Let's do some brainstorming

What happens when you fill a boardroom with highly intelligent people and ask them a few questions about fraud topics? You yield 90 minutes of insights that can't be contained in one article.

On Sunday, June 12, at the beginning of the 27th Annual ACFE Global Fraud Conference, Fraud Magazine invited the members of the ACFE Board of Regents to ruminate on important issues that affect all members. 

In this article, the Regents discuss new frauds on the horizon, data breaches, new practices and training millennials as practitioners. 

The participants were: Board Assistant Treasurer Sidney P. Blum, CFE, CPA, CFF, owner, Sidney P. Blum, CPA; Chair Tiffany R. Couch, CFE, CPA, CFF, principal, Acuity Forensics; Secretary Leah D. Lane, CFE, director, Global Investigations, Texas Instruments Inc.; Treasurer Nancy E. Rich, MPA, CFE, U.S. Naval Criminal Investigative Service; and Vice Chair David C. Rule, MBA, CFE, CISM, CPP, managing partner, Xione Group, Ltd.

(Comments have been edited for space and clarity.)

FM: What are some frauds that you feel are on the horizon that you're just starting to get word of — maybe a change in a particular fraud you've been looking at for some time but has piqued your curiosity? Or are you seeing the same crimes that you're seen the last five years?

Rule: I see a lot more technology-related fraud in Asia. The CFO fraud is a great example at the moment. Fraudsters know when CFOs are going to be out of the office, so they send scam emails — purportedly from the absent CFOs — to others in finance who have the authority and ability to send wire transfer checks. Big dollars are disappearing at big companies.

Lane: We're seeing a big increase in fraud in our Asian areas, and it is sometimes difficult to investigate. I'll use China as an example. It is extremely difficult to get complete shareholder information on companies in China. We've seen a lot of fictitious or shell companies, which makes it hard to get to the bottom of frauds.

Rich: Yes, that's what we find internationally too. Due to international laws, we are required to notify the foreign government before contacting any foreign national. The foreign government has to allow us to talk to any local citizen, and that person has a right to deny the interview even though they are doing business with the U.S.

Foreign contractors doing business with the U.S. government know that U.S. investigators have a hard time obtaining records from a foreign country. They're still defrauding the U.S. government, but it's difficult getting to them. So we have to develop creative ways to find the information we need on a fraud examination in a foreign country.

I have one case in Singapore that has been on my radar a long time. A Singaporean national was making a fortune doing work for the U.S. government even though she was previously debarred by the U.S. The U.S. government has been paying her a fortune, but we have been unable to interview her and can obtain only limited records on her companies because she is a foreign national. But that happens even in a place like Australia. You have to wait until you get buy-in from Australia because they have different laws, and what they will prosecute varies from the U.S. So the international aspects of fraud examinations are sometimes very difficult to maneuver around. It takes a lot of time to establish good partnerships with other law enforcement personnel in foreign countries, but the help they can provide is great.

FM: So even though the fraud is global, you're stymied by regulations and peculiarities of particular regions and countries?

Lane: Yes, and we're seeing that more and more. That's one of the challenges.

Couch: Fraud is the second-oldest profession in the world. If there's money, somebody will steal it. We're usually so blown away by seeing the same frauds over and over and over again. Most business owners have the mentality that "It can't happen here. That person would never do that to me. I'm the exception to the rule." It's heartbreaking. Same frauds, but the fraudsters are more sophisticated and robust in how they hide them.

FM: Give me a list of the four or five that you see over and over again.

Couch: Writing checks to themselves or credit cards or fraudulent disbursement schemes. Plain old writing checks or using the wire EFT system to take money that's in the bank. Overpaying themselves, travel and expense reimbursements, which are the easiest frauds to catch with a separate and thorough review of bank statements and canceled check images. And then cash skimming — when the money comes in, it never makes it to the bank, and I put it in my wallet or my purse or in my pocket.

Blum: We're seeing the classic frauds over and over again, just packaged a little differently. Now, the petty criminal has more access to technology and confidential information. For example, it's much easier to do robo-calls. It's also much easier for somebody from an overseas country to have a local area code telephone number and trick the recipient into believing that it's a local call. So now, it's harder to screen out long-distance callers and scams by looking at the incoming phone number. The fraudster can easily obtain a local area code number and be halfway across the world. I live in the 818 area code, so now when I see a call coming in from 818 and I don't recognize it, I assume it's a fraud call from overseas.

The latest scam that we're receiving at my firm is an email or telephone call that says after extensive research my firm has "Won an exclusive award, now just send money," usually around $4,000 and in British pounds, and in return my firm will receive a cheap trophy and be published in an unknown magazine. This scam didn't exist six months ago. Weekly, my firm, through each partner, receives a couple of such offers. So in total we are receiving more than 100 award offers each week. No doubt these magazines don't exist, and who knows if the payer will ever see their $4,000 trophy.

