Insert Presentation Title Here
Rehmann Live! Putting the Brakes on Fraud in Dealerships
Presented by
William Kowalski, J.D.
© 2013 Rehmann
Moderator: Jim Goerlich, Jr., CPA, CGMA
Principal
• Rehmann Dealership Services
Group Leader
• Rehmann Accounting, Consulting
and Tax (ACT) department
advisor
• More than 30 years of experience
in accounting, taxation and
business planning and consulting
[email protected] 248.614.6401
© 2013 Rehmann
Who is Rehmann? • A Michigan corporation founded in 1941
• Offices in Michigan, Ohio, Indiana and Florida
• Nearly 800 team members
• One of the top 35 accounting and consulting firms in the U.S.
• A member of Nexia International, a network of financial
services professionals in 100 countries who can provide top
level support for Rehmann clients worldwide
© 2013 Rehmann
Your Single Source
© 2013 Rehmann
Key Dealership Services • Financial Reporting
• Audits
• Corporate & Individual Tax Preparation
• Compilations & Reviews
• Internal Control Assessments & Consulting
• Operational Consulting
• Accounting Assistance
• Management Training
• Succession / Estate Planning
• Tax Planning
• Franchising
© 2013 Rehmann
Fraud Risk Wisdom…
• Typical organizations lose 5% of annual revenue to
fraud
• 50% – or one half – of victim organizations do not
recover the losses
© 2013 Rehmann
Presenter: William Kowalski, J.D.
Principal
• Director of Operations for Rehmann
Corporate Investigative Services (RCIS)
• Special Agent with the FBI for 25 years
• Assistant Special Agent-in-Charge of the FBI
in Detroit
– Oversight responsibility for counter-
terrorism operations throughout Michigan
• Served in FBI offices in Detroit, Memphis,
New York City, Flint, and Washington, D.C
[email protected] 248.458.7870
© 2013 Rehmann
Corporate Investigative Services
• Background Investigations
• Due Diligence
• Fraud and Embezzlement Investigations
• Forensic Accounting
• Surveillance
• Asset Searches
• Digital Forensics
• Fraud Risk Assessments
© 2013 Rehmann
Why Take Steps to Prevent Dealership Fraud • At least 20% of fraud cases involve sums of $1
million or more
• 30% of all fraud affects small organizations of 100 or
fewer employees
• Insider theft increased by 80% over 2012
© 2013 Rehmann
Fraud Risk Threats
• Our first concern is the safety and security of our
Clients. YOU.
© 2013 Rehmann
Are You a Target for Fraud?
Bill Kowalski Motors • 1500 W. Big Beaver Rd., Troy,
MI
• 248.267.8445
• Bill Kowalski on LinkedIn
• Bill Kowalski on Facebook
• Bill Kowalski on Twitter
Motor City Parts
• 1200 W. Big Beaver Rd.,
Troy, MI
• 248.267.8445
• www.mcparts.com
• No name
• No face
• Less information
• Less personal
© 2013 Rehmann
Are You a Target for Fraud?
