Tag Archives: Fraud Triangle

Now That I Think About It…


When we talk about fraud and how it tends to happen, the classic fraud triangle is most commonly used to help us understand how it all happens. The sides of this triangle represent opportunity, pressure and rationalization. In this triangle there is a person, just a regular old person, like you and me. Fraud can happen to anyone and fraudsters are often regular people who find themselves under pressure, faced with the opportunity to perpetrate a fraud and the ability to rationalize it all.

Sometimes this person may face pressures. Maybe she has a family member who gets sick and now they have to deal with massive bills. Maybe the person has a gambling problem. Maybe he wants to live the jet set life that he sees his friends living. Whatever the reason may be, these people feel under a lot of pressure to get their hands on more money than they are currently earning.

Pressure or not, maybe this person sees an opportunity to defraud. Perhaps he can sign checks, AND, he has custody of the checkbook AND he performs the company’s bank reconciliations. He has all this access and responsibility and no one checking his work. So, now he has access to the money and he can doctor the books to cover up his wrongdoing. However it works out, these people see a weakness that they can take advantage of.

The third leg of this triangle is rationalization. This is where a person tells himself that there is a justification for what he is doing. Maybe she tells herself that she really needs the money to deal with this one emergency and this will happen only once. Maybe she then tells herself that this will happen only once and, to boot, she has been a loyal employee for a while so the company really owes her a little leeway for all that she has done. Maybe she tells herself that once she is out of this spot of trouble, she will pay the company back and it will be like it never happened in the first place. Maybe he tells himself that he is underpaid and that what he is doing is merely taking the money that he is rightly owed for all the hard work and time that he puts into the business. The rationalizations that people use are practically endless.

Earlier this year, I listened to the podcast “Ponzi Supernova”, a podcast about Bernie Madoff’s Ponzi scheme and what has happened since. One thing that was fascinating about this series was the conversations that Steve Fishman, journalist and narrator of the series, had with Bernie Madoff, infamous perpetrator of a massive Ponzi scheme. Bernie talked about his childhood and how affected he was by his father’s financial failures. Bernie tells Steve that, after seeing his father lose a lot of money and what it did to the family, Bernie swore he would never let that happen to him (perhaps one could see this as a pressure looming over his life). In the early 1960’s, Bernie Madoff violated market regulations and his clients’ trust by losing their money on risky deals. Instead of letting them know that this had happened, he lied to his clients, borrowed money from his father-in-law and carried on as though he was a brilliant investor. Speaking with Fishman, Madoff made it sound as though, because he did not want to fail as his father had, he took these steps so that he could continue to, at least, appear to be successful and very talented.

Bernie Madoff spoke with Steve Fishman a couple of years after he was caught (though, in some versions of his story, he claims he quit). Bernie Madoff also spoke with Diana Henriques, who wrote the book The Wizard of Lies, which is now an HBO Film by the same title. Their interactions also occurred a couple of years after Madoff’s fraud was discovered. After he had plead guilty to his crime. Yet, over and over again, Madoff seemed to continue to make excuses for his behavior and try to minimize what he did. Even though, when pleading guilty, he claimed that he acted alone, he has since changed his tune and as co-conspirators have testified against him, he then seems to say, “well, except for that person, I acted alone”. So, it seems that even after being caught, he is only sharing as much of the truth as he needs to and, what I have found to be most interesting, is that he appears to continue to rationalize what he did.

In an ideal world, one would imagine that having a fraud exposed and pleading guilty would bring a fraudster to his senses. When we imagine a person committing fraud as a regular person who has fallen into irregular behavior, the hope is that putting an end to this irregular behavior will bring this person to her senses and get them to admit that what they did was without excuses; that, even though they rationalized their actions when they perpetuated the fraud, they now saw the error of their ways and realized that the rationalizations were all without merit. During the hearing when he plead guilty, Madoff read a prepared statement where he apologized to his victims. However, even that apology came with a “but” attached. “While I never promised a specific rate of return to any client, I felt compelled to satisfy my clients’ expectations, at any cost.” Yet, listening to Ponzi Supernova, you learn that some clients would demand an adjustment to their statements when they did not receive the return they had been promised. Madoff has also placed blame on his victims, claiming that they knew, or should have known, what they were getting into, that he had warned them and that they did not lose as much as they claimed. And, I have found that it is not just Madoff who does this. The Association of Certified Fraud Examiners talks to people who were convicted of fraud and, in video after video, the perpetrators found ways to hold others responsible for what they did – and this is after they had been found guilty and served their sentences. For instance, one blamed her supervisor for being too trusting, “I don’t blame them but…” she started her sentence. Another stated, “I asked you for help and you said no”, while yet another said “I won’t get caught again”, not “I won’t do it again because I realize it was wrong.

