five saw levels of worry in this year’s survey areeconomy. Professional services, for declines. Moreover, while in this year’s almost identical to those of last year:example, another sector close to the survey larger companies – those with Suffering some kind of fraud is thefinancial crisis, has seen a marked increase over $5 billion in annual sales – reported overwhelming norm in business, butin fraud. Meanwhile, natural resources greater average losses, up to $25.8 million this has long been the case. The tablecompanies, which have also suffered in the on page 6 gives the percentage of the from $23.3 million in the 2008 survey, thelast twelve months from a decline in firms hit by the various categories of situation actually improved for smallerrevenues, have seen a drop in fraud levels. frauds in the last three years according business – those with yearly revenuesWhether the downturn brings more fraud to the current survey as well as the under $5 billion – dropping to $4.6 milliondepends on the line of work. corresponding figures from the 2008 from $5.5 million.At the economy-wide level, the survey. The relative ordering has changedcontrasting tendencies have little, and all but two of this year’s The change is likely to last onlyalmost cancelled each other out. numbers are within 2 percent of those as long as the downturn.A variety of data indicate that the net from the previous survey – the kind of differences that could easily appear in Although in the aggregate, fraud levels arechange in the fraud picture is tiny, and may two surveys taken at the same time. little changed, this reflects a substantialeven be zero. shift in business behaviour, which is increasing certain types of fraud risks and diminishing others. Much of this is driven by the downturn, which has left some sectors far more exposed to fraud than others. Just as the current economic situation is temporary, however, these shifts are likely to reverse with renewed growth. Companies should beware, that when volumes and profits start to rise, the fraud risk kaleidoscope will take another turn. Kroll Global Fraud Report • Annual Edition 2009/2010  |  7
  8. 8. fraud vulnerabilitySummary of sector fraud profiles Sector Exposure Response Comment (degree to (degree to which sector which sector has is exposed to adopted fraud fraud) countermeasures) Financial services HIGH HIGH Financial services has the broadest exposure to fraud issues: money laundering, financial mismanagement, regulatory and compliance, internal financial fraud and information loss or theft. It faces the most severe threat of any sector from money laundering and regulatory or compliance breaches. Its exposure in other words, is both deep and broad. It also has the highest adoption of anti-fraud measures: it focuses on financial controls, staff background checking, reputation management, risk officers and risk management systems. Professional services LOW LOW Professional services has the most narrowly focused set of fraud issues: only information theft, loss or attack is a serious hazard. Its levels of investment in fraud management are similarly low compared to other sectors. Manufacturing HIGH HIGH Manufacturing’s issues are significant, and primarily internal and staff-related: theft of assets and stock, financial mismanagement, and IP theft, as well as (in some cases) bribery and corruption. The sector has invested in due diligences on partners, vendors and clients; staff training and whistleblower hotlines; IP protection; and physical security. Healthcare, MODERATE MODERATE This sector has a narrower set of challenges than some others: financial pharmaceuticals mismanagement, regulatory and compliance, and IP theft, piracy and counterfeiting. and biotechnology Compared with other sectors, it has invested significantly in IP protection and staff screening. Technology, media LOW LOW TMT has a narrow set of issues around information – IP theft and information loss or and telecoms theft (to which it is the most vulnerable). The sector has a greater focus than others on IT security. Natural resources MODERATE HIGH Natural resources confronts bribery and corruption, theft of assets, and management conflict of interest. Its patterns of operations raise its risk profile. The sector (which has received a lot of criticism) has invested in due diligences on partners, clients and vendors; staff training; reputation management; and risk management systems. Retail, wholesale HIGH LOW Predictably, this sector’s biggest issue is with theft of stock; it also has a persistent set of and distribution issues around internal financial fraud or theft and vendor fraud. All of these result directly from its operations and structure – reliance on large groups of suppliers, often geographically very widely set apart. The addition of information loss or theft indicates the trend towards regarding information as a highly valuable asset that is vulnerable. But its investment in fraud countermeasures is generally lower than in other sectors with the exception of asset protection and physical security systems, reflecting its focus on loss prevention as the primary approach. Consumer goods MODERATE MODERATE Consumer goods companies have a relatively narrow set of issues to face: theft of assets and stock, vendor, supplier and procurement fraud, and IP theft, piracy and counterfeiting. But they face the most serious threats of any sector in the first two categories, caused by their extended supply chains. It has strongly adopted financial controls, IP protection measures and physical asset