protecting your clients from fraud: vendor …...protecting your clients from fraud: vendor...
TRANSCRIPT
Protecting Your Clients from Fraud: Vendor Management and Due Diligence Programs
James Mottola, MS, CISM, CPP
Dr. Kim Miller, CFE March 16, 2017
1
Components of Due Diligence
Comprehensive Mid-Market Due Diligence Services
Private Equity, Banks and Law firms
2
Approach: Risk Management
As part of the Supply Chain Management (SCM), risk is assessed through a qualitative review of factors that could impact critical business processes. An investigation will look to uncover legal and reputational facts both individually and as a principal in the organization, including criminal history, bankruptcies, social media feedback and dark web activities. These factors are used to determine the risks associated with any particular vendor, client, partner or transaction to determine whether controls should be instituted to mitigate these risks, such as financial audits, site visits, reference interviews or other appropriate measures.
3
Program Objective: Business Continuity
Create a trusted process for businesses, vendors and suppliers to facilitate commerce with confidence. Facilitate financial resilience and preservation of resources. Reduce costs, improve operations, strengthen security and improve relationships with all applicable third-party entities. Enhance the customer experience by ensuring the highest quality and legitimacy of all products and services.
4
Institute a process for assessing operational, transactional, reputational and credit related risks to member businesses based upon established investigative, legal and regulatory guidelines. Positively verify the identity of any vendor, supplier or other entity and if possible to determine the legitimacy of any entity wishing to engage the member in a business transaction. At a minimum, this due diligence process will provide the member business with the information to make a business decision from an informed risk management perspective.
Implementation: Process Driven
5
According to the Association of Certified Fraud Examiners’ (ACFE) 2014 Global Fraud Study :
The typical organization loses a median of 5% of revenues each year due to fraud.
The median loss caused by fraud was $145,000, with 22% of
those cases reporting losses of at least $1 million. Reducing the duration of fraud is particularly critical, since the
longer the fraud lasts, the more financial damage it causes the organization.
Fraud Prevention Tool
6
A Quick Study on: Too good to be True.
Owned a brokerage and Investment Advisory firm
Chairman of NASDAQ
Exclusive Offering
Unusual Returns: 11% per Year
Connected to Celebs and Powerful People, i.e. Kevin Bacon
7
Red Flags
Feeder Funds Revenue: Not Generated for Returns but for Suppling Funds to Madoff Commission Based Churn: Rather than fees under asset management and performance
Various Auditor’s: Fairfield Greenwich 7 Billion under Management (Vendor) Madoff Auditor: Friehling & Horowitz: 3 Person Firm (Vendor) Close holding of the BMIS by family members and “Secrecy of Operations” Numerous SEC Investigations with no evidence Numerous Consultants (Aksia, Ltd, et al) alerted their clients and Harry Markopoulos, in 2000, 2001 and 2005 the SEC.
8
Elements of an Assessment
• Application Process, Contractual Agreement and Retention of
Records
• Open Source Intelligence Investigation (OSINT)
• Project Management
• Financial Document Analysis
• Tax Document Analysis
• Investigatory Support
• Periodic Review, Evaluation and Feed Back (Tips) to Monitor
Changing Circumstances
9
You Don’t Know What You Don’t Know
10
Using Fuzzy Logic
• Fuzzy logic is designed to solve problems in the same way that humans do: by considering all available information and making the best possible decision given the input.
Investopedia.com
11
Open Source Intelligence Investigation (OSINT)
• Proprietary Subscription Data Bases Inquiries
• Information Aggregators
• Targeted Sourcing of Financial Fraud and Criminal History
• Government Record Checks
• Dark/Deep/Surface Web On-Line Forums
• Reputational Review
• Money Laundering Checks
• Media Aggregators
• International Due Diligence
• Competitor Due Diligence
12
• Monitoring and Awareness Programs
• Legal Research
• Compliance
• Business, Client, Principal, and Employee Investigations
• Locate Evident and Hidden Assets
• Acquisition Assessments and Due Diligence
• Intellectual Property
• Social Media Aggregators
• Political and Charitable Donation Checks
Open Source Intelligence Investigation (OSINT)
13
• Dark/Deep/Surface Web
14
• Dark/Deep/Surface Web On-Line Forums
• Dark Web • Websites and services are meant to be hidden from all but
the most informed and technically savvy web user and contain criminal content vended on illicit online marketplaces.
• Deep Web • Part of the Internet not listed or indexed by the main search
engines. The contents of the Deep websites cannot be read by conventional searches.
• Surface Web • Part of the Internet that is accessible via mainstream web
browsers such as Google or Bing. Knowledge is not sensitive.
15
Red Flag #1.0 : Don't Knock On My Door
• In a recent vendor management engagement, the vendor's address appeared to be valid.
• A search of the address noted it was a residence owned by a different person than the vendor.
• A further search of state databases indicated that the company was registered at another address.
• The address was determined to be a closed down warehouse.
• Is the location a building or a house or does it even exist!
16
Red Flag #1.1: Don't Open the Door
17
Red Flag #2: Please Leave a Message
Sorry, I Can't Take Your Call Right Now, Please Leave a Message…. • Good vendor management consists of verifying all the
information, to include the various phone numbers.
• Are you constantly receiving voice mails and return calls from a "blocked" number?
18
Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the principals!
Who are they? Do they own assets?
o Real property Real Estate
Personal Property o Vehicles, Aircraft, Watercraft o Stolen Property o Unclaimed Assets
Tax Returns Marriage and Divorce Records
19
Red Flag #3: Who Owns the Company?
Who Really Does Own the Company? • Vetting the principals!
Do their social media profiles match their business profiles? Why is a company name missing on the business profile of a
principal but clearly noted on the social media profile? In a recent case, the principal spelled his name differently on
different social media profiles. Do they have a online dating profile? Are they active on auction sites?
o What are they buying? o What are they selling?
20
Red Flag #3: Who Owns the Company?
Who Really Does Own the Company? Investigate a Business Front
Is the business legally constituted, property regulated? Records of vendors, suppliers, and customers Shell company Shelf company
Trust accounts Service providers
21
Red Flag #3: Who Owns the Company?
• Is that college
degree real?
22
Red Flag #3: Who Owns the Company?
Who Really Does Own the Company?
• Vetting the principals! Bankruptcies
o Who are the creditors? Liens Foreclosure Evictions UCCs
• Investigate a Business Front Is the business legally constituted, property
regulated? Records of vendors, suppliers, and customers
23
Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the company website • Are the company emails valid? • Misspelled key words on website • Website history
24
Red Flag #4: The Numbers Don’t Add Up
Working the numbers: • Net sales for 2015 were reported at $2.3M.
• Interesting information and worrisome at the same time when it
was revealed that the company was in business for only six months.
• Finding becomes problematic when a search of tax information indicated the business filed a welfare benefit Form 5500 to report their financial condition, investments and operations and depicted $400,000 in assets in 2014 while other documents indicated the company was not actually opened until 2016.
25
Red Flag #4: The Numbers Don’t Add Up
Working the numbers: The Form 5500 Series is an important compliance, research, and disclosure tool for the Department of Labor, a disclosure document for plan participants and beneficiaries, and a source of information and data for use by other Federal agencies, Congress, and the private sector in assessing employee benefit, tax, and economic trends and policies.
26
Red Flag #4: Example of Form 5500 Plan Information
27
Red Flag #4: Example of Form 5500 Plan Information
28
Red Flag #5: The Pieces Just Don’t Fit
• Inconsistent reporting was glaring where a merger and
acquisition was noted in 2015 yet political donations were recorded for a candidate in 2012!
• A search of patents and trademarks located a result for one principal.
• In contrast with information noted on the business profile and social media profile.
29
Red Flag #6: Show Me the Money
• A search of liens, evictions and judgments can highlight possible financial issues
• Can’t liquidate or obtain assets according to normal business practices.
• Other factors are affecting the business.
30
Red Flag #7: The Truth is Inconvenient
• Searches of residential property may not match other documents provided by the principal of the company.
Does the signature match?
• The principal states they have professional licenses and when registration was located, it had expired.
31
Red Flag #8: Associated Risks
It Is Not What You Know, But Who You Know • A search of the principal's business partner indicated a
possible criminal history for fraud
• The principal's loyalty might be compromised in favor of the partner regarding financial transactions
32
Red Flag #9: Wine, Women and Song
• Investigate the lifestyles of the principals
• Fraudsters spend money fast!
33
Red Flag #10: Social Media Sites
• Review the social media sites • Read the tweets • Who are the contacts?
• Connect the person of interest to other connections to certain key persons of interest
• Use a wider net of social media meta search engines • As 33 Million People in the Room states
• Different social media platforms exist for different purposes
• A person of interest will have accounts on multiple social media platforms fulfilling different social needs
34
Red Flag #10: Social Media Sites
35
On-Going Review: Tips are Tops
Orgnet.com
36
JAMES MOTTOLA, MS, CISM, CPP Director of Forensic Investigations and Risk Mitigation Services
Sobel & Co., LLC 293 Eisenhower Parkway, Livingston NJ 07094
973.994.9494 | [email protected] www.Sobel.cpa.com
DR. KIM MILLER, CFE NJ Licensed Private Detective/Subject Matter Expert
K.E. Miller Consulting, LLC 908.399.8386 | [email protected]
Vendor Management Program
Contact Us