It may be human to not want to admit full responsibility. Perhaps it is too hard for most of us to admit that we have done terrible things. Who really wants to be a monster, blamed for ruining lives, even when those lives are laid out in front for you? And if we are not harshly judging ourselves, even when caught, then can we really adjust our behaviors to do right and get back on the straight and narrow? I don’t know the answers to this but it is something I think about as I perform my work as a forensic accountant. If a person is not able to strip away rationalization and admit that they were just wrong when they perpetuated their fraud, then what are the chances that it won’t be so difficult to do it again?

Tagged , , , , , , , , , , , , , , , ,

Massive Betrayal of Trust


Photo by Mamnaimie Piotr

On September 8, the Consumer Financial Protection Bureau (CFPB) put out a press release that it was fining Wells Fargo Bank $100 million for secretly opening deposit and credit card accounts, without customer approval. In addition to the CFPB fine, Wells Fargo was fined $35 million by the Office of the Comptroller of the Currency, $50 million by the City and Country of Los Angeles and will have to pay approximately $5 million in restitution to customers. This fraudulent behavior occurred on a massive scale and, based on the CFPB’s investigation, resulted in:

  • Employees opening 1,534,280 unauthorized deposit accounts;
  • Employees submitting applications for 565,443 credit-card accounts, without the knowledge or consent of the people in whose names the applications were made;
  • Employees creating fake email addresses in order to enroll consumers in online-banking services;
  • Employees requesting debit cards for customers, without the customers’ knowledge or consent, and creating PINs to activate these cards.

All of the above has happened only since January 1, 2011. That is about five years in which these shenanigans were going on. During this time, Wells Fargo fired about 5,300 employees but it does not appear that the bank did a lot more than that to change the culture and systems in order to keep these practices from recurring, or that it took any steps to do right by the customers who were affected. To boot, the executive who oversaw the unit where this all happened left without having to pay back any of the almost $125 million that she earned with the bank. To understand why employees engaged in these dishonest practices, it is important to understand how they benefitted.

Wells Fargo is valued at over $250 billion, making it the most valuable bank in United States, by this yardstick. Wells Fargo was also considered to be the king of cross-selling. Cross-selling is a practice where banks sell more than one service to a customer. For instance, say you open a checking account with Wells Fargo. If the person that you open your account with convinces you to then open a savings account, a credit card account and a mortgage, all of that is cross-selling. At Wells Fargo, employees were paid and received bonuses based on the number of different services they were able to sell to customers. At times, employees would have to work unpaid overtime hours in order to reach these goals and would be threatened with losing their jobs if they did not do enough cross-selling. These employees were told to do “whatever it takes” in order to meet sales goals and this turned out to include engaging in the fraudulent behaviors I noted above.

With the pressure to perform in order to increase earnings, through bonuses, or merely keep a job, the retail employees, at least 5,300 of them, found many opportunities to game the system. Controls at Wells Fargo, when it came to ensuring accounts were valid and authorized by customers, appears to have been very lax. For instance:

  • Employees were able to sign up customers for banking services and would use fake email addresses that used wellsfargo.com as the domain name, such as 1234@wellsfargo.com or none@wellsfargo.com. Doesn’t that seem rather brazen? It also seems like a security shortfall on the part of the bank, that the application process wouldn’t flag an email that doesn’t exist in your own system.
  • When employees opened fake deposit accounts, they would fund these accounts by transferring a customers money from an authorized account to the fake account. Sometimes, as a result of the transfer, the authorized account would incur insufficient balance and overdraft fees. Also, the fake accounts would also incur fees and Wells Fargo would withdraw money from the authorized accounts in order to pay these fees.
  • In a similar manner, credit card accounts opened, without the approval or knowledge of customers, would incur annual and other fees. At times, these customers would find that they were in collections and their credit scores had been affected by accounts that they did not even know they had.
  • Some customers actually received credit cards for accounts that they had not authorized. When these customers contacted Wells Fargo to complain about these cards, they were told to simply destroy the cards. Destroying a credit card does not close the credit card account, nor does the shredding of a card do anything as far as the shredding that your credit profile may have taken.
  • In order to meet quarterly goals, employees would hold back applications for account openings. The manual applications, that included sensitive personal information, would be stockpiled in an unsecured manner and the accounts would only be opened in the next sales goal period, in a practice referred to as sandbagging.
  • Wells Fargo also misled customers by telling them that they could not get one service without getting a bundle of other included services. That would be like opening a checking account and being told that you cannot do so unless you open a savings account and get a credit card with the bank.

