Don't let Trojan horse fraud buck your company's financial future. 

It is said that a man with a pen and a briefcase can steal 100 times more than 100 men with machine guns. White-collar criminals have proliferated so rapidly that auditors and accountants are having to equip themselves with fraud examination tools that can counter the uncanny ingenuity, planning, and foresight of today's financial-crime opportunists. Trojan horse fraud is one such white-collar scheme that requires a crafty criminal mind to perpetrate, but an even sharper fraud examiner to detect and investigate.

What is Trojan Horse Fraud?

The term "Trojan horse" refers back to the mythical Trojan War. The legend says that during this war, Greek soldiers penetrated the well-fortified city of Troy by designing and hiding in a large, innocent-looking, hollow wooden horse and then placing the it at the entrance of Troy's city gates. The Trojans, mistaking the horse for a peace offering, brought the horse within the city's walls. At an opportune moment, the Greek soldiers came out of the wooden horse, ambushed the unsuspecting citizens of Troy, and won the battle.

In much the same manner, when fraudsters recognize illicit money-making opportunities, they often create Trojan horse-like vehicles that allow them future access to necessary files, vaults, accounts, or computers to perpetrate fraud at an opportune moment.

Horsing Around at ABC Mutual Fund

To demonstrate how Trojan horse fraud works, take into consideration the case at ABC Mutual Fund (a fictitious name), a large investment company that issued "units" (similar to shares, on which the dividend is earned by the unit holder) under both open (investment options which don't have a date for redemption of units) and close-ended (investment options with specified dates for redemption) accounts. Located in Mumbai, India, with branch offices across the country, ABC Mutual Fund employed 2,000 people. All its accounts were managed by registrar and transfer (R&T) agents, who handled issue application funds, reconciled money received with application forms, computed dividends payable, printed and posted unit certificates (similar to share certificates), and tended to other ancillary matters such as queries and complaints. ABC had 13 accounts managed by various R&T agents. For each R&T agent, ABC appointed an additional manager to monitor and coordinate activities.

Initially, ABC efficiently managed its accounts. However, over a period of three years, the company grew too quickly and its systems and procedures showed signs of cracking. Bank reconciliations were in arrears, unit certificates weren't monitored disciplinarily, and supervision and controls over printing of certificates and warrants (checks) diminished. A constant manpower shortage caused routine tasks to be carried out with little efficiency. Basically, the R&T agents were allowed to operate without answerability. Mr. S, an intelligent, yet wayward manager at ABC Mutual Fund, saw this as the perfect environment to introduce his Trojan horse scheme.

Stage One: Breaking In the Horses

Because of his managerial position, Mr. S understood well how a mutual fund equity account (MFEA) was implemented, managed and coordinated through R&T agents. He decided his Trojan horse plan would work best if he could start with a newly acquired MFEA versus one that was already in force. He soon received that opportunity when he was charged with managing a new MFEA and appointing a new R&T agent.

With each new MFEA, a certain number of blank certificates had to be printed. This was necessary for future replacement of mutilated or lost certificates, or an unforeseen fresh issue of certificates. Knowing that ABC used informal order forms and practiced poor inspection procedures, Mr. S first ordered 500,000 certificates and then purposely ordered about 100,000 certificates without serial numbers, retaining 100 of them for himself. ABC always printed about 25 percent extra certificates; therefore, Mr. S knew all 500,000 certificates wouldn't be used immediately - a factor that further kept his illicit order under wraps. The first Trojan horse now was set.

During the next few months, Mr. S painstakingly compiled a list of unit holders (or investors), who had invested in at least two other MFEAs of the mutual fund but who hadn't exercised the option to repurchase their units. Within this list, he hunted for unit holders whom he felt either were passive in monitoring their accounts or were unlikely to repurchase their units, such as large trusts and senior citizens. He further highlighted in this list those investors with apparent invalid address problems (i.e., addressees who had passed away or moved without updating their account information). To do this, Mr. S reviewed the targeted account profiles for notations indicating frequently returned and undelivered business correspondence.

After having compiled a list of "dormant" unit holders, he then determined which of these investors were involved in the new MFEA he recently was charged with managing. For this purpose, he used the R&T agent's database. Mr. S took a calculated risk and conjectured that if any of the dormant investors had invested in the new MFEA, they unlikely were to change their investment-holding behavior and repurchase their units. It was a calculated risk on his part. After three months under the pretext of monitoring the R&T agent's activities, Mr. S found several investors in the new MFEA who also appeared in his dormant investors list. He shortlisted 20 of those investors' names and their account information.

Now it was time for Mr. S to create the second Trojan horse; this one would allow him to gain control over the shortlisted unit holders' signature specimens. Mr. S knew that these signatures were pasted and preserved in several registers kept under lock and key by another manager. So, Mr. S waited until that manager went on leave and then pretended to need access to the signature specimens to attend to an irate customer. He then systematically opened the folios of the shortlisted investors and smudged their signatures with water so they wouldn't be easily identifiable. Because the smudged signatures were a miniscule percentage of the more than 150 registers, the anomalies didn't raise any eyebrows.

