$100 million mystery behind Mr. Oh's embezzlement

On February 22, Swiss-based global engineering group ABB announced it was the victim of a $100 million internal embezzlement scheme in its South Korean subsidiary. The money and the alleged perpetrator vanished, and an international manhunt is so far unsuccessful. To the best of my knowledge, this is the largest case of employee embezzlement. (See Switzerland’s ABB hit by $100 million South Korean fraud, by John Revill, Reuters, February 22.)

What makes this case even more interesting is that the suspect, named in the media as 57-year-old ABB Korea Treasurer Myeong-se Oh, was a 25-year veteran of the company. According to the Reuters article, he was the treasurer, the former head of compliance and one of two integrity ombudsmen for the 800-employee ABB Korea at the time of the alleged fraud. In other words, the company entrusted Oh with the treasury plus training on ethics and how to report incidents of potential fraud — either through an ethics hotline or directly to him.

And it was with such a spotless background that Oh embarked on what ABB termed a “sophisticated criminal scheme” that cost his employer dearly. According to the Reuters article, ABB’s group chief executive described the alleged fraud as “shocking news.”

Although this case is far from resolved, I think it’s helpful to look at what we know so far and try to answer the question: How did Oh single-handedly embezzle $100 million over two years from a company that generated only $500 million in annual revenues?

The $27 key to the kingdom

On April 28, Swiss business magazine Bilanz reported (based on an international arrest warrant issued on February 22) that Oh used a combination of opening unauthorized bank accounts, receiving fraudulent loans and factoring of ABB accounts receivables to commit his embezzlement for nearly two years — from Feb. 27, 2015 until his disappearance on February 3 of this year. [See ABB Korea und die Jagd nach Mister Oh, by Von Marc Kowalsky, Bilanz, April 28 (in German).]

You might be asking, “How is this even possible?” An organization’s treasurer should be under robust controls for opening corporate bank accounts, signing contracts and transferring funds.

Many Asian governments require that each of their businesses must have a single, official red-ink corporate seal for validating legal contracts. Each South Korean business must register its unique handmade seal, the “beobin ingam,” with the government. By law, only the representative director can use the seal. However, the courts will presume that a company has “agreed to be legally bound … if a contract is stamped with the beobin ingam” even if the representative director didn’t use it, according to “Law in Korea.”

The beobin ingam costs about 30,000 South Korean won (KRW), the equivalent of U.S. $27, according to Kotra’s “Guide to Establishing a Business in Korea,” August 2015.

Apparently, Oh surreptitiously used the $27 seal to pull off his fraud (unless ABB authorized him to use it). According to ABB, Oh opened multiple bank accounts in its name at various institutions. He then either transferred $75 million from ABB’s legitimate corporate accounts to these phony accounts, or to another company, KW Industry (for whom he was identified as CEO).

Oh also took out business loans as ABB for $16 million, which he funneled into the unauthorized accounts. But Oh became bolder. He entered agreements to factor various accounts receivable invoices due to ABB to the tune of roughly $12 million. Download the PDF of the ABB “Q4 2016 Financial information Restated.”

So, our poster-boy ethics officer embezzled funds from his employer using a minimum of three fraud schemes in two years. According to the Bilanz article, ABB suspected nothing until he failed to show up to work February 7 — the first work day after the Chinese New Year holiday. Within four days the company uncovered the schemes and filed charges with Korean law enforcement.

Oh could face a sentence of up to 30 years in prison if found guilty, but the authorities first have to catch him. Oh fled South Korea on February 4 for Hong Kong and was last seen in a Macau casino. The Bilanz article also states that those familiar with the investigation believe Oh has connections to the Chinese mafia.

Perhaps it’s just coincidental that he was last seen in a casino, or perhaps it indicates one of the reasons for his embezzlement. I was surprised about the large financial scope and short duration of this fraud. As fraud examiners, we know that embezzlers most commonly steal funds to support luxury lifestyles or addictions. However, $100 million is far more cash than most need just to improve their lifestyles. I can only assume he wasn’t showing up to the office in a new Bentley or displaying photos of a private island on his desk.

