asli fraud investigation conference 2013 - delving into the devil’s mind

1

DELVING IN THE DEVIL’S MINDKnowing the psyche of a fraudster and a corrupt employee

Kenny OngTakaful IKHLAS Sdn Bhd

2

Business today…

13th April 2009

•Two Domino’s employees

•YouTube

•Apology from Domino’s after 48 hours

•1 million hits

•Twitter: questions on silence

•LinkedIn: suggestions by users in forum

BusinessWeek, May 4, 2009

3

• Shareholder : MNRB Holdings Berhad (100%)

• Established Date : 18 September 2002

• Operational since : 2 July 2003

• Takaful Model : Al-Wakalah

• Business Portfolio : General and Family Takaful

• Number Products : More than 90

• Number of Participants : More than 1,800,000

• Number of Agents : More than 6,000

• Number of Staff : 490

• Regional Offices : 11

• Paid Up Capital : RM295 million

TAKAFUL IKHLAS CORPORATE PROFILE

4

IKHLAS Customized Healthcare Solutions

5

Contents:

A. The Criminal Mind

B. Triggers

C. Minimizing Incidents

D. Future Fraud

When and how do you decide?

7

How many of us drive with the ultimate intention of breaking the

speed limit?

8

Fraud-O-Scope™

Fraud

1. Character

Good

Bad

2. Intelligence

Smart

Not Smart

3. Situation

Open Closed

4. Catchability

Easy Hard

9

The Criminal Mind

Profile of Potential Fraudster

10

“Everyone has a price”

11

Fraud-O-Scope™

Fraud

1. Character

2. Intelligence

Good

Bad

Smart

Not Smart

12

Fraud-O-Scope™

Fraud

1. Character

Good

Bad

1. Family2. Education3. Social4. Movies5. Books6. Religion7. Record8. Attribution

13

Fraud-O-Scope™

Fraud

2. Intelligence

Smart

Not Smart

1. Education level

2. Talent3. Analytical4. Systems5. Ask

questions6. Years of

Service

14

How would you profile him?

15

How would you have profiled him?

16

Where are the Fraud Risks?

Industry

Management

Staff

Frontline

Sup

plie

rs/V

endo

rsR

etail Front

18

Real Fraud, Real Risks

1. Channel Fraud

2. Staff Fraud

3. Management Fraud

4. Distributor

5. Retail Assistant

6. Payroll

7. Undercutting

8. Purchasing

9. Credit Card

10.Ghost Staff

11.Ghost Channels

12.Financial Reporting

13.Theft

14.F/L

15.eCommerce

16.Share manipulation

19

GENERAL FRAUDSTER PROFILE

• Profile: 68.6% – no prior criminal record, – Aged 26-40 years old, – Annual income between RM15k-RM30k, – 2-5 yrs of service

• Struggling financially or large purchases – difficult time in their lives– gets out of hand

• Merger and acquisition or reorganization activity. – ‘I don’t have a career here’ attitude.

20

Possible General Root Causes for Fraud Mindset

1. "Everyone does it."

2. "It was small potatoes."

3. "They had it coming." – the revenge syndrome

4. "I had it coming." – the equity syndrome

21

Possible General Root Causes for Fraud Mindset

1. "Everyone does it.“1. Indiscipline employees commonly organize

themselves in cliques or clusters - the inner circle

2. Rarely does a repeat offender not involve an accomplice or at least a confidant.

3. “If my superior can come to work late and still be promoted, it means I can steal RM10. Both are indiscipline cases anyway.”

22

Possible General Root Causes for Fraud Mindset

1. “It was small potatoes.“1. “What's a RM30 stolen calculator to a company that

makes millions each year or to a boss who drives a Mercedes?

2. “Zero Tolerance Policy” for identified disciplinary cases in any form or for any amount?

23

Possible General Root Causes for Fraud Mindset

1. "They had it coming." – the revenge syndrome1. “The accounts department cuts down my lead time

to submit my claims yet take 60 days to compensate my claims. So I purposely come late to work to compensate.”

2. “The company keeps cutting down our benefits and allowances but keep asking us to produce more. So I compensate by being calculative with the company even for one sen.”

24

Possible General Root Causes for Fraud Mindset

1. "I had it coming." – the equity syndrome1. Under-compensated or unrecognized -> self-

devised "bonus" plan.

2. Employee has been turned down for a raise or promotion; after a company-wide salary freeze has been established; during periods of company turmoil (restructuring, takeover, new management, etc.).

25

Reminder: Very few people join an organization with the objective to

commit fraud.

26

“Cow don’t drink water cannot push cow head down”

27

Triggers

Conditions for Fraud

28

Fraud-O-Scope™

Fraud3. Situation4. Catchability

Open ClosedEasy Hard

29

Fraud-O-Scope™

Fraud3. Situation

Open Closed

1. Self/Family2. Straight road3. Conflicts4. Bad Bosses5. M&A6. Org Character7. Controls8. No changes9. Power

Imbalance10.Amount, $$11.Org Systems

30

Fraud-O-Scope™

Fraud4. Catchability

Easy Hard

1. Check & Balance

2. Oversight3. Automation4. Burden of

Proof5. Line of Sight

31

Who is most likely to commit Fraud?

Excellent

Very Good

Average

Not Good

Commit Suicide

32

The Four Desperates

1. Desperate Competition

2. Desperate Consumer

3. Desperate Achievers

4. Desperate Changes

33

Dangers of Direct Incentives

1. lessen internal motivation, 2. switch to mercenary mode, 3. do something and do not do something else, 4. bribe and fraud culture, 5. easier for competitors to recruit, 6. lessen teamwork & helpful culture, 7. less and less impact for same value, 8. mockery of base salary and employment contract, 9. rebellion from non-incentivised staff, 10. end up incentivising everyone for everything?,

34

Curse of the Bell Curve

‘A’ Staff

‘B’ Staff

‘D’ Staff

‘E’ Staff

‘C’ Staff

35

Biggest Issue in Financial Product Innovation?

36

Power Imbalance

1. Propose

2. Approve

3. Execute

4. Monitor

37

Possible General Root Causes for Fraud Mindset

1. "Everyone does it."

2. "It was small potatoes."

3. "They had it coming." – the revenge syndrome

4. "I had it coming." – the equity syndrome

38

Minimizing Incidents

Prevent. Deter. Kill.

39

"Fear not the 10,000 moves practiced once. Fear the one move

practiced 10,000 times"Chandni Chow to China

40

How to minimize Fraudulent mindsets….

Attribution.

41

Risk Mitigation Strategies

Culture

ERM

Identified Fraud Risks

StructureResources

Leadership

Person

42

Alignment: Framework

• Org Structure• Job Design – C.Fraud.O.• Policies & procedures• Governance, Internal Controls• Management Systems, SOPs• Central• Special Task Force• Internal Audit, Surprise Audit, Regular Audit

(Surveillance)• Levels of Authority, Power Balancing*

Structure

43

*Power Balancing

1. Propose

2. Approve

3. Execute

4. Monitor

BOD Set 1 BOD Set 2

Approval/Verification

44

Alignment: Framework

• Tools• ICT Systems• Rules detection• Whistle Blower• PED• Profiling/Assessment Tools• Budget for Investigation,

Litigation

Resources

45

Strategy: Framework

• PED• Involuntary Role Modeling• Personal accountability and

Commitment • Corporate Values• Watch out: Current people promoted

to Key Positions• Promotional criteria

Leadership

46

Alignment: Framework

• New Employee Background checks

• Willingness to Punish• Root Cause Analysis (Mager &

Pipe)• Rotation• PED• Fraud Detection & Analysis

Competency• High Risk Jobs• IT breaches through Frontline

Person

47

• PED

48

GENERAL STRATEGIES AND POLICIES

• B1. Classification of Behaviors– B1.1 Disrespectful Workplace Behavior

– B1.2 Progressive Discipline

– B1.3 Zero Tolerance

49

GENERAL STRATEGIES AND POLICIES

• B2. Recruitment and Selection• B3. Exit• B4. Employee Assistance Program• B5. Anonymous Hotline• B6. Communication and Feedback• B7. Training and Education• B8. Formal Complaint and Grievance

50

GENERAL STRATEGIES AND POLICIES

• B9 Leadership– 1. Leaders act as role models whether

consciously or unconsciously

– 2. Leaders determine the working environment

51

GENERAL STRATEGIES AND POLICIES

• B9 Leadership– 1. Educate– 2. Involve– 3. Teach – 4. Eliminate

52

SPECIFIC STRATEGIES AND POLICIES

• C1. Theft and Fraud – Root Causes– Profile: 68.6% - no prior criminal record,

Aged 26-40 years old, Annual income between RM15k-RM30k, 2-5 yrs of service

– Struggling financially or large purchases • difficult time in their lives• gets out of hand

– Merger and acquisition or reorganization activity.

• ‘I don’t have a career here’ attitude.

53

SPECIFIC STRATEGIES AND POLICIES

• C1. Theft and Fraud - Prevention– Background checks– Duties segregated– Anonymous hotline – Share the wealth– Communicate successes– Make a big noise when discovered– Video surveillance equipment

54

SPECIFIC STRATEGIES AND POLICIES

• C2. Violation of confidentiality or security of company information - Prevention– a. ICT Security Policies*– b. Ownership of Intellectual Property– c. Inside Information and Trading of company

shares

55

*ICT Security and Fraud (1/3)

Biggest ICT risks

1. Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information

2. Backup - including Storage of critical and non-critical information and Disaster Recovery

3. Continuity – Availability of systems and information at a 24x7x365 standard

56

*ICT Security and Fraud (2/3)

The following are threats faced by organizations from ‘inside’ the company:

• Current Employees, • On-site Contractors, • Former Employees, • Vendors/Suppliers, • Strategic Partners, and • OEMs

57

*ICT Security and Fraud (3/3)

1. Web browsing and Internet Access

2. Username and passwords

3. Instant Messaging

4. E-Mail

5. File access permissions

6. Backups

7. Crisis management, Disaster recovery and Business Continuity

8. Physical

9. PCs and laptops

10.Remote access

11.Servers, routers, and switches

12.Internet / external network

13.Wireless

14.PDA and cell phone

15.Documentation and change management

ICT Security, Backup, and Continuity Strategies 2005-2008:

58

“Asking the people responsible for preventing a problem if there is a problem is like

delivering lettuce by rabbit"

Norman Augustine

CEO & Chairman, Lockheed Martin

59

"He has 20 years experience: 1 year of bad experience

repeated 20 times"

60

Future Fraud

We all need help

62

Finance Today…

$19.90

63

New Fraud Opportunities

Change in Business Models: InexperiencedeCommercePartnersFranchiseDownstream/UpstreamM&A Targets

64

eCommerce Frauds

AccountTakeover

Pharming

Counterfeit Advances

Phishing

Application

Lost/Stolen Credit Cards

eCom Frauds?

65

Latest Fraud topics: General

1. Whistle Blowing compensation: tied to $$ amount of fraud exposed

2. New laws proposed -> Not allowed to sue Accountants, Auditors, Lawyers. What implications?

3. Credit Crunch = Tighter Cash Flow = More desperate people = more Fraud?

4. Sub-prime crisis + Société Générale = Transparency, Disclosure, Relationship Transparency

66

Fraud: Research Options?

1. Profile of a Fraudster in Malaysia

2. New Fraud Risks in the 21st century business environment

3. Internet, eCommerce, and ICT related Fraud risks and prevention

4. Company Culture and its influence on Fraud Risks

5. HR practices that can decrease Fraud in a company

67

End Points

68

Mistakes and Lessons Learned

1. Price to Pay for Fraud/Risk Mitigation => Business Flexibility

2. Control vs. Growth

3. Rules vs. Humanity/Motivation

4. Not tackling the root cause i.e. Motive + Opportunity i.e. Humans

5. Focus on FAC vs. Sales/Marketing => who has control?

6. Relationship Role vs. Enforcement Role

69

In the end…

• Great Wall of China– humans are the weakest link– bad treatment of staff will lead to weak link i.e.

easier to bribe, easier to con, etc; – bad treatment examples: insulting, lose face,

broken promises, no dignity, public criticism, restructure without communication

Thank You.

soft copy of slides: http://totallyunrelatedrandomanddebatable.

blogspot.com/