Bank Fraud & Data Forensics

Bank Taxation & Risk Management Forums

November 16, 2010 – South Portland, MaineNovember 17, 2010 – Concord, New Hampshire

Presented By:Bill Brown, CPA, CFFA, CFE

Eigen Heald, MsIA, CISSP, GCFATodd Desjardins, CPA, CFE

Overview

• Introduction

• Fraud Considerations for Banks

• Computer Fraud and Data Forensics

• Questions and Discussion

Terms and Definitions

• Fraud

• Fraud investigation

• Forensics

• Forensic accounting

• Digital forensics

Reference

Statistics in this presentation, unless otherwise noted, are from:

The Report to the Nations - 2010 Global Fraud Study

Study of 1,843 cases of occupational fraud

published by the Association of Certified Fraud Examiners

Small Businesses are Vulnerable

• 42.1%• $231,000

• 30.8%• $155,000

• 28.7%• 26.1%

Banks Have More than their Fair Share

Other Disturbing Statistics

Median Losses

• Tenure of perpetrator– Less than one year – $47,000– 10 years of more – $289,000

• Education of perpetrator– High School Graduate – $100,000– Postgraduate Degree - $300,000

Other Disturbing Statistics

Percentage of Cases Reported• Department of Perpetrator

– Accounting – highest – 22.0%– Internal Audit – lowest - 0.2%

Median Duration of Fraud Schemes• Overall – 18 months

– Check tampering – 24 months– Expense reimbursements – 24 months

Risk Factors

• Financial Misstatement Fraud– Complexity– Perverse Incentives– Highly Subjective Valuation

• Asset Misappropriation– Complexity– Inherent Lack of Accountability– Personal Trust

Types of Fraud

• External vs. Internal Fraud

External – perpetrators are outside the bank

Internal – fraud is committed by bank personnel

External Fraud

• Primarily executed by customers and outsiders, examples include:

– Wire fraud– Mortgage fraud (material misrepresentation or omission)– Check fraud (forgery, check kiting, altered checks)

Internal Fraud

• Two Types of Internal Fraud:

– Financial Statement Fraud• Highest median loss per reported case, however lowest

frequency of occurrence

– Asset Misappropriation• Lowest median loss per reported case, however the highest

rate of frequency

Source: ACFE 2010 Report to the Nations

Financial Statement Fraud

• Asset/Revenue overstatement• Improper asset valuations• Timing differences• Concealed liabilities and expenses• Improper disclosures

Asset Misappropriation

• Unauthorized transfers/disbursements• Payroll schemes• Ghost employees• Expense reimbursement schemes• Theft of portable fixed assets• Others…

Fraud Triangle

Perceived Opportunity

Incentive/

Pressure

Attitude/Rationalization

Preventing and Deterring Fraud

Prevention and Deterrence– Perceived opportunity is the aspect of the fraud triangle that is

most controlled by employers. Strong internal controls and segregation of duties

– Review access rights on a consistent and periodic basis– Limit access to employee accounts (both solely owned

or jointly owned)– Review employee account activity and teller activity– Dual control over wire transfers– Review of payroll change reports by someone

independent of the payroll function

Preventing and Deterring Fraud (Continued)

The list continues…– Robust review of suspense/clearing account activity – be

certain the reconciliation makes sense and items are clearing timely and properly

– Implement a fraud reporting mechanism that is anonymous

– Maintain professional skepticism

– Attitude and rationalization can be improved within companies by strong “tone at the top” and employee appreciation efforts

Preventing and Deterring Fraud (Continued)

• Best practice is to have a fraud risk management program in place

Brainstorming sessions: – Identify significant risk areas (multiple locations,

business segments, etc.)– How is the importance of ethical behavior and

appropriate business practices communicated?– What could go wrong?

Digital Uses for Forensic Projects

• Inappropriate and/or illegal activity• E-mail and Internet abuse• Unauthorized disclosure of corporate information• Hacker Intrusions• Intellectual property theft• Due diligence and valuation

Common Sources for Accounting & Digital Forensics

• Corporate investigations

• Civil litigation

• Attorneys

• State Courts

• Private Investigations

• Individuals

Similar Procedures:

• Discovery

• Timelines

• Parties involved

• Evidence gathering

• Reporting/testimony

Consider: Most fraud is committed with a computer!

Digital Objects Used for Review

1Computer, 1 laptop & server hard disks

Backup tapes

Other Investigative Possibilities:USB drivesCell phonesGPS devicesPersonal Media (iPods)CD/DVDsExternal Storage Drive

Digital Analysis Activities

• “Carving” out Logical Partitions for searching• Creating a timeline of activity• Keyword searches• Collection of relevant files• Recovery of deleted data• Documenting a history of:

Network activity – accessing server shares Internet activity Transfer of files to storage devices Links to documents on the network

• Examining user profiles• Malware identification

How Did Digital Discovery Help?

• Identifying network activities• Email Review• Internet activities• Identifying collaborators• Ruling out other avenues of fraud• Identifying motivations for fraud

Contact Information

Bill Brown

bbrown@bdmp.com

Eigen Heald

eheald@bdmp.com

Todd Desjardins

tdesjardins@bdmp.com