Category Archives: In The News

Makes You WannaCry

ransomware

A couple of years ago a lawyer friend told me about clients who were coming to her office, panicked because their computers had been locked by parties claiming to be the FBI. In order to get their machines unlocked, these fake FBI agents demanded to be paid a ransom. On Friday, over 200,000 machines were locked by people (I assume it was more than one person) who did not even pretend to be good. They encrypted the information on these machines and demanded $300 to $600 per machine or, they threatened, all the data on those machines would be destroyed. This type of attack is called a ransomware attack. A program is introduced into the machine, and it locks and encrypts all the data on the machine. A message pops up on the infected machine demanding that money be paid, almost always via bitcoin. Once the ransom has been paid, the message says, a method to unlock the machine will be sent. If the ransom is not paid within the time demanded, all the data on the machine will be erased. So much of our lives, both personal and business, is stored on computers; can you imagine what would happen if your computer was locked? The mere thought makes my heart speed up.

Earlier this year, a hacker crew called Shadow Brokers released several tools used by the National Security Agency (NSA). Among these tools was one called EternalBlue and this tool exploited a flaw in Microsoft Windows. Armed with the information that was leaked, Microsoft created a patch to fix this flaw and released this patch in March. Perhaps you have now read this far and you are wondering, if the patch was released in March, how did this massive attack happen in May? How many times has a message popped up on your machine while you are in the middle of something. The message tells you that an update is available for your machine. You see it, but you are in the middle of something important. You close the window and delay the update. This can happen over and over again. Some people, irritated by the notices, turn off the alerts altogether. Now, these automatic alerts are only available on versions of Windows that Microsoft is still actively supporting. So, if you have an older version of Windows, such as XP, Windows 8 or Windows Server 2003, you no longer receive alerts for updates. Either way, there are millions of machines that were vulnerable to attack on Friday. And on Friday, ransomware aptly called WannaCry, wreaked havoc all over the world.

It is believed that the attackers gained access to computers and systems using infected zip files attached to emails. People opened emails and clicked on attachments. These emails did not come from friends and the people clicked on attachments, not knowing what they were opening. Taking advantage of the fact that many organizations store their computer information on servers, making all users interconnected. The WannaCry ransomware, once released by one user, made its way through the interconnected systems and attacked other machines, even those belonging to people who did not click on the infected attachments.

This attack has made many things apparent:

  • Keeping secrets can sometimes go very wrong. The NSA knew that there was a vulnerability in Microsoft Windows. If it was not for the Shadow Brokers leak, Microsoft may not have discovered this vulnerability and they would not have developed a patch to fix it. One can also argue that, if Shadow Brokers had not leaked this information, the hackers may not have known to create WannaCry and none of this would have happened in the first place. I have found, though, that generally speaking, secrets are not kept that way forever.
  • When I wrote about the fake FBI attacks, I stated the importance of keeping your computers up to date. I cannot stress this enough. When the reminders pop up on your machine to update your software, update your software. Install the security fixes. If you don’t want to be disturbed, set up a timetable so that your machine will automatically check for and install updates on a regular basis. Remember, also, to restart your machine on a regular basis. Many installations are not complete without a restart and some updates are triggered by a restart.
  • We live in a time where everyone receives more email than they want to deal with. We run the risk of making careless mistakes, opening up emails and clicking on attachments when we have no idea who sent the email and what is in the attachment. Nowadays, you are almost lucky if the only thing that the attachment does is send out a lot of spam to your friends. More often, click on that attachment can lead to hackers stealing information from you or holding your machine hostage. Sometimes, even when I receive an email, with an attachment, that appears to be from a friend, I will double-check with the friend to make sure that they have sent the email and their account has not been hacked. The extra step may seem tedious but, enough times I have found out that my friend was hacked, so I keep asking when I am suspicious.
  • If your operating system is no longer supported, you should consider getting new software that is. I say this with mixed feelings. Like most people, I hate being forced to buy something when what I already have has been working well for me and when I don’t like the new version. I feel scammed being made to spend that extra money and if the world only contained righteous people I would tell you to keep your software and change it when you are ready. But, we live in a world where people are ready to take advantage of an opportunity to get money out of you. Microsoft stopped providing support for Windows XP in 2014. This ransomware is specifically taking advantage of this fact. It’s a shame, but it is the way it is.
  • Back up, Back up and back up some more. If you are regularly backing up your machine and keeping the backup either in the cloud or on an external drive, you know what you can do when your machine is held for ransom? You can ignore the ransom demand because you have your data saved some place safe. The clock can tick down, the files on your machine can all be delete and, even though it will suck to restore everything, you can do so.

