Beating fraudsters at their game

Association of Certified Fraud Examiners (ACFE) Board of Regents members talk to Fraud Magazine about the current state of the anti-fraud field, the schemes they worry about the most and the skills that fraud examiners need to defeat fraudsters. Plus, the Board expands its membership by three in 2026.

Fraud examiners have a formidable task ahead of them as artificial intelligence technology (AI) accelerates, and fraudsters take advantage of it to fine-tune and complicate their schemes. To meet these challenges, the anti-fraud experts of the ACFE Board of Regents say that fraud examiners must recalibrate and upgrade their fraud-fighting skills, especially in data analysis. Fraud Magazine sat down with members of the ACFE of Board of Regents at the 36th Annual ACFE Global Fraud Conference, in Nashville, Tennessee, in June 2025 to discuss those challenges and the current state of the anti-fraud field, including the status of compliance teams and shifting priorities for the U.S. government in fighting bribery and corruption.

Fraud Magazine: We’re going to break a little news here today. I just learned that you voted to expand the number of members on the Association of Certified Fraud Examiners (ACFE) Board of Regents. Why did you decide to vote in favor of expansion?

Chair Kimberly Howell, CFE: We’ve expanded the international representation of the board, so there’ll be three members from outside the U.S., for a total of seven members. This will go into effect in 2026.

We all think it’s a good idea. Organizations like the ACFE have larger boards. We’re an international organization and should have more international representation. We’re fortunate that we have two non-U.S. members now, but three U.S. members isn’t a good representation for the rest of the ACFE membership. This expansion is very important.

FM: Earlier this year, the U.S. Department of Justice announced that it was refocusing its enforcement of the Foreign Corrupt Practices Act (FCPA) from cases involving bribery of foreign officials to cases involving transnational organized crime and terrorism as well as cases that directly impact U.S. businesses. Do you think this enforcement shift will affect fighting corruption globally?

Vice Chair Robert Smolich, CFE: We saw something similar back in 2001 after the September 11 attacks, where the U.S. shifted government resources to counter international terrorism. We still fought fraud, but there were different priorities. We’re still going to fight fraud. We’re still going after corruption. It might not be the No. 1 priority, but it’ll still occur.

Howell: Every presidential administration has its priorities. It doesn’t mean that work isn’t getting done. It just may not be the top priority.

Smolich: Any time we see these shifts there’s an opportunity to capitalize on them. I think we’ll find new opportunities to fight fraud.

FM: What are some of those opportunities from your perspective?

Smolich: One of the areas that I’m really excited about is proactive, or predictive, fraud analysis. I see this as an emerging opportunity. I don’t think we’ve exploited it the way we could.

FM: How can we better use it?

Smolich: In the [U.S] federal government, we can integrate predictive analytics into procurement and assistance programs, to generate and review invoices, to review how money is being spent, where its being spent and identify red flags of fraud.

FM: Mahes and Annemari, what are your thoughts on the FCPA and fighting bribery and corruption internationally?

Annemari Krugel, CFE: Coming from South Africa, we work with state capture. (State capture is a form of corruption involving private interest groups that influence public policy for their own benefit.) I’m involved in criminal prosecutions that follow from state capture investigations. It [reprioritizing the FCPA] won’t change our processes. For us, it’s important to carry on. We’ve done good work on fighting corruption in the past, and we’ll continue doing so. We do strive to extradite people to the U.S. under the terms of the FCPA, so in that regard, the priority change is concerning, but it won’t stop the work we do investigating state capture cases.

Mark Sullivan, CFE: I spent my career in the private sector mostly working with multi-national companies, and I don’t think you’re going to see significant changes from their perspectives. Compliance has become a priority for companies, and anti-bribery and corruption is just one component of a robust compliance program. Just because the government’s focus for the time being has changed, you won’t see companies let up. We still have other significant international bribery and corruption-related laws and standards, such as the U.K. Bribery Act of 2010 and the OECD Convention. Now, companies without strong compliance programs and inadequate controls might be even more lax and act inappropriate, but I don’t think we see more than what we usually do with large multinational companies. 