Mr. S was now ready to test his Trojan horses.

Stage Two: Assessing the Horsepower

Mr. S needed to find out whether his Trojan horses provided a conducive environment for fraud. Therefore, he sent a forged letter requesting an address change for one of the shortlisted unit holders. When the receiving ABC agent went to process the request, he discovered the partially defaced signature specimen but wrongly assumed it was accidental. Furthermore, because the request was only a change of address and didn't involve any financial transactions, the agent unfortunately decided there was no need to confirm the request by another means. Not only was the signature on the letter found to be a satisfactory match to the visible part of the signature specimen, it was also substituted as the new signature specimen for that investor! Mr. S was delighted; his plans were unfolding as predicted. He soon opened a clandestine bank account under that investor's name to facilitate future cashing of fraudulent checks.

Stage Three: Releasing the Horses

Now those unnumbered blank certificates Mr. S had stashed away nearly 18 months ago would come into play. With the aid of a friendly printer, he had the unit holder's information (which included the new phony address) printed onto the certificates. The unit holder's total investment value was $32,608 and the repurchase value was $48,870 as on a particular date. (In all such MFEAs, the repurchase value would change depending upon the performance of the fund, its investment portfolio, and its net assets. The fund would declare, for each day, a rate at which it would repurchase any number of units from a unit holder intending to sell.)
ABC duly processed the unit certificate using the fake signature specimen, and the fraudulent repurchase transaction went through without a hitch. Mr. S collected and deposited the check into the clandestine bank account. He then easily siphoned out $48,870 to his personal account.

No More Horseplay

Mr. S successfully executed this fraud a few more times with the other investors on his list, but the horse race soon reached the finish line. During a routine audit, ABC's risk assessment specialist detected several dividend checks issued to investors, which weren't presented for payment (in instances of certain investors who had repurchased their units).

Upon further examination, the specialist found something strange about these repurchases: the investors hadn't cashed any of their dividend checks from the beginning of the MFEA, but they had repurchased (redeemed) their principal investments. Amazingly, all these investors had requested address changes a few months before their repurchases. It was too much of a coincidence. On a hunch, the risk specialist decided to review the investors' change-of-address letters. Clues began to fit. He found similarities in the language used and the grammatical mistakes made. Upon closer investigation, he also concluded that the letters were produced from the same printer.

Now convinced that the repurchases must be fraudulent, the specialist mailed the phony letters to the involved investors at their original addresses. One investor, Mr. A, immediately responded, stating that he had been away from home and hadn't repurchased any of his holdings. Consequently, a full investigation at ABC Mutual Fund was initiated.

Eventually, Mr. S was caught through the bank account in which the checks had been deposited; he admitted that he withdrew almost $500,000 over a 30-month period. The investigators traced the payment made to Mr. A to an account in a small-time bank in a shady location in Mumbai. With help from local police, the investigators established that Mr. S - in collusion with the local bank manager - opened clandestine accounts with faked documentation and deposited checks in those accounts. The rest was easy.

Hindsight is 20/20

For a while, Mr. S was able to perpetrate his Trojan horse fraud without detection because ABC Mutual Fund had weak controls and relaxed procedures. Companies can minimize the possibilities of Trojan horse fraud by implementing these practices.

1. Conduct annual risk management exercises that focus on areas that could be exposed or susceptible to fraudulent practices. While audits detect some of these weaknesses, they're not specifically targeted at detecting fraud. Therefore, this issue needs to be addressed separately. Using mathematical tools such as Benford's Law or Relative Size Factor (RSF) on data relating to dividend checks and repurchase payments would have uncovered anomalies and red flags and alerted the management.

2. Enlist the aid of your auditors and technical advisors to identify the key procedures in your company's operations. In the ABC Mutual Fund case, the entire web of deceit was woven around the unnumbered unit certificates and the smudged signature specimens. Had these areas been closely monitored, the fraud would have been almost impossible to perpetrate. For each key procedure, develop checklists of red flag indicators and update these lists every year.

3. Refine control procedures as the company grows. Most organizations fail to recognize this step and procedures consequently wilt under pressure. When systems show signs of weakening, compensating controls must be introduced. In the above case, the defaced signatures should have been addressed with a backup procedure. Furthermore, accepting questionable requests for address changes merely because they don't relate to financial transactions is a control failure. When a control fails, a remedial procedure must be reinstated. In this case, management should have written to the investor at the old address to confirm that the address change was valid.

Mahatma Gandhi once said that in this world there's enough for every man's need but not enough for every man's greed. It's this greed that often spurs ordinary business people to create Trojan horses to exploit a company's weaknesses and perpetrate unimaginable crimes. Today's fraud examiners must have the skills to recognize these Trojan horses before they have a chance to ambush a company's financial resources.

Chetan Dalal, CFE, CISA, CIA, is a Chartered Accountant and a partner with Meghana Dalal & Associates in Mumbai, India. He also heads Chetan Dalal Management and Investigation Services, which specializes in white-collar crime detection, investigation, and risk management. His Web site is www.chetandalal.com.