Adjusting to a new reality

The worst of the COVID-19 pandemic may be over, but CFEs still face new challenges ahead and will need to learn from the lessons brought on by the health crisis.

The ACFE Board of Regents sat down with Fraud Magazine, once again via Zoom, just days before the virtual 32nd Annual ACFE Global Fraud Conference to talk about shifting interviewing tactics, fraud awareness training, pandemic-driven scams, cyberfraud, the usefulness of artificial intelligence and advice for aspiring CFEs.

The participants:

• Lyn Cameron, LL.B., CFE: Cameron is the senior director of Microsoft’s Business Conduct Investigations Team. She has more than 34 years of investigative experience. For the past 15 years, she’s managed global investigation teams at Microsoft and, previously, at Cisco Systems Inc.
• Kenneth R. Dieffenbach, CFE:Dieffenbach is the deputy assistant inspector general for investigations at the U.S. Department of Energy. He previously worked as the special agent in charge of the Fraud Detection Office in the U.S. Department of Justice Office of the Inspector General Investigations Division. He’s had a 25-year federal law enforcement career in fighting fraud. (His opinions in this article are his own.)
• Victoria Meyer, CFE: Meyer is director of fi nancial crime consulting at the Swiss International Business Academy in Zug, Switzerland. She began her counter-fraud career 25 years ago investigatin social security fraud in London. Meyer has worked for multiple large international consulting and financial firms.
• Alexandra Sagaro, M.S.S., CFE, FCLS: Sagaro is director of enterprise fraud risk management program at Raymond James Financial, where she develops technology and resources to mitigate fraud risk and investigates fraud complaints. Before joining the private sector, Sagaro worked in law enforcement on state and federal tasks forces for money laundering, insurance fraud and public corruption. Sagaro has had a diversified career in the fraud space spanning over 25 years.
• Hannibal “Mike” Ware, CFE: Ware is the inspector general at the U.S. Small Business Administration, where he provides oversight of more than a trillion dollars of lending authority aimed at stabilizing the nation’s economy and providing vital capital for small businesses. Ware has had a career that spans over 30 years in the inspector-general community

FM: We are finally emerging from the COVID-19 pandemic, but many of us are still working from home and may do so permanently. How has the health crisis changed your professional lives and the way you work?

Alexandra Sagaro: It is about fluidity because everyone had to move to remote conditions. So, you had to adapt not only to what your workstation looked like, but also to your interviewing style, investigation tactics, technology tools and how you showed documentation to the interviewee. In a person-to-person setting you were able to see physical cues and pass documents to them and have an element of surprise, but now we have to change some of those interviewing tactics.

FM: How did those tactics change?

Sagaro: We did not do so much of this on my team as we dealt with advisors and had limitations on interview subjects. However, in peer benchmarking other associates used digital platforms with whiteboards on which people could answer questions and circle different points depending on the context of the interview.

Lyn Cameron: I just want to add to Alexandra’s comments around interviewing. I think during the pandemic, when we are doing everything virtually, we have had to adjust to what we have learned as we have gone along. And it has become even more important to develop a rapport with the person you are interviewing and have empathy to what is going on around them.

In terms of documentation and using the technology, we have really had to put more effort and emphasis on preparation so there is reduced opportunity for confusion about what is being shown, what documentation was shared and what comments were related to that particular documentation.

Victoria Meyer: What has been difficult in professional terms — probably more in Europe than America I would imagine — is the fact that you can’t travel because people tend not to engage fraud examiners so much if they can’t meet them in person and talk to them and get that trust. Not being able to leave Switzerland has made a big difference to the kind of work that is available here. Yes, technically I can do all my work remotely, but gaining that trust and being able to sit and talk this through and have a coffee with clients makes a big difference to the way that fraud examiners are working. And clients are actually choosing different fraud examiners now because they live in-country.

FM: As countries return to a pre-pandemic footing, will this change?