• You own a successful business
• Your name is associated with the business
• Your face is used in advertising
• Your family shares your name
• You share family photos on Facebook
• You drive from work to home and back
• Your home is easy to find
© 2013 Rehmann
You and Your Family Are Targets
High Net Worth individuals
High profile exposure
Geography/Travel
Multiple homes
Surrounded by people
Easy to target
© 2013 Rehmann
High Net Worth Security
• At home:
– Security systems
– Social media
– Emergency plans
– Travel security
– Share security with family
– Practice security responses
And…
© 2013 Rehmann
Know the People Around You • Domestic employment: the “gray market”
• Conduct backgrounds on domestic employees
– Before you hire
– After you hire
• Anyone with access to family
• Grounds keepers
• Drivers
• Maintenance
• Cooks
• “Managers”
• Nannies
© 2013 Rehmann
A Full Background Investigation • We have found:
– Chauffeur with alcohol and drug-related traffic violations
– Foreign national with drug cartel association
– Applicant with over 100 drug, domestic battery, check
fraud violations
– Applicant on probation for drug possession charges when
applied for domestic position
– Applicant with outstanding arrest warrant for assault with a
deadly weapon
© 2013 Rehmann
Household Security
Home Security
Assessment Home Security
Plan
Background
Investigations Emergency
Plan & Practice
© 2013 Rehmann
Other Domestic Security Tips • Don’t post vacation information to social media
– It advertises that you’re not home
• Don’t let household staff post your vacation plans – It advertises that you’re not home
• Don’t share activity plans on social media – It advertises where you are when you’re not at home
• Practice safe internet
• Don’t post photos of your family on social media
© 2013 Rehmann
Fraud Risk Threats
• Your business
© 2013 Rehmann
Small Organizations & Fraud
© 2013 Rehmann
Fewer checks and balances
One person performing all
fiduciary duties
Less effective internal controls
Inability to have separation of duties
Opportunity
External Threats
• Fraudulent customer identification (Drivers License)
• Fraudulent customer credit card
• Fraudulent customer business documents
© 2013 Rehmann
Fraudulent Document Risks • Test drive drive-away risk
• Test drive insurance risk
• Loan application falsification
• Loan loss risk
• Lease loss risk
• Numerous regulatory violations
© 2013 Rehmann
Identification Due Diligence - Some Risk • Ideally for test drive or loan application
– Require 2-3 forms of identification
– Require last 4 of SSN
– Carefully review and validate
• Call the credit card company to validate name with address
on driver’s license
– If they don’t add up, reject
– Temporary ID should be filed with photos of individual,
current car, license plate, license, last 4 of SSN
© 2013 Rehmann
Identification Due Diligence - High Risk • Corporate lease/large retail purchase
– Conduct extensive due diligence
• Validate corporate identity
• Validate individual identity
• Determine criminal/bankruptcy history
• Require 2-3 forms of Identification
• SSN
• This is a standard Rehmann CIS service
© 2013 Rehmann
Other External Threats Hacking/Data theft
Vehicle theft
Parts theft
Lot security
Document security
Environmental terrorists
Malicious destruction
© 2013 Rehmann
Anyone Can Be A Target
• In the last few months:
– Yahoo (2.5 million users)
– Snapchat (4.6 million accounts)
– Target (100 million credit/debit cards)
– Kroll Lexis Nexis (terabytes of data)
– World of Warcraft (unknown)
– Nieman Marcus
• Your business could be next
© 2013 Rehmann
Cyber Crime Vocabulary
© 2013 Rehmann
Spyware Malware
Phishing/
Pharming
Skimming
Trojans/
Viruses Pharming
Keylogging
Ransomware
Social
Engineering
Dumpster
Diving
Mobile Data Abounds
• There will be 7.3 billion mobile devices by 2014
– and 7 billion people (Digital Trends)
• 63% of mobile device users use their phone to go
online. (Pew)
© 2013 Rehmann
Mobile Malware Follows • Kaspersky Lab detected 14,923 new smartphone
malware programs between April and June 2012 (Kaspersky Labs)
• Kaspersky Lab detects 200,000 new malicious programs every day (Kaspersky Labs)
• Cellphone viruses install SMS spyware which sends your identifying information to cyber criminals
• Protect your mobile devices!
© 2013 Rehmann
Data Breach Data • 57,868,922 records were breached in 2013
– Risking personal information of 57 million consumers
• 30% increase over 2012
• 25.8% were hacked
• 47% of the breaches exposed Social Security numbers
Are you protecting your customers’ information?
© 2013 Rehmann
Data Breach Costs
• It costs a company, on average, $188 per record
breached to repair the damage
• Small and medium-sized US organizations lose
$100,000-$200,000 per day through Malware that
leverages weaknesses in both the wire transfer and
ACH process
ARE you protecting your customers’ information?
© 2013 Rehmann
Close the Loopholes! • Enforce digital security policies
• Educate employees
• Update security software
• Keep all systems up-to-date
• Backup & encrypt data
• Secure wireless devices
• Purchase cyber insurance
• Secure paper documents and shred everything!
