fraud risks in the new economy: are your bases covered?€¦ · hunted, jacob disguised himself as...
TRANSCRIPT
Fraud risks in the new economy: are your bases covered?
FEI breakfast seminar November 25, 2009
Agenda
01 Basics on fraud
02 Fraud risks in challenging economic times
03 Information technology fraud
04 Fraud risks: a legal perspective
2
01 Basics on fraud
James (Jim) Blatchford MBA, CMA, FCMA, CFEPractice LeaderForensic Accounting and Investigative Services (“FAIS”)Grant Thornton LLP, Vancouver
3
Three ways to separate you from your money or other assets
Robbery “in your face”
Burglary “behind your back”
Fraud “trickery”
4
Fraud defined—per Webster’s Dictionary
"Deceit, trickery, or intentional perversion of truth in order to induce another to part with something of value or surrender a legal right"
"An act of deceiving or misrepresenting"
5
Two elements of fraud
DISHONESTYActive - Passive - Indirect
DEPRIVATIONActual loss or Risk of loss
6
Introduction—the evolution of “fraud”
• As we learn from the Holy Bible, fraud has been evident from the dawn of creation– Adam, Eve and the apple misrepresentations by
the snake
• Some current scams are just “reinventions”– Ex: “identify theft” – the story of Esau, the eldest son of
Isaac and older twin brother of Jacob. While Esau hunted, Jacob disguised himself as Esau, brought food to their father, and received his blessing.
7
Introduction—the evolution of “fraud”
Some historical quotes:
“It is the natural propensity of man to falsify and corrupt everything.”
~ attributed to Pliny the Elder, AD 23 to AD 79
8
Introduction—the evolution of “fraud”
“If a herdsman, to whose care cattle or sheep have been entrusted, be guilty of fraud and make false returns of the natural increase, or sell them
for money, then shall he be convicted and pay the owner ten times the loss."
~ Hamurabi’s Code of Laws of Ancient Babylon[circa 1727 to 1780 BC, which incidentally predates the
Hebrew 10 Commandments by nearly 500 years]
9
Introduction—the evolution of “fraud”
“Fraud and deceit abound these days more than in former times”
10
Introduction—the evolution of “fraud”
“Fraud and deceit abound these days more than in former times”
~ Sir Edward Coke – 1602English Jurist and Member of Parliament
Attorney General to Queen ElizabethProsecuted Sir Walter Raleigh and his Gun Powder Conspirators
11
Introduction—the evolution of “fraud”
• How has fraud changed through the ages and how might it change in the future?
Media from word of mouth to internet
Range from local tribes to global reach
Complexity from simple to sophisticated
12
Introduction—the evolution of “fraud”
"If fraud has been around from the dawn of
time, and the nature of fraud does not change,
is it simply part of the nature of man?”
13
The fraud triangle
Fraud
Motiv
ation
Rationalization
Opportunity
14
The “GONE” theory
Greed
Opportunity
Need
Expectation15
Where does fraud occur?