With how widespread these practices were, it seems that employees were sharing knowledge about how to best bulk up their cross-selling numbers, without actually cross-selling. Also, when customers complained about fees, it is unclear how much of a follow-up there was to discover if what had happened was a mistake or not. Then, when Wells Fargo discovered this behavior and fired an employee, the bank did not take any steps to let the impacted customers know that their information had been used to open accounts in their name and, if applicable, charge them fees. The bank did not go back and refund customers the fees they had been charged, unless the customer raised a stink about them. When I was discussing this case with my husband and explaining how customers were negatively affected, he had a tale of his own. He has a credit card (not Wells Fargo) and the company changed his credit card information, without letting him know. When he sent payment on his account, they accepted the payment, without telling him that the account was closed, and then charged him interest and fees on the balance that had been moved to a new account. He, not the credit card company, had to figure out what had happened and he, not the credit card company had to calculate the monies that needed to be refunded to him and make sure that the company was not just holding money on a nonexistent account but actually crediting it to his account.

As a result of this case, in addition to the fines that Wells Fargo has been ordered to pay, there are steps the bank has been ordered to take in order to improve the culture and strengthen the system so that this kind of behavior can be prevented, detected and corrected in the future. This includes:

  • Employee training to prevent “Improper Sales Practices” and improve integrity at the bank;
  • Creating monitoring processes and policies to effectively deal with customer complaints;
  • Creating systems to ensure that customer approval is received before accounts are opened on their behalf;
  • Revising the basis for how employees are paid and reviewing sales goals to ensure that they are not unrealistic and do not impose unreasonable pressure on employees.

Wells Fargo will continue to be monitored for five years, to make sure that they comply with the CFPB’s consent order.

On your part, with all your accounts, you can check to make sure that they accounts that you have are ones that you have authorized and that transactions made in your name are valid. Some steps that you can take are:

  • Review your credit report on a regular basis to make sure that all accounts listed are ones that you know about. Several financial institutions offer free credit reports to customers. If this is not an option for you, you can visit the Annual Credit Report website. On this website, you are entitled to credit report per year, from each of the three major credit reporting companies. A strategy to employ is to check a report with one agency every four months;
  • Check your bank statements regularly (at least monthly) for any transactions that are incorrect. Even if it is a small amount, look into a transaction. That small amount could be an indication of something bigger;
  • If you receive a card in the mail that you did not apply for it, follow-up on it and make sure that it is cancelled. Then check your credit report again.

On the Wells Fargo website, the Chairman and CEO states that “Everything we do is built on trust.” It seems that many employees have been playing lip service to that value and we know that, even with trust, it is important to verify. Take the time to check in on your finances. There may be mistakes that need fixing and there may also be pressured employees who are trying to get ahead or merely hold onto their jobs by engaging in dishonest practices.

Tagged , , , , , , , , , , , ,

On the Record


I first wrote about Scott London in April 2013, soon after he had been arrested on insider trading charges. He was sentenced to 14 months in prison and was released early, for good behavior, earlier this year. I was listening to my regular Planet Money podcast last week and, like an awesome Christmas gift, they were interviewing Scott London about what he did and why he did it.

London spoke about how, when he was an audit partner at KPMG, he started sharing non-public information on his clients with a golfing buddy. It is not as though London did not know that what he was doing was both unethical and illegal. He speaks about how much training KPMG gave to employees, training that he himself gave at times. Yet, when his friend’s business was struggling and his friend asked for just a little help, Scott London was able to rationalize what he did. In his mind, the money that Bryan Shaw, the friend, was making was small and this made what he was doing not so bad. This is something that happens often in fraud stories. Most frauds start small, either because the fraudster is testing the waters or because the fraudster initially intends to just take a little to cover their perceived need. It is generally because the initial idea of a fraud is small so it does not seem like a big deal and will not hurt anyone. it is a good reminder that when you are looking into or for fraud, you should not just look for large amounts. The fraudsters are going to do what they can to stay under the radar and many are going to be committing in ways that minimize, in their minds, what they are doing.

All in all, Shaw paid London about $70,000 in cash and gifts, while Shaw made $1.27 million from the insider trading. I was amused to hear London’s shock at how much money Shaw made trading on the information that he got from London. You see, when Shaw asked for the tips, he proposed that they share the money equally. It was funny that London was shocked to find out that the person who had partnered with him in an illegal pursuit had been less than honest with him. I suppose he had not heard that there is no honor among thieves. I am not sure if he was surprised because he realized how much more money he should have been paid or if he thinks he would have nipped the insider trading in the bud had he known just how much money was at stake (making the crime a bigger deal than he imagined).

During the podcast, the Planet Money folk discussed whether insider trading is a victimless crime. They struggled to find who is hurt by the trading. They came to their conclusions about who is hurt and you can also read various others opine. When I look at insider trading and think about who can be seen as victims, I have a long list. If you are competing in what you believe is a level playing field but where some parties know more than you do, it is just about a given that those parties are going to beat you every time. And, in this day and age where many retirement and savings plans involve trading on the stock market, why would you even bother if you knew that there were people making lots of money, primarily because they had inside information that you were not privy to?