Maheswari Kanniah, CFE: Historically, the U.S. Foreign Corrupt Practices Act (FCPA) has shaped global enforcement priorities and set the tone for international anti-bribery efforts. However, as enforcement landscapes evolve, we’ve begun to look more closely at frameworks like the U.K. Bribery Act for guidance. These shifts don’t diminish our commitment, but they do sharpen our focus.

New developments will continue to emerge, and our role is to review them critically and apply what’s relevant within our local context. What’s increasingly clear is that the global enforcement environment is becoming more complex and politically driven. To navigate this effectively, we need governments and domestic regulators to collaborate on a streamlined, harmonized compliance framework, one that organizations across jurisdictions can follow with clarity and confidence.

Such a framework must be regulator-led, not left to fragmented interpretation. Only then can we manage expectations consistently, uphold ethical standards globally and ensure that compliance remains a cornerstone of responsible business.

FM: In May 2025, Boeing struck a deal with the U.S. government to avoid prosecution for misleading regulators about the safety of its Max 737 jets. These safety failures are connected to two plane crashes that killed 347 people in 2018. To the compliance and regulations experts here, why would a large, multinational organization — like Boeing — fall short on following safety and compliance protocols when they have both the money and personnel to manage these compliance programs?

Howell: I’ve always worked in the public sector, but internal performance pressures are the main driver and that diminishes the focus on regulatory compliance. When you have quotas often regulations are set aside, and I think that’s probably why we’re seeing these problems in large companies. Their bottom line is performance and getting their products out at a specific time.

Kanniah: True compliance isn’t just about systems and checklists. It’s about embedding ethical foresight into decision-making. Until corporations recalibrate their internal cultures to value long-term resilience over short-term wins, these failures will persist.

Sullivan: It’s about tone at the top; it’s a cultural issue. In these large, complex multinational companies with many moving parts, if the tone at the top is wrong and the culture is wrong, there’ll be people who’ll find ways to game the system for their own incentives. A strong ethical culture can help prevent those incentives from becoming pervasive.

Smolich: These compliance failures are happening at all types of organizations, not just large corporations. But not everyone makes a multimillion-dollar jet that crashes or doors that pop open during a flight. There are different pressures on individuals throughout an organization, from the top all the way down to the people executing the jobs. We’re surprised when this happens because we hold these organizations to a higher standard.

Sullivan: But the smaller companies don’t have the resources. The regulatory landscape is extremely complex and constantly changing. You’ve got to spend a lot of money to comply with regulations, and unfortunately, not everybody’s willing to do that.

FM: What are some other challenges that compliance teams are facing? And what’s going well in that area?

Kanniah: One of the most encouraging shifts in compliance today is the growing leadership acceptance of its strategic value. In my organization, Kenanga Investment Bank Berhad, compliance reporting has moved from the bottom of the board agenda to the top. This signals a deeper understanding of its role, not just as a safeguard, but as a driver of ethical resilience. The quality of board engagement has improved markedly, with more thoughtful questions and genuine interest in governance outcomes.

Technology has also become a powerful ally. We’re now able to analyze larger datasets for anomalies, enabling faster, more targeted interventions. The accelerated adoption of blockchain technology has been especially positive. It doesn’t just support compliance; it elevates it. Blockchain transforms the function from reactive oversight to proactive governance, offering transparency, immutability and real-time assurance.

Culturally, we’ve seen a meaningful shift in how whistleblowing is perceived. Speaking up is no longer taboo, and it’s increasingly seen as a courageous act of integrity. That acceptance is vital for building psychologically safe workplaces.

And perhaps the most reassuring truth is that no matter how advanced technology becomes, and no matter how far artificial intelligence evolves, compliance professionals remain indispensable. We are a regulatory requirement. Our judgment, accountability and ethical stewardship cannot be automated.

