Teaming up with anti-fraud pros, Fraud Magazine
Featured Article

Teaming with anti-fraud pros of many stripes

Written by: Robert Tie, CFE
Date: September 1, 2019
Read Time: 15 mins

Opportunistic fraudsters often have an advantage over CFEs: They can freely and spontaneously select co-conspirators by skill, position and corruptibility. To level the playing field, CFEs can work more closely with other types of anti-corruption practitioners. Their experience and techniques, when combined with ours, frequently produce extraordinary synergies that outfox versatile criminals.

Fraud Magazine recently spoke with veteran ethics and compliance specialists Jonathan E. Turner, CFE, and Julie Myers Wood, J.D., plus white-collar-crime trial attorney John F. Lauro, J.D., about how fraud fighters in their respective professions can pool their skills and resources to proficiently investigate and help prevent executive misconduct.

Seemingly successful Bankrate Inc., a publicly traded financial services company headquartered in North Palm Beach, Florida, secretly harbored frauds committed by some of its executives for years. If its internal fraud fighters in various departments and external auditors had been as organized as the fraudsters, Bankrate could’ve been spared massive financial loss.

In February 2018, Bankrate held a routine earnings call. The company’s CFO, Edward DiMaria, had scheduled the February 2014 teleconference to apprise analysts, investors and the media of the company’s financial results for the full fiscal year ended Dec. 31, 2013.

“Bankrate is once again growing,” said President and CEO Kenneth Esterow. “In 2014, we will build on this momentum.” Esterow’s presentation assured his audience that revenue and earnings were steady, with the company poised for greater profitability.

Yes, adjusted EBITDA (earnings before interest, taxes, depreciation and amortization) — a broad measure of profitability — had dropped one percent from FY 2012’s level. But business was on the uptick. Total revenue for the fourth quarter of 2013 had soared 31% above that of the same period in FY 2012.

All in all, the picture was that of a competently managed enterprise, forging ahead through the up- and downswings of a post-recession economy, intense competition and the ever-changing communications technology underlying its most lucrative asset, Bankrate.com, the wildly popular consumer finance web portal.

As far as CEO Esterow knew, it all was true — except it wasn’t. CFO DiMaria had lied to his CEO, the board of directors, the internal and external auditors and everyone else with an interest in the company’s financial performance.

Of course, they’d all relied upon the accuracy of Bankrate’s current U.S. Securities and Exchange Commission (SEC) Form 10-K, the “annual report” that public companies must submit to the SEC no more than 75 days after the end of their most recent full fiscal year.

The ugly truth, though, was that DiMaria, aided by his subordinates, Vice-President of Finance Hyunjin Lerner and, to a far smaller and less active extent, Director of Accounting Matthew Gamsey, CPA, had engaged in a complex revenue manipulation scheme that recorded unsupported expense accruals on the company’s books. Then, in subsequent quarters when it suited their purposes, they reversed those accounting entries to artificially inflate publicly reported measures of Bankrate’s adjusted earnings.

This enabled DiMaria and Lerner to earn vast profits by selling their Bankrate shares at prices far higher than the company’s true financial results would have led to, had the fraudsters not concealed them.

Yet while the conspirators had managed to fool other executives and boardroom colleagues, the SEC said it wanted a closer look at the company’s books. And that’s when the fraudsters’ elaborate scheme began to unravel.

On Sept. 14, 2014, Bankrate filed SEC Form 8-K, reporting an unscheduled material event. In this case, the event in question was news to investors, but not to the SEC. Unsure of the accuracy and completeness of Bankrate’s 2011, 2012 and 2013 financial statements, the SEC had launched an investigation of them. The 8-K also reported that DiMaria had resigned from his position as CFO but would remain with the company as a senior vice president.

The market didn’t take the news well, but the company’s good prospects slowed its shares’ decline. That grace period of investor patience ended abruptly when, three weeks later, Bankrate filed another 8-K. This time the news was calamitous: The company had terminated DiMaria after he refused to cooperate with the SEC’s deepening probe. While the SEC hadn’t charged anyone at Bankrate, the price of its shares plunged by 50%. Eventually, Lerner and Gamsey also left the firm.

