Vendor Management and Due Diligence Programs James Mottola, MS, - - PowerPoint PPT Presentation

Protecting Your Clients from Fraud:

Vendor Management and Due Diligence Programs

James Mottola, MS, CISM, CPP

• Dr. Kim Miller, CFE

March 16, 2017

1

Components of Due Diligence

Comprehensive Mid-Market Due Diligence Services Private Equity, Banks and Law firms

2

Approach: Risk Management

As part of the Supply Chain Management (SCM), risk is assessed through a qualitative review of factors that could impact critical business processes. An investigation will look to uncover legal and reputational facts both individually and as a principal in the organization, including criminal history, bankruptcies, social media feedback and dark web activities. These factors are used to determine the risks associated with any particular vendor, client, partner or transaction to determine whether controls should be instituted to mitigate these risks, such as financial audits, site visits, reference interviews or other appropriate measures.

3

Program Objective: Business Continuity

Create a trusted process for businesses, vendors and suppliers to facilitate commerce with confidence. Facilitate financial resilience and preservation of resources. Reduce costs, improve operations, strengthen security and improve relationships with all applicable third-party entities. Enhance the customer experience by ensuring the highest quality and legitimacy of all products and services.

4

Institute a process for assessing operational, transactional, reputational and credit related risks to member businesses based upon established investigative, legal and regulatory guidelines. Positively verify the identity of any vendor, supplier or other entity and if possible to determine the legitimacy of any entity wishing to engage the member in a business transaction. At a minimum, this due diligence process will provide the member business with the information to make a business decision from an informed risk management perspective.

Implementation: Process Driven

5

According to the Assoc

• ciat

ation

• n of Certified

ed Fraud aud Exam aminer ners’ (ACFE) 2014 Global Fraud Study :

• The typical organization loses a median of 5% of revenues each

year due to fraud.

• The median loss caused by fraud was $145,000, with 22% of

those cases reporting losses of at least $1 million.

• Reduc

ducing ng the durat ation

• n of fraud is particularly critical, since the

longer the fraud lasts, the more financial damage it causes the

• rganization.

Fraud Prevention Tool

6

A Quick Study on: Too good to be True.

 Owned a brokerage and Investment Advisory firm  Chairman of NASDAQ  Exclusive Offering  Unusual Returns: 11% per Year  Connected to Celebs and Powerful People, i.e. Kevin Bacon

7

Red Flags

Feeder Funds Revenue: Not Generated for Returns but for Suppling Funds to Madoff Commission Based Churn: Rather than fees under asset management and performance Various Auditor’s: Fairfield Greenwich 7 Billion under Management (Vendor) Madoff Auditor: Friehling & Horowitz: 3 Person Firm (Vendor) Close holding of the BMIS by family members and “Secrecy of Operations” Numerous SEC Investigations with no evidence Numerous Consultants (Aksia, Ltd, et al) alerted their clients and Harry Markopoulos, in 2000, 2001 and 2005 the SEC.

8

Elements of an Assessment

• Application Process, Contractual Agreement and Retention of

Records

• Open Source Intelligence Investigation (OSINT)
• Project Management
• Financial Document Analysis
• Tax Document Analysis
• Investigatory Support
• Periodic Review, Evaluation and Feed Back (Tips) to Monitor

Changing Circumstances

9

You Don’t Know What You Don’t Know

10

Using Fuzzy Logic

• Fuzzy logic is designed to solve problems in the same way

that humans do: by considering all available information and making the best possible decision given the input.

Investopedia.com

11

Open Source Intelligence Investigation

(OSINT)

• Proprietary Subscription Data Bases Inquiries
• Information Aggregators
• Targeted Sourcing of Financial Fraud and Criminal History
• Government Record Checks
• Dark/Deep/Surface Web On-Line Forums
• Reputational Review
• Money Laundering Checks
• Media Aggregators
• International Due Diligence
• Competitor Due Diligence

12

• Monitoring and Awareness Programs
• Legal Research
• Compliance
• Business, Client, Principal, and Employee Investigations
• Locate Evident and Hidden Assets
• Acquisition Assessments and Due Diligence
• Intellectual Property
• Social Media Aggregators
• Political and Charitable Donation Checks

Open Source Intelligence Investigation

(OSINT)

13

• Dark/Deep/Surface Web

14

• Dark/Deep/Surface Web On-Line Forums
• Dark Web
• Websites and services are meant to be hidden from all but

the most informed and technically savvy web user and contain criminal content vended on illicit online marketplaces.

• Deep Web
• Part of the Internet not listed or indexed by the main search
• engines. The contents of the Deep websites cannot be

read by conventional searches.

• Surface Web
• Part of the Internet that is accessible via mainstream web

browsers such as Google or Bing. Knowledge is not sensitive.

15

Red Flag #1.0 : Don't Knock On My Door

• In a recent vendor management engagement,

the vendor's address appeared to be valid.