Meyer: The use of fraud examiners will return to normal, but other patterns of working may change permanently. Because a lot of first-level anti-money laundering (AML) work is outsourced, particularly to teams in countries like India, some banks have been suffering resourcing issues during the pandemic and are starting to consider other ways of getting that first-level review done. Rather than outsource to large teams abroad, they are now looking more toward artificial intelligence for first-level hit handling for anti-money laundering work, so they are less reliant on countries with cheap labor.

Fraud awareness training

FM: In the recent ACFE Fraud Awareness Training Benchmarking Report, the role least likely to receive any fraud awareness training is a member of the board of directors. Fourteen percent of respondents indicated that their board doesn’t receive fraud awareness training at all, which was more than double the percentage of any other role. Is that surprising and should organizations be taking a more top-down approach toward fraud prevention and training?

Kenneth Dieffenbach: I wasn’t surprised by that at all. I do a lot of work related to grant dollars and nonprofits, and nonprofits often suffer from this challenge. You have homeowner associations, little leagues and churches that most often have really good, dedicated people serving on boards. But these individuals don’t always have backgrounds in business, law or accounting, and very often don’t receive any kind of fraud training. This type of training could go a long way in preventing and deterring fraud schemes. For example, making sure board members know what questions to ask and know not to rely on any one person for the financials would help mitigate fraud risks. I’ve often heard a board literally say: “I can’t believe this person stole money from us. I never imagined that would happen here.” I find that frustrating as every board member should imagine that fraud schemes could impact them and should take proactive measures to address these issues.

FM: According to the ACFE report, while close to 40% of respondents planned to increase their budget for fraud awareness training for next year, the majority of respondents, 54%, said budgets would remain the same. Should organizations be investing more in fraud prevention, or is this just a reflection of companies tightening their belts during the COVID-induced economic downturn?

Sagaro: Funding training is important as fraud teams are forever changing. You not only have to have annual training such as ethics, fraud awareness, identity theft and red-flag training, but you also need training that is continual and in motion, for instance, as the scenario presents itself. When a new scheme appears such as when unemployment and PPP (Paycheck Protection Program) fraud spiked during the pandemic, that is when you need some specialized training in that particular scheme. I put provisions in my budget to account for those types of anomalies that pop up. Though we have annual training, we also want the ability to focus on ad hoc training so we can continuously provide that awareness to teams. Having the extra budget allocation affords us that avenue to pursue.

We have a lot of specific fraud training, but we are reliant on our relationships with organizations like the ACFE. For instance, my employer has a corporate alliance membership that affords us webinars and training for our team and leadership. Some of those training sessions provide a broader awareness to our team. I think it also depends on what is happening in the world. It is especially important to maximize exposure to identify red flags during International Fraud Awareness Week when we partner with all of our teams within our company and we make everyone a part of it. We build games to build awareness, so people understand different scenarios and red flags. We push out marketing materials. We try to make it fun and engaging.

Deciphering cyberfraud

FM: We have seen what appears to be a resurgence of cyberfraud during the pandemic. How can we better combat this type of fraud?

Mike Ware: From a cyber perspective, we realized that we couldn’t combat in our different siloes something that goes across all government. So, what has been most important and critical at this time are the different partnerships that we have had through memorandums of understanding and data-sharing agreements, and also capitalizing on the Pandemic Response Accountability Committee (PRAC) — [one of several U.S. independent bodies created by the Coronavirus Aid, Relief and Economic Security (CARES) Act of 2020 to oversee the emergency spending bills tied to the health crisis]. PRAC has a broader mandate that allows [the U.S. Small Business Administration (SBA)] to grab data from other agencies — something that we couldn’t do before. That helped a lot in cyber. An example of that is how we partnered with the Department of Labor. With unemployment insurance fraud, folks would tell them they didn’t have a job, but tell us at SBA that they had a business with 25 employees. By overlaying that kind of information, we were able to find anomalies. Also, we worked with the Department of the Treasury, using the do-not-pay list to see how much money went to people who were supposedly dead, or any other people who weren’t supposed to be receiving payments. It is a collaboration across government lines and the utilization of data analytics that has helped propel us in this fight against fraud.