The key here is that it's the ease with which the fraudster can obtain this information — in this case, key contact information for members of the firm. Then, the ease to contact hundreds of people offering the same exclusive award. And the many award titles either indicates one company is offering many awards or many people have learned of this scam and have jumped on the bandwagon to get as much money as possible from unsuspecting victims before they move on to the next scam. Ultimately, as in the past, the fraudster can send out thousands of emails and initiate even more robo-calls in hopes of getting a few victims paying $4,000 each.

Couch: That's a lot of money. The father of a good friend got a notice that he missed his jury duty, and they fined him. Well, he was mortified. He's a very intelligent man in his early 70s, and he's thinking that maybe he was losing it; he was so embarrassed. He didn't tell anybody, so he paid the fine. But he never heard back from the county. The county clerk told him, "We're so sorry, we would never fine you. We would send multiple notices or call you. You've been the victim of a scam." I realize that's not occupational fraud, but these frauds are increasing.

Blum: I'm receiving robo-calls telling me that the police are out to arrest me and that say I need to press a number to be transferred to a representative to pay my fines so I'm not arrested. Because the U.S. has a high percentage of people with prison records, I'm certain many victims, mostly poor, fall for this trap.

Couch: I'm getting text messages from all the different banks saying we need to change your password. I'm getting phishing text messages from Wells Fargo and the U.S. Bank, click here, change your password. I'm not a customer of either bank. I think it's interesting that fraudsters are using text messages now.

Blum: A factor is the logarithmic speed with which these frauds are committed. In the past, a fraud would begin slowly. Now when it's out there, within days all the fraudsters know about the new scam. The fraudsters commit their crimes, and before we can even react and advise, they're on to the next fraud and have made their illicit profits.

Lane: They just need access to the internet.

Rich: Right and your information gets sold all the time. Recently, I've applied for a visa with a foreign embassy overseas, and since then I've been getting all sorts of strange calls.

Rule: Scams are no different in my part of the world. They just come in a different language. I see the scams in Chinese!

FM: This segues into something even more serious. Data breaches are increasing in firms in the last few years because of poor internal security. Dr. Joseph T. Wells, CFE, CPA, preached prevention from the beginning of the ACFE. How do you train your employees to be good digital citizens and deter breaches?

Lane: We actually have an IT security group that does globalized training. They're responsible in my organization for training all employees to be good corporate citizens and secure our information whether it's project information, personally identifiable information or credit card information.

Rich: That's very difficult to stop. We can't even use thumb drives anymore. Even in the NCIS we had one of our own special agent's who was recently charged in federal court for passing information to a defendant pursuant to an investigation. He's looking at spending several years in jail when he's sentenced. You can have all the training in the world, but it really comes down to the integrity of the individual.

Blum: I could set up a booth at this conference and have a bucket of free USB thumb drives, and that bucket would be empty by the end of the day, and then I'd have access into many organizations' confidential data. No matter how much we tell people not to take free USB thumb drives, they're going to do it. I don't have a solution for that. But I think the best way is to tell a real story of what did go wrong in the past so the employees will hopefully remember what not to do.

Lane: We have enterprise and client solutions that we can push out to all of our R&D computers so that if anyone takes data and transfers it to a USB we'll get a report stating what they transferred.

Rule: The Singapore government is actually going to restrict internet access in many of its government offices later this year. [See Singapore Public Servants Will No Longer Be Able to Access the Internet at Work, by Simon Lewis, June 8, TIME.]

Rich: And obviously that's based on a problem they've seen, because as soon as they see a problem they react.

FM: What are you doing now as fraud examiners that you weren't five years ago in your practices, your businesses, your work?

Lane: In global fraud investigations we're coordinating with our internal legal department in those countries to determine what I, as an investigator, can actually legally request with all the privacy laws. Privacy laws are changing every minute.

FM: So that goes back to your earlier comment about things being more complicated because of new privacy laws?

Lane: One aspect of it, yes.

FM: In Europe or Asia?

Lane: Now it's in Europe, but yes, Asia is catching up with privacy laws. And countries have new employment laws that determine who you can talk to and who you can't. We just found out last week that Belgium might require us to notify an employee's manager and HR within three days of the start of an investigation — three days.

Rich: You have to be specialized in every country.

Couch: Employees are storing more information on so many devices now than five years ago; I have to ask our clients did that employee have a tablet, phone, laptop, desktop? Did they have electronic key cards to the building? I'm asking for so much more because evidence can be obtained from so many digital sources than they were five years ago.

Rule: My investigations increasingly involve more intellectual property issues. That can be your unfriendly competitor next door, industrial espionage, corporate espionage or the employee gone rogue who has decided that as he's worked on that information or data long enough he now he owns it, and he's going to move it somewhere.

FM: So you do most of the intellectual property because that's a niche that you've developed through the years?

Rule: I would say that's now 70 percent of my work. I get called in by law firms and investigative and computer forensic firms and companies who think they have a problem and need to solve an issue.

FM: Baby-boomer fraud examiners are retiring. The millennials are coming up to take their places. How are you as fraud examiners training this new generation?

Couch: I just hired a millennial. She's 24. She's getting her CPA license first and then her CFE. I think there are things that she's great at. Technology is one.

FM: That's a given.