• A search of the address noted it was a

residence owned by a different person than the vendor.

• A further search of state databases indicated

that the company was registered at another address.

• The address was determined to be a closed

down warehouse.

• Is the location a building or a house or does it

even exist!

16

Red Flag #1.1: Don't Open the Door

17

Red Flag #2: Please Leave a Message

Sorry, I Can't Take Your Call Right Now, Please Leave a Message….

• Good vendor management consists of verifying all the

information, to include the various phone numbers.

• Are you constantly receiving voice mails and return calls

from a "blocked" number?

18

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company?

• Vetting the principals!
• Who are they?
• Do they own assets?
• Real property
• Real Estate
• Personal Property
• Vehicles, Aircraft, Watercraft
• Stolen Property
• Unclaimed Assets
• Tax Returns
• Marriage and Divorce Records

19

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company?

• Vetting the principals!
• Do their social media profiles match their business profiles?
• Why is a company name missing on the business profile of a

principal but clearly noted on the social media profile?

• In a recent case, the principal spelled his name differently on

different social media profiles.

• Do they have a online dating profile?
• Are they active on auction sites?
• What are they buying?
• What are they selling?

20

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company?

• Investigate a Business Front
• Is the business legally constituted, property regulated?
• Records of vendors, suppliers, and customers
• Shell company
• Shelf company
• Trust accounts
• Service providers

21

Red Flag #3: Who Owns the Company?

• Is that college

degree real?

22

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company?

• Vetting the principals!
• Bankruptcies
• Who are the creditors?
• Liens
• Foreclosure
• Evictions
• UCCs
• Investigate a Business Front
• Is the business legally constituted, property

regulated?

• Records of vendors, suppliers, and customers

23

Red Flag #3: Who Owns the Company?

Who Really Does Own the Company?

• Vetting the company website
• Are the company emails valid?
• Misspelled key words on website
• Website history

24

Red Flag #4: The Numbers Don’t Add Up

Working the numbers:

• Net sales for 2015 were reported at $2.3M.
• Interesting information and worrisome at the same time when it

was revealed that the company was in business for only six months.

• Finding becomes problematic when a search of tax information

indicated the business filed a welfare benefit Form 5500 to report their financial condition, investments and operations and depicted $400,000 in assets in 2014 while other documents indicated the company was not actually opened until 2016.

25

Red Flag #4: The Numbers Don’t Add Up

Working the numbers:

The Form 5500 Series is an important compliance, research, and disclosure tool for the Department of Labor, a disclosure document for plan participants and beneficiaries, and a source of information and data for use by other Federal agencies, Congress, and the private sector in assessing employee benefit, tax, and economic trends and policies.

26

Red Flag #4: Example of Form 5500 Plan Information

27

Red Flag #4: Example of Form 5500 Plan Information

28

Red Flag #5: The Pieces Just Don’t Fit

• Inconsistent reporting was glaring where a merger and

acquisition was noted in 2015 yet political donations were recorded for a candidate in 2012!

• A search of patents and trademarks located a result for one

principal.

• In contrast with information noted on the business profile and

social media profile.

29

Red Flag #6: Show Me the Money

• A search of liens, evictions and judgments can highlight

possible financial issues

• Can’t liquidate or obtain assets according to normal

business practices.

• Other factors are affecting the business.

30

Red Flag #7: The Truth is Inconvenient

• Searches of residential property may not match other

documents provided by the principal of the company.

• Does the signature match?
• The principal states they have professional licenses and

when registration was located, it had expired.

31

Red Flag #8: Associated Risks

It Is Not What You Know, But Who You Know

• A search of the principal's business partner indicated a

possible criminal history for fraud

• The principal's loyalty might be compromised in favor of

the partner regarding financial transactions

32

Red Flag #9: Wine, Women and Song

• Investigate the lifestyles of the principals
• Fraudsters spend money fast!

33

Red Flag #10: Social Media Sites

• Review the social media sites
• Read the tweets
• Who are the contacts?
• Connect the person of interest to other connections to

certain key persons of interest

• Use a wider net of social media meta search engines
• As 33 Million People in the Room states
• Different social media platforms exist for different

purposes

• A person of interest will have accounts on multiple

social media platforms fulfilling different social needs

34

Red Flag #10: Social Media Sites

35

On-Going Review: Tips are Tops

Orgnet.com

36

JAMES MOTTOLA, MS, CISM, CPP

Director of Forensic Investigations and Risk Mitigation Services Sobel & Co., LLC 293 Eisenhower Parkway, Livingston NJ 07094 973.994.9494 | james.mottola@sobel-cpa.com www.Sobel.cpa.com

• DR. KIM MILLER, CFE

NJ Licensed Private Detective/Subject Matter Expert K.E. Miller Consulting, LLC 908.399.8386 | millerk123@embarqmail.com Vendor Management Program

Contact Us