fraud risks in the new economy: are your bases covered?€¦ · hunted, jacob disguised himself as...

Fraud risks in the new economy: are your bases covered?

FEI breakfast seminar November 25, 2009

Agenda

01 Basics on fraud

02 Fraud risks in challenging economic times

03 Information technology fraud

04 Fraud risks: a legal perspective

2

01 Basics on fraud

James (Jim) Blatchford MBA, CMA, FCMA, CFEPractice LeaderForensic Accounting and Investigative Services (“FAIS”)Grant Thornton LLP, Vancouver

3

Three ways to separate you from your money or other assets

Robbery “in your face”

Burglary “behind your back”

Fraud “trickery”

4

Fraud defined—per Webster’s Dictionary

"Deceit, trickery, or intentional perversion of truth in order to induce another to part with something of value or surrender a legal right"

"An act of deceiving or misrepresenting"

5

Two elements of fraud

DISHONESTYActive - Passive - Indirect

DEPRIVATIONActual loss or Risk of loss

6

Introduction—the evolution of “fraud”

• As we learn from the Holy Bible, fraud has been evident from the dawn of creation– Adam, Eve and the apple misrepresentations by

the snake

• Some current scams are just “reinventions”– Ex: “identify theft” – the story of Esau, the eldest son of

Isaac and older twin brother of Jacob. While Esau hunted, Jacob disguised himself as Esau, brought food to their father, and received his blessing.

7


Some historical quotes:

“It is the natural propensity of man to falsify and corrupt everything.”

~ attributed to Pliny the Elder, AD 23 to AD 79

8


“If a herdsman, to whose care cattle or sheep have been entrusted, be guilty of fraud and make false returns of the natural increase, or sell them

for money, then shall he be convicted and pay the owner ten times the loss."

~ Hamurabi’s Code of Laws of Ancient Babylon[circa 1727 to 1780 BC, which incidentally predates the

Hebrew 10 Commandments by nearly 500 years]

9


“Fraud and deceit abound these days more than in former times”

10


“Fraud and deceit abound these days more than in former times”

~ Sir Edward Coke – 1602English Jurist and Member of Parliament

Attorney General to Queen ElizabethProsecuted Sir Walter Raleigh and his Gun Powder Conspirators

11


• How has fraud changed through the ages and how might it change in the future?

Media from word of mouth to internet

Range from local tribes to global reach

Complexity from simple to sophisticated

12


"If fraud has been around from the dawn of

time, and the nature of fraud does not change,

is it simply part of the nature of man?”

13

The fraud triangle

Fraud

Motiv

ation

Rationalization

Opportunity

14

The “GONE” theory

Greed

Opportunity

Need

Expectation15

Where does fraud occur?

A – Accounting Firms; Auto Dealers N – Non-profit Societies (Food Bank)B – Banks; Credit Unions; Trust Companies O – Optometry Clinics; Office SupplyC – Construction Companies; Churches P – Police Offices; Property DevelopersD – Dental Practices; Distribution Q E – Employment Offices R – Retirement Homes; RestaurantsF – Food Stores & Suppliers; Forestry S – Schools; SROsG – Government Departments & Agencies T – Telecoms; Transportation; TaxiH – Hospitals; Hotels U – Universities; Unions; Utilities I – Investment Houses & Brokerages V – Vacation Properties; J – Jewellers and Other Retailers W – Warehousing; WholesalersK – Kitchen & Bath Design & Supply X – X-ray ClinicL – Lumber Mills; Law Firms; Y M – Mining Companies; Manufacturers Z

16

Bribery

Excessive Gifts/Hospitality

Kickback

Excessive Political/Charitable

Donations

Extortion

17

Fraud statistics—society as “victim”

Fraud losses in the US estimated at:

$994 BILLION annually = 7% of Revenues

2008 ACFE Report to the Nation

“The personal costs of fraud cannot be measured reliably”