There are so many layers in the Scott London story that could fill a book and, one such book, by James Ulvog, about Scott London’s fraud is well worth a read. Hearing from Scott London himself was a great gift and is a lesson in insider trading, tone at the top, how easily a fraud can begin and the consequences of taking the path that he took. Thank you Santa and Planet Money!

Tagged , , , , , ,

Not Again…

I don’t know what life was like for you, growing up, but my youth was full of lectures. I never just got into trouble. I got into trouble AND I got a lecture to go along with it. We never just went on vacation; we went on vacation, had to write an essay about our experiences AND we got a lecture about how both things were important. We didn’t just discuss our report cards, good or bad; we discussed our report cards AND got a lecture about the long-term benefits of each class we were taking. The lectures often came with true-life stories about one or both of my parents, someone they knew or someone who lived in their “day”. I am not saying that I was lectured a lot, but I did hear some stories more than once. On the occasions that I tried to interrupt to say that I had heard the story, I was told either that there was a new lesson to be learned, or asked why, if I knew the story and the wisdom it imparted, I continued to make the same mistakes.

Well, at last, I get it. Because the other day, I came across a case that includes so many lessons on fraud that, if I were teaching a semester on fraud, I could use it as an example in just about every lesson. This is the case of Christopher Myles, a former bookkeeper in New York City. He worked at Central Park Realty Holding Corp., and some of its affiliates, and reported to the President of the company. Tragically, in May 2010, the President, suffered a stroke and ended up in “a comatose-like state until her death in February 2012”.

With the president incapacitated, no one stepped in to VERIFY Myles’ work. By the time September 2011 rolled around, Christopher was aware that he could pretty much do whatever he wanted without anyone really questioning what was going on. He knew that he now had the OPPORTUNITY to defraud his employer and he took advantage of this opportunity. True to the trend, Christopher Myles started his fraud on a small scale, using the President’s credit cards to pay for personal expenses. He escalated quickly and by early 2012, he was transferring funds out of her personal bank account in order to pay his and his mother’s bills. He did this until there was no longer any money in the President’s bank account. Myles did not let this empty bank account stop him though; he then started transferring money from the business accounts, first, into the President’s personal bank account and, subsequently, into his own personal accounts. On days when he felt particularly bold, or reckless, Myles would transfer money straight into his and his mother’s personal bank accounts. Christopher Myles had unfettered access to all of these accounts, both business and personal, and never needed anyone else to sign off on any of the funds he moved into and out of these accounts. The lack of segregation of duties made this fraud simple for Myles.

If anyone had been watching him and taking notice, they may have noticed that Christopher Myles was living beyond his official means. He used his ill-gotten funds to buy a new home, go on shopping sprees and fancy vacations. This is another red flag for possible fraud. Throughout this fraud, created falsified bank statements and recorded all of these illicit transfers as business transfers. Unfortunately, no one followed up closely on any of these untruths. Perhaps none of those looking at the fake bank statements understood how the company worked and what kind expenses would appear as out of character, or maybe no one was familiar with the ledger and how to analyze it. I am not sure, but, the result was that Myles was able to continue his fraud for over two years (just a little bit longer than the median duration of a fraud), until November 2013, when he resigned.

It was only when his replacement discovered the fraudulent invoices that Myles created, in attempt to disguise his embezzlement, that Christopher Myles’ theft was discovered. A forensic investigation revealed that, in two years, Myles had stolen about $1.3 million from his employer. Myles’ former employer reported all of this to the authorities and, in addition to an indictment for the theft, Christopher Myles is also facing tax evasion charges. This is because, in the manner of Al Capone, Christopher Myles did not report any of his fraudulently acquired income on his tax returns.

Almost like a bonus in the lesson that keeps on giving series, once his theft had been exposed, Christopher Myles sent an email to all parties involved. In this email, he RATIONALIZED his fraud, claiming that he was entitled to the funds because he was due a raise and compensation for having to deal with a difficult coworker.

As I read the press release about Christopher Myles’ indictment, my jaw hung open. I said out loud, “wow, this has all the classic markers; it’s unbelievable!” Yet, the markers are classic for a reason. There are probably a lot more lessons to learn from the story of Christopher Myles, but don’t get me started!

Tagged , , , , , , , , , ,

Oh Yes, She Did!


In previous posts, when talking about the importance of controls in a system to help prevent fraud, I discussed the case of Amy Wilson. These posts were specifically about how trust is not a control. Regardless of how nice a person seems to be (or is) or how long someone has worked for you, you should never decide that you can trust them enough to forgo system controls. It really cannot be said enough, trust is not a control. It does not matter how good a person is or how long they have worked without ever considering defrauding their employer, there may come a time when they face great pressure to commit fraud. It is important that, should this time arise, there are controls that deter them from giving in to temptation.