On Monday morning, people are going to go to work and turn on their machines and many machines running Windows XP or that have not been updated in months will be open to attack. Many of those that are attacked will want to pay the ransom because their data has not been backed. Just weeks ago, articles were written about how British hospitals spent nothing on cyber-defense.  On Friday, they could barely function. Maybe they had started having meetings and started discussing taking steps to protect their systems. But, like we all do when that warning popped up, they put it off. I am sure right now they are wishing they had done something to protect themselves because they had to scramble to fix a disaster.

Tagged , , , , , , , ,

Who Is The Accountant?

calculator-385506_1920

I have been excited about watching “The Accountant” for over a year, when I first heard about this movie – a film about a forensic accountant! I lived in fear of the project being canceled by film bigwigs, who would decide that no one wanted to see a movie about an accountant. Accountants are almost never depicted, on screen, as anyone worth one’s time. You can’t love or hate them, they are too boring to think about. But here was a movie and the filmmaker was so confident about it that he called it “The Accountant.”  I would tell people how excited I was about the film and they would almost always express surprise that anyone would want to make a film about a CPA, let alone watch one. I don’t blame them because just about every time I have seen a CPA being portrayed on film or television, I don’t want to be him (and it is almost always a him). He is a guy with zero social skills that people put up with because he is some kind of numbers-whisperer; a guy who can find secrets in the numbers that the true heroes are too busy being interesting to find. So, on Sunday, I dragged my husband, who is a true saint, to the movie theaters to watch “The Accountant.”

From the previews, you will see that Ben Affleck, the Accountant, seriously lacks social skills and does not appear to have any friends. He is, as a forensic accountant, a super numbers-whisperer who gobbles up financial statements for breakfast, lunch and dinner.  However, he is also the hero and is an incredibly interesting guy who can do all the running, jumping and full mystery solving that heroes can! They also threw in the story of Crazy Eddie and his “Panama pump”. I may have been the only person in the movie theater who exclaimed in excitement when that came up, but the story of Crazy Eddie is one of many years of various fraud schemes, ranging from money laundering and tax evasion, to financial statement fraud.  I had a great time watching this movie and, I even forgave the woman who yelled out a spoiler reveal before it happened.

It seems that many had been convinced to try out a film about a forensic accountant. “The Accountant” won the box office this weekend, by a massive margin that you don’t have to be an accountant to understand. This gives me hope for the future of CPAs on the screen (big or small). I can see it now – characters who are at least as interesting as lawyers and doctors. We may even be portrayed as people who can tell funny jokes, who can be engaging and who can even have friends: I am excited about films that break long-standing stereotypes. Maybe I am getting ahead of myself, but I will say something that is a first, with respect to how I feel about a CPA of any kind on TV or on film. I watched this movie and I came out wanting to be a forensic accountant!

 

Tagged , , , ,

Massive Betrayal of Trust

7198648678_7a3c5905d8_b

Photo by Mamnaimie Piotr

On September 8, the Consumer Financial Protection Bureau (CFPB) put out a press release that it was fining Wells Fargo Bank $100 million for secretly opening deposit and credit card accounts, without customer approval. In addition to the CFPB fine, Wells Fargo was fined $35 million by the Office of the Comptroller of the Currency, $50 million by the City and Country of Los Angeles and will have to pay approximately $5 million in restitution to customers. This fraudulent behavior occurred on a massive scale and, based on the CFPB’s investigation, resulted in:

  • Employees opening 1,534,280 unauthorized deposit accounts;
  • Employees submitting applications for 565,443 credit-card accounts, without the knowledge or consent of the people in whose names the applications were made;
  • Employees creating fake email addresses in order to enroll consumers in online-banking services;
  • Employees requesting debit cards for customers, without the customers’ knowledge or consent, and creating PINs to activate these cards.

All of the above has happened only since January 1, 2011. That is about five years in which these shenanigans were going on. During this time, Wells Fargo fired about 5,300 employees but it does not appear that the bank did a lot more than that to change the culture and systems in order to keep these practices from recurring, or that it took any steps to do right by the customers who were affected. To boot, the executive who oversaw the unit where this all happened left without having to pay back any of the almost $125 million that she earned with the bank. To understand why employees engaged in these dishonest practices, it is important to understand how they benefitted.

Wells Fargo is valued at over $250 billion, making it the most valuable bank in United States, by this yardstick. Wells Fargo was also considered to be the king of cross-selling. Cross-selling is a practice where banks sell more than one service to a customer. For instance, say you open a checking account with Wells Fargo. If the person that you open your account with convinces you to then open a savings account, a credit card account and a mortgage, all of that is cross-selling. At Wells Fargo, employees were paid and received bonuses based on the number of different services they were able to sell to customers. At times, employees would have to work unpaid overtime hours in order to reach these goals and would be threatened with losing their jobs if they did not do enough cross-selling. These employees were told to do “whatever it takes” in order to meet sales goals and this turned out to include engaging in the fraudulent behaviors I noted above.