protection. Travel, leisure and MODERATE MODERATE This diverse sector faces issues with theft of assets, management conflict of interest transportation and (especially) internal financial fraud. Very often, the businesses present complex financial flows and are vulnerable to manipulation. It focuses fraud countermeasures around staff screening, reflecting its role as a people business. Construction, HIGH MODERATE Construction, engineering and infrastructure companies face particular concerns engineering and with corruption and bribery, financial mismanagement, regulatory and compliance infrastructure breaches, and vendor, supplier and procurement fraud. It is an example of an industry with widespread fraud issues caused by its risk profile – its supply chain, but also the nature of its contracts and operations. It invests in a broad range of fraud countermeasures – but at only average levels, for the most part.8  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  9. 9. regional analysisAsia-Pacific overviewI n the Asia-Pacific region, as elsewhere in the world, the downturn has impeded the ability of fraudsters to operate even as ithas done the same for legitimate business.K The average loss per company over the last three years fell noticeably from the 2008 figure, from $9.1 million to $6.2 million. With less money coming in, there is less money to steal.K Although the number of companies experiencing theft of physical assets in the last three years (43%) increased Spotlight on slightly from the 2008 figure (41%) and was the highest for any region, every China other category of fraud saw less Fraud remains the Achilles heel of prevalence – albeit often not much – than Chinese economic development and it in the previous survey. Overall, the goes beyond poor IP protection. In the number of respondents suffering from at latest survey, 96% of companies said least one fraud in the last three years that they had experienced at least one dipped just slightly, from 88% in the 2008 type of fraud in the last three years. survey to 84% this time. Particular areas of concern are: vendorK Only 22% of those surveyed saw an or procurement fraud (42% have increase in the prevalence of fraud at suffered in the last three years, their companies, against 37% who compared to just 21% for the whole experienced a decline. Asia-Pacific region), internal financialThe survey suggests, however, that fraud (31% to 18%), regulatoryemployee relationships continue to present breaches (31% to 21%), corruption anda challenge across the region, and that bribery (27% to 17%), and of course IPcorruption may grow as an issue. theft (23% to 13%). In all of theseK High staff turnover is again this year the cases, the regional figures are not very most common factor increasing the far off the global ones. vulnerability of Asia-Pacific companies to fraud, cited by 35% of respondents. This is the second highest of the five regional figures on staff turnover, and well above 2009 2008 the overall average of 26%. Financial Loss: $6.2 million $9.1 millionK Although reduced revenue on its own Average loss per company over (71% of average) (111% of average) increased fraud exposure at only 10% of last three years firms, the stringency around pay and remuneration which accompanied the Prevalence: downturn raised vulnerability to 18%, Companies suffering fraud loss 84% 88% over last three years also the second highest figure.K Even while the number of companies High Vulnerability Areas: Information theft, loss Information theft, loss which experienced corruption or bribery Percentage of firms calling or attack (22%) or attack (27%) themselves highly vulnerable fell slightly in this survey from the last, Corruption and bribery (15%) IP theft, piracy from 21% to 17%, the proportion or counterfeiting (17%) considering themselves highly vulnerable rose to 15% from 10%. The large amount Areas of Frequent Loss: Theft of physical assets Theft of physical assets Percentage of firms reporting or stock (43%) or stock (41%) of stimulus spending across the region loss to this type of fraud in last may account for this greater concern. three years Information theft, loss Information theft, loss or attack (26%) or attack (31%)On the ground, Kroll is seeing a substantial Vendor, supplier or procurement Regulatory or compliance breachnumber of fraud cases, not just current fraud (21%) (28%)ones but those that began much earlier – Regulatory or compliance Management conflictthe Satyam fraud, for example, had been breach (21%) of interest (28%)going on for years before the downturn Financial mismanagement (23%)made it impossible to hide. With the bigemerging economies of China and India Vendor, supplier or procurement fraud (22%)apparently starting to leave behind theeffects of the global economic crisis, the Corruption and bribery (21%)small respite which the downturn gave to Internal financial fraudfraud incidence is likely to be short-lived. or theft (21%) Kroll Global Fraud Report • Annual Edition 2009/2010  |  9