FM: Do aspiring CFEs now need to be more knowledgeable about the technology used by cyberfraudsters, or at the end of the day, does it really come down to using the same tried and tested techniques that have always been used to catch fraudsters?

Dieffenbach: I think it is safe to say that among all the current Regents that when we were all first coming up in our careers, cyber — as we know it today — didn’t really exist. We, of course, had computers, but if I had to go back and do it over again, I wish I had paid more attention earlier in my career to the technological evolution of cyber issues and how they impact fraud schemes. For the younger CFEs, it would be smart to understand that whole cyber piece in a holistic way. Cyber will continue to evolve and change, and it will continue to be a game changer. Fraud is fraud, but when you throw in the cyber piece, including intrusions, ransomware, anonymous payment systems, deep fakes, identity theft etc., that is a whole other playing field. 

Meyer: I agree. Sometimes you have to make that distinction between true cybercrime and cyber-enabled crime, which is just the traditional crime that is being enabled by modern technology. With the latter, you just need to know about those traditional fraud schemes. And every time you open up a new way of interacting with your business, which a lot of companies have done during the pandemic, you have to ask how this new way of interacting can be used to carry out traditional fraud schemes. In cyber-enabled crime you are just interacting in different ways, and you have to look at how fraud could be enabled by this new method of interaction, and also what new data will be collected that could be used to analyze risks and prevent fraud.

You have to make a distinction between that and true cybercrime, where a lot of education is required, and you need specialists. There is actually no point even trying to train all the fraud examiners in the world to be cybercrime investigators, but understanding the ways that new technologies can enable traditional frauds is something we should all be trying to achieve.

Sagaro: That is a really great point, Victoria. One of the things we do is create an environment that has a cyberfraud fusion process that enables subject matter experts from both of those forums to come together and collaborate. We identify a scheme and seek alignment with our cyber experts on the best way to mine for that activity within databases, and this is the data that we can pull for further analysis to proactively mitigate fraudulent activity. From here we evaluate ways to create detection tools and then focus on mining for the schemes based on that collaborative engagement.

It would be great to train everybody on understanding the cyber language, but I honestly don’t have the cyber mind. I can’t think in algorithms. So, it is my job to say this is the fraud I am seeing, and this is where I am pulling it from in the accounts, and then the cyber associate can provide valuable input into how they can pull this data. Collaboration provides a platform to analyze the data collated to mine for fraud. The cyberfraud fusion has been working. We have been seeing incremental gains so far, but I expect with the continuance of this type of collaborative engagement we are going to see great gains.

FM: I understand that cyberfraudsters work in the same way, using forums to bring together different types of expertise to carry out a particular crime?

Sagaro: They have networks, so why shouldn’t we? They go to the dark web and then they ask for help and get into certain accounts and ask if someone has a password. They share information, and they are highly successful. And that is what we should be doing — recognizing subject matter expertise and leveraging that expertise to collaborate to thwart fraudulent activity.

Benefits and cost of AI in fraud investigations

FM: Are you moving away from traditional digital analysis toward artificial intelligence (AI) and machine-learning methods? If so, how?

Meyer: AI is becoming quite a big focus of anti-money laundering work, and we are always looking at different ways of managing intelligence. For example, in the know-your-customer space, we are using the whole internet as well as full media archives going back years, and that is such an enormous amount of information. Without AI, it is difficult to pull together the relevant details and make sure that investigators are seeing what is most relevant to them. So, we are using natural language processing to locate intelligence relevant to individual crime topics. We are using entity resolution to pull together documents and articles that relate to the same individuals and organizations. We are using network analysis to draw that together and identify connections between those individuals and organizations. Without doubt, in the field of intelligence analysis, AI is the way forward.

That said, many of the AI products in this space are still early in their development curve. There’s some really clever technology being deployed, but it takes so much processing power that to run the analytics, they often need to do a first cut of candidate documents, and sometimes that just involves a basic keyword search upfront to determine which documents will go through further analysis. AI is definitely the way forward because the internet is a big place, and you can’t manage that amount of information without the capabilities that data science is offering. But you need to be really careful to make sure you understand what you are buying in this area. It’s OK that these products are not yet perfect, provided you understand where their weaknesses might be.

FM: How costly is it to set up an efficient AI system, and is it worth it?

Meyer: It’s not cheap. And as an investment, it can be problematic because these products can be a black box, meaning you don’t have that transparency around how they work. What I often find is that people aren’t testing these new technologies properly before they make that investment. AI has huge potential to revolutionize the AML space, but people aren’t always getting what they are paying for at the moment. I think it is on all of us to make sure that when we are spending AI budgets, we force vendors to show us what they are doing and to make sure we are getting what we think we are paying for and push them to improve in areas where weaknesses exist. Pretty much all major banks are investing in this technology, but the results are variable to say the least. That’s fine at this stage in the development curve, but we need to support technology vendors to develop in the way that best supports our work.

Dieffenbach: Most of the federal inspectors general are doing something within the data analytics space, but the AI piece is not to the scale of the private sector or that level of sophistication across the board. It will be eventually. We will be there in time.

Pandemic-driven fraud

FM: What types of fraud have stood out during the pandemic and are there any particular cases that spring to mind?

Meyer: The pandemic was a situation that no one was prepared for, and fraudsters really took advantage of this to generate some quick wins. In the first case, when things like masks and hand sanitizer were in short supply, there was a big increase in these things being offered for sale online, with purchasers never receiving their products. As supply improved, focus moved to producing substandard PPE [personal protective equipment] and selling it as fulfilling the required regulations. This continues to be a significant threat to public health.

When the pandemic started, we also saw an increase in scammers feeding off fake news and medical misinformation. People were buying lemon and ginger COVID remedies (and worse). Now that things are opening up, and activities like entry to night clubs and travel are being made dependent on vaccination, we’re seeing a shift towards providing the anti-vax community with fake vaccination certificates, so that’s an area where authorities are going to have to get their technical ducks in a row to make it more difficult for scams like that to persist.

Ware: Pandemic-related fraud for us has come from the huge infusion of stimulus and aid funding that has been disbursed so quickly. Congress has now approved more than $3 trillion in COVID-related aid, and I oversee more than $1 trillion for the SBA alone. The level of fraud has been incredible. We did proactive work to enable the SBA to raise the fraud guardrails that were necessary to stop the flood of money getting so easily into the hands of fraudsters. There was also back-end work — investigations that were happening almost in real time because fraudulent activity was so blatant and moving so quickly. Within the first month of the program disbursing money, we already had arrests, which is unheard of in terms of criminal investigative work.

AI is becoming quite a big focus of anti-money laundering work, and we are always looking at different ways of managing intelligence.

FM: I imagine this is the just the beginning and that we will see more arrests of fraudsters taking advantage of this unprecedented emergency funding?

Ware: From what we have been told, we are just over a year in, and the number of seizures we have at this time is about three or four times the number of seizures we saw during the aid disbursements during 2008-2009 financial crisis. But there is now a lot more money at stake than there was then.

Cameron: Were there any new controls or new processes that were implemented to stop fraud?

Ware: We knew fraudsters would be quick to act on the back of such a large funding package, so we gave the SBA information, and explained what needs to be in place to prevent fraud. However, they were so busy setting up these programs and ensuring that Americans in need received funding as quickly as possible. The SBA got 14-years-worth of funding out in just 14 days. So, at that point, we said, let’s go see what is going on immediately, and at that time we were able to help them improve the control structure a bit. These were basic controls that anyone on this call would have thought of. For example, there was no type of flag system to say this person just changed the bank account that they applied on before the money came out. At that time everything was self-certification. There was no way to certify that these people had a business. And as a matter of fact, the law basically prohibited it. So, we needed to get that changed as well. There were very few checks and balances.