With the pressure to perform in order to increase earnings, through bonuses, or merely keep a job, the retail employees, at least 5,300 of them, found many opportunities to game the system. Controls at Wells Fargo, when it came to ensuring accounts were valid and authorized by customers, appears to have been very lax. For instance:

  • Employees were able to sign up customers for banking services and would use fake email addresses that used wellsfargo.com as the domain name, such as 1234@wellsfargo.com or none@wellsfargo.com. Doesn’t that seem rather brazen? It also seems like a security shortfall on the part of the bank, that the application process wouldn’t flag an email that doesn’t exist in your own system.
  • When employees opened fake deposit accounts, they would fund these accounts by transferring a customers money from an authorized account to the fake account. Sometimes, as a result of the transfer, the authorized account would incur insufficient balance and overdraft fees. Also, the fake accounts would also incur fees and Wells Fargo would withdraw money from the authorized accounts in order to pay these fees.
  • In a similar manner, credit card accounts opened, without the approval or knowledge of customers, would incur annual and other fees. At times, these customers would find that they were in collections and their credit scores had been affected by accounts that they did not even know they had.
  • Some customers actually received credit cards for accounts that they had not authorized. When these customers contacted Wells Fargo to complain about these cards, they were told to simply destroy the cards. Destroying a credit card does not close the credit card account, nor does the shredding of a card do anything as far as the shredding that your credit profile may have taken.
  • In order to meet quarterly goals, employees would hold back applications for account openings. The manual applications, that included sensitive personal information, would be stockpiled in an unsecured manner and the accounts would only be opened in the next sales goal period, in a practice referred to as sandbagging.
  • Wells Fargo also misled customers by telling them that they could not get one service without getting a bundle of other included services. That would be like opening a checking account and being told that you cannot do so unless you open a savings account and get a credit card with the bank.

With how widespread these practices were, it seems that employees were sharing knowledge about how to best bulk up their cross-selling numbers, without actually cross-selling. Also, when customers complained about fees, it is unclear how much of a follow-up there was to discover if what had happened was a mistake or not. Then, when Wells Fargo discovered this behavior and fired an employee, the bank did not take any steps to let the impacted customers know that their information had been used to open accounts in their name and, if applicable, charge them fees. The bank did not go back and refund customers the fees they had been charged, unless the customer raised a stink about them. When I was discussing this case with my husband and explaining how customers were negatively affected, he had a tale of his own. He has a credit card (not Wells Fargo) and the company changed his credit card information, without letting him know. When he sent payment on his account, they accepted the payment, without telling him that the account was closed, and then charged him interest and fees on the balance that had been moved to a new account. He, not the credit card company, had to figure out what had happened and he, not the credit card company had to calculate the monies that needed to be refunded to him and make sure that the company was not just holding money on a nonexistent account but actually crediting it to his account.

As a result of this case, in addition to the fines that Wells Fargo has been ordered to pay, there are steps the bank has been ordered to take in order to improve the culture and strengthen the system so that this kind of behavior can be prevented, detected and corrected in the future. This includes:

  • Employee training to prevent “Improper Sales Practices” and improve integrity at the bank;
  • Creating monitoring processes and policies to effectively deal with customer complaints;
  • Creating systems to ensure that customer approval is received before accounts are opened on their behalf;
  • Revising the basis for how employees are paid and reviewing sales goals to ensure that they are not unrealistic and do not impose unreasonable pressure on employees.

Wells Fargo will continue to be monitored for five years, to make sure that they comply with the CFPB’s consent order.

On your part, with all your accounts, you can check to make sure that they accounts that you have are ones that you have authorized and that transactions made in your name are valid. Some steps that you can take are:

  • Review your credit report on a regular basis to make sure that all accounts listed are ones that you know about. Several financial institutions offer free credit reports to customers. If this is not an option for you, you can visit the Annual Credit Report website. On this website, you are entitled to credit report per year, from each of the three major credit reporting companies. A strategy to employ is to check a report with one agency every four months;
  • Check your bank statements regularly (at least monthly) for any transactions that are incorrect. Even if it is a small amount, look into a transaction. That small amount could be an indication of something bigger;
  • If you receive a card in the mail that you did not apply for it, follow-up on it and make sure that it is cancelled. Then check your credit report again.

On the Wells Fargo website, the Chairman and CEO states that “Everything we do is built on trust.” It seems that many employees have been playing lip service to that value and we know that, even with trust, it is important to verify. Take the time to check in on your finances. There may be mistakes that need fixing and there may also be pressured employees who are trying to get ahead or merely hold onto their jobs by engaging in dishonest practices.