Couch: However, I'm seeing a disparity in millennials in their abilities to connect with people. Looking them in the eye. They've had lots more training than many of us in computers. And they're studying fraud in school. But their people skills are lacking. They connect with their devices. I notice it in their writing. They don't realize that we don't write a professional email or memo as we would a text message. And so there's just a little bit of that that we have to train them on. But yet they come to the table with more skills in computers, electronics, understanding data that I didn't have when I was their age.

Lane: At one of the companies that I worked for, we had a soft-skills training session for anybody who was coming in — not just millennials — such as law enforcement transitioning into corporate. It's just part of training; for example, here's how you conduct case management, and the next session will be on soft skills.

Soft skills include not just interviewing but how you converse with others in your job, communicate as a professional investigator, and how to avoid becoming complacent with someone with whom you've established a professional relationship, and now you want to talk in a casual manner about your case. You're going to bring bias when you start talking casual.

FM: And you find some of the new hires are lacking those abilities.

Lane: Some of them don't have those soft skills. They're not socially awkward because they're very social people, but they're lacking professional social skills in talking to coworkers, peers, colleagues and executives. They don't always know the differences in how they should talk to people at those different levels.

FM: Give me a specific example.

Lane: A millennial in a professional debriefing meeting would use slang comments such as "dude" and "bro." That type of speech is fine outside the office at lunch, say, but definitely not in the office and during investigation briefings.

Rich: They look at us and say, "Well, you're just old people. That's the way old people talk." But it's not; it's formalized professional speech.

Blum: If we were going to compare ourselves to the newer hires — I would say newer CFEs have a lot more general knowledge than the people I saw 20 years ago. They have a lot more information at their fingertips so they have scratched the surface of a wide range of issues. They think they have a lot of knowledge, and often they do, and they're just as ambitious as we used to be. But, on the other hand, sometimes they're too anxious. We've got to teach them to slow down a little because they miss key items. They're too quick to speak up or jump to the next topic. We've been encouraging them — use your brain, be smart, gather information and take it all in before you react. But sometimes in fraud examinations they try to solve the issue in one hour not realizing life is not a 60-minute episode of CSI. And we need their computer skills that we don't have. It's a blessing they are so computer savvy.

Couch: I'm glad you said that, Sid. They almost have this expectation that, "Well, I have this degree, and I have this knowledge, so I should be at the same level where you are." They should give themselves time to have experiences to gather knowledge.

Rich: Sometimes millennials see fraud everywhere in big cases. And, we say, "Yes, it's there, but we have to make sure its prosecutable. If you spend all your time going after this and that, seven years down the road the statute expires, and you're done. Go in there, focus, get what you can and get the prosecution and get out."

Rule: I've actually gone the other way; I've hired three senior people because I find the millennials' communication abilities lacking. I have two young ladies who work in the office, and they're great. I've involved them in a number of cases. But when I've asked for written reports or emails to clients what the millennials provide is too abbreviated and short.

FM: So the generation before the millennials, Generation X, they were more trainable, teachable?

Rule: Yes, they were more trainable and teachable. Employees need to have a good command of English to establish a good rapport when communicating with clients.

Couch: They have to be willing to struggle.

Rich: They have to be willing to go through that process rather than jumping to conclusions or dismissing you right away.

Blum: A summation might be that millennials have greater technical knowledge than people from 20 years ago, but they're lacking in critical thinking, report writing and laying it out step by step by step. Instead, they want to go from step one to step 10. They might think in 144 characters, and we need them to think bigger picture in the communication process.

FM: Are there times when that actually works in you favor during investigations?

Rich: The technology?

FM: The technology part, but also being able to think quickly.

Rich: Yeah, they're definitely strong on the technology side. They know all the latest and greatest, and you may need that information. Younger people are an asset, but they just have to move into more sophisticated areas

Lane: I don't think they're hindered by the boxes that sometimes we're in. We think in finite terms, but they often have the most outrageous ideas and some of them are good. They're not afraid of making suggestions.

Voting for new Board of Regents members begins November 1

Certified members of the ACFE will begin to vote November 1 online at ACFE.com for their selections for two new board members. Voting will close December 31.

The Board of Regents performs several integral functions. Under the current bylaws, the Board of Regents has sole authority over the admission of members including, but not limited to, examination standards.

The board is also responsible for establishing, modifying and enforcing the CFE Code of Professional Ethics, and all other matters necessary to maintain the high standards of the ACFE.

"I encourage ACFE members to vote early for their choices for the new members of the Board of Regents," said ACFE Vice President and Program Director Bruce Dorris, J.D., CFE, CPA. "It's a privilege for members to select those who'll represent them on the board. The board frames the future of the ACFE and, in many ways, the profession."

The ACFE Nominations Committee selected six applicants to vie for the two available positions. The new Regents, who will be installed in February 2017, will each serve two-year terms.

Dick Carozza, CFE, is editor-in-chief of Fraud Magazine. His email address is: dcarozza@ACFE.com.

Emily Primeaux, CFE, is the former associate editor of Fraud Magazine.