I’m speculating that the mild-mannered Oh might have either fallen victim to a gambling addiction and/or had planned his disappearance through contacts with the Chinese mafia. According to the Bilanz article, Interpol has issued an international arrest warrant, and the FBI has frozen his U.S.-based assets. The article also says that Oh might have escaped to China, which doesn’t have an extradition treaty with South Korea.

Internal control weaknesses that created the opportunity

Oh’s audacious fraud took planning, deception, lying, manipulation of accounting records and bank statements, and the founding of a shell company. The whole time he played the loyal co-worker and friend to his colleagues, senior management and the company’s internal and external auditors.

Although the $100 million he stole represents just 4 percent of pre-tax profits for ABB globally, it was nearly 20 percent of the Korean company’s annual revenues. Consider Oh’s boldness in carrying out this fraud. He’d have to physically remove the seal from its secure location several times to perform his fraud.

As an official officer of the company with an impeccable career history with ABB, perhaps those around him thought it was normal that he’d routinely open accounts and negotiate lines of credit for the company. But, surely, transferring out more than $75 million to fictitious vendors wasn’t normal.

To keep his crimes hidden from both management and EY (the company’s auditors) for almost two years, Oh had to be extensively doctoring the accounting books to conceal his fraud.

According to a March 31 article in The Asset, ABB claimed in a prepared statement that Oh, because of his position in the firm, might have had “Omnipotent Super User” rights within ABB’s enterprise resource planning (ERP) system:

“ ‘Inappropriate access levels to the local ERP (enterprise resource planning) system’ and a lack of ‘adequate segregation of duties’ allowed the treasurer to embezzle millions. …” (See ABB fraud scandal highlights industry-wide vulnerabilities, by Sven Leichhardt, The Asset, March 31.)

This would allow Oh not only to have unlimited access to make journal entries but also the ability to completely erase or reverse transactions. He could’ve also granted and restricted his personal access rights during audits to avoid raising red flags.

ABB management acknowledges that it didn’t maintain proper oversight of the beobin ingam nor did they maintain proper segregation of duties in the ERP system to reduce the opportunity to commit this fraud.

“In the case of ABB, the treasurer worked with third parties which evidently invoiced the company with bogus claims. The executive could’ve then used his authorization rights in the ERP system to include these invoices in scheduled payment runs,” according to the Asset article. (Also see ABB admits failings over fraud at South Korean subsidiary, by Ralph Atkins, the Financial Times, March 13.)

Gambling and embezzlement

Recent embezzlement cases in the news show that excessive gambling is one of the major pressures for fraud motivation. (For example, see U.S. says Ex-BYN Mellon unit employee embezzled $7 million, by Nate Raymond, Reuters, February 15.)

Is this a rising trend? Should we focus our fraud risk assessment process more on the potential dangers associated with gambling addictions? How can we determine if a longtime trusted employee has recently begun gambling? Should our company policies and procedures prohibit gambling for those employees in high-risk positions? Are third parties targeting employees in high-risk positions to manipulate their habits and create personal vulnerabilities? Do age, gender, race, geography and position correlate to make gambling a higher-than-usual risk? Should organizations regularly track social media and perform periodic post-employment background checks of high-risk employees even when no predication for fraud exists?

Six eyes are now presumably watching

Did Oh hand us a case study of the perfect embezzlement in which he took the risks and gets to reap the rewards — free from prosecution? Or is this just another case of a gambling addiction gone terribly wrong? Hopefully, we’ll eventually find out.

One thing is clear: If ABB’s Korean subsidiary had used more stringent internal controls at its highest levels, Oh might not have been able to pull off this fraud. According to the Bilanz article, after firing ABB Korea’s CEO and CFO in March, ABB implemented what they call “a strict six-eye principle of control at its Korean subsidiary.”

Perhaps it’s fitting that 2017 is the Chinese Year of the Rooster because this fraud is the equivalent of closing the henhouse door after the fox has eaten the chickens and fled.

Steve C. Morang, CFE, CIA, CRMA, is a senior manager at a Northern California-based CPA firm and president of the ACFE’s San Francisco Chapter. His email address is: steve.morang@yahoo.com.