Canadian Securities Association18

Profile of a fraud perpetrator

Characteristics• Age• Tenure• Position• Income• Education• Gender• Departments

19

ACFE 2008 Report to the NationPerpetrators by age

20

ACFE 2008 Report to the NationTenure

Tenure of perpetrator Percentage of cases Median loss

<1 year 7.4% $50,000

1-5 years 40.5% $142,000

6-10 years 24.6% $261,000

>10 years 27.5% $250,000

21

ACFE 2008 Report to the NationPosition | median loss | frequency | detection period by position

22

ACFE 2008 Report to the NationMedian loss and percentage of losses by perpetrator income level

23

ACFE 2008 Report to the NationMedian loss by education level

24

ACFE 2008 Report to the NationMedian loss and percentage of losses by gender

25

ACFE 2008 Report to the NationFraud by department

Department Percentage Median loss

Accounting 28.9 $200,000

Executive 17.8 $853,000

Operations 16.1 $80,000

Sales 11.6 $106,000

Finance 3.9 $252,000

Purchasing 2.8 $600,000

Human Resources 0.9 $325,000

Research and Development 0.9 $562,000

Other 17.1

26

ACFE 2008 Report to the NationBehavioral characteristics of fraud perpetrators (red flags)

• Living beyond means

• Financial difficulties

• Wheeler/dealer attitude

• Control issues

• Unusually close association with suppliers/customers

• Excessive internal pressure on financial results – leading to financial statement fraud or other reporting fraud

27

Major frauds

"Surprisingly enough, historical records indicate that most major frauds are perpetrated by senior

management in collusion with other employees"

~ Source: Tone at the Top, Issue 40, August 2008 IIA

28

02 Fraud risks in challenging economic times

James (Jim) Blatchford MBA, CMA, FCMA, CFEPractice LeaderForensic Accounting and Investigative Services (“FAIS”)Grant Thornton LLP, Vancouver

29

Economic downturn = the “perfect storm” for increased risk of fraud

• Individuals (whether executives, managers, or staff) are “trapped” by their current personal financial obligations– mortgages, car payments, layaway plans, braces, etc.

• Organizations are “trapped” by their current financial and operational circumstances– Lower sales, uncertain markets, existing contracts that

are uneconomical, fewer sources of debt at lower rates, or existing debt at higher rates

• Government and business leaders debating the “right way to proceed” for short-term stability versus long-term goals

30

Economic downturn = the “perfect storm” for increased risk of fraud

• No easy answers, no “quick fixes”, and historical remedies not necessarily working or not available

• Other factors in play– Emotions running rampant– Fear rising due to uncertainty– Loss of confidence in political and business

leaders• Exacerbated by newest scandals in markets

– Impact extends to “old stalwarts”• GM/Chrysler; Nortel; brokerages; banks

31

Some expected reactions vis-à-vis fraud

Business will downsize by reducing the number of managers and staff – ask more of employees while at the same time possibly reducing salaries and benefits

– Less oversight when opportunity and greed/need increasing

– More (or at least easier) rationalization of fraud and theft

32


Business focusing on expected cash requirements to survive versus historical cash flows and financial results

– Questionable and unexplained transactions will be found to be initiated by individuals at all levels within the organization’s hierarchy

– Executive and Management have to decide whether:• to re-direct attention from business at hand • to apply scarce resources to investigate

33


Heavy focus on financial results

• Activities of executives/managers/division heads will be scrutinized to see where reduction in profits and strength in balance sheet falls on the “performance continuum”

– Ex: are poorer financial results arising as a result of “market forces” versus “mismanagement” or “over-management” or “abuse”

34

I didn’t think it could happen to me!

• Steps that can be taken now:

• Don’t just rely on internal controls in place

• TRUST IS NOT A FOOLPROOF CONTROL

• Be more skeptical

• Consider a “Fraud Risk Assessment”

• Consider a “Whistle-blower” program35

I didn’t think it could happen to me! (cont.)