Sullivan: When the regulators show up, it’s usually because there’s a problem, and they want to see the compliance program and see that it works. You can’t just have a compliance program. You must use it and enforce it. You must have records of incidents, and examples of people disciplined or terminated for violating policies. You protect whistleblowers. All those things are much better than they used to be when compliance programs were often treated like checklists. Most people I know are doing the best they can with limited resources. Unless you’re in a highly regulated industry, compliance resources will be limited.

Plus, it’s essential now to leverage technology to comply with regulations, especially now that everybody’s dealing with cybersecurity and privacy issues and needing to comply with privacy regulations like California’s Consumer Privacy Rights Act and the GDPR [the EU’s General Data Protection Regulation]. We even have businesses that help companies comply with privacy regulations, which is all data-driven technology to protect against breaches that fuel identity theft. I think this convergence of compliance and technology has been beneficial for everybody.

Kanniah: One of the most pressing challenges we face today is the shortage of skilled professionals in compliance. The talent pipeline simply isn’t strong enough, and as a result, we’ve had to take proactive steps to build it ourselves. At Kenanga Investment Bank Berhad, we partnered with the Securities Industries Development Corporation, the training arm of Malaysia’s Securities Commission, to develop a certification program for compliance officers. This initiative includes structured training, competency assessments and mentorship opportunities designed to cultivate future leaders in the field.

Despite these efforts, attracting talent to compliance remains difficult. It’s often perceived as the least desirable function, as it isn’t as elevated or celebrated as other business roles. Bonus allocations reflect this disparity, with compliance professionals frequently receiving less than their counterparts in revenue-generating divisions. Yet these individuals serve as critical stopgaps against fraud, misconduct and reputational risk.

The issue isn’t just about compensation; it’s about recognition. Until organizations truly value compliance as a strategic enabler rather than a regulatory obligation, we’ll continue to struggle with recruitment and retention. Elevating the profession requires cultural change, investment in development and a clear message that compliance is not a cost center, but rather a cornerstone of sustainable governance.

FM: What are some emerging threats keeping you up at night?

Howell: AI cybersecurity, phishing, everything to do with AI. We need AI to combat AI. I work for a federally funded nonprofit, and we still have problems with employees of grantees embezzling funds and vendor fraud. My organization, the Corporation for Public Broadcasting, gives funding to nonprofits, and these organizations don’t have the infrastructure for a complex cybersecurity program to protect funds. They have information on the people who donate to them; it’s a high-target area, and they don’t have the expertise to properly manage that. If someone breaches their donor databases, they’ll have all those donors’ personal and payment information. Then you have employees of these organizations who might embezzle funds and vendors that steal funds. AI is making all this easier, allowing people to devise more intricate phishing schemes that can reach a broader audience. They’re using AI to create better schemes, and we must learn to use AI to stay ahead or at least understand these threats.

Kanniah: Cybersecurity is a permanent agenda item in our regulatory compliance report, so it’s a matter that we’re able to get in front of the board of directors. There’s always something new every day with these cybersecurity threats.

Krugel: In South Africa right now, we’re seeing a spike in extortion cases in which organized criminal gangs threaten people. They’ve targeted many different industries, and there’s been ugly incidents of CEOs of bigger companies being targeted. It’s concerning, especially considering corporate boards. You’ll start seeing members making strange decisions because they’re being extorted behind the scenes, and it affects the entire board, causing divisions among members.

FM: What do you think is the best way for organizations to handle the threat of extortion?

Krugel: It’s important that this issue gets visibility in organizations so that fraud teams can address it if someone in their organization is being extorted. We’ve been considering threat training — not security training — for our board members and executives because this extortion is a threat; it’s not a typical security issue. We’re being proactive on this issue and have advised our board to look into the issue.

Recently, there was an extortion ring that a perpetrator was operating by cell phone from jail. This is why it’s so important that we have threat analyses. I know that some of the bigger cell phone companies in South Africa have started looking at what they can do to fight it. Finding a way to combat this issue is necessary especially when you have people who must travel a lot for work. You need to know who’s making the travel arrangements, things like that. These are the types of issues that fall within the purview of a threat analysis. Also, we need to look beyond our senior executives. This extortion can happen to more junior people in organizations as well. (See the sidebar “Extortion in South Africa” at the end of this article.)

FM: What are the skills that fraud examiners should be cultivating right now to confront the challenges we’ve discussed today?

Howell: I recently attended a training session on using AI for data analysis hosted by the ACFE Maryland Chapter. The speaker had a spreadsheet of transactions, and they asked the program, “If you were looking for fraud, where would you focus?” It was such a general question, but the program returned 10 responses about transactions that could indicate fraud like double billing, billing for services on weekends and whether a certain code was overused. Having this would’ve been so helpful for me and other fraud fighters over the years.

I think the more proficient fraud examiners become working with data, the more effective they’ll be at managing high volumes of data. If you’re an older person, you may not be as proficient as younger people who grew up using computers, but it’s important to understand the technology better than the fraudsters who are using it.

I think the more proficient fraud examiners become working with data, the more effective they’ll be at managing high volumes of data.

Sullivan: I think you’ve got to be good at networking. Attend events like the ACFE Global Fraud Conference. Attend training sessions and meet other people in your industry, because you’ll learn something new from them. If you limit yourself to people within your organization, you’ll end up doing what everyone else has done before you. If you go beyond that, you’ll meet someone doing something interesting and effective that you can take back to your organization to be a real game changer.

Kanniah: Fraud examiners need to become strategic advisers — not just investigators. You need to upskill to adapt to different situations. During an investigation, you should be able to provide strategic advice to management, because leadership now expects that fraud examiners can advise them on how to address an issue, going beyond reporting what happened or which law or policy was violated. Being able to do this should help you move up in your organization.

Smolich: Beyond the technical skills that we’ve talked about, I think there are three things fraud examiners should concentrate on right now. First, you should be able to depict data visually and concisely and be able to explain succinctly. Your ability to do these things with data is huge. Second, as Mark mentioned, developing interpersonal skills. People should devote more attention to developing their networking and communication skills. Third, I think it’s important for organization leaders to mentor people to ensure that we develop the next generation of leaders.

Krugel: We also need people who can better analyze information. Your analysis is what helps you connect the dots during an investigation.

Howell: To add to Annemari’s point about analyzing information, we need to make sure that people understand that analyses shouldn’t stop at the AI platform. It’s a tool that enables you to interpret data, and sometimes people think they can go by that first report delivered by AI without validating the data or looking further into the results.

FM: What are some ways that fraud examiners can boost those analytical skills?

Smolich: Gain experience, try different things. Fail, come back and learn again. Often, new employees come to the job thinking they have the skill set, but it’s something that needs to be exercised and built on. You need time.

Krugel: I think it’s important for us to train people in due diligence and know-your-client procedures. You should also understand the deviations that occurred in your investigation.

Sullivan: Having intellectual curiosity and the desire to catch bad guys are important to analyzing data and conducting investigations. You’ve got to think like the bad guys and ask yourself how you’d do it and get away with it. Go back to the data and consider why something wasn’t caught before. What were you missing? As Bob said, continue learning.

FM: It seems like having a mentor for all these things would be beneficial, but that it requires some initiative on the part of the fraud examiner to seek one out.

Smolich: Absolutely. There needs to be a willingness to seek information and mentorship.

Kanniah: People in my organization do ask for help on certain things, and we support them whenever we can. Networking and mentorship, all these small things add on to the experience of learning how to manage situations.

Howell: It may also be helpful to teach people how to get a mentor beyond formally asking someone. It’s important to ask questions and take time to sit with the expert and show them that you’re curious. Many times, when someone is asked to be a mentor, they immediately start thinking about time commitments. I’d prefer that someone start by asking me a question and letting a relationship develop organically, rather than tell me they’re looking for a mentor.

Smolich: Throughout my career, mentorship was about finding someone who was doing something well and asking them how I could do that too.

Howell: As a young criminal investigator, I’d see this one investigator getting things done, and I’d ask to tag along on their next interview. And that’s the thing: You can ask 1,000 questions in the car on the way back. So, ask someone if you can go with them out in the field. I’ve found that for me that has been the easiest way to develop a mentor-mentee relationship. Try not to formalize everything. I have probably had 100 mentors who didn’t know they were mentoring me.

Smolich: I appreciate it from the mentors’ perspective too, because I can’t tell you how much I’ve learned from those interactions. I’m constantly seeking people to mentor because I get just as much benefit from the relationship as the person I’m mentoring.

Jennifer Liebman, CFE, is editor in chief of Fraud Magazine. Contact her at jliebman@ACFE.com.

Crystal Zuzek is assistant editor of Fraud Magazine. Contact her czuzek@ACFE.com. 

The participants

Kimberly A. Howell, CFE, Inspector General, Corporation for Public Broadcasting, Washington, D.C.

In 2019, Kimberly Howell, CFE, was appointed Inspector General (IG) for the Corporation for Public Broadcasting (CPB), a U.S.-government-funded nonprofit. Her office is responsible for independent oversight of the CPB and regularly audits, evaluates and investigates CPB funding, programs, operations and initiatives. In 2011, she became a member of the Senior Executive Service where she led anti-fraud, compliance and oversight efforts and worked with federal, state and local law enforcement agencies on various critical programs and initiatives. She was appointed by governor of Maryland in 2018 and reappointed in 2025 to serve on the Maryland Commission on Judicial Disabilities. She is also an adjunct associate professor of criminal justice at the University of Maryland Global Campus and has a master’s degree in public administration.

Robert J. Smolich, CFE, Assistant Inspector General for Investigations, U.S. Department of State, Office of the Inspector General, Arlington, Virginia

Robert Smolich, CFE, leads criminal, civil and administrative investigations of violations affecting programs and operations of the U.S. Department of State, the U.S. Agency for Global Media, and the U.S. Section of the International Boundary and Water Commission.

He’s an Air Force Reserve Colonel (Special Agent) with the Air Force Office of Special Investigations (AFOSI) with more than 27 years of active duty and reserve service. He currently serves as the individual mobilization augmentee to the Deputy Commander, where he supports the Commander in executing AFOSI’s mission and overseeing its 3,800-person workforce across 180 locations worldwide. He’s active with the ACFE’s Law Enforcement and Government Alliance program, participates in the ACFE’s Executive Roundtable and served on the ACFE Board of Regents Advisory Working Group.

Maheswari Kanniah, CFE, Executive Director and Group Chief Regulatory and Compliance Officer, Kenanga Investment Bank Berhad (Kenanga), Kuala Lumpur, Malaysia

Maheswari Kanniah, CFE, is the executive director and group chief regulatory and compliance officer of Kenanga. Throughout her 45-year career, Kanniah has conducted various capital market and anti-money laundering investigations. She was instrumental in the ACFE partnership with Kenanga, the first corporate entity in Southeast Asia to join the Corporate Alliance program. In 2023, her contributions earned her the Outstanding Achievement in Outreach and Community Service award from the ACFE, and she was the first Southeast Asian to earn this recognition. In 2025, she was inducted into the Malaysia Book of Records for this honor and was named CFE of the Year for the Malaysian Chapter, an honor she received at the ACFE Fraud Conference Asia-Pacific, held in Kuala Lumpur and virtually.

She currently serves on the Boards of the Institute of Corporate Directors Malaysia, Turiya Bhd and MBSB Bhd as an independent non-executive director.

Annemari Krugel, CFE, Head of Forensics, BDO Advisory Services, Johannesburg, South Africa

Annemari Krugel, CFE, is a director in the forensic services department at BDO and leads a team providing integrated forensic services, including fraud investigations, anti-corruption compliance, forensic technology services and financial reporting disputes. Before joining BDO, Krugel held various senior positions as director and forensic consultant. She has more than 37 years of experience in criminal justice, forensic investigations and prosecutions.

Krugel started her career in the South African Department of Justice in 1984. She collaborated with the South African Police Service on several high-profile projects in South Africa that exposed and prosecuted corruption, fraud, statutory and other related offenses.

Mark J. Sullivan, CFE, CPP, CFI, Market Managing Principal and Co-Global Leