Protecting Your Clients from Fraud: Vendor Management and Due Diligence Programs James Mottola, MS, CISM, CPP Dr. Kim Miller, CFE March 16, 2017
Components of Due Diligence Comprehensive Mid-Market Due Diligence Services Private Equity, Banks and Law firms 1
Approach: Risk Management As part of the Supply Chain Management (SCM), risk is assessed through a qualitative review of factors that could impact critical business processes. An investigation will look to uncover legal and reputational facts both individually and as a principal in the organization, including criminal history, bankruptcies, social media feedback and dark web activities. These factors are used to determine the risks associated with any particular vendor, client, partner or transaction to determine whether controls should be instituted to mitigate these risks, such as financial audits, site visits, reference interviews or other appropriate measures. 2
Program Objective: Business Continuity Create a trusted process for businesses, vendors and suppliers to facilitate commerce with confidence . Facilitate financial resilience and preservation of resources. Reduce costs , improve operations, strengthen security and improve relationships with all applicable third-party entities. Enhance the customer experience by ensuring the highest quality and legitimacy of all products and services. 3
Implementation: Process Driven Institute a process for assessing operational, transactional, reputational and credit related risks to member businesses based upon established investigative, legal and regulatory guidelines. Positively verify the identity of any vendor, supplier or other entity and if possible to determine the legitimacy of any entity wishing to engage the member in a business transaction. At a minimum, this due diligence process will provide the member business with the information to make a business decision from an informed risk management perspective. 4
Fraud Prevention Tool According to the Assoc ociat ation on of Certified ed Fraud aud Exam aminer ners’ (ACFE) 2014 Global Fraud Study : The typical organization loses a median of 5% of revenues each year due to fraud. The median loss caused by fraud was $145,000, with 22% of those cases reporting losses of at least $1 million. Reduc ducing ng the durat ation on of fraud is particularly critical, since the longer the fraud lasts, the more financial damage it causes the organization. 5
A Quick Study on: Too good to be True. Owned a brokerage and Investment Advisory firm Chairman of NASDAQ Exclusive Offering Unusual Returns: 11% per Year Connected to Celebs and Powerful People, i.e. Kevin Bacon 6
Red Flags Feeder Funds Revenue: Not Generated for Returns but for Suppling Funds to Madoff Commission Based Churn: Rather than fees under asset management and performance Various Auditor’s: Fairfield Greenwich 7 Billion under Management (Vendor) Madoff Auditor: Friehling & Horowitz: 3 Person Firm (Vendor) Close holding of the BMIS by family members and “Secrecy of Operations” Numerous SEC Investigations with no evidence Numerous Consultants (Aksia, Ltd, et al) alerted their clients and Harry Markopoulos, in 2000, 2001 and 2005 the SEC. 7
Elements of an Assessment • Application Process, Contractual Agreement and Retention of Records • Open Source Intelligence Investigation (OSINT) • Project Management • Financial Document Analysis • Tax Document Analysis • Investigatory Support • Periodic Review, Evaluation and Feed Back (Tips) to Monitor Changing Circumstances 8
You Don’t Know What You Don’t Know 9
Using Fuzzy Logic • Fuzzy logic is designed to solve problems in the same way that humans do: by considering all available information and making the best possible decision given the input. Investopedia.com 10
Open Source Intelligence Investigation (OSINT) • Proprietary Subscription Data Bases Inquiries • Information Aggregators • Targeted Sourcing of Financial Fraud and Criminal History • Government Record Checks • Dark/Deep/Surface Web On-Line Forums • Reputational Review • Money Laundering Checks • Media Aggregators • International Due Diligence • Competitor Due Diligence 11
Open Source Intelligence Investigation (OSINT) • Monitoring and Awareness Programs • Legal Research • Compliance • Business, Client, Principal, and Employee Investigations • Locate Evident and Hidden Assets • Acquisition Assessments and Due Diligence • Intellectual Property • Social Media Aggregators • Political and Charitable Donation Checks 12
• Dark/Deep/Surface Web 13
• Dark/Deep/Surface Web On-Line Forums • Dark Web • Websites and services are meant to be hidden from all but the most informed and technically savvy web user and contain criminal content vended on illicit online marketplaces. • Deep Web • Part of the Internet not listed or indexed by the main search engines. The contents of the Deep websites cannot be read by conventional searches. • Surface Web • Part of the Internet that is accessible via mainstream web browsers such as Google or Bing. Knowledge is not sensitive. 14
Red Flag #1.0 : Don't Knock On My Door • In a recent vendor management engagement, the vendor's address appeared to be valid. • A search of the address noted it was a residence owned by a different person than the vendor. • A further search of state databases indicated that the company was registered at another address. • The address was determined to be a closed down warehouse. • Is the location a building or a house or does it even exist! 15
Red Flag #1.1: Don't Open the Door 16
Red Flag #2: Please Leave a Message Sorry, I Can't Take Your Call Right Now, Please Leave a Message…. • Good vendor management consists of verifying all the information, to include the various phone numbers. • Are you constantly receiving voice mails and return calls from a "blocked" number? 17
Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the principals! Who are they? Do they own assets? o Real property Real Estate Personal Property o Vehicles, Aircraft, Watercraft o Stolen Property o Unclaimed Assets Tax Returns Marriage and Divorce Records 18
Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the principals! Do their social media profiles match their business profiles? Why is a company name missing on the business profile of a principal but clearly noted on the social media profile? In a recent case, the principal spelled his name differently on different social media profiles. Do they have a online dating profile? Are they active on auction sites? o What are they buying? o What are they selling? 19
Red Flag #3 : Who Owns the Company? Who Really Does Own the Company? Investigate a Business Front Is the business legally constituted, property regulated? Records of vendors, suppliers, and customers Shell company Shelf company Trust accounts Service providers 20
Red Flag #3 : Who Owns the Company? • Is that college degree real? 21
Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the principals! Bankruptcies o Who are the creditors? Liens Foreclosure Evictions UCCs • Investigate a Business Front Is the business legally constituted, property regulated? Records of vendors, suppliers, and customers 22
Red Flag #3: Who Owns the Company? Who Really Does Own the Company? • Vetting the company website • Are the company emails valid? • Misspelled key words on website • Website history 23
Red Flag #4: The Numbers Don’t Add Up Working the numbers: • Net sales for 2015 were reported at $2.3M. • Interesting information and worrisome at the same time when it was revealed that the company was in business for only six months. • Finding becomes problematic when a search of tax information indicated the business filed a welfare benefit Form 5500 to report their financial condition, investments and operations and depicted $400,000 in assets in 2014 while other documents indicated the company was not actually opened until 2016. 24
Red Flag #4: The Numbers Don’t Add Up Working the numbers: The Form 5500 Series is an important compliance, research, and disclosure tool for the Department of Labor, a disclosure document for plan participants and beneficiaries, and a source of information and data for use by other Federal agencies, Congress, and the private sector in assessing employee benefit, tax, and economic trends and policies. 25
Red Flag #4 : Example of Form 5500 Plan Information 26
Red Flag #4 : Example of Form 5500 Plan Information 27
Red Flag #5: The Pieces Just Don’t Fit • Inconsistent reporting was glaring where a merger and acquisition was noted in 2015 yet political donations were recorded for a candidate in 2012! • A search of patents and trademarks located a result for one principal. • In contrast with information noted on the business profile and social media profile. 28
Recommend
More recommend