A – Accounting Firms; Auto Dealers N – Non-profit Societies (Food Bank)B – Banks; Credit Unions; Trust Companies O – Optometry Clinics; Office SupplyC – Construction Companies; Churches P – Police Offices; Property DevelopersD – Dental Practices; Distribution Q E – Employment Offices R – Retirement Homes; RestaurantsF – Food Stores & Suppliers; Forestry S – Schools; SROsG – Government Departments & Agencies T – Telecoms; Transportation; TaxiH – Hospitals; Hotels U – Universities; Unions; Utilities I – Investment Houses & Brokerages V – Vacation Properties; J – Jewellers and Other Retailers W – Warehousing; WholesalersK – Kitchen & Bath Design & Supply X – X-ray ClinicL – Lumber Mills; Law Firms; Y M – Mining Companies; Manufacturers Z
16
Bribery
Excessive Gifts/Hospitality
Kickback
Excessive Political/Charitable
Donations
Extortion
17
Fraud statistics—society as “victim”
Fraud losses in the US estimated at:
$994 BILLION annually = 7% of Revenues
2008 ACFE Report to the Nation
“The personal costs of fraud cannot be measured reliably”
Canadian Securities Association18
Profile of a fraud perpetrator
Characteristics• Age• Tenure• Position• Income• Education• Gender• Departments
19
ACFE 2008 Report to the NationPerpetrators by age
20
ACFE 2008 Report to the NationTenure
Tenure of perpetrator Percentage of cases Median loss
<1 year 7.4% $50,000
1-5 years 40.5% $142,000
6-10 years 24.6% $261,000
>10 years 27.5% $250,000
21
ACFE 2008 Report to the NationPosition | median loss | frequency | detection period by position
22
ACFE 2008 Report to the NationMedian loss and percentage of losses by perpetrator income level
23
ACFE 2008 Report to the NationMedian loss by education level
24
ACFE 2008 Report to the NationMedian loss and percentage of losses by gender
25
ACFE 2008 Report to the NationFraud by department
Department Percentage Median loss
Accounting 28.9 $200,000
Executive 17.8 $853,000
Operations 16.1 $80,000
Sales 11.6 $106,000
Finance 3.9 $252,000
Purchasing 2.8 $600,000
Human Resources 0.9 $325,000
Research and Development 0.9 $562,000
Other 17.1
26
ACFE 2008 Report to the NationBehavioral characteristics of fraud perpetrators (red flags)
• Living beyond means
• Financial difficulties
• Wheeler/dealer attitude
• Control issues
• Unusually close association with suppliers/customers
• Excessive internal pressure on financial results – leading to financial statement fraud or other reporting fraud
27
Major frauds
"Surprisingly enough, historical records indicate that most major frauds are perpetrated by senior
management in collusion with other employees"
~ Source: Tone at the Top, Issue 40, August 2008 IIA
28
02 Fraud risks in challenging economic times
James (Jim) Blatchford MBA, CMA, FCMA, CFEPractice LeaderForensic Accounting and Investigative Services (“FAIS”)Grant Thornton LLP, Vancouver
29
Economic downturn = the “perfect storm” for increased risk of fraud
• Individuals (whether executives, managers, or staff) are “trapped” by their current personal financial obligations– mortgages, car payments, layaway plans, braces, etc.
• Organizations are “trapped” by their current financial and operational circumstances– Lower sales, uncertain markets, existing contracts that
are uneconomical, fewer sources of debt at lower rates, or existing debt at higher rates
• Government and business leaders debating the “right way to proceed” for short-term stability versus long-term goals
30
Economic downturn = the “perfect storm” for increased risk of fraud
• No easy answers, no “quick fixes”, and historical remedies not necessarily working or not available
• Other factors in play– Emotions running rampant– Fear rising due to uncertainty– Loss of confidence in political and business
leaders• Exacerbated by newest scandals in markets
– Impact extends to “old stalwarts”• GM/Chrysler; Nortel; brokerages; banks
31
Some expected reactions vis-à-vis fraud
Business will downsize by reducing the number of managers and staff – ask more of employees while at the same time possibly reducing salaries and benefits
– Less oversight when opportunity and greed/need increasing
– More (or at least easier) rationalization of fraud and theft
32
Some expected reactions vis-à-vis fraud
Business focusing on expected cash requirements to survive versus historical cash flows and financial results
– Questionable and unexplained transactions will be found to be initiated by individuals at all levels within the organization’s hierarchy
– Executive and Management have to decide whether:• to re-direct attention from business at hand • to apply scarce resources to investigate
33
Some expected reactions vis-à-vis fraud
Heavy focus on financial results
• Activities of executives/managers/division heads will be scrutinized to see where reduction in profits and strength in balance sheet falls on the “performance continuum”
– Ex: are poorer financial results arising as a result of “market forces” versus “mismanagement” or “over-management” or “abuse”
34
I didn’t think it could happen to me!