Tagged , , , , , , , , , , , ,

A Matter of Trust

supply_demand

I fell in love with economics, in part, because it made so much sense. Just about everything could be boiled down into a supply and demand chart that even I, with my limited artistic skills, could draw, freehand. In a free market (the basis of all things good in this world) and in our economics 101 diagrams, the goal was to get everything, neatly, to equilibrium. It was glorious! In every situation, supply and demand, in a free market, would come to a price where both parties were happy and all goods and services to be sold were bought. In equilibrium, there were no shortages, there were no overages and the price was right. For instance, say guy made Twix bars and was selling them for five cents. He would likely find that a lot of people, including those who might ordinarily prefer Snickers, would be clamoring to stock up on Twix bars. Chances are that this guy would sell out of Twix bars in no time. People seeking these cheap, and now sold out, Twix bars might start placing ads on Craigslist, perhaps even offering ten cents for a Twix bar. Others might go to the Twix maker and offer him ten cents a bar to be put on a pre-sale list. Some people might see how well the Twix bar maker is doing and decide to start making Twix bars too. In the world of the perfect graphs, this cycle would go on, with the Twix makers raising their prices a little more and making more Twix bars, in response to the great demand for the chocolate bars. However, as the price goes up and gets closer to the price of a Snickers bar, some of the people who are not so crazy about the Twix will find that the higher price is not enough of a bargain for them, so they will no longer want to buy the Twix bar at this high price. The Twix makers might get too excited about the demand for the chocolate bars and decide to raise the price to two dollars. Even though a few Twix or nothing people might be willing to sacrifice all for a Twix, most people would tell the Twix makers that they are crazy and go looking for an alternative. The Twix makers would then find that the Twix bars are going old and stale in their storage facilities and they are not selling enough chocolate to even cover their costs. To resolve this, they will lower their prices and reduce production, until they get to the point where the price is such that sellers have enough unexpired Twix bars to sell to everyone who comes in looking for them, no extras, no shortages. That, according to the graphs, is how a free market works.

When a monopoly exists, it messes with the free market. In the case of a monopoly, there are no other options and people have no choice but to buy a product or service from one source. This would like living in a place where you can only buy electricity from one provider. For most people in that society, they will be forced to pay whatever the electricity provider charges for electricity. Try as they might, they will not have an alternative to electricity in order to charge their mobile phones and laptops. Twix bars won’t cut it. What economists have found is that, left to their own devices, monopolies will charge more for their products and services than people would be willing to pay in a free market where they could choose their supplier. Monopolies have pros and cons. Some pros of monopolies are:

  • Stable Prices that come about because there is no one coming in and out of the market to create bidding wars, where suppliers fight, with prices, to get customers. With only one supplier, there tends to be just one price that tends to remain the same for a while.
  • Economies of Scale. This basically means that, because the monopolist is making all the product for the entire market, he is making a lot of product at one time. As a result, the large scale will lead to lower costs per unit. If the monopolist chooses to pass the savings on to the customer the customers will be able to get goods and services at a lower price than they might have in an open market with many supplies making goods on a smaller scale.
  • Research and Development may benefit from monopolies. Since the monopolies are making all the money in the market, from sales, they can take these larger profits and have more money to put towards innovations and improvements of their goods and services.

On the flip side, the cons of monopolies are:

  • Higher Prices may be a result of monopolies. Because people have no other options, the monopolies can get away with charging whatever they feel like charging.
  • Price Discrimination can happen with monopolies as well. Because they can charge whatever they want, they can decide to charge some people one price and others another price and, because customers have no options, they are forced to accept the price quoted to them.
  • Inferior Goods and Services are a possibility with monopolies. Monopolies may look at the market and decide to cut corners and produce inferior quality goods and services because they know that customers can’t go anywhere else.

Generally, monopolies are not considered to be in the spirit of the free market. Competition, that would correct inefficiencies and unfairness in the markets, does not exist with monopolies and so there is a risk that consumers can be taken advantage of. As a result, regulators tend to take steps to review mergers of large companies in order to reduce the risk of monopolies (or something close to a monopoly). The action by the regulators is related to their enforcement of antitrust laws.

Currently, several health insurance companies are fighting with the US Department of Justice. Humana and Aetna are seeking to merge into one company as are Athena and Cigna. Currently there are five national health insurance providers; the merger will leave us with three providers. The health insurance companies are touting the pros of monopolies, claiming that the mergers will lead to lower prices to consumers and increased research and development. The justice department, on the other hand, argues that, with fewer national insurance companies, there will be less innovation and there will be the risk that customers will be charged higher rates.

As we enter the complications of humans, trust, regulations and court battles, we can keep in mind the memory of the neat graphs of the perfect markets. It may help us better understand the news articles, full-page ads and other coverage of this and other antitrust actions related to other mergers and acquisition deals in the news. If not, we can take comfort in our still affordable Twix bars.

Tagged , , , , , , , , , , ,

Cheating Mysteries

Cheating-feature-photo2

When I first started running long distance, my goal was to run the New York Marathon. After I completed the Chicago Marathon, things changed a little. Of course I still held my breath every year, hoping to make it into the New York Marathon. But I also had another distant dream – qualifying for the Boston Marathon. It was a distant dream because I would need to run a qualifying time in order to get into Boston and my pace at that time was nowhere near one that would get me into Boston. Over the last few years, my pace has improved and qualifying for Boston has become a more attainable dream. Over the years, I have also come to know more runners and have found that many of us aspire to qualify. I know I am always in awe of a person who has qualified for Boston – it is no mean feat.