  10. 10. Financial Services Fighting credit card fraud: Don’t overlook the low-tech battle continue to lose their battle with credit card One Brazilian bank’s outsourced ATMJohn Price fraud, particularly of an old fashioned, maintenance supplier had inserted data mundane, yet ultimately more costly type. stripping devices to copy pin numbers andI n August this year, an extraordinary case other bank data from cards used in the of identity theft and credit card fraud In 2007, card fraud globally took in an machines. A retailer in Colombia recounted came to light in the United States, estimated $5.5 billion, a startling number, but how corrupt employees had, ininvolving 130 million credit and debit card just 0.05 percent of the total card transaction volume, two percent of what card companies collaboration with criminal elements,numbers stolen between 2006 and 2008. installed devices at the register to copy dataAccording to government investigators, the charge for their services, and even less than what issuers earn in interest from customers. from cards swiped there and sell it for theculprits, including 28-year old master production of cloned cards. One Caribbeanhacker Albert Gonzalez, infiltrated the While card fraud losses are a mere pin prick bank – a leading issuer – explained howcomputer networks of Heartland Payment for United States card issuers, losses in members of its own IT department hadsystems – a leading credit card payment emerging markets are far more substantial. downloaded card holder identities from itsprocessor – and several major retailers. The In Brazil in 2008, according to Kroll’s analysis, own computers. A Mexican bank describedprominent case focused attention on the this fraud reached an estimated $300 how its ATMs were being ripped out ofincreasingly complex cyber war between million, or 0.15 percent of the transaction walls by forklifts, after which thecriminals and the credit card industry, and volume – three times the global average. computers inside the machines werewill likely spur new firewalls, state-of-the- In Colombia, where banks are arguably less hacked and the numbers software solutions, and well-trained IT sophisticated than Brazil, losses approachsecurity consultancies. 0.25 percent of total card volume or eight What these stories highlight was that most times the United States average. of the fraud was committed by employeesAlthough such a response is necessary – or vendors. Moreover, all the guilty partiesthe fastest growing forms of card fraud are In July, this year’s annual Latin American had some criminal record that had not beenof the high-tech kind – mature market Tarjetas y Medios de Pago (Cards andbanks and their IT security apparatus are discovered in the internal background- Payments Systems) conference attractedwinning this war. In percentage terms, credit leaders from the region’s burgeoning card checking process of hiring or contracting.card theft rates in the United States and industry. At a Kroll-led workshop, about 50 In the case of the “smash and grab” forkliftEurope have steadily declined over the last participants recounted their most recent theft, the surveillance equipment anddecade. Banks in emerging markets, however, fraud “war stories”. systems were not functioning, victims of budget cuts. The most galling conclusion reached by seminar participants was how Report Card Financial services preventable most of these episodes were. Financial Loss: Average loss per company over past three years $15.2 million (173% of average) While the “arms race” between hackers and Prevalence: Companies suffering fraud loss over past three years 87% Increase in Exposure: Companies where exposure to fraud has increased 86% IT security may involve strategies High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to specific frauds incomprehensible to most card industry Regulatory or compliance breech (25%) • Financial mismanagement (23%) • Information theft, loss or attack (22%) decision makers, issuers and processors Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in last three years can prevent the majority of frauds by Theft of physical assets or stock (31%) • Internal financial fraud or theft (29%) • Management conflict of interest following disciplined protocols in areas such (26%) • Information theft, loss or attack (24%) • Financial mismanagement (23%) • Regulatory or compliance breach (21%) as third-party administered background Investment Focus: Percentage of firms investing in this type of fraud prevention in the next year: IT security (63%) checks, due diligence on key vendors, the Financial controls (57%) • Management controls (50%) • Staff training (38%) • Risk management systems (38%) handling of sensitive data, and third-party Physical asset security (37%) • Staff screening (37%) • Due diligence (36%) • Reputation monitoring (36%) audited IT security. Furthermore, a regular, 0 % 10 20 30 40 50 60 70 80 90 100 external vetting of operations for Corruption and bribery vulnerabilities will help root out the largely Theft of physical assets or stock internal sources of fraud. High-tech Money laundering defenses alone cannot beat low-tech crime. Financial mismanagement Regulatory or compliance breach John Price is a managing director for Internal financial fraud or theft Business Intelligence in Latin America. Information theft, loss or attack He has led business intelligence cases since 1992, when he moved to Mexico Vendor, supplier or procurement fraud City for seven years. As a co-author of IP theft, piracy or counterfeiting Can Latin America Compete?, and as a Management conflict of interest frequently published author on regional business risk and opportunity issues, John is a recognized Highly vulnerable Moderately vulnerable business intelligence thought leader in Latin America.10  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  11. 