• Steps that can be taken now:
• Don’t just rely on internal controls in place
• TRUST IS NOT A FOOLPROOF CONTROL
• Be more skeptical
• Consider a “Fraud Risk Assessment”
• Consider a “Whistle-blower” program35
I didn’t think it could happen to me! (cont.)
• Steps that can be taken now:– Prepare and communicate a “Code of Ethics”
and “Conflict of Interest” Guidelines • Include “sign-offs” by employees
– Prepare “investigation protocol” in advance• Who (internal or external), what, when, etc.
– Increase “fraud awareness” for employees36
03 Information technology fraud
Doug Steele CA, CISAPartnerSpecialist Advisory Service Line Leader Grant Thornton LLP, Vancouver
37
A definition of cyber-crime
Two parts included in the definition of cyber-crime:
• Traditional crimes that are now being conducted through the use of a computer or other technology
• Crimes that involve acts against computers and technology directly
38
Examples of internet technology fraud
• "Phishing" • Email scams• Identity theft (MySpace, Facebook)• Theft of intellectual property• Credit card data theft
39
Canada’s cyber-crime ranking
• Canada ranked fourth in the world for number of perpetrators of internet crime 1
• Canada ranked second in the world for number of complainants of internet crime 1
• Canada ranked seventh in the world for identified malicious activity 2;
• Canada ranked eighth in the world for hosting botnet command and control servers 3
• Canada ranked eighth in the world for countries hosting phishing servers 2
1 Source 2007 Internet Crime Report, The US National White Collar Crime Centre, Bureau of Justice Assistance, FBI2 Source April 2008 Symantec Global Internet Security Threat Report3 Source September 2007 Symantec Global Internet Security Threat Report
40
The cloak of cyber-crime
Potentially unlimited attack source points with hi-tech diversion and stealth capabilities
Widely available attack tools and automation with exploit availability already at zero days
Attack methods are low complexity, low cost and low risk for the attacker
High probability of success and large financial gain
41
Canadian law enforcement
• Almost every crime committed in Canada today has some hi-tech component
• Cybercrime surpassing drug trafficking as number one crime in the nation
• There are 245 hi-tech law enforcement officers covering all aspects of tech related crime in Canada
• The average citizen is more likely to be a victim of cybercrime than on the street or in their home
• Law enforcement is unable to keep up to the growing incidence of cybercrime in Canada
Source: 1) May 21, 2008 Press Release, Canadian Association of Police Boards (CAPB)
42
Corporate attackers
Insiders:– Disgruntled Employees– Internal Fraud – Internal Surveyors
Hackers and crackers:– Challenge/Prestige/Profit– Access to Knowledge or
Insider Information– Follow the Leader/Game Play
Cyber criminals:– Corporate Resource Control– Information Access– Theft/Fraud
Hacktivism groups:– Corporate Policy/Politics– Corporate Audience– Public Embarrassment– Reputation Assault– Fraud
Cyber terrorists:– Corporate Access/Power– Denial/Hijacking of Service– Destruction– Kidnapping/Assassination
Cyber spies/espionage:– Intellectual Capital– Sabotage– Market Plans– Customer Information– Fraud
Information warfare:– International Political Strike– Espionage/Reconnaissance– Critical Infrastructure
Surveillance
43
Additional risks in a poor economy
“History has shown that when there is a downturn in the economy, there tends to be an increase in fraudulent activity.
We expect businesses, particularly small- and medium-sized ones, and consumers to be more vulnerable to scams as they look to minimize expenses in the midst of an economic downturn.
Last year, the Competition Bureau fielded almost 15,000 complaints about mass marketing fraud, either by mail, telephone or the Internet."
Melanie AitkenInterim Commissioner of CompetitionCompetition Bureau
44
Identity theft
"The Canadian Anti-Fraud Centre reported 7778 cases of identity theft in 2006, resulting in millions of dollars in damages.
The Canadian Council of Better Business Bureaus has estimated that identity theft may cost Canadian consumers, banks, credit card firms, stores and other businesses more than $2 billion annually."