In my first post about Amy Wilson, I discussed how many controls I come across when I run a race compared to how few controls I have seen in many businesses. I continue to be amazed by this; people will put so much into making sure folk aren’t fabricating their running times, yet they are willing to trust those very same folk with their money and assets. The second time I wrote about Amy Wilson, I had watched her enlightening interview on the Attestation Update website. Here and in the articles she has authored, Amy Wilson speaks very clearly about what she did and how she could either have been caught or have never had the opportunity to perpetrate the fraud.

Well, fast forward to today. I received notification, this morning, that Amy Wilson had visited my website and left me a comment. She was very complimentary (whew!). I am glad because Ms. Wilson does have great lessons to impart and I appreciate that she does not take issue with how I have shared her story and lessons. To have real life examples of where the weaknesses in a system were, how they were exploited and the ultimate consequences of all of this is absolutely priceless. When it comes to designing and instituting controls in a financial system, it is imperative that this is performed effectively and consistently. In order to make sure that this process is correctly implemented, the stories must be told clearly, correctly and honestly. It is fantastic that Ms. Wilson is unflinching when she talks about what she did; that kind of thing does not happen often. This kind of honesty helps forensic accountants get better at what they do and, hopefully, businesses get better at deterring, preventing and detecting fraud. Finally, feedback like Amy Wilson’s helps me feel happier about what I do.

Tagged , , , , , , , , ,

The Sheriff in Town!

When I first went to university, I was unsure what I wanted to major in. I had been considering chemistry, because I fancied that I might be the person to come up with a cure for AIDS. At the idealistic age of 18, I was so sure that I could use the colorful magic of gas chromatography to come up with a solution that many experienced scientists with doctoral degrees had been unable to discover. I signed up for a chemistry class and, I decided to take an elective in economics. I was hooked after my first class and ended up majoring in economics. I was fascinated by various theories and the push and pull between fiscal and monetary policies. I did come away from my class knowing one thing – I wanted to work for the Federal Reserve System, home of US monetary policy. To me, to be part of an organization that was focused on what to do in order to best positively influence the economy of the entire nation was awesome! Federal Reserve Banks issue the money that we use; how cool is that? I remember going to a campus career fair and spending most of my time there chatting with a representative from the Fed. Following that conversation, getting a job at the Fed was my dream. One big obstacle stood in my way; at the time, I was not a US citizen. I was devastated but I still dreamt that one day I would either be a citizen or the Fed would change its policies, whichever came first. At the time, as an economist in training, my dream was to be an analyst.

As time has gone by (I am a citizen now) and I have gone on to add becoming a CPA and then getting Certified in Financial Forensics to my skill set, my interest in the Fed and what it does has grown. After graduating, with my degree in economics and mathematics, I went on to work at a bank, where I was an analyst. I was very excited about the opportunity to apply the theory I had learnt in college. I had not bargained on how people are not very good at following the rules, be they the rules of logic or the rule of law. I mean, how many times have you said, “Who would do that,” or “Why did they act that way? It doesn’t make sense”? Yep, we humans use our free will in the nuttiest ways. Just last week, I read a crazy story about a Georgia woman filing a tax return for a $94 million dollar refund. Every aspect of the story is insane, from her 100 dependents to thinking that she could pick up her refund check at a local Kroger grocery store, and yet she is neither the first or last person to attempt this kind of thing. So, after the monetary policy folks have come up with their ideas about how best to influence the economy, there need to be the people who make sure that people are not breaking the rules and people who create control systems and audit them to minimize the risk of people breaking the rules. This is where forensic accountants come into play at the Fed.

Forensic Accountants, both those Certified in Financial Forensics and those who are Certified Fraud Examiners, can be found in the audit and enforcement areas of the Federal Reserve System. The saying is that love makes the world go around, but we are all aware that money is a big motivator for who many people behave. I have written about the fraud triangle and how people in positions of trust and authority will break the law in pursuit of illicit gain. With this in mind, it is vital to assess and improve control systems to make sure that, starting at the top financial institution, there is little opportunity for those who feel the pressure to commit financial crime. If the top bank cannot keep money safe, what hope is there for the rest of them? The Fed has bank examiners whose goal is to ensure that banks comply with laws such as those governing anti-money laundering and doing business with nations and people that the US government has imposed sanctions upon. The Fed plays an important role as an independent third party that will objectively assess operations at the banks that they supervise to make sure that they are not, for example, helping criminal rings hide their ill-gotten gains.

There are twelve banks in the Federal Reserve System and each bill of paper money that you have incorporates, in its serial number, the letter assigned to bank that issued that bill. Pull out a banknote, be it a dollar or a $100 bill, it will have the letter of the particular Federal Reserve Bank that issued it, be it Boston, San Francisco or any of the ones in between. In the case of the dollar bill, the name of the issuing bank is also noted on the bill. It goes almost without saying that the institution that issues the money that we use should have top notch controls. Each Federal Reserve Bank, therefore, has audit departments that are constantly reviewing it and making sure that the banks are complying with the rules. The auditors also work to improve systems. Every day, people are spending a lot of time and energy trying to figure out how to game the system and so those at the Fed should spend at least as much time and energy working to keep the banks safe and compliant.