With the line of work that I am in, I should not have been surprised, but I was, when I read a recent Runner’s World piece about people who cheat to get into the Boston Marathon. I wanted to run the New York Marathon because I was inspired by the runners who ran past my block, the runners who would touch all five boroughs that make up the city that I call home. I enjoy running races in cities and towns that I have never been to, as I find it a great way to visit and discover new places. When I think about Boston, I don’t necessarily think about running the race itself. The power of Boston, for me and for many that I speak with is in what it takes to qualify. That is the challenge. So, when I read about people who cheated by getting someone else to run a qualifying time in their place, or by cutting a course, I was baffled. Where is the joy in telling someone that you achieved something that you didn’t or that you had someone achieve on your behalf? When I speak with fellow runners, I tend to speak with like-minded people who are just as baffled as I am.

This article reminded me that just because one cannot understand the motivations of a cheater, it does not mean that the cheating will not happen. The fact that many of us cannot understand this motivation is exactly what those that cheat bank on. If no one can imagine how or why someone would fake qualifying for the Boston Marathon, the chances are high that a person will get away with faking in order to qualify for the Boston Marathon. This is something that we all should be mindful of, beyond the realms of the Boston Marathon. Way too often, a business owner or manager will forgo instituting checks and balances in their company, because that business owner can’t imagine that anyone that works for them could be the kind of person that would defraud them.

It is important to take steps to keep from being blindsided by your world view. Precisely because you can’t imagine how a person could behave in a fraudulent manner is why you should seek out the services of a forensic accountant, whose job it is to both imagine how a person could defraud you and how to prevent and detect such actions. We all hope that people will be honest, but it is a sad truth that for various reasons, people will cheat. In the context of the Boston Marathon, perhaps some people feel that they are so close to a qualifying time that a little cheat is not such a bad thing. Maybe some people hunger for praise, even if they have not earned it. Maybe some people just don’t think it is a big deal to cheat in order to get into Boston and see it as a victimless crime. In the context of a business, some people may face personal pressures that they feel push them to fraud. Some people may feel that they are not sufficiently appreciated by their employer and may, therefore, feel justified in taking from that employer. No one is immune from the pressures or motivations that lead to fraud, but what we can do is take steps to make it as difficult as possible to be defrauded.

 

Tagged , , , , , , , , , , ,

On the Record

gifts-for-christmas-fmkcvb0u

I first wrote about Scott London in April 2013, soon after he had been arrested on insider trading charges. He was sentenced to 14 months in prison and was released early, for good behavior, earlier this year. I was listening to my regular Planet Money podcast last week and, like an awesome Christmas gift, they were interviewing Scott London about what he did and why he did it.

London spoke about how, when he was an audit partner at KPMG, he started sharing non-public information on his clients with a golfing buddy. It is not as though London did not know that what he was doing was both unethical and illegal. He speaks about how much training KPMG gave to employees, training that he himself gave at times. Yet, when his friend’s business was struggling and his friend asked for just a little help, Scott London was able to rationalize what he did. In his mind, the money that Bryan Shaw, the friend, was making was small and this made what he was doing not so bad. This is something that happens often in fraud stories. Most frauds start small, either because the fraudster is testing the waters or because the fraudster initially intends to just take a little to cover their perceived need. It is generally because the initial idea of a fraud is small so it does not seem like a big deal and will not hurt anyone. it is a good reminder that when you are looking into or for fraud, you should not just look for large amounts. The fraudsters are going to do what they can to stay under the radar and many are going to be committing in ways that minimize, in their minds, what they are doing.

All in all, Shaw paid London about $70,000 in cash and gifts, while Shaw made $1.27 million from the insider trading. I was amused to hear London’s shock at how much money Shaw made trading on the information that he got from London. You see, when Shaw asked for the tips, he proposed that they share the money equally. It was funny that London was shocked to find out that the person who had partnered with him in an illegal pursuit had been less than honest with him. I suppose he had not heard that there is no honor among thieves. I am not sure if he was surprised because he realized how much more money he should have been paid or if he thinks he would have nipped the insider trading in the bud had he known just how much money was at stake (making the crime a bigger deal than he imagined).

During the podcast, the Planet Money folk discussed whether insider trading is a victimless crime. They struggled to find who is hurt by the trading. They came to their conclusions about who is hurt and you can also read various others opine. When I look at insider trading and think about who can be seen as victims, I have a long list. If you are competing in what you believe is a level playing field but where some parties know more than you do, it is just about a given that those parties are going to beat you every time. And, in this day and age where many retirement and savings plans involve trading on the stock market, why would you even bother if you knew that there were people making lots of money, primarily because they had inside information that you were not privy to?