• Steps that can be taken now:– Prepare and communicate a “Code of Ethics”

and “Conflict of Interest” Guidelines • Include “sign-offs” by employees

– Prepare “investigation protocol” in advance• Who (internal or external), what, when, etc.

– Increase “fraud awareness” for employees36

03 Information technology fraud

Doug Steele CA, CISAPartnerSpecialist Advisory Service Line Leader Grant Thornton LLP, Vancouver

37

A definition of cyber-crime

Two parts included in the definition of cyber-crime:

• Traditional crimes that are now being conducted through the use of a computer or other technology

• Crimes that involve acts against computers and technology directly

38

Examples of internet technology fraud

• "Phishing" • Email scams• Identity theft (MySpace, Facebook)• Theft of intellectual property• Credit card data theft

39

Canada’s cyber-crime ranking

• Canada ranked fourth in the world for number of perpetrators of internet crime 1

• Canada ranked second in the world for number of complainants of internet crime 1

• Canada ranked seventh in the world for identified malicious activity 2;

• Canada ranked eighth in the world for hosting botnet command and control servers 3

• Canada ranked eighth in the world for countries hosting phishing servers 2

1 Source 2007 Internet Crime Report, The US National White Collar Crime Centre, Bureau of Justice Assistance, FBI2 Source April 2008 Symantec Global Internet Security Threat Report3 Source September 2007 Symantec Global Internet Security Threat Report

40

The cloak of cyber-crime

Potentially unlimited attack source points with hi-tech diversion and stealth capabilities

Widely available attack tools and automation with exploit availability already at zero days

Attack methods are low complexity, low cost and low risk for the attacker

High probability of success and large financial gain

41

Canadian law enforcement

• Almost every crime committed in Canada today has some hi-tech component

• Cybercrime surpassing drug trafficking as number one crime in the nation

• There are 245 hi-tech law enforcement officers covering all aspects of tech related crime in Canada

• The average citizen is more likely to be a victim of cybercrime than on the street or in their home

• Law enforcement is unable to keep up to the growing incidence of cybercrime in Canada

Source: 1) May 21, 2008 Press Release, Canadian Association of Police Boards (CAPB)

42

Corporate attackers

Insiders:– Disgruntled Employees– Internal Fraud – Internal Surveyors

Hackers and crackers:– Challenge/Prestige/Profit– Access to Knowledge or

Insider Information– Follow the Leader/Game Play

Cyber criminals:– Corporate Resource Control– Information Access– Theft/Fraud

Hacktivism groups:– Corporate Policy/Politics– Corporate Audience– Public Embarrassment– Reputation Assault– Fraud

Cyber terrorists:– Corporate Access/Power– Denial/Hijacking of Service– Destruction– Kidnapping/Assassination

Cyber spies/espionage:– Intellectual Capital– Sabotage– Market Plans– Customer Information– Fraud

Information warfare:– International Political Strike– Espionage/Reconnaissance– Critical Infrastructure

Surveillance

43

Additional risks in a poor economy

“History has shown that when there is a downturn in the economy, there tends to be an increase in fraudulent activity.

We expect businesses, particularly small- and medium-sized ones, and consumers to be more vulnerable to scams as they look to minimize expenses in the midst of an economic downturn.

Last year, the Competition Bureau fielded almost 15,000 complaints about mass marketing fraud, either by mail, telephone or the Internet."

Melanie AitkenInterim Commissioner of CompetitionCompetition Bureau

44

Identity theft

"The Canadian Anti-Fraud Centre reported 7778 cases of identity theft in 2006, resulting in millions of dollars in damages.

The Canadian Council of Better Business Bureaus has estimated that identity theft may cost Canadian consumers, banks, credit card firms, stores and other businesses more than $2 billion annually."

Global Centre for Securing Cyberspace (Canada) http://gcsc.ca/index.php/public/cybercrime

45

The cost of cybercrime

"Alarmingly, almost three-quarters (74%) of 601 CIOs surveyed perceive that threats to corporate security are now coming from inside the organization.