11. Financial ServicesBut how could they EIU survey A bad year: It has been an annus horribilisdo that to us?: for the financial services industry in many ways, and fraud is no exception. K The average loss per company over the last three years rose to $15.2 million,The growth of affinity frauds 173% of the survey average, and roughly one-sixth more than the 2008 survey figure ($12.9 million). K Over one-half of respondents (51%) K an enforcement action was initiated reported that the global financial crisisPeter Turecek against an Orlando, Florida-based had increased levels of fraud at their companies – the highest figure for any individual running a pyramid schemeW sector. Moreover, 35% said that they had hether due to increased investor aimed initially at Orlando and Puerto seen an increase in fraud in general in the skepticism, regulators’ need to Rico-based investors. last year, compared with just 28% who demonstrate active enforcement, saw a decline. This made the sector one ofthe financial media’s search for good copy, Even where fraudsters do not share a only two where the former outweighedan increase in fraud in the current common trait with their victims, they work the latter, and it did so by the biggesteconomy, or a combination of all of the to co-opt influential members of the target margin.above, investment frauds have been coming group. These leaders are typically duped K 87% of firms reported being victims of to light more and more frequently. into believing in the investment some kind of fraud in the last three years, opportunity, which then spreads by word up from 79% in the previous survey.The scams, most of them classic Ponzi of mouth to the rest of the community: K Finally, the sector had the second-highest schemes, involve investment in diverse “If the pastor believes in this opportunity, proportion suffering from each of internalvehicles, including securities, hedge funds, who am I to disagree?” financial fraud (29%) and managementreal estate, investment clubs, and so on. conflict of interest (26%), as well as theMany, though, have one thing in common: Fortunately, most of these situations can be highest rate of money laundering (10%).the victims share some trait with the avoided relatively easily. All that is required Efforts to address the problem: The industryperpetrators of the fraud. This element in is a combination of a little common sense realizes it has a problem, and is devotingcommon with the fraudster lulls the and due diligence. resources to it, but not always consistently.victims and makes them more readily If an investment opportunity promises K For every type of fraud covered in the trusting of the con artist’s pitch. The returns that sound too good to be true – survey, the proportion of companiesperpetrator preys upon that inherent trust considering themselves highly vulnerable such as incredibly high rates of return orof a shared bond. After all, the fraudster is increased from last year. Moreover, the overly consistent returns despite volatile industry has the highest proportion of“one of us” and must be “looking out for market conditions – it most likely IS too highly vulnerable companies for four outme.” These are called “affinity frauds.” good to be true; of ten types of fraud – regulatory or compliance breach (25%), financialIn the past year, multiple scams have If the investment opportunity cannot be mismanagement (23%), moneytargeted specifically identifiable groups of explained to you in a way that readily laundering (17%) and managementvictims. Targets have included those who makes sense, be suspicious. Keep asking conflict of interest (16%).are geographically connected, such as high questions until you feel comfortable that K Only 2% of financial services firms are not net worth individuals resident in New York you understand the opportunity fully. making anti-fraud investments in theCity or Palm Beach; investors from certain coming year, and for nine out of the tenreligious faiths, such as the Jewish or If the opportunity is a “secret” one, with very anti-fraud strategies listed in the survey,Mormon communities; members of ethnic limited participation, run the other way; over one-third of respondents are boosting defenses – the most widespreadgroups, such as Haitian-, Chinese-, or K Check with your state securities spending of any sector. In four specificKorean-Americans; and even the elderly or regulator, the Financial Industry areas, investment will be more common inthose with disabilities. Affinity fraud can be Regulatory Authority, or the SEC to this sector than anywhere else: IT securitybased on almost any common bond: see whether the person offering the (63%), management controls (50%), riskvictims in the past have come from groups investment is registered or has a management systems (38%) and disciplinary history; reputation monitoring (36%). The first ofof pilots, former professional football these is particularly important, as complexplayers, divorcees, and members of specific- K Listen to your instincts. You would be IT infrastructures are increasing fraudinterest clubs. surprised how accurate that little voice vulnerability at 46% of sector firms, the can be. highest rate for any industry.In August of this year, the Securities andExchange Commission (SEC) moved against K Unfortunately, however, over one in five companies (21%) saw their internalat least three alleged investment frauds Peter Turecek is a senior managing director in the New York office. He is an controls weakened as a result of costtargeting specific communities of victims: cutting – a tie for the second-worst record authority in due diligence, multinationalK a man was charged with fraud after he investigations, and hedge fund of any sector. raised over $1 million from parishioners related business intelligence services. As part of their rebuilding in the wake of the of a Redding, California church He also conducts a variety of other recent turmoil, financial services companies investigations related to asset searches, need to toughen their anti-fraud defenses. community in a Ponzi scheme; corporate contests, employee integrity, securities fraud, Many are doing so vigorously, but the bestK a complaint was filed against a Pomona, business intelligence, and crisis management. He has controls in the world will fail if, in any future California-based individual running an appeared on MSNBC, CNBC, Fox News, and NPR and crisis, they are sacrificed to save money. has served as a guest speaker on a number of topics for investment fraud aimed at mobile home various investment and professional groups. Written by The Economist Intelligence Unit park community residents; Kroll Global Fraud Report • Annual Edition 2009/2010  |  11
  12. 12. Financial Services When the law lets you downCommercial solutions for bad investments in Southeast Asia assessment of the financial position of the Kroll was also called in by a hedge fundChris Leahy sponsors; their objectives, motivation, and seeking assistance with a complex debt anticipated strategy with respect to the restructuring for an IndonesianF or hedge fund, private equity, and other dispute and any potential, resultant conglomerate that had run into financial financial investors in Southeast Asia’s litigation; the views and assessments of trouble. The sponsor’s treatment of creditors, emerging markets, restructuring soured other investors and creditors; and their coupled with suspicious trading patterns ofdeals may seem straightforward enough likely appetite for a negotiated settlement. the growing debt of the group, suggestedgiven the tight legal arrangements usually This research taps into information from that the sponsor, through a friendly privatewrapped around such investments. What a variety of sources, including customers equity fund, was perhaps attempting tohappens, though, when the counterparty to and suppliers of the company, banks, other retain control of his companies. He wasthe deal, typically the controlling financiers, investors, and management. doing this by engineering a debtshareholder or sponsor of the company In such inquiries, the objectives should restructuring that would severelybehind the investment, does not cooperate?Similarly, of what practical use is the be: first, to gain a better understanding of disadvantage, and possibly even defraud,Singapore legal structure – often adopted in the practical commercial position of the existing creditors. We identified thesuch deals – if the underlying assets lie in a investor with respect to recovery and, if complicit fund and gathered intelligence possible, to improve it; second, to compile that supported the client’s theory,less legally-robust jurisdiction? In certain a list of viable options and alternatives strengthening considerably its commercialSoutheast Asian markets, questionable for the investor; and third, to provide an leverage in negotiating a successfuljudicial independence and a poor track action plan with the aim of exiting the conclusion to the restructuring.record of upholding the rights of foreign investment in a commercially acceptableinvestors mean domestic sponsors often way including, if possible, viable recovery As these two examples show, legalplay dirty to retain control of their assets. options. remedies are not the only ones which canIt is possible for hedge funds and private help when investments go sour. A detailed Kroll recently advised a client with anequity investors to formulate commercial knowledge of the positions and motives of investment that had soured in a Thaisolutions for exit and recovery when they all parties can lead to strategies which are manufacturer. The sponsor of the companyfall victim to fraudulent or suspect action effective, even where the law might be of had grown ever more uncooperative infrom sponsors and other counterparties in little practical help. attempted negotiations, and the investorwhat, for a foreign investor, can become de became suspicious of certain tradingfacto non-enforceable legal jurisdictions. patterns within the company. The latter Chris Leahy is a managing directorThe process begins once investors are were suggestive of attempts to siphon off in the Singapore office with aconvinced that legal remedies alone are money from what was clearly an particular focus on the financialunlikely, at the very least, to produce an services industry. This follows a increasingly distressed business. After a successful 23 year career as anacceptable outcome. The first step is to help complex investigation that entailed investment banker, CFO, consultantthem identify the commercial imperatives intensive source inquiries, we were able and journalist. Chris began his careerthat will drive the exit and recovery to gather intelligence and evidence that in the UK as a stockbroker before joining Peregrine/ BNP Paribas and later Crosby, based in Hong Kong,strategy. Key to any approach is the supported the investor’s suspicions and to where he was managing director with responsibilitycollation of relevant, actionable commercial assist in formulating an appropriate for the firm’s regional investment banking business.intelligence in-country. This feeds into an commercial strategy to exit the investment.12  |  Kroll Global Fraud Report • Annual Edition 2009/2010
