The enemy within: Betrayal of leaders

When an accountant raised questions to his organization’s management in 2016 about the possible manipulation of employee remuneration at an Indonesian mining operation, little did he know that he was pulling the string that would unravel a larger fraud scheme involving top executives. Once discovered, though, the fraudsters’ downfall came quickly.

Some managers had been diverting company funds to their own accounts, and in the process, they withheld payments from some employees. This misbehavior understandably angered the company’s labor union, whose leader threatened industrial action. Management of the mining operation, which was owned by a company listed on the Australia Securities Exchange, couldn’t afford a strike that would disrupt the mining operation, and so the managing director and the chief financial officer of the parent company initiated an investigation.

The authors of this article, with the help of whistleblowers, conducted that investigation on behalf of the parent company to find out more about the suspected fraud inside the mining operation. Here we detail how the fraudulent leaders scammed the company and some of the lessons learned — from this investigation and others that we’ve conducted — about leadership fraud and the importance of the right tone at the top at any organizations wishing to prevent and detect these types of crimes.

We were astonished and bewildered to disentangle an extremely well-organized criminal network formed by none other than the senior managers. The investigation revealed that several senior executives, including a director and a human resources manager, had stolen millions of Indonesian rupia (the equivalent of thousands of U.S. dollars) in a series of brazen schemes involving the misappropriation of redundancy (job severance) and payroll payments.

In one instance, an executive diverted redundancy pay to himself that had been slated for a laid-off employee. And when employees complained about the executive’s actions, he negotiated a loan on behalf of the mining project to repay the funds, potentially leaving the firm on the hook for principal and interest payments.

The fraudsters concealed their skimming of cash advances for personal use through a slush fund by fabricating reconciliation documents, which normally record that money leaving an account matches money spent.

We also exposed schemes that could’ve potentially allowed fraudsters to swindle the company out of millions of dollars with fraudulent supplier contracts, fake companies and false invoicing. Thankfully, the parent company contained the damage after dismissing the three corrupt executives responsible for the fraud. Rather than prosecuting the fraudsters, the company decided to deal with the matter internally. The president director, who was the mastermind behind the scheme and the equivalent of a CEO at the mining operation, confessed to his crimes and returned a portion of the money he’d stolen. While the corrupt director had spent much of the money on a lavish lifestyle and failed investments, he agreed to a payment plan to honor what was still owed to the company. His accomplices also provided information that assisted us in our investigation.

Little of this came to light in public documents or the media because auditors at the time deemed the event immaterial to the publicly listed parent company and irrelevant under Australian law given it took place in Indonesia among locals, and that the amount the fraudsters stole was too small to affect the parent company’s financial numbers, according to an audit report. Even so, the case is a good example of how fraudsters in top positions can easily plunder a company that lacks adequate oversight and controls.

Recurring problem

We know that the right tone at the top is a crucial ingredient for an organization’s ethics and compliance program; it’s arguably the foundation upon which an organization builds its culture. Leaders can cause inordinate amounts of damage when they stumble and cross the line into fraudulent activities. Fraud fighters must therefore be aware of these potential nightmare scenarios. No organization is immune when the enemy rising from within is a corrupt leader.

The history of fraud is littered with corporate executives who took advantage of their status and positions to commit wrongdoing, often bringing down the companies they worked for in the process. Big cases continue to make the headlines. Just last year, authorities arrested and extradited Sam Bankman-Fried, the CEO and founder of crypto exchange FTX, back to the U.S. where he faces multiple fraud charges. In November 2022, Elizabeth Holmes was sentenced to more than 11 years in prison for defrauding investors when she was CEO of failed blood-testing startup Theranos. And Indonesia, where the introductory case took place, has also seen large fraud scandals involving corporate leaders such as Emirsyah Satar, the former CEO of airline Garuda. A corruption court sentenced him to eight years in prison and imposed a $1.4 million fine for bribery and money laundering connected to the procurement of planes. (See “Former Garuda Indonesia CEO jailed for eight years for bribery,” Reuters, May 8, 2020; “Elizabeth Holmes: Theranos founder convicted of fraud,” BBC, Jan. 4, 2022; and “How Sam Bankman-Fried swindled $8 billion in customer money, according to federal prosecutors,” by Rohan Goswami and MacKenzie Sigalos, CNBC, updated Dec. 19, 2022.)

The public knows about major leadership fraud cases like these. However, many other cases, like the fraud that took place at the Indonesian mining project, are never covered by the media or are quietly settled under the seal of confidentiality. Others are never discovered at all. ACFE’s Occupational Fraud 2022: A Report to the Nations highlights the worrisome reality of this type of fraud. Not only does the report’s data show that executives/upper managers are among the top three most common fraud perpetrators at organizations, but fraud in the departments where top managers work is one of the costliest with a median loss of $500,000.

Unscrupulous leaders are often charming and well-educated, making them skilled at hiding their schemes for years. Nor is it uncommon that such executives recruit or order junior staff members to help perpetrate and conceal their crimes. (See “AS 2401: Consideration of Fraud in a Financial Statement Audit,” Public Company Accounting Oversight Board.) This type of collusion could ultimately lead to a new generation of fraudsters and corrupt personnel who take the reins from the older leaders once they retire. It’s a perfect master and apprentice situation. This process could continue for multiple generations if left unchecked.

Plethora of avenues

Corrupt executives can exploit their positions of power in many ways, and hence fraud examiners need a variety of strategies to prevent and detect leadership fraud. It may help to look at some examples of leadership fraud that we’ve come across — such as the opening example and in other cases we’ve worked on — to better understand how fraudsters can perpetrate this type of crime.

Manpower scam

Public-sector corruption can be a part of everyday life in certain parts of the world. Transparency International’s Corruption Perceptions Index shows how Indonesia, for example, ranked 110 out of 180 nations in 2022, down from 96 the year before. (See “Corruption Perceptions Index - 2022,” Transparency International.)

That level of perceived public corruption may help explain the ease with which some executives pulled off what later became known as the “Manpower” scam, named after the Indonesian government ministry responsible for workers and labor laws, according to an audit report. (See “An Overview of the Governing Body for Indonesia’s Labour Laws,” 3E Accounting.) The perpetrator cited in the introductory case conspired with a government official to defraud the Indonesia mining company of more than $50,000 based on a trumped-up violation of working visas for two of its foreign employees, including accusations they’d been bullying employees. Together they created documents demanding payment from the miner if it wanted to avoid any immigration or work permit issues. The company responded by paying what it thought was the ministry, but in reality, the fraudsters deposited the funds in a false account they’d created.

During the investigation, we noted several obvious red flags and evidence of how the fraudsters carried out this scam. The fraudsters sent the bullying complaint to the government official’s personal email — not the normal channel for such disputes. And the government official conspiring with the perpetrator had written the letter demanding payment during the weekend, outside business hours and on false letterhead. We later discovered that the perpetrators had also paid off and threatened the company’s lawyer so he wouldn’t file a complaint against them.

Examples of leadership fraud scams

Here are scams involving top management and executives that we’ve come across.

Diversion of redundancy payments. This scheme comes from the introductory case involving the redundancy payments for workers who were no longer needed at the mining project. In this case, the perpetrator told the site manager, who typically signed off on the payments, that he should wait as the company still had to negotiate remuneration with the country’s department of labor. In reality, the fraudster was diverting the funds for personal use. He prolonged and concealed the scam with false documents and by lying to the company’s board and its shareholders.

IT departments and third-party vendors. This case involved the head of an IT department who contracted a third-party vendor owned by a relative to update his company’s technology at great cost to his employer. Not only was he receiving a wage from his employer but he also garnered kickbacks from the IT service provider. Before he was fired, the IT head was quick to destroy records and emails on the company server. While we informed the police of what happened, the authorities took no action.

Misappropriation of employee health insurance and pension payments. Employee health insurance and pension payments are similar to dormant bank accounts and hence are vulnerable to manipulation by management. We’ve come across many cases where a company had made such payments on behalf of employees who later find they’re unable to recover those funds due to fraud.

Window dressing. This term is commonly associated with the manipulation of financial statements to make them look more favorable than they really are. But in the case of the mining company cited earlier, it could also involve inflating the amount and/or the quality of mineral deposits in a mine.

Vendor fraud and undisclosed conflict of interest. This common but recurrent fraud attacks companies’ supply management. Executives will often have their company contract with vendors controlled by a relative or an accomplice. In one case, we discovered the perpetrator had concealed multiple conflicts of interest through a joint enterprise he had with his girlfriend. When we started investigating, the perpetrator and his alleged girlfriend were in the process of entering into an agreement to provide the victim company and its subsidiary with staff uniforms at significantly inflated prices.

Strategy to investigate schemes

Strategies and tactics for investigating leaders suspected of fraud will vary depending on the complexity and types of crime that allegedly occurred. But there are some useful guidelines to follow when fraud examiners are first called in to investigate:

Tread carefully to keep initial inquiries confidential. Maintaining confidentiality and secrecy is crucial so fraudsters are unaware authorities have discovered their scams.

Quickly gather evidence within a specified time frame. Once perpetrators are aware of an investigation they’ll quickly destroy or tamper with evidence. So close that window of opportunity if at all possible by swiftly gathering evidence. In the case of the mining operation, gathering sufficient evidence with the help of whistleblower complaints and making a strong case to the board and shareholders played a huge role in triggering a full-scale investigation.

Understand local laws and regulations. Every step of an investigation must comply with laws and regulations, especially when you’re investigating a victim company operating in another country or that conducts cross-border transactions. Engage with independent, in-country CFEs with legal expertise.

Five-phase investigation plan

Once you’ve identified the type of fraud and suspects, we recommend a five-phase investigation plan to outline the nature and scope of the investigation in response to identified issues:

Phase one

Gather evidence before aggressively targeting suspects. An organization with corrupt leaders is likely to have poor internal controls and perhaps lacks a culture that encourages employees to speak up. Therefore, make inquires with some delicacy to maximize support of potential witnesses, and avoid making employees fearful and raising suspicions among alleged fraudsters. This is particularly important when top managers are the sources of fraudulent activity.

In the introductory case, we built trust and gained support among employees, which allowed us to quietly identify those leaders involved and garner evidence to convince shareholders and other stakeholders of the seriousness of the crimes and the need to act.

This phase should involve these steps:

• Identify and locate all persons involved (both former and current staff members).
• Conduct local interviews with those potentially involved. (These could be as simple as casual phone calls.)
• Conduct covert surveillance when necessary within legal boundaries.
• Conduct an initial forensic analysis of related data, such as payroll and vendor data, to examine potential patterns for fraud and red flags.
• Identify and investigate undisclosed business relationships.
• If possible, bring in an external auditor or watchdog to support your findings to relevant stakeholders.

Phase two

Establish a control framework for conducting interviews and recommending disciplinary action. The right policies not only clearly define what constitutes wrongdoing, but they intimidate and draw attention to those who may have violated those rules. They also facilitate the process of assigning blame to those who’ve committed fraud. And more witnesses are likely to step forward if a new control framework includes hotlines or other means to encourage and protect whistleblowers.

Here are some steps to take immediately:

• Commence development of a fraud and corruption control framework, preferably one that’s in line with the International Organization for Standardization’s anti-bribery management system. (See “Anti-bribery management systems — Requirements with guidance for use,” ISO.) In Australia, for example, investigators typically use AS 8001-2008 Fraud and Corruption Control guidelines to prevent and detect fraud.
• Design conflict-of-interest policy and declaration processes.
• Design a company whistleblower program.

Phase three

Investigators move to a more aggressive stage after garnering sufficient evidence to target suspects and implement the controls designed earlier to establish an anti-fraud culture at the organization. Phase three could involve these steps:

• Visit the site and conduct unannounced audits of payroll and human resources departments.
• Obtain originals or copies of required documentation.
• Conduct interviews with relevant management and staff.
• Implement and promote code-of-conduct and conflict-of-interest declarations.
• Promote, implement and monitor a whistleblower hotline.

Phase four

• Engage services of an independent CFE via ACFE in-country network contacts.
• Initiate contacts with relevant government departments and banks to obtain records either through voluntary submissions or subpoenas.
• Conduct interviews with persons of interest outside the organization.

Phase five

• Review evidence.
• Report outcomes and disciplinary actions plus recommendations to senior management and the board.

Conduct each step in each phase according to local laws and under authority delegated by the managing director, audit committee or shareholders — only if those leaders aren’t under suspicion.

Meet the tricky challenge of investigating leaders

Dealing with suspicions of fraud, bribery and corruption when key leaders are allegedly involved is exceptionally challenging. Fraud examiners and other investigators must often work in environments of fear, anxiety and mistrust. And corrupt executives are often exceptionally charming and skilled at swaying opinions in their favor.

We’ve found that establishing a robust channel for whistleblowers is one of the most effective tools under these circumstances. And don’t forget to respectfully and confidentially protect employees who step forward with evidence or act as witnesses.

Eradicating fraud from the top level is never impossible with a strong investigative team, smart strategy and targeted techniques.

Esther Roseline, CFE, is a corporate lawyer specializing in forensics and fraud investigations, as well as fraud risk management. She’s also been an instructor at ACFE Indonesia Chapter events. Contact her at estheroselines@gmail.com.

Dominic Blackshaw, CFE, is manager of investigations and risk at Gold Security Group (International) Pty Ltd, where he manages investigations and designs fraud and corruption control plans. Contact him at dacten7@bigpond.com.