The wide variety of tools and approaches by criminal actors requires all of us as anti-fraud professionals to work together, combining our efforts with others, including internal audit, CFEs, legal and even quality control.
Meanwhile, the company hired a new CFO, who fully cooperated with the SEC, as did a new audit committee whose member directors all were independent of management. Complementing these much-needed internal improvements in its governance structure, Bankrate also engaged new external counsel. The SEC’s investigation led to a civil complaint against Gamsey and criminal indictments of DiMaria and Lerner.

In August 2017, Gamsey reached a settlement with the SEC, in which he admitted no wrongdoing but was suspended for at least three years from appearing or practicing before the SEC as an accountant. Earlier that year the SEC indicted Lerner for helping manipulate Bankrate’s financial results in order to inflate its earnings.

Initially, Lerner denied any involvement in the scheme. But in October 2017, the SEC filed an additional charge — known as a superseding information — against Lerner, citing not only his false statements to the company’s independent auditors but also the falsified documentation he provided to Bankrate’s finance department in support of the fabricated earnings he and DiMaria had reported in the company’s financial statements. Realizing the inevitability of his conviction, Lerner pleaded guilty and cooperated with prosecutors.

Soon thereafter, SEC investigators, aided by additional incriminating details from Lerner and Gamsey, tightened the evidence-based noose of accountability they’d meticulously woven around DiMaria. And that led to his indictment for accounting and securities fraud in December 2017.

DiMaria persisted in his denials, but their futility became clear when, in January 2018, Lerner received a five-year prison sentence. Three months later a federal judge ordered Lerner to pay $21 million in restitution to investors he’d helped defraud.

DiMaria’s turn to be the subject of a superseding information came in June 2018. Accepting his fate, he immediately pleaded guilty to the SEC charges, and in September 2018 received a 10-year prison sentence — twice as long as his minion, Lerner — reflecting the CFO’s more prominent role in the scheme and his complete refusal to cooperate with investigators. But because both men profited equally from their fraud, DiMaria’s restitution order was for the same amount — $21 million — as that of Lerner.

The SEC closed its case in March 2019, when Baton Holdings, a firm that ultimately acquired Bankrate, agreed to pay $28 million in combined monetary penalties and restitution to resolve the government’s investigation and help defrauded investors recover their losses.

Be even more collegial than fraudsters

The Bankrate case was a typical financial statement fraud, but crimes of its kind have in recent years become notorious more because of their high-ranking perpetrators’ conspiratorial behavior and organizational culture than because of the schemes themselves.

Of course, big frauds will always occur, but anti-fraud professionals of many stripes from all departments and outside investigative firms can take a page from the fraudsters’ playbooks and tightly coordinate their detection, prevention and deterrence efforts. To level the playing field, CFEs can work more closely with other types of anti-corruption practitioners. Their experience and techniques, when combined with ours, frequently produce extraordinary synergies that outfox versatile criminals.

Misconduct: real or apparent?

“Conduct risk” — the formal term for exposure to such malfeasance as in the Bankrate case — can have different meanings in different contexts. Still, according to management consultants McKinsey and Company, it “… can be commonly understood as individual or group actions that could cause unfair outcomes for customers, undermine market integrity, and damage the firm’s reputation and competitive position.”

Clearly, the behavior of Bankrate’s CFO and vice president of finance is a prime example of unmitigated conduct risk. But detecting such exposures isn’t as easy as it might seem in retrospect.

“One of our greatest challenges is to not make unwarranted assumptions,” says Jonathan Turner, CFE, a Memphis, Tennessee-based ACFE Regent Emeritus and the vice president, ethics and compliance, for Smith & Nephew, a medical device and pharmaceutical maker headquartered in London, England, with operations in roughly 100 countries. “CFEs don’t have crystal balls or X-ray vision. We can’t look at a business and know for sure whether its leaders or anyone else will fall prey to corruption.

“Even a perfect environment can have fraud, and even a risky one can run clean. But we can observe an organization’s culture and see how important ethics are to its top executives,” he says.

For example, Turner says, if a senior leader visits a manufacturing plant and spends 25 minutes answering questions from employees, that company probably has a healthy culture. But if that same leader had merely videotaped a message for distribution and didn’t solicit feedback, that culture might need improvement.