© 2013 Rehmann
If You Didn’t Buy A Ticket, You Didn’t Win the Lottery!
• Don’t click on links embedded in emails
• Don’t click on pop-ups
• If it’s too good to be true - it probably is
• Do not respond to emails that ask you for personal information
– Call the company before responding, but don’t use the phone number in the email
– Log into the company’s official website, not the link in the email
© 2013 Rehmann
Be Smart!
Other External Threats
• Site Security
– Vehicle theft
– Vehicle damage
– Parts theft
– Lot security
– Malicious destruction
© 2013 Rehmann
Site Security Weaknesses
• Rehmann CIS site security assessments
– Access control and maintenance
– Gates/doors/fencing
– Camera coverage
– Locks/key systems
– Parking lot/lighting
– Polices, personnel, procedures and preparedness
– Emergency response / alarm
– Social engineering test
© 2013 Rehmann
Internal Threats • Cash transactions
• Electronic record systems
• Electronic Funds Transfer
• Access to dealership checks
• Dealership credit cards
• Expenses
• Access to customer financial information
Employee error/negligence increased by 72.7% over 2012
© 2013 Rehmann
• Where did the parts go? Invoices/Parts
don’t add up
Parts database
tampering
Invoice
tampering
Business within
a business
Rehmann Case Study
© 2013 Rehmann
How We Find Fraud
• Forensic Accounting Review
– Ensure discretion
– Gather paper/electronic records/books
– Examine for fraud
– Document fraud
– Recommend Internal Controls improvements
© 2013 Rehmann
Key Internal Control Loopholes
Separation
of duties
Cross training
of duties
Vacation
policy
Lifestyle
changes
Management
oversight
© 2013 Rehmann
Predictable
review
Behavioral Red Flags
© 2013 Rehmann
Living Beyond
Means - 36%
Financial Difficulties -
27%
Excessive Control
Issues - 18%
Prevention - Background Checks
• Different levels of background checks for
– Sales
– Financial personnel
– Shop
– Executive
• Check current employees
• Periodic re-check
© 2013 Rehmann
Prevention - Digital Security • Employee error and system problems account for 64% of
data breaches (2012 Ponemon and Symantec)
• Establish/enforce data-related policies, procedures
• Keep systems updated and patched
• Required by regulation – “Red Flags” Rule
– Part 681.2 of Title 16 of the CFR
• Required by insurance
© 2013 Rehmann
Prevention - Former Employees • Delete access
• Change passwords
• Take company-owned digital devices
• Deactivate keys
• Image digital devices (CIS)
• Non-compete
• Monitor social media
© 2013 Rehmann
Reputation Protection
• What are employees tweeting or posting?
• What effect on your reputation?
• Monitor social media activity
• Company policy regarding what employees can and
cannot post on social media
© 2013 Rehmann
2 3 4
Effective
Internal
Controls
Internal
Controls
Assessments
Effective
Site
Security
How to Prevent Fraud
© 2013 Rehmann
1
Trust and
Hope
RCIS Investigations
• Fraud and Embezzlement
• Forensic Audit
• Insurance Fraud: FMLA, Workers’ Compensation
• Healthcare Fraud
• Digital forensics
© 2013 Rehmann
Questions?
© 2013 Rehmann
Rehmann CIS Team William F. Edwards Principal & Senior Investigator
• Accounting Degree: St. Joseph’s College
• Coopers & Lybrand audit staff
• FBI Agent (29 years)
• Comerica Bank (Investigations Manager)
• Rehmann Corporate Investigative Services
Michelle E. Houbeck Director of Intelligence
• Ten years experience conducting complex background investigations.
• Located millions of dollars in hidden assets.
• Extensive knowledge of data resources, and broad network of domestic and international sources.
© 2013 Rehmann
Thank you!
William Kowalski, J.D.
Phone: 248.458.7870
Email: [email protected]
Jim Goerlich, Jr, CPA, CGMA
Phone: 248.614.6401
Email: [email protected]
© 2013 Rehmann