Nearly 60 percent of US businesses believe that cybercrime is more costly to them than physical crime..

The costs resulting from cybercrime, these businesses report, are primarily from lost revenue, loss of current and prospective customers and loss of employee productivity."

Braun Research Inc. IBM Survey of 601 Chief Information Officers on the status of cybercrime in their organizations

46

The cost of cybercrime (cont.)

• The true losses are not known because many companies choose not to report them.• Based on reported crimes, global costs are estimated at more than $1 trillion dollars

a year in loss of business and damages 1

• A single wave of cyber attacks on critical infrastructures could exceed $700 billion (US Cyber Consequences Unit) 1

• The average annual corporate loss resulting from a cybercrime incident rose to$350,424 in 2007 2

• Cumulative financial losses stemming from phishing attacks rose to more than $3 billion in 2007 3

• Losses are expected to climb as economy downturns "We will never get a definitive answer on how much money Canadians lose to fraud each year" 4

1 Source Global Centre for Securing Cyberspace (Canada) http://gcsc.ca/index.php/public/cybercrime2 Source 2007 CSI Computer Crime and Security Survey3 Source Gartner, Inc. "Phishing Attacks Escalate, Morph and Cause Considerable Damage," by Avivah Litan, December 13, 20074 Source Cpl. Louis Robertson, a spokesman for PhoneBusters, an RCMP and OPP joint effort

47

Easy ways to protect your organization

• Understand your risks• Have an information security policy• Periodically test your information security• Increase staff awareness• Keep up to date with virus protection and system

patches

48

Summary

• Companies are increasingly becoming the targets of successful cyber-criminal activity.

• Law enforcement is over extended in Canada and is slow to react to financial-based cyber-crime.

• Fraud related to information technology is on the rise and will continue to escalate as the economy takes a downturn.

49

04 Fraud risks: a legal perspective

George E.H. Cadman, Q.C.November 25, 2009

50

• Basic rules have not changed• Criminal Code• Threshold for “Civil Fraud”• “Badges” of fraud• Recourse through:

– Civil courts– Criminal code provisions– Regulators

51

• Civil remedies largely unchanged• Key element is quick response• Various tools

– Pre-trial garnishment– Marera injunction– Anton Pillar order

• Key tool is knowledge – “Where are the assets?”• Tools are aimed at identification and preservation

52

Statutory remedies• Fraudulent Preference Act• Fraudulent Conveyance Act• Criminal Code• Interim Receiver under BIA• Reciprocal Enforcement• Inter-provincial Attachment

53

Traditional processes• Pleadings• Documents discovery• E-discovery• Role of experts• Interlocutory relief• Proof at trial• Role of summary trial process• Cost is always a factor

54

• Response to fraudulent activities– Securities (role of B.C.S.C., S.E.C. and others)– Real Estate (role of Superintendent)– Financial Institutions (role of Superintendent &

FICOM)• Preservation v. Recovery• Restitution v. Damages• What about fidelity insurance?

55

• Fraud knows no borders• Increasing emphasis on cross-border recovery

– Both inter-provincial and international• Technology available to fraudsters has far

outpaced legal systems and ability to respond• Internet marketing of fraudulent schemes• Credit card fraud• More likely see regulatory or business response

than legal

56

• How do we respond to:– Cybercrime– Theft of trade secrets– Identity theft

• Are the Courts capable of responding quickly and effectively?

• What is the cost of that response?• Is there a better way?• Real key: proper monitoring and effective risk

management

57

• James (Jim) Blatchford MBA, CMA, FCMA, CFE

Practice LeaderForensic Accounting and Investigative Services (“FAIS”)Grant Thornton LLP, Vancouver

• Doug Steele CA, CISA

PartnerSpecialist Advisory Service Line Leader Grant Thornton LLP, Vancouver

• George Cadman, QCPartnerBoughton Law Corporation

58