FM: What lessons have we learned from this experience and what can inspectors general do differently in the next crisis?

Ware: In our last Council of the Inspectors General on Integrity and Efficiency (CIGIE) meeting we discussed [the next potential crisis] and how we might completely miss the boat if all of us don’t put together a comprehensive report that deals with what exactly needs to be put in place before these government funds go out in any emergency situation. So, that is something that will definitely be coming out.

Cameron: So, an emergency funding playbook?

Ware: Yes. There are 75 IGs, and about 30 of them are presidentially appointed, Senate confirmed, but each one of us are experts in our area. Each one of us knows what has to be done in our area, but nobody has done a whole-of-government report that Congress can have in its hands before saying we are going to allow Americans to get self-certified and get this money out.

Advice for aspiring CFEs

FM: As Regents, what advice can you give to aspiring CFEs wanting to advance their careers in this post-pandemic world?

Dieffenbach: First I would say start your career with at least a basic understanding of the cyberworld. And then there are the people skills, being able to talk and work with all types of people is a crucial skill. All fraud examiners should have some basic and ongoing training in how to interact with people, work in teams and how to conduct different types of interviews.

Sagaro: First and foremost, there are so many certifications out there, so be choosy. Understand the roles and responsibilities and how that really fits in with the person’s goals and objectives — both short term and long term, so that they can make it something worthwhile and not just something they are going to hang on their wall.

I would also stay on top of the latest fraud schemes. And one of the best things is networking with professionals, taking in other diversified perspectives. There is so much inspiration I get just from talking to different people and hearing what they have to say. It just allows me to look at something a little bit differently than I would have if I had not made that connection with that person. 

Report writing and interviewing are two really key skills. They are like tools. You must keep them sharp ...

Cameron: Report writing and interviewing are two really key skills. They are like any tools. You must keep them sharp, and you only keep them sharp by practicing and resharpening. They are really core to the work you do as investigators and fraud examiners. And it is never ever going to be a situation where you train once and you are done.

FM: What have you learned from any missteps during your careers?

Cameron: I think it is really critical as you develop as an investigator or fraud examiner that you acknowledge that you are not perfect, that you will make mistakes and that you should look to yourself all the time for how you can improve. And one of the areas that I have focused on over the years is making sure that I am examining my biases. They manifest in lots of different ways. It might be a framing bias, it might be an unconscious bias, but if I reflect and look for it, I can see what it is. If you think you are doing it right all the time from the outset, you are never going to grow. When you are reflecting on a case afterwards, think about what you could have done differently for better impact and more solid results, and whether there was anything you would have changed in your approach. That is how you learn and grow.

Dieffenbach: I would add to that by noting that whenever I hear someone say our job is to get to the truth, I always pause and think about that because the truth is very often subjective. Sometimes a set of facts can have entirely different meanings to different people. Our job is to collect all the relevant information, and we typically don’t make a judgment call — sometimes we do — but very often we are supposed to give the decision-makers the information they need without getting too locked into a certain outcome or conclusion, if you will.

FM: What do you counsel new fraud examiners about volunteering and networking?

Dieffenbach: I tell every person new in the field, or interested in growing in the field, to identify people who are doing what you might want to do and just call them. Make contact with them, network, and/or look for a mentor. That to me is one of the most important things people can do. Maybe take half an hour to tell them about your path or connect with other people. I found that to be really powerful, not only for my own career but for other people because the more people you talk to, the more you network, the more you are going to hear about opportunities. You may end up pursuing something you never thought of.

Ware: Let me double down on that, codifying it in a way. Every new employee coming into our organization is assigned a mentor for the first year. After that you can continue with a mentor or pick another one, but that is up to you. But for the first year it is mandatory.

Paul Kilby is former editor-in-chief of Fraud Magazine. Contact him at pkilby@acfe.com.