  13. 13. Financial Services Points to Consider Buyer beware: 1. A seasoned and well-rounded MA team should include internal or external Information security information security experts. Depending on the nature of the merger and and MA activity perceived level of risk, these experts can be advisory or proactive. 2. An IT security audit and vulnerability assessment as part of MA due diligence can assure management that the acquired organization follows best practices in this area. If not readily available, request copies of any external audit or assessment findings and work with the acquisition’s legal department to understand the laws, regulations, and standards with which it must comply. 3. An information security monitoring protected as standalone entities might protocol instituted for all phases ofStephen D. Baird the acquisition process will help expose themselves to risk during ensure the confidentiality and integrityA integration if their approaches to key goal in Mergers and Acquisitions information security are incompatible. of the process and its associated (MA) is to create economic value communications. greater than the sum of the two An internal or external expert can help thecompanies separately. One of the MA team to make informed decisions 4. Identifying key information assets andtransaction risks often overlooked is the by providing a security assessment, their locations through a risk assessmentinformation security footprint of the helping to evaluate the target company’s process is necessary to understand whatorganizations involved. With data security security program, integrating the two you are trying to protect, and hence itsthreats at an all time high, and with security organizations, and assessing the value to the acquirer. Accurateimperiled companies forced to make potential impact of information security information asset definitions will assistpainful and risky cuts in their information risks on competitiveness, financial loss, in the selection of controls to defendsecurity budgets, the prudent corporate and legal liability. that data. The overarching goal is tosuitor should insist on a thorough protect organizational information An information security due diligence assets, contribute to the security ofinformation security assessment as part investigation assesses a range of risks interdependent critical infrastructures,of routine due diligence. Using a company’s including: intellectual property loss; flaws and thus help protect the company’sown information security team and an in incident response methodology or intellectual property.outside expert can significantly reduce information asset identification; securityrelated cyber risks. gaps created by absorbing and integrating 5. Ensure that your security teamMany companies evaluating strategic unknown and differing technologies post- establishes metrics to measure progresstransactions consider the potential costs transaction; employee technology usage on the complete assimilation ofand benefits of integrating workforces, discrepancies; data leakage; and insider information technology and informationfacilities, functions, and IT systems. malfeasance. security management programs. TheseThe compatibility of information security should provide information about the Beyond due diligence, information securitypostures, however, is often left out. state of completion of risk assessments, expertise can assist with every phase ofA significant gap between the information security impact analyses, and the MA process. Leakage of informationsecurity approaches of the two companies information security plans for all critical relating to the deal – anything fromcan result in substantial unanticipated systems and business entities after unsecured e-mail transmission to losscosts. Assessing compatibility in this field consolidation. of printed documents – can causeis not a simple task: very little uniformity significant damage or even jeopardize the 6. Review all contracts and third-partyin approach exists beyond the basics of transaction. Consequently, all relevant relationships. Any third party securityfirewalls and virus protection. For example, staff should be made aware of the gravity monitoring should in particular bemany companies still have not implemented of non-compliance with basic security reviewed to ensure that no lapses offull-disk encryption for corporate laptops. rules. In fact, companies should consider important security logging, review, andMany others have not deployed robust adopting special secure communication oversight occur during the MA process.intrusion detection or prevention systems, measures for all personnel involved inlet alone maintained sufficient qualified evaluating a potential deal.staff to monitor and maintain them. Facingincreasingly sophisticated attacks – both If the risks surrounding information Stephen Baird is managing directorinternal and external – on their corporate security are ignored, a potentially profitable for Kroll Ontrack’s Information Security,intellectual property, credit card numbers, merger or acquisition may fail to deliver Computer Forensics, and ESI Consultingand other identity data, even a company anticipated returns, and the organization group. He has over 20 years of industry and law enforcement expertise inwith state-of-the-art defenses a year ago may have to incur significant costs along complex technology and risk mitigationmay be dangerously under protected today. with a loss of goodwill, reputation, and leadership.Two companies that are adequately possibly future business opportunities. Kroll Global Fraud Report • Annual Edition 2009/2010  |  13