fraud – insider threat
TRANSCRIPT
FRAUD – INSIDER THREAT
Ankit Manglik
SVP – RiskPro
www.Riskpro.in
AGENDA
Fraud defined
Insider Threat
Causes/Factors Impacting Level of Fraud
Case Study – Asset and Revenue Misstatement
WHAT IS FRAUD
As defined by Associate of Certified Fraud Examiners
In the broadest sense, fraud can encompass any crime for gain that uses
deception as its principal modus operandus. More specifically, fraud is
defined by Black’s Law Dictionary as
“A knowing misrepresentation of the truth or concealment of a material fact
to induce another to act to his or her detriment.1 “.
Consequently, fraud includes any intentional or deliberate act to deprive
another of property or money by guile, deception, or other unfair means.
THE INSIDER THREAT
In internal fraud scenarios :
Employees exploit their familiarity with internal policies, procedures,
and technologies
Inappropriate access to systems within the organization
Even collaborate with external attackers. e.g.:
Customer services fraud – Manipulation of internal systems to benefit friends, relatives and/or
external fraudsters
Procurement fraud - An employee works with an outside vendor to defraud an employer
Sensitive information abuse/leakage - Illegal extraction of the company’s sensitive information
(customer information, strategic future plans, etc.)
Technical (IT/Network) fraud - Abuse of an insider’s system privileges to commit fraud
INSTANCES OF INSIDER FRAUD
Employee embezzlement fraud
Intellectual property infringement fraud
Forex fraud
Data theft
Refund fraud
Procurement fraud
Recruitment fraud
Payroll fraud
Misappropriation of funds
$7.2 billion trading loss, the largest in history, was committed by a 31-year old junior trader in the firm’s Paris headquarters who had joined
SocGen in 2000. He was not a senior trader (annual salary is reportedly €100,000) as in some of the other frauds. He moved to the trading floor from the risk control group in 2006
His role was to hedge exposures using futures on European stock-market indexes, including Euro Stoxx50 ($50 billion daily volume), Germany’s DAX Index and France’s CAC-40
By the end of December, the positions were significantly in the money, but became unprofitable after the market turmoil occurred at the beginning of 2008
Risk control specialists first discovered the suspicious trades when investigating an outside trading partner of the bank, whose account showed unusually high finance levels. The client, when asked by the bank about the account’s finances, denied knowing of it. The full extent of the fraud was known within a day
or two
The trader does not appear to have profited from the fraudulent trades and his motivations are unclear
It has been reported that such trading raised supervisory/risk management suspicions in the past, but that the trader had successfully addressed any questions/suspicions
Source PwC
SOCGEN—A ROGUE TRADING INCIDENT
SocGen missed 75 alerts between June 2006 and January 2007 on the activities of rogue trader Jerome Kerviel (JK)
Risk control procedures were followed correctly, but compliance officers rarely went beyond routine checks and did not inform managers of anomalies, even when large sums were concerned. “No initiative was taken to check JK’s assertions and corrections he suggested, even when they lacked plausibility. . . When the hierarchy was alerted, they did not respond”
The panel supported JK’s claim that he acted alone and that he did not profit personally from the trades.
The investigation found that JK started building up non-authorized trading positions in 2005 and 2006 for small amounts but the positions he took grew in size from March 2007 onwards
By Christmas he was in profit by €1.4 billion but his activities were discovered on January 8, fully identified by January 18 and SocGen was forced to secretly unwind the positions between January 21 and 23 in falling markets, taking it to a €4.9 billion loss
The red flags that should have alerted bosses to the rogue trades included:
A trade with a maturity date that fell on a Saturday
Bets without identified counterparties
Trades with counterparties within SocGen itself
Trades that exceeded the limits of counterparties
Missing broker names and large increases in broker fees
There were also differences of up to €1.1 billion during
reconciliations of JK's trading books with SocGen'sonline derivatives broker. The panel found seven false emails sent by JK that attempted to explain his trading and counterparties
According to the London Times, an independent report to SocGen’s Board includes the following information:
Source PwC
SOCGEN—A ROGUE TRADING INCIDENT
Some of the conclusions derived from public sources include:
Large speculative positions were concealed by equal and opposite fictitious trades, thus concealing the MTM effect and market risk exposure.
Unauthorized trades were possibly booked across a large number of either dormant or "dummy" accounts thus were not necessarily monitored on a regular basis.
The trader possibly entered into transactions with multiple large counterparties thus staying within limits and possibly benefiting from cross-product netting for margin.
Massive open positions would have been rolled-forward to avoid settlements.
The trader may have used cancels and/or amendments on the fictitious trades to maintain the real trades within limits.
In anticipation of periodic reviews by Risk Control, the trader may have used book-entry transfers to move the massive real positions between accounts.
The trader most likely had access to both front and back systems through potential ID/password theft and/or sharing or continued access from his previous role in Risk Control that should have been terminated. Such access could have enabled manipulation of credit, market risk and trade-size controls.
Trader most likely did not take any vacation during this period and frequently worked late into the night or on weekends.
It remains possible, despite SocGen’s management’s declaration otherwise, that collusion with either external or internal parties were involved. At a minimum, friendships established during years in risk management were maintained and used to obtain information.
Source PwC
SOCGEN—A ROGUE TRADING INCIDENT
CAUSES/FACTORS IMPACTING LEVEL
OF FRAUD
The absence of policies and procedures aimed at preventing and deterring employees/vendors from committing fraud
High growth rate in the information technology, coupled with an even higher attrition rate
There is an absence of dedicated efforts/specialized skill sets to prevent/ detect fraud under pressure situations. Inadequate infrastructure/processes for performing employee background checks
Misuse of the trust and responsibility obtained in an organization is another key cause for committing frauds
Pressure of expectations has been a determining factor for some of the employees in their attitude towards fraud