This document summarizes a presentation on bank fraud and data forensics. It discusses common types of internal and external bank fraud such as wire fraud, check fraud, and asset misappropriation. It outlines the fraud triangle of opportunity, pressure, and rationalization. It emphasizes the importance of strong internal controls and segregation of duties to prevent fraud. The presentation also discusses how digital forensics can be used to investigate inappropriate network activity, email, internet usage, and recover deleted files during fraud investigations. Contact information is provided for the three presenters.

1. Bank Fraud & Data ForensicsBank Taxation & Risk Management ForumsNovember 16, 2010 – South Portland, MaineNovember 17, 2010 – Concord, New HampshirePresented By:Bill Brown, CPA, CFFA, CFE Eigen Heald, MsIA, CISSP, GCFATodd Desjardins, CPA, CFE

2. OverviewIntroductionFraud Considerations for BanksComputer Fraud and Data ForensicsQuestions and Discussion

3. Terms and DefinitionsFraudFraud investigationForensicsForensic accountingDigital forensics

4. ReferenceStatistics in this presentation, unless otherwise noted, are from:The Report to the Nations - 2010 Global Fraud Study Study of 1,843 cases of occupational fraudpublished by the Association of Certified Fraud Examiners

5. Small Businesses are Vulnerable42.1%$231,00030.8%$155,00028.7%26.1%

6. Banks Have More than their Fair Share

7. Other Disturbing StatisticsMedian LossesTenure of perpetratorLess than one year – $47,00010 years of more – $289,000Education of perpetratorHigh School Graduate – $100,000Postgraduate Degree - $300,000

8. Other Disturbing StatisticsPercentage of Cases ReportedDepartment of PerpetratorAccounting – highest – 22.0%Internal Audit – lowest - 0.2%Median Duration of Fraud SchemesOverall – 18 monthsCheck tampering – 24 monthsExpense reimbursements – 24 months

9. Risk FactorsFinancial Misstatement FraudComplexityPerverse IncentivesHighly Subjective ValuationAsset MisappropriationComplexityInherent Lack of AccountabilityPersonal Trust

10. Types of Fraud External vs. Internal Fraud External – perpetrators are outside the bank

11. Internal – fraud is committed by bank personnelExternal FraudPrimarily executed by customers and outsiders, examples include:Wire fraud

12. Mortgage fraud (material misrepresentation or omission)

13. Check fraud (forgery, check kiting, altered checks)Internal FraudTwo Types of Internal Fraud:Financial Statement FraudHighest median loss per reported case, however lowest frequency of occurrenceAsset MisappropriationLowest median loss per reported case, however the highest rate of frequencySource: ACFE 2010 Report to the Nations

14. Financial Statement FraudAsset/Revenue overstatementImproper asset valuationsTiming differencesConcealed liabilities and expensesImproper disclosures

15. Asset MisappropriationUnauthorized transfers/disbursementsPayroll schemesGhost employeesExpense reimbursement schemesTheft of portable fixed assetsOthers…

16. Fraud Triangle

17. Preventing and Deterring FraudPrevention and DeterrencePerceived opportunity is the aspect of the fraud triangle that is most controlled by employers. Strong internal controls and segregation of dutiesReview access rights on a consistent and periodic basisLimit access to employee accounts (both solely owned or jointly owned)Review employee account activity and teller activityDual control over wire transfersReview of payroll change reports by someone independent of the payroll function

18. Preventing and Deterring Fraud (Continued)The list continues…Robust review of suspense/clearing account activity – be certain the reconciliation makes sense and items are clearing timely and properlyImplement a fraud reporting mechanism that is anonymousMaintain professional skepticismAttitude and rationalization can be improved within companies by strong “tone at the top” and employee appreciation efforts

19. Preventing and Deterring Fraud (Continued)Best practice is to have a fraud risk management program in place Brainstorming sessions:

20. Identify significant risk areas (multiple locations, business segments, etc.)

21. How is the importance of ethical behavior and appropriate business practices communicated?

22. What could go wrong?Digital Uses for Forensic ProjectsInappropriate and/or illegal activity E-mail and Internet abuse Unauthorized disclosure of corporate information Hacker Intrusions Intellectual property theftDue diligence and valuation

23. Common Sources for Accounting & Digital Forensics Corporate investigations• Civil litigation• Attorneys• State Courts• Private Investigations• Individuals

24. Similar Procedures:Discovery• Timelines• Parties involved• Evidence gathering• Reporting/testimonyConsider: Most fraud is committed with a computer!

25. Digital Objects Used for Review 1Computer, 1 laptop & server hard disks

26. Backup tapesOther Investigative Possibilities:USB drives

27. Cell phones

28. GPS devices

29. Personal Media (iPods)

30. CD/DVDs

31. External Storage DriveDigital Analysis Activities“Carving” out Logical Partitions for searchingCreating a timeline of activityKeyword searchesCollection of relevant filesRecovery of deleted dataDocumenting a history of:Network activity – accessing server shares

32. Internet activity

33. Transfer of files to storage devices

34. Links to documents on the networkExamining user profilesMalware identification

35. How Did Digital Discovery Help?Identifying network activitiesEmail ReviewInternet activitiesIdentifying collaboratorsRuling out other avenues of fraudIdentifying motivations for fraud

36. Contact InformationBill Brownbbrown@bdmp.comEigen Healdeheald@bdmp.comTodd Desjardinstdesjardins@bdmp.com