Global Centre for Securing Cyberspace (Canada) http://gcsc.ca/index.php/public/cybercrime
45
The cost of cybercrime
"Alarmingly, almost three-quarters (74%) of 601 CIOs surveyed perceive that threats to corporate security are now coming from inside the organization.
Nearly 60 percent of US businesses believe that cybercrime is more costly to them than physical crime..
The costs resulting from cybercrime, these businesses report, are primarily from lost revenue, loss of current and prospective customers and loss of employee productivity."
Braun Research Inc. IBM Survey of 601 Chief Information Officers on the status of cybercrime in their organizations
46
The cost of cybercrime (cont.)
• The true losses are not known because many companies choose not to report them.• Based on reported crimes, global costs are estimated at more than $1 trillion dollars
a year in loss of business and damages 1
• A single wave of cyber attacks on critical infrastructures could exceed $700 billion (US Cyber Consequences Unit) 1
• The average annual corporate loss resulting from a cybercrime incident rose to$350,424 in 2007 2
• Cumulative financial losses stemming from phishing attacks rose to more than $3 billion in 2007 3
• Losses are expected to climb as economy downturns "We will never get a definitive answer on how much money Canadians lose to fraud each year" 4
1 Source Global Centre for Securing Cyberspace (Canada) http://gcsc.ca/index.php/public/cybercrime2 Source 2007 CSI Computer Crime and Security Survey3 Source Gartner, Inc. "Phishing Attacks Escalate, Morph and Cause Considerable Damage," by Avivah Litan, December 13, 20074 Source Cpl. Louis Robertson, a spokesman for PhoneBusters, an RCMP and OPP joint effort
47
Easy ways to protect your organization
• Understand your risks• Have an information security policy• Periodically test your information security• Increase staff awareness• Keep up to date with virus protection and system
patches
48
Summary
• Companies are increasingly becoming the targets of successful cyber-criminal activity.
• Law enforcement is over extended in Canada and is slow to react to financial-based cyber-crime.
• Fraud related to information technology is on the rise and will continue to escalate as the economy takes a downturn.
49
04 Fraud risks: a legal perspective
George E.H. Cadman, Q.C.November 25, 2009
50
• Basic rules have not changed• Criminal Code• Threshold for “Civil Fraud”• “Badges” of fraud• Recourse through:
– Civil courts– Criminal code provisions– Regulators
51
• Civil remedies largely unchanged• Key element is quick response• Various tools
– Pre-trial garnishment– Marera injunction– Anton Pillar order
• Key tool is knowledge – “Where are the assets?”• Tools are aimed at identification and preservation
52
Statutory remedies• Fraudulent Preference Act• Fraudulent Conveyance Act• Criminal Code• Interim Receiver under BIA• Reciprocal Enforcement• Inter-provincial Attachment
53
Traditional processes• Pleadings• Documents discovery• E-discovery• Role of experts• Interlocutory relief• Proof at trial• Role of summary trial process• Cost is always a factor
54
• Response to fraudulent activities– Securities (role of B.C.S.C., S.E.C. and others)– Real Estate (role of Superintendent)– Financial Institutions (role of Superintendent &
FICOM)• Preservation v. Recovery• Restitution v. Damages• What about fidelity insurance?
55
• Fraud knows no borders• Increasing emphasis on cross-border recovery
– Both inter-provincial and international• Technology available to fraudsters has far
outpaced legal systems and ability to respond• Internet marketing of fraudulent schemes• Credit card fraud• More likely see regulatory or business response
than legal
56
• How do we respond to:– Cybercrime– Theft of trade secrets– Identity theft
• Are the Courts capable of responding quickly and effectively?
• What is the cost of that response?• Is there a better way?• Real key: proper monitoring and effective risk
management
57
• James (Jim) Blatchford MBA, CMA, FCMA, CFE
Practice LeaderForensic Accounting and Investigative Services (“FAIS”)Grant Thornton LLP, Vancouver
• Doug Steele CA, CISA
PartnerSpecialist Advisory Service Line Leader Grant Thornton LLP, Vancouver
• George Cadman, QCPartnerBoughton Law Corporation
58