Julie Myers Wood, J.D., agrees, pointing to a board of directors’ pivotal role in governance and compliance. “The board should pay special attention to the type of culture C-suite executives create,” says Wood, CEO of Guidepost Solutions — an investigations, compliance and security firm with offices in the U.S., England, Singapore and Colombia — and former head of Immigration and Customs Enforcement (ICE) for the U.S. Department of Homeland Security.

Wood adds that boards should also note whether the company’s executives participate in compliance initiatives, support fully funding them and speak at conferences on compliance-related topics or give interviews in which they promote the organization’s compliance achievements. “And they should challenge executives who don’t seem committed to compliance,” she says.

“A good investigator is always skeptical,” says John Lauro, J.D., a principal of the Lauro Law Firm, a national legal practice with offices in New York and Tampa, Florida, and a former federal prosecutor. “Let’s say corporation A is under investigation. It has determined that prior management was responsible for inappropriate activity and it’s now cooperating with the government. But earning credit for cooperation means coming up with a persuasive narrative as to why prior management did what it’s accused of. And that creates pressure to skew the investigation toward findings that exculpate current management,” Lauro says. “Nevertheless, a truly independent investigator may find evidence exonerating the former managers, and that’s not a position the company wants to be in. The result could be pressure on CFEs or other investigators.”

There being some strength and safety in numbers, the possibility of such pressure is another compelling reason for CFEs to cultivate informal working relationships with peers in internal audit, compliance, legal and other anti-corruption functions.

Gathering, sharing and applying intelligence

As with any exposure, CFEs need information to mitigate conduct risk. They can obtain some of it from individuals close to potential sources of risk. And they can get more of it by tapping into well-established and readily accessible data pipelines.

The best such source, when it comes to financial performance and its associated fraud exposures, is the trove of financial statements public companies file with the SEC. Take, for example, a company’s SEC Form 10-K, its official annual report as opposed to its sometimes-glitzy cousin whose intended audience comprises investors, not regulators.

The 10-K — a rich source for investigators, compliance professionals and risk managers — yields key insights to those, such as Wood, who know where to look. She notes that in Item 9A, “Controls and Procedures” (pp. 151ff) of Bankrate’s 10-K for 2014, the company stated that it “did not maintain an effective control environment, which is the foundation for the discipline and structure necessary for effective internal control over financial reporting …”

An acknowledgement of that materiality and scope is enough to attract the close attention of a company’s CFEs, internal auditors and compliance staff — not to mention the seriously negative image it presents to investors and regulators. All the more reason, then, to expect some mention of these problems in Bankrate’s earlier 10-Ks.

And yet Item 9A of the company’s 2012 filing reported that “There was no change in our internal control over financial reporting … that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.” (Bankrate’s 2013 10-K isn’t available online.) A CFE who wants to find out why would know it’s time to start querying people, not just systems.

And that would be a perfect opportunity to collaborate with allied professionals in the company’s compliance office and in internal audit. (Your collaboration could be fruitful, and you’d be able to share core CFE principles.) In the Bankrate case, if the company had a culture in which an investigator, auditor or compliance professional could’ve routinely spoken with employees in the company’s accounting or finance departments, it might’ve been possible to establish a level of mutual trust and shared ethical commitment. And that might’ve encouraged someone there to submit an anonymous tip about the CFO’s and finance VP’s ongoing fraud scheme.

That’s why, Wood says, it’s important to evaluate the company’s anti-fraud hotline. Why were the C-suite and board unaware of Bankrate’s control deficiencies until the SEC began investigating them in September 2014?

“Boards should ask for hotline data on a regular basis,” she says. “How many people are using it? Is it widely advertised throughout the company? What types of issues are being reported? And boards should require follow-up and investigation on issues reported through the hotline.”

In addition to that, CFEs and their anti-corruption colleagues should explore the quality and extent of other information and input the C-suite and board should receive to properly lead the enterprise.

CFEs make the most progress, though, when we join forces with allied professionals to help businesses and their leaders become more transparent, accountable and productive.
“Although data is essential, it’s also important to involve senior risk management and compliance professionals in strategic planning,” Wood says. “Failing to do this can allow strategies to contain significant unaddressed — even unknown — vulnerabilities, such as weak controls. Establishing a compliance committee with a clearly defined charter and strategic mandate is another good way to embed compliance in the organization’s culture. It’s a great structure for involving other stakeholders and for working more closely with the audit committee. To visibly signal its support for the compliance committee, the company can have it report to the CEO and the board on a dotted-line basis,” she says.

“The wide variety of tools and approaches by criminal actors requires all of us as anti-fraud professionals to work together, combining our efforts with others, including internal audit, CFEs, legal and even quality control,” Wood says. “A consolidated approach by all anti-fraud professionals is the best way to reduce vulnerabilities and more quickly identify illegal or unethical behavior.”

Also focusing on the gathering and sharing of intelligence, Turner says that “anti-fraud professionals have the risk-oriented knowledge to advise senior leaders on where and how exposures can best be mitigated, and on how that could affect the enterprise in the near and long term.” He adds that it’s also important to have a culture in which employees can dissent constructively. The absence of open debate, Turner believes, prevents useful information from circulating freely throughout the organization. “And that,” he says, “is how the risk of fraud turns into actual fraud.”

Consensus on investigating alleged misconduct

“It’s best to have a written plan so that there’s no mistake as to what is being investigated and whether there are any limitations,” Lauro says. “It can be amended as necessary and should be kept confidential between the lawyer and the investigator. It also should spell out the mission, goals and purpose, say whom the investigator reports to, and specify the details of feedback and supervision.

“Where possible, arrange for the investigation to be protected by the attorney-client privilege,” Lauro says. Under it, anything discussed with the attorney need not be disclosed to the opposition in a legal proceeding. “If you’re using outside counsel, then it’s pretty certain you have protection — less so with in-house counsel, who might not be as experienced with protecting an investigation.”

To be certain the attorney-client privilege exists, Lauro recommends that the outside lawyer be directly involved in the investigative plan and process — interacting with the investigator — and kept abreast of the investigation status and strategy. An internal-audit only investigation might not be protected under attorney-client privilege, even if internal counsel is involved.

“Corporate counsel and ethics officers need to know what fraud examiners in internal audit and elsewhere hear from boots on the ground,” Lauro says. “CFEs should forge a relationship with these executives long before any sign of a crisis. The resulting synergy will boost the organization’s ability to protect itself from the consequences of fraudulent conduct.”

Shape the future

It’s CFEs’ nature and responsibility to identify problems and propose solutions, Turner acknowledges. “But to be future-facing, we should also look at success, at the most profitable products,” he says. “Nobody spends a lot of time reviewing and analyzing their blockbusters to see if they deserve scrutiny. The people involved in top products are proud of them and happy to talk. Of course, if you ask about a secret product that hasn’t been launched, people get protective. But ask about a flagship product that’s been out for five years, and they’ll talk about it in depth,” Turner says. “So, I’d go to product management, finance, quality and safety, and ask them to tell me about that star product. I’d then share my findings with fellow CFEs and other anti-fraud professionals throughout the organization,” he says. “Together, we’d be well prepared to help create systems and processes to minimize fraud risk around the product. That’s how you can shape the future of your organization.”

Joining forces

Organizations sometimes lapse into apathetic governance that harms them, their stakeholders and society at large. Fortunately, fraud examiners and others can guide them toward much-needed improvements.

CFEs make the most progress, though, when we join forces with allied professionals to help businesses and their leaders become more transparent, accountable and productive. Those of us who’ve already made this a habit know its rewards, not only in terms of solutions to today’s challenges but also to those still largely unknown but sure to come. CFEs who have yet to take this approach will reap the same benefits when they team up with fraud-fighting colleagues in other disciplines.

Our greater numbers and varied professional perspectives will strengthen our ability to spur leaders toward an enduring commitment to ethics, compliance and fraud prevention. And in that way, we’ll help our clients and employers where they often need it most — at the top. 

Robert Tie, CFE, is a contributing writer for Fraud Magazine. Contact him at robertxtie@gmail.com.

 

Begin Your Free 30-Day Trial

Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.