There are so many layers in the Scott London story that could fill a book and, one such book, by James Ulvog, about Scott London’s fraud is well worth a read. Hearing from Scott London himself was a great gift and is a lesson in insider trading, tone at the top, how easily a fraud can begin and the consequences of taking the path that he took. Thank you Santa and Planet Money!

Tagged , , , , , ,

When To Fold ‘Em

Sports-betting

We are a household of sports fans and this tends to be just about the only live television that we watch. Because we can’t fast forward through the commercials during live games, I have watched commercials about daily fantasy sports. A lot of commercials about daily fantasy sports (DFS). It doesn’t matter whether it is DraftKings or FanDuel, as they both seem just about the same. I have heard about how you can win millions, practically for free, and about how easy it all is. I know nothing about fantasy sports, and I have come away mostly irritated by how ubiquitous the advertising is than wanting to try out the daily fantasy sports scene. I also don’t trust them when they tell me that I could win money for nothing and, instead, I wonder how they could claim to give away so much money for nothing and still pay for the many, many ads that are everywhere we look.

Answers came to me at the beginning of October, when a DFS scandal hit the news. As the story went, a DraftKings employee released key information earlier than he should. This information, if known, would give someone a tactical edge when playing fantasy football. The same employee also won $350,000 betting at FanDuel. Even though this doesn’t look good, DraftKings says they are certain that, even with an extra $350,000 in his pocket, their employee did not act improperly – he merely made a mistake. As I read the story, I shook my head in disbelief. I was surprised by several things. First of all, I was surprised to discover that Daily Fantasy Sports betting is not considered to be gambling. Now, I know hardly anything about daily fantasy sports, so it may indeed be a game of skill and not luck. However, especially with terms like “betting” used when talking about it, it sure does look a lot like gambling. That said, interviews that I have seen and read show those who spend a lot of money on DFS referring to it as investing. Nevada recently shut down DraftKings and FanDuel, declaring that DFS is gambling and that the two companies need licences before they can operate in that state. So, in that regard, let’s go with more and more people are agreeing with me on the whole “is it gambling” question.

More surprising, though, was the employee betting. To have a company that runs the betting allow its employees to bet as well smacks of impropriety, regardless of whatever steps the companies claimed they took to keep things on the up and up. Both FanDuel and DraftKings would not let their employees bet with them but those same employees, armed with whatever insider information they might (or might not) have, were able to go to competitor sites and bet there. And bet they did and how surprised are we to find out that the top winners in daily fantasy sports tended to be employees of DraftKings and FanDuel (though never from their own employer, of course).

As I read articles and watched news pieces on what was going on in the Daily Fantasy Sports realm, I kept exclaiming, to anyone within earshot, “who thought this was okay? How could they think it was okay?”

I couldn’t believe that management at this company could look at the set up was acceptable. Maybe they did, or maybe they just thought they could get away with it but it has me wondering about what operation and control policies other entities have in place that either do not protect them and their assets, or even put them at greater risk. Just because you institute a rule, it does not mean that it is a good or useful rule. For instance, DraftKings employees, with all the inside information they potentially had access to, could not place a bet with their employer, DraftKings. However, they could log into FanDuel, their competitor and use their edge when placing bets there. And the policy was mirrored by FanDuel. Looking in from the outside, both companies appeared to be acting unethically, and just about always, perceptions are as powerful as reality. If it looks as though someone is having a $350,000 party with your money, the facts will matter very little to you.

It might feel very managerial to make rules in your organization, but if all they serve to do is fill operations manuals and make you feel good, they are achieving less than nothing. It is worse than not making rules at all because, at least when you don’t have regulations, you have no illusions about whether or not you are protected. On the other hand, creating a free for all entity may make you feel like the cool kid and may even have people clamoring to work for you. However, among those clamoring, it is almost guaranteed, will be those seeing ample opportunity to commit fraud and perhaps lay waste to your business. There are very important reasons why people like me preach setting up your business in ways that prevent and detect fraud and two of these reasons are protecting your assets and protecting your reputation.

Now, FanDuel and DraftKings are finding themselves on the defensive and being given the cold shoulder by entities who do not want to be tainted by the growing scandals. They are being investigated by state and federal authorities, and are now scrambling to clean up an image that would never have been sullied if they had formed their operating and control structures correctly and ethically, in practice and appearance, from the get go. Now they are tripping over themselves, doing things like creating self-regulatory bodies in order to regain the trust of the public. Judging from what I have read, that is not working very well – something that happens when a company has betrayed the public’s trust. Instead these companies are being put under the microscope and their reputation is taking a beating. They are on the defensive now and all of this could have very easily been avoided. If you are running a business, you should ensure that you consult with a qualified professional to avoid issues such as:

  • Conflict of interest in perception and reality;
  • Approaches that compromise your reputation; and
  • Procedures that may cross legal lines.

Spending time and resources doing things property in the first place is less costly, in dollars and reputation, than trying to clean things up after the damage is done. That kind of disaster can be very difficult to come back from. Is it something you are ready to bet on?

Tagged , , , , , , , , ,

Not Again…

I don’t know what life was like for you, growing up, but my youth was full of lectures. I never just got into trouble. I got into trouble AND I got a lecture to go along with it. We never just went on vacation; we went on vacation, had to write an essay about our experiences AND we got a lecture about how both things were important. We didn’t just discuss our report cards, good or bad; we discussed our report cards AND got a lecture about the long-term benefits of each class we were taking. The lectures often came with true-life stories about one or both of my parents, someone they knew or someone who lived in their “day”. I am not saying that I was lectured a lot, but I did hear some stories more than once. On the occasions that I tried to interrupt to say that I had heard the story, I was told either that there was a new lesson to be learned, or asked why, if I knew the story and the wisdom it imparted, I continued to make the same mistakes.

Well, at last, I get it. Because the other day, I came across a case that includes so many lessons on fraud that, if I were teaching a semester on fraud, I could use it as an example in just about every lesson. This is the case of Christopher Myles, a former bookkeeper in New York City. He worked at Central Park Realty Holding Corp., and some of its affiliates, and reported to the President of the company. Tragically, in May 2010, the President, suffered a stroke and ended up in “a comatose-like state until her death in February 2012”.

With the president incapacitated, no one stepped in to VERIFY Myles’ work. By the time September 2011 rolled around, Christopher was aware that he could pretty much do whatever he wanted without anyone really questioning what was going on. He knew that he now had the OPPORTUNITY to defraud his employer and he took advantage of this opportunity. True to the trend, Christopher Myles started his fraud on a small scale, using the President’s credit cards to pay for personal expenses. He escalated quickly and by early 2012, he was transferring funds out of her personal bank account in order to pay his and his mother’s bills. He did this until there was no longer any money in the President’s bank account. Myles did not let this empty bank account stop him though; he then started transferring money from the business accounts, first, into the President’s personal bank account and, subsequently, into his own personal accounts. On days when he felt particularly bold, or reckless, Myles would transfer money straight into his and his mother’s personal bank accounts. Christopher Myles had unfettered access to all of these accounts, both business and personal, and never needed anyone else to sign off on any of the funds he moved into and out of these accounts. The lack of segregation of duties made this fraud simple for Myles.

If anyone had been watching him and taking notice, they may have noticed that Christopher Myles was living beyond his official means. He used his ill-gotten funds to buy a new home, go on shopping sprees and fancy vacations. This is another red flag for possible fraud. Throughout this fraud, created falsified bank statements and recorded all of these illicit transfers as business transfers. Unfortunately, no one followed up closely on any of these untruths. Perhaps none of those looking at the fake bank statements understood how the company worked and what kind expenses would appear as out of character, or maybe no one was familiar with the ledger and how to analyze it. I am not sure, but, the result was that Myles was able to continue his fraud for over two years (just a little bit longer than the median duration of a fraud), until November 2013, when he resigned.

It was only when his replacement discovered the fraudulent invoices that Myles created, in attempt to disguise his embezzlement, that Christopher Myles’ theft was discovered. A forensic investigation revealed that, in two years, Myles had stolen about $1.3 million from his employer. Myles’ former employer reported all of this to the authorities and, in addition to an indictment for the theft, Christopher Myles is also facing tax evasion charges. This is because, in the manner of Al Capone, Christopher Myles did not report any of his fraudulently acquired income on his tax returns.

Almost like a bonus in the lesson that keeps on giving series, once his theft had been exposed, Christopher Myles sent an email to all parties involved. In this email, he RATIONALIZED his fraud, claiming that he was entitled to the funds because he was due a raise and compensation for having to deal with a difficult coworker.

As I read the press release about Christopher Myles’ indictment, my jaw hung open. I said out loud, “wow, this has all the classic markers; it’s unbelievable!” Yet, the markers are classic for a reason. There are probably a lot more lessons to learn from the story of Christopher Myles, but don’t get me started!

Tagged , , , , , , , , , ,

All For Love

Al_Capone_in_Florida

“Valentine’s Day; red roses
It’s said that some have died for love.
In North Clark Street, Chicago
They died for money…”

It was with those words, uttered by Laurence Olivier, on a Paul Hardcastle song about greed, that Al Capone first fascinated me. It started with that tale of the St. Valentine’s Day Massacre – “It’s a good day to die,” the gangster laughed in a scene in the video – and it continued as I learned more about his legacy as a famous gangster. I mean, as perennially single as I have been most of my life, I have been known to don black clothing and disdain on February 14th, but to shoot a bunch of people on that day? That just seemed a little much. You couldn’t wait until the 15th? What kind of person does that? I found out that others were similarly outraged by Capone’s actions and expended a lot of time and energy trying to bring him down.

A few weeks ago, I was reminded of Al Capone when I spoke with Meredith Engel of The New York Daily News. She was reporting on the financial issues faced by those in the marijuana business. Marijuana is legal in some states, such as Colorado and Washington, but is still illegal on a federal level. This dichotomy may lead to confusion on what income is taxable on a state level, where pot is legal, and on a federal level, where it is illegal.

What does this have to do with Al Capone? Well, despite being blamed for the St. Valentine’s Day Massacre, among other murders, and in spite of being investigated for racketeering and his bootlegging business, the authorities struggled to get Capone convicted on his gang-related crimes. However, there was a government agency that he had not seriously considered; the IRS. You see, it does not matter where your income comes from, be it from legal or illegal sources, you have to pay taxes on it.

It doesn’t matter whether you are selling pot or stealing from your boss, if you don’t pay taxes on that money coming into you, you cold find yourself in trouble with the IRS, ranging from interest and fines to imprisonment. Federal agents couldn’t find enough evidence to pin murder on Al Capone, but they were able to use forensic accounting methods to put together enough evidence to indict Capone on tax evasion charges. He was sentenced to 11 years in prison, was fined $50,000, was charged $7,692 in court costs and $215,000 plus interested in back taxes.

Preparing a tax return can get rather complicated. Figuring what deductions, exemptions and credits you are eligible for can be a like navigating a maze. However, the most simple part of the tax return is the income that you start with. If you don’t want to get into trouble with the IRS – REPORT ALL OF IT, regardless of how you came about it.

Tagged , , , , , , , , , ,

That’s Not How It Goes

canine_side-eyeI am a huge sports fan. Huge. It is just about the only time that I tend to watch live television. The drawback, in my opinion, is that I have to watch all the ads on television, even the ones that get on my nerves. It is a sacrifice I am willing to make in order to get my game in real-time but, sometimes, I wonder. We are in the midst of basketball and tax seasons and the two have, apparently, come together to try to give me an aneurism or, at the very least, high blood pressure. You see, there are a variety of tax preparation related ads, declaring that it is time to get the mountains of money due to you and how easy it is to just do it all yourself, while you’re at it. I just hold my head and mutter, “no, no, no, no!”

Ad after ad trumpets that the product advertised will get you the largest tax refund around. So, what happens when you file your taxes and you don’t get a big refund; maybe you don’t get a refund at all? Do you get upset? Do you feel that your tax preparation software or professional has done wrong by you? But a refund is the government paying you back money that you overpaid them in the first place. Getting a large refund doesn’t mean that you lucked out and won the government lottery; it means that, over the year, you sent the government too much money and now the money is sending that money back to you, interest free.

Refund tales aside, there is the matter of how complicated the tax code is, something that even the Internal Revenue Service (IRS) writes about. The 2014 Tax Guide, a publication that the IRS puts out to help guide individuals who are filing their taxes is a daunting 288 pages long and that’s before the references in the guide for further information on the subjects covered. So, I am sure you can begin to understand my frustration when I see ads that imply that preparing a tax return is as simple as baking a cake. It is unclear how long the tax code is currently, but what we do know is that it gets longer and more complicated by the year.

Computer software is incredibly helpful, when it comes to tax preparation. However, it is paramount to keep in mind that the software is a tool and it will not automatically make you an expert, knowledgeable of the ins and outs of the tax code. If your tax return is straightforward, the chances are that you will be okay filing your own return. Say, however, that you have a business; do you know which of your expenses are deductible and which are not? If you are married, and you decide to file separately, instead of jointly with your spouse, do you know what the differences are between the two? What about if you have spent the year speculating, buying and selling assets, or if you gambled a lot and have significant winnings or losses? The software can only work with what you give it and what if the software doesn’t ask you the right questions in order to get as much information needed in order to have as accurate a tax return as possible?

At the end of the day, the IRS holds you responsible for errors in your tax return and the amount of taxes you pay (and what you claim as a refund). The last thing you want is to be hit with a notice telling you that you owe the IRS a bunch of money because, when they do that, they tend to also charge you interest and penalties. Some tax preparers will tell you that they will cover only penalties and interest due to errors on a tax return, but what about the erroneous tax refund that you have already spent? Yup, only you have to deal with that. It seems like the punishment is a lot worse than just messing up a cake recipe, right? So, I’m thinking that getting a qualified professional, such as a CPA, to prepare your taxes might be worth your investment. Don’t go with someone who promises you the largest refund; go with someone who has studied the law and takes continuing education to stay up to date on the intricacies of the tax code and not only how you will be affected federally but also on a state and local level. Yeah, state and local – I didn’t even go into all that. Find someone who knows what they are doing and who can tell you what is going on and why. Or, you could try to tackle the bigger than the bible tax code and do it all yourself. You’ve got time, right?

Tagged , , , , ,