Financial Fraud: What You Don’t Know Can Hurt You August 13,

Financial Fraud: What You Don’t Know Can Hurt You August 13, 2014 Karen Baum, CPA, CFE [email protected]

August 2014 UTA Alumni CPE I. II. III. IV. V. 2 Financial Fraud Update Regulatory Framework – Evolution of Whistleblowing Laws – What to Expect in 2014 Fraud Schemes 101 – Corruption – Asset Misappropriation – Financial Statement Fraud Fraud Trends To Watch For In 2014 – Ponzi Schemes – Cybercrime/Identity Theft Going Forward Private and Confidential

I. Financial Fraud Update According to PwC’s 2014 Economic Crime Survey1: – One in every three companies reports being victimized by economic crime – Crimes evolve and follow business megatrends – Greatest risk are “systemic” crimes (bribery, corruption, antitrust and money laundering) compared to “episodic crimes” (asset misappropriation) 1 2014 Global Economic Crime Survey, PricewaterhouseCoopers 3 Private and Confidential

I. Financial Fraud Update All businesses have exposure to economic crime – Threatens basic processes of doing business – Threats come from a variety of sources The most damaging forms of economic crimes exploit the tension between 2 fundamental business goals Profit 4 Private and Confidential Compliance

I. Financial Fraud Update Main Branches of the “Fraud Tree”2 Corruption Asset Misappropriation According to the Association of Certified Fraud Examiners (“ACFE”) Occupational Fraud and Abuse Classification System referred to as the “Fraud Tree”. 2 2 5 Private and Confidential Financial Statement Fraud

6 Private and Confidential

I. Financial Fraud Update According to the ACFE 2014 Survey, Asset Misappropriations are most frequently observed Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 7 Private and Confidential

I. Financial Fraud Update Asset Misappropriation accounts for the least median loss Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 8 Private and Confidential

I. Financial Fraud Update What type of organizations become the most frequent victims of fraud? Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 9 Private and Confidential

I. Financial Fraud Update What type of organizations suffer the greatest losses? Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 10 Private and Confidential

I. Financial Fraud Update How does size of the organization affect the median loss? Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 11 Private and Confidential

I. Financial Fraud Update Economic loss isn’t the only cost of fraud to a company – Employee morale – Disruption and distraction – Negative publicity – Reputational risk – Business relationships – Adverse relationships with regulators – Share price Q: With so many ways that fraud can be committed, what do you think the most effective method is for detecting fraud? 12 Private and Confidential

I. Financial Fraud Update Tips are the primary method for initial detection of fraud – Also referred to as “whistle blowers” – Often made by disgruntled employees – Tips account for more than 40% of all fraud cases detected – Audit efforts render surprisingly low detection rates: External audits account for only 3% of frauds detected, while 6% are found by accident 6% are found by reconciling accounts 13 Private and Confidential

I. Financial Fraud Update Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 14 Private and Confidential

I. Financial Fraud Update Who blows the whistle? Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 15 Private and Confidential

II. Regulatory Framework Whistle Blower (“WB”) Laws – A relatively recent area of law – Evolved partly in response to major financial scandals and fraud – Began in the late 1970s and covered corruption involving government employees 1978 - Civil Service Reform Act – covered only government employees and proved ineffective – No real protection for whistleblowers Burden of proof on whistle blower Source: U.S. Securities and Exchange Commission, Office of Inspector General, Office of Audits, Assessment of the SEC‟s Bounty Program Inspector General Report), Rep. No. 474, at 5, Mar. 29, 2010. 16 Private and Confidential

II. Regulatory Framework 1988 - Insider Trading and Securities Enforcement Act – SEC WB bounty program for tips reporting insider trading – Ineffective, made only 7 payments totaling 159,537 since inception – Failed to prevent major insider trading violations that followed Photo: Martha Stewart arrives at New York State Supreme Court in New York, March 5, 2013. Seth Wenig/AP Photo Source: U.S. Securities and Exchange Commission, Office of Inspector General, Office of Audits, Assessment of the SEC‟s Bounty Program Inspector General Report), Rep. No. 474, at 5, Mar. 29, 2010. 17 Private and Confidential

II. Regulatory Framework 1989 - Whistleblower Protection Act: – Created a separate agency to litigate claims – Permitted filing of WB claims without government support – permitted courts to shift attorneys‘ fees from plaintiffs to defendants. 2002 - Sarbanes Oxley Act (SOX): – Passed in response to corporate scandals at Enron and Worldcom – SOX extended WB protection beyond federal employees to employees of publicly held companies – required business controls to deter and detect fraud – lowered the bar for statutory protection, only requiring the WB to have a “reasonable belief” of fraud 18 Private and Confidential

II. Regulatory Framework 2006 – IRS Whistleblower Law – Enabled individuals to report: Underpayments of tax Other violations of IRS laws – A WB can receive an award of between 15% to 30% of the collected proceeds (including penalties, interest, etc.) – Has monetary thresholds before the law applies 19 Private and Confidential

II. Regulatory Framework 2010 - Dodd-Frank WS Reform & CP Act – Expanded WB protection and incentives beyond SOX: 10-30% bounty for all tips resulting in SEC or CFTC enforcement actions with monetary sanctions 1M expands upon the SEC‘s existing insider trading bounty program. Photo Illustration; Madoff: Andrea Renault / Polaris; Jupiter Provides protection to employees of all subsidiaries and affiliates of public companies and any individual performing tasks related to the offering or provision of a consumer financial product or service Private and Confidential

II. Regulatory Framework 2011 - New SEC Whistle-Blower Rules Significantly expand its prior program Revamped the SEC WB program, providing a direct mechanism for whistleblower complaints to the SEC Anyone can be a whistle-blower, including current and former employees, suppliers, customers and business partners The new rules apply to securities violations by: public companies private companies and those who work for public companies Source: Texas Lawyer Business Journal; 12/19/11 21 Private and Confidential

II. Regulatory Framework New Whistle-Blower Rules in 2011 (continued) private companies raising capital under federal securities laws exempt from registration broker-dealers investment advisors Offer significant protection to eligible reporters of wrongdoing Create substantial incentives to whistle-blowers and significantly increase exposures to corporations Source: Texas Lawyer Business Journal; 12/19/11 22 Private and Confidential

II. Regulatory Framework SEC’s 2013 WB Report to Congress 23 Private and Confidential Reported an 8% increase in tips and WB awards over the previous year The program made it’s largest single award to date of 14M* in 2013 from a tip regarding a fraudulent capital raise

II. Regulatory Framework What to Expect in 2014 SEC will continue to make efforts to analyze tips carefully, particularly for financial reporting and accounting allegations, and use them to drive enforcement actions. In this environment, companies should take appropriate steps to: Be Prepared Conduct risk assessments Establish policies and procedures that make it easy and safe for whistleblowers to submit internal complaints If you don’t whistle-blowers may go directly to regulators 24 Private and Confidential

II. Regulatory Framework Be Alert and Responsive Monitor internal complaints and react swiftly as they come in Get the right people involved Develop a game plan Be Disciplined Adhere to your investigative protocols Do not lose sight of issues related to business implications, privilege and potential self-reporting obligations Be Committed It is not enough to implement the framework of a system Companies must devote appropriate resources to compliance programs and obtain buy-in of key stakeholders 25 Private and Confidential

III. Fraud Schemes 101 “The Big Three” 1. Corruption 2. Asset Misappropriation 3. Fraudulent Financial Statements 26 Private and Confidential

III. Fraud Schemes 101 – 1. Corruption “Dishonest or fraudulent conduct by those in power, typically involving bribery.” Starts/ends with “I had these friends.” FUN FACTS: One of the oldest white-collar crimes known to man Hardest to detect 2014 Median loss 200,000 27 Private and Confidential

III. Fraud Schemes 101 - 1. Corruption Common indicators: Rising expenses for goods and services Rapidly increasing purchases from one vendor Excessive purchases of goods or services Contracts written to limit competition (for example, sole-source contracts) Purchasing becomes an advocate 28 Private and Confidential

III. Fraud Schemes 101 - 1. Corruption % Bribery and Corruption Cases Reported by Industry 2014: 80% Mining Oil & gas Manufacturing Construction Telecommunications Real estate Wholesale trade Banking and financial services Healthcare Government and public administration Utilities Retail 70% 60% 50% 40% 30% 20% 10% 0% Series1 Source: Data from ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 29 Private and Confidential

III. Fraud Schemes 101 - 1. Corruption Prevention and detection 1. Proactive analysis of quality and pricing issues 2. Extensive background investigations for vendors 3. Enforced right to audit clauses (conducted by “disinterested” parties) 4. Mechanisms to report waste and abuse 5. Code of conduct policies 6. Identify vendor’s fraud policy 30 Private and Confidential

III. Fraud Schemes 101 - 1. Corruption Sample DOJ Settlements Date Company (HQ country) DOJ Settlement Amount 4/1/2010 Daimler AG (Germany) 195 million 2/11/2009 KBR/Halliburton (U.S.) 579 million 2/5/2010 BAE Systems (U.S.) 448 million Source: US Department of Justice 31 Private and Confidential Charge Made illegal payments to foreign officials worth tens of millions of dollars in at least 22 countries Led four-company global consortium that bribed Nigerian officials to win construction contracts Paid 2 billion in bribes to Saudi Arabian ambassador Bandar bin Sultan in a multi-billion-dollar arms deal

III. Fraud Schemes 101 – 2. Asset Misappropriation Billing Scandals – The creation of a fictitious entity to receive payment for a fictitious purpose – Purchasing personal items from legitimate vendors – Often conducted through: Normal business process by a “sleepy” manager Forge approvals and all receiving documents FUN FACTS: Most common of all frauds Easier to detect 2014 median loss 130,000 32 Private and Confidential

III. Fraud Schemes 101 – 2. Asset Misappropriation Source: ACFE Report to the Nations on Occupational Fraud and Abuse; 2014 Global Fraud Study 33 Private and Confidential

III. Fraud Schemes 101 – 2. Asset Misappropriation Asset Misappropriation – Prevention and Detection Analyze: Voided and/or missing checks Checks payable to employees Altered endorsements and/or payees Returned checks Duplicate checks Controls to prevent theft: Rotate bank reconciliation Use bank assistance, such as positive pay Account confirmations Background checks!! 34 Private and Confidential

III. Fraud Schemes 101 – 2. Asset Misappropriation Asset Misappropriation – Prevention and Detection Other helpful controls: 1. Use pre-numbered POs provided to vendors who include them on their invoice 2. Extensive due diligence on new or unfamiliar vendors and their management 3. Analyze expenditure variances by vendor and category 35 Private and Confidential

III. Fraud Schemes 101 – 3. Fraudulent Financial Statements Most common schemes: – Improper revenue recognition – Concealed liabilities – Capitalized expense – Improper asset valuation – Improper disclosures of: Significant events Related party transactions FUN FACTS FFS were only 9% of the total fraud cases reported 2014 Median loss reported 1 million (down from 4M in 2010) 36 Private and Confidential

III. Fraud Schemes 101 – 3. Fraudulent Financial Statements http://www.economist.com/node/2327955 2003 – Parmalat 14B “hole” in the accounting records http://list25.com/25-biggest-corporate-scandals-ever/ 2003 – HealthSouth 1.4B embezzlement hidden by fake accounting entries 2001 – Enron http://www.cnbc.com/id/45499018 Hid billions in debt in offshore SPE’s 2002 – Worldcom 11B in overstated assets and 3.8B in fraudulent accounts 37 Private and Confidential Photo 2004 Allan Tannenbaum

III. Fraud Schemes 101 – 3. Fraudulent Financial Statements Olympus 13 year accounting fraud coverup – In April 2014, litigation continues as 6 banks filed suit for damages – Whistleblower Michael Woodford (former CEO) fired after blowing whistle on the 1.7 billion accounting fraud in 2011 – Olympus “Rotten From the Top” – Not the mob but managers, who used accounting write-offs to cover up investment losses from the 1990s that would have blown a hole in Olympus’s balance-sheet. 38 Private and Confidential

III. Fraud Schemes 101 – 3. Fraudulent Financial Statements Prevention and Detection DOCUMENTED fraud detection procedures such as: Journal entry review Detailed segregation of duties around crucial areas Extensive account reconciliation Significant analysis of variances Consistent enforcement of policies Adequate hiring and training Employee reporting mechanisms 39 Private and Confidential

IV. Fraud Trends To Watch For In 2014 1. Old Schemes o Ponzi Schemes o Promises of security in an unsecure world 2. New Schemes o Cybercrime o Replacement of people with systems changes the compliance game 40 Private and Confidential

IV. Fraud Trends To Watch For In 2014 1. Ponzi schemes - Overview – An investment fraud that involves the payment of purported returns to existing investors from funds contributed by new investors – Lure new investors to invest in opportunities based on high returns with little or no risk – Often involves real estate, luxury assets and business exchanges (in 1920, Ponzi sold discounted international reply coupons) Source: www.sec.gov 41 Private and Confidential

IV. Fraud Trends To Watch For In 2014 1. Ponzi schemes – Recent settlement in high profile Colorado case Mueller’s accountants owned 5% of the fund and ran the scheme Day trader who bilked investors out of 71 million 10M settlement returns investors .16 on the Source: Denver Post, August 7, 2014 42 Private and Confidential

IV. Fraud Trends To Watch For In 2014 1. Ponzi schemes – Full Tilt Poker Massive Ponzi scheme against its own players Lied to both players and the public about the safety and security of the money deposited Seven executives and others tied to Full Tilt were indicted as part of a federal crackdown after stealing 100M 43 Private and Confidential http://www.forbes.com/sites/docket/2010/06/01/will-onlinepoker-in-the-u-s-stop-today/

IV. Fraud Trends To Watch For In 2014 1. Ponzi schemes – Stanford update R. Allen Stanford indicted in 2009 for running a 20-year fraud that bilked investors out of 7 billion through: Funneling depositor’s dollars to a secret Swiss bank account used for personal purchases Bribes to regulators and auditors Employee bonuses 10X the number of victims than Madoff – 28,000 people ripped off In prison serving a 110 year term Sources: CNBC, Scott Cohn, Saturday, 15 Feb 2014; KXKN 2/6/12; Washington Post 2/3/12; Houston Chronicle 9/15/09; photo: F. Carter Smith/Bloomberg News 44 Private and Confidential

IV. Fraud Trends To Watch For In 2014 1. Ponzi schemes – Stanford update After 7 attorneys, he’s representing himself and is appealing his conviction Democratic and Republican recipients of 1.8M ponzi cash won’t return to investors Recovery was 1 cent on the dollar lost 2.5M Cooke Islands “Baby Mama Trust” set up for a mistress still in litigation 45 Private and Confidential Photo:http://www.newser.com/tag/ 38450/1/robert-allen-stanford.html

IV. Fraud Trends To Watch For In 2014 1. Ponzi schemes – Take away Madoff/Stanford taught us to: compare the advisor’s market returns with those of actual markets (too high, too consistently?) conduct your own due diligence research through Financial Industry Regulatory Authority (www.finra.org) created in 2007, it receives 4,500 to 6,000 complaints per year make sure advisor abides with generally accepted industry practices (electronic almost real-time statements) 46 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – what is it? Defined as any criminal act dealing with computers and networks (called hacking) and includes traditional crimes conducted through the Internet; mass marketing frauds data breaches malware/viruses internet fraud identity theft credit card account thefts (when the illegal activities are committed through the use of a computer and the Internet) Photo: CBC News 47 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – dangerous combination of trends: Cybercrime often occurs invisibly until the damage is done 45% of financial services organizations reported being victims of cybercrime - nearly 3X the frequency reported by all other industry sectors Source: 2014 Global Economic Crime Survey, PricewaterhouseCoopers 48 Private and Confidential Social media Access & connectivity Technology Cybercrime

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – where is it happening? Source: BusinessWeek/Symantec 49 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Mass Marketing Fraud Types According to the Internet Crime Complaint Center and FTC mass-marketing fraud schemes generally fall into three main categories: Advance Fee Bank and Financial Accounts Investment Opportunities Source: US Department of Justice 50 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Advance Fee Schemes Victim is promised a million-dollar prize, lottery winnings, etc., but must pay in advance fees before receiving the benefit. Auction and Retail Schemes – Online auction websites are among the most frequently reported form of mass-marketing fraud. Offer high-value items - induce their victims to send money, but deliver nothing or an item far less valuable (e.g., counterfeit or altered goods). Source: US Department of Justice 51 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Advance Fee Schemes Auction and Retail Schemes – In 2010, an eBay seller sentenced 68 months for operating a massive eBay auction fraud scheme. – From 2003 to 2008, 5500 eBay transactions worth 717,000 – Used at least 260 different eBay accounts – None of the items were ever shipped or delivered, and he simply kept the money for personal use. Source: US Department of Justice 52 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Advance Fee Schemes Business Opportunity/"Work-at-Home" Schemes – Requires an up front fee, but fails to deliver materials that are needed to create a viable business Credit-Card Interest Reduction Schemes – Charge fees without actually reducing cardholders' interest rates Source: US Department of Justice 53 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Advance Fee Schemes Inheritance Schemes – Contact prospective victims then make a series of demands for advance payment of various nonexistent fees before the inheritance can be transferred. Lottery/Prize/Sweepstakes Schemes – Operate from a growing number of countries, such as Costa Rica, the Dominican Republic, Jamaica, the Netherlands, Nigeria etc., thru email they claim the victim has just won a substantial lottery prize or sweepstakes, but must pay a number of nonexistent "fees" or "taxes" before he or she can receive the prize. Source: US Department of Justice 54 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Bank and Financial Account Schemes Mass contacts with individuals to trick them into providing bank or financial account data, gain access steal funds or charge goods to the victims' cards. Identity Theft - the wrongful obtaining and using of someone else's personal data involving fraud or deception, typically for economic gain. Source: US Department of Justice 55 Private and Confidential Data Breach Phishing Vishing

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Bank and Financial Account Schemes Phishing – uses email Vishing – is voice phishing Q6 FUN FACTS: Identity fraud complaints decreased 21% in 2013, but still is the FTC’s #1 complaint Intuit has a great explanation of phishing, vishing, smishing and pharming at: https://security.intuit.com/phishing.html Source: US Department of Justice 56 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Bank and Financial Account Schemes Identity Theft / Fraud Statistics Average number of U.S. identity fraud victims annually Percent of U.S. households that reported some type of identity fraud 11,571,900 7% Average financial loss per identity theft incident 4,930 Total financial loss attributed to identity theft in 2013 24.7B Total financial loss attributed to identity theft in 2012 21.0B Total financial loss attributed to identity theft in 2010 13.2B Percent of Reported Identity Thefts by Type of Fraud Misuse of Existing Credit Card Misuse of Other Existing Bank Account Misuse of Personal Information Source: US Department of Justice, Javelin Strategy & Research 57 Data Private and Confidential Percent Reported 64.1 % 35.0 % 14.2 %

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Bank and Financial Account Schemes How safe is Paypal? – Do your own due diligence – Be sure to check the FTC, and other consumer sites Source: www.paypalsucks.com 58 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Investing Schemes “Pump-and-Dump" Schemes Fraudulently drive price increases in thinly traded stocks Immediately sell off their holdings of those stocks Any other buyers of the stock who are unaware of the falsity of the information become victims of the scheme once the price falls. Short-Selling ("Scalping") Schemes Similar approach to pump and dump Disseminating of false information to drive a stock price down Source: US Department of Justice 59 Private and Confidential

IV. Fraud Trends To Watch For In 2014 2. Cybercrime – Other costs Reputation – – Target is still struggling to win back the trust of shoppers after hackers from Eastern Europe stole 40 million credit card numbers and 70 million addresses, phone numbers and other personal information last winter. Personal safety and well being – – People who have lost their life savings to fraud often become suicidal – In certain cases foreign-based mass-marketing fraud schemes have resorted to kidnaping victims who have been persuaded to travel abroad, to ensure that they obtain as much money as possible from their victims and their families. Source: US Department of Justice 60 Private and Confidential

V. Going Forward As Investors . Scams generally have glaring red flags: Can’t miss investments; guaranteed return (since when are there guarantees?) Unsolicited materials – ignore investment-related “junk” faxes, emails, voice mail messages, and regular mail Limited opportunities (limited because .?) Do your own due diligence: Research potential investment opportunities - and who's behind them Compare promised rates of returns with that of industry Are there right to audit clauses? How is your investment protected? 61 Private and Confidential

V. Going Forward As Leaders . Set the tone by creating new policies and be aggressive in enforcing them Stay motivated and view the fact “you found something” as positive Educate the workforce as to “lessons learned” Wear “investor shoes” (what do they need to hear?) Know the courts will give a reduced culpability score if the company: 1.Voluntarily discloses wrongful acts in a timely manner 2.Discloses information to appropriate authority 3.Cooperates fully with the investigation 4.Clearly accepts responsibility for its wrongdoing 62 Private and Confidential

V. Going Forward As Individuals . Don’t judge a book by its cover (websites may not be legitimate) Watch out for "Advance-Fee" demands Avoid disclosing personal data over the phone or online Beware of communications from parties that do not disclose their identity i.e., emails from “h1rX [email protected]” Pay for online purchases by credit card or use an escrow service Don’t respond to phishing, vishing or smishing requests for personal information If you believe any of your accounts could be compromised, change your password immediately. Lastly - What you don’t know can hurt you – so please protect yourself and stay informed!!! 63 Private and Confidential

YOUR TURN QUESTIONS?