Though my focus has changed, my excitement when it comes to the Fed is unabated. Not only are they working on monetary policy, they are also working to make sure that the rules are not being broken and that the opportunity to defraud, steal or abet crime is diminished. Take a look at the money in your wallet and think about what goes into making it worth what it is worth.

Tagged , , , , , , , , , , , , , , , , ,

From The Horse’s Mouth

Mister-Ed-Talking-HorseEarly last year, I wrote about Amy Wilson and the lack of controls that existed in the company that she stole from. The complete lack of controls and reliance on trust gave her the opportunity to steal from the company, which she did… for four years. She was actually caught by the fraud department at the credit card company, not by her employers. Anyway, I am talking about her because Jim Ulvog has an excellent post on his website, Attestation Update. Here, Amy Wilson tells us about her fraud, how she was caught and how she got away with things for as long as she did. It is an excellent watch and a great reminder of the very wise words – “trust, but verify.”

Tagged , , , , , , , , , ,

Here’s My Number And A Dime…



“If you see something, say something”. Living in New York City, this is a message I come across often. I see it advertised all over the subway, I see it on buses and I have even seen it on television. Although the messages tell us to inform a police officer, MTA employee or call a toll-free number in the cases that we do see something and want to say something, I have often thought about the logistics of this. On my way home from work, I tend to end up in the last subway car. Now, say I get onto the train and I see something and I want to say something. I am in the last car and can barely see the subway conductor who is in the middle of the train. Do I try to run up the platform to get to the MTA employee before the train doors close and the train sets off? Do I perhaps hope that there is a police officer that I can alert, hanging out on the subway platform? My subway station is one of the few that now has cellphone reception, so I could call the toll-free number. However, I have never taken the time to actually take the number down so I have no idea what it is. All this said, I like to think that, on the day that I do see something and need to say something; it will be like the movies and things will fall in place and work out.

Previously, when talking about controls, I have discussed the importance of the segregation of duties and how having several people involved in a process means that there are other people who are watching what is going on and who, therefore, can report any untoward activities that they see. Annually, the Association of Certified Fraud Examiners (ACFE) publishes a Report to the Nations on Occupational Fraud and Abuse. The 2014 report stated, “Over 40% of all cases were detected by a tip – more than twice the rate of any other detection method.” That is a staggering statistic and emphasizes just how important people who see and say something are when it comes to fraud detection. The knowledge that there is an easy way for fraud to be reported may also serve as a deterrent to those contemplating committing fraud. In response to a series of huge financial scandals that led to losses in the billions of dollars and the end of companies such as Enron and WorldCom, the Sarbanes- Oxley Act was passed in 2002. Among its various provisions, it required that publicly traded companies establish a whistleblower system that makes it easy for employees and third parties to anonymously report financial misdeeds.

There is a television show called “The First 48”. The premise of the show is that the chances of solving a murder are cut in half, if investigators do not get a lead within the first 48 hours. On a few occasions, I have watched as detectives go from door to door in a neighborhood, asking people if they know anything about the homicide that occurred. Generally, the police are met with silence, shaking heads and closing doors. However once they get back to the police station, their phones start ringing and people leave anonymous tips that often lead to an arrest. Anonymity is a very important aspect of creating a whistleblower system. The fear of punishment for reporting fraud, such as being fired, demoted or even physically attacked, can keep a witness silent. It is vital that a person knows that they can safely make a report and remain unidentified, should they wish to do so.

There should be several reporting options available to the whistleblower, such as the telephone, an electronic system and U.S. mail, giving the whistleblower the opportunity to use the method that they are most comfortable with. Also, the system should be available 24 hours a day, 365 days a year. With the whistleblower hotline, a trained interviewer, who knows how and what to ask the caller should answer the phones. The last thing a nervous caller wants to deal with is voicemail.

In order to make the whistleblower system most effective, a corporate entity’s staff, vendors and other third parties need to know that there is a way that they can report wrongdoing and that action will be taken. This means that a company with a whistleblower system should distribute literature and hold training sessions on ethics, processes and how to report any financial wrongdoing. Several years ago, I caught a cab from Manhattan to Brooklyn. During my ride, the cab driver complained about having to drive to Brooklyn and tried, several times, to drop me off at a subway station. I insisted that he take me to Brooklyn, as I had requested. He then spent the rest of the ride swearing and protesting. Once we reached my destination and I stepped out of the taxi, he yelled out the window, “Bitch”, and drove off. Suffice to say, I was upset by this experience. Shaking, I walked into the building and called 311, New York City’s non-emergency information and complaint service. I told the operator about my experience and gave her the taxi driver’s medallion number. She took my report and asked whether or not I wished to remain anonymous. I chose not to, wound up facing the driver in a hearing, and winning my case. I did all this because I did not appreciate how the taxi driver had treated me and felt that I should not let him think that it was okay for him to behave in that manner. More importantly, I did this because I knew about and had access to an easy, and well-publicized service where I could lodge my complaint and have my issue investigated and resolved.

I have mentioned that publicly traded companies in the United States are mandated to set up a whistleblower system. It is in the interest of other entities to consider a system by which anyone who comes across financial crime can report the crime, knowing that something will be done about it and that no one will come after them for making the report. Sometimes something as simple as an anonymous mailbox can make a big difference – just knowing that there is a way to report crime gets people reporting crime. Then again, as an employee or a third-party, such as a vendor or a customer, there may be times when you feel as though the corporate culture is so corrupt that no one within the company will respond to your complaint. At times like this, you should look to the law for assistance. In New York City, you can call 311 for guidance and assistance. You can also visit the District Attorney’s website for information on how to report a financial crime. The power of people speaking up when they see something amiss cannot be underestimated and voicing your concerns is easier than you imagine; remember whistleblowers are the number one (by far) way in which fraud is discovered. So, really, if you see something, say something. You don’t even have to worry about the train leaving you behind.

Tagged , , , , , , , , , , , , , , , , , ,

Who Runs Things?


James Petrozzello

The tone at the top of an organization is vitally important. If the people running things are behaving in an unethical manner, how can one expect the rest of the firm to operate any better? If you are working at a company and you get the message that leadership is for those who operate without regard to the rules, then wouldn’t the probability be high that you would either leave or start breaking the rules yourself? Often when a leader of a company is caught breaking the law, stories follow about a culture of bad behavior at that company.

Craig Haber became a partner, based in New York, at Grant Thornton in 1993. In 2004, he opened a business checking account in the name of a company with a name very similar to Grant Thornton. Then, between 2004 and July 2012, Haber deposited $3.97 million in checks made out to Grant Thornton into the fraudulent account that he had opened. That is eight years of funneling almost $4 million in company funds into his personal account. How Haber managed to do this shows how he got the opportunity to take advantage of weaknesses in the Grant Thornton control system in order to perpetrate his fraud.

When Grant Thornton sends out bills to its clients, it attaches a page to the bill with instructions on how to either wire money into their account or send a check to their Chicago office, which is where their head office and billing department are located. Beginning in 2004, Haber would send billing statements to some clients and, instead of the usual payment instruction sheet, Haber instructed the clients to send payments to “Craig B. Haber”, in care of Grant Thornton, at the Grant Thornton New York offices. He also sent these payment instructions to some clients via email. When he received these payments, he deposited the bulk of them into the fraudulent account that he had opened. He got around the discrepancies by telling Grant Thornton that he had collected lower fees than what he actually collected.

It appears that Craig Haber had too much access to the billing system. In a company, seniority is no reason for reduced controls. Seniority should be a greater incentive for implantation of controls. Because it tends to be more difficult for an employee to say no to a higher up in a company, it is important that a system is built that says no on the employee’s behalf. All bills should have come from the billing department and the billing department should have sent clients billing statements detailing a running balance detailing payments received over a period of time. If that had been the case, some clients would have contacted Grant Thornton to find out why some of their payments were not reflected on their statement.

Grant Thornton should also have worked to limit what payments went to the partners, instead of being sent directly to the billing department. It is a challenge, but an occasionally reminding a client to send payments to the Chicago office may have gone a long way in reducing how much was stolen by Haber.

The fraud of almost $4 million translates into many billing hours that Haber was short on. I am not sure how he explained this shortfall but there should be a way to verify this for partners, in the same way that, I am sure, there is a way to verify billable hours for other employees of Grant Thornton.

Craig Haber received the Grant Thornton payments, which he then redirected to his personal account, via the US Postal Service. Therefore, when Grant Thornton discovered the fraud and reported it, the investigation was carried out by the US Postal Inspection Service and headed by Postal Inspector Melissa Atkin. True to the elements of the fraud triangle, Haber claimed that he started defrauding Grant Thornton because of financial pressure and, as you can see, he took full advantage of the opportunity to take money from the company. Haber was charged with and convicted of mail fraud and faces both a fine and prison time.

Being at the top in his firm did not stop Haber from committing fraud and perhaps being at the top of his firm meant that he was able to perpetrate his fraud without detection for longer. The Association of Certified Fraud Examiners (ACFE) has found that fraud by those higher up in an organization tends to be greater in value and to go on for a longer period of time. Being a CPA, who is supposed to practice according to a Code of Professional Conduct and uphold certain ethical standards, makes Haber’s crime even more disappointing. He stands to lose his CPA license, in addition to the jail time and fines. I would not be surprised if Craig Haber’s behavior had ripple effects among those that he supervised and dealt with, including a decrease in morale, cynicism about adherence to the code of conduct for CPAs and perhaps even bad behavior. If the people in charge are not minding the store, who will?


On March 12, 2014, Craig Haber was sentenced to 4 1/2 years in prison for stealing almost $4 million from Grant Thornton. During the time he was stealing that money, he earned nearly $6.9 million. Just goes to show that some people never have enough money. Now he gets to think about whether those millions were worth it. I, personally, would say no.

Tagged , , , , , , , , , , , , ,

Way Outside The Box


Shock Absorber

I studied economics in college and in class we learned a lot of theories about things like supply & demand, consumption, and maximizing utility. Those lessons came with graphs and diagrams that were all very logical and pretty to look at. To know that there was an explanation for everything was both exciting and comforting. Learning that a change in the money supply would result in a provable response from the market was a powerful lesson. Everything worked just so, and followed the lines of the diagrams. The power of economics was amazing – all very logical, like a math problem (I also studied math and statistics, so I enjoyed how everything fell in place). It all made sense!

After college, I spent a few years in Zimbabwe and, during that time, I did a stint at an investment bank. I had studied various aspects of economics including micro- and macroeconomics, econometrics and neoclassical theory and so I was ready to step into my analyst position where I took market information and used it to explain and predict market activity. What I found, however, was that sometimes things worked according to the models that I created and the other times the market went rogue. When that happened I was stumped. What was wrong with the people? Why didn’t they act according to the graphs and predictions? Why weren’t they behaving in a logical manner? I wasn’t sure at times, whether to be upset with the people or with the economic theory that didn’t sufficiently warn me about the propensity of people to do what they are not supposed to do.

I left the bank to work in audit, at Deloitte. Just before I started there, an incident had occurred. A client, who was committing fraud, offered the audit manager a bribe to ignore the fraud and issue a clean audit report. When the manager refused to accept the bribe, the client tried to kill the manager. At work, my fellow employees were puzzled by this behavior – for one thing, it would have made more sense to try to bribe the audit partner, as that was who would sign off on the audit report. Was this client’s plan to kill every manager who took over the audit until he found one who was willing to not only take the bribe but also convince the audit partner that the books were fairly stated? It didn’t make sense.

I have found over the years that, unlike most of my mathematics problems, there are many incidents where human behavior does not make sense. A recent example is Scott London, a former senior KPMG partner who, although he earned a seven-figure salary, gave away insider information to his golfing buddy in exchange for a watch and jewelry that he could have bought himself and for about $50,000, cash that was small change in comparison to what he earned. He risked his career, reputation and, possibly, freedom for no good reason.

Why would he do that? It is a question that comes up just about every time a fraud is exposed. We are shocked by the lengths that people go to in order to defraud businesses and what they are willing to risk in their schemes and it is very likely that the fraudsters bank on our unwillingness to believe that anyone could do what they are doing. Often a fraud goes on for a long time because even when someone suspects that something is amiss, they cannot get their minds to go to the place the fraudster occupies. We have preconceived ideas of what a criminal is and so there are many that we don’t suspect:

  • We can’t believe that someone who has been a longtime, respected member of our community could steal from us.
  • We are stunned to discover that a friendly and fun coworker is defrauding the company.
  • In cases such as that of Rita Crundwell, the fraudster is the kind person who helps out when we are in trouble. How could that person be embezzling money?
  • The person fleecing the company could be the person who wins employee of the year awards because they put in long hours, never take vacation time and are always doing more than is expected of them.

At times, in order to see fraudulent behavior, we have to first shrug off our preconceived notions of what kind of person will commit these actions. In this way, we won’t shrug off any red flags or odd moments. Many times after a fraud is uncovered we hear people say things like:

  • He would say things sometimes and I would think maybe I heard him incorrectly;
  • I just assumed she had inherited money from a relative who had passed away;
  • When he started explaining things, he made it sound so complicated that I decided maybe I thought something was wrong because it was too difficult for me to understand.

Humans are odd creatures. We have the power of choice and sometimes that means that a person will make a choice that is absolutely illogical to you. For instance women will wear shoes that break their bones and disfigure their feet and, not only will they wear these shoes, but they will also play hundreds of dollars, sometimes thousands, for these foot-deforming shoes. For many, there is no good reason to destroy your feet in the name of cute shoes but for many others it makes enough sense for them to do it. I know this as a runner who has seen how wrecked we look at the end of a race – bleeding body parts, hobbling, missing toenails – and yet how absolutely triumphant we are. We often don’t make sense.

At times when things pop up that we don’t make sense, we need to be able to keep from thinking that the error is with us. Instead of creating explanations that make sense to us, at times it is important to step outside our boxes and open our minds to the possibility of the unimaginable. If it appears off, it may well actually be off and not be your imagination. It turns out that no one is too smart, too rich or too nice to commit fraud.

Tagged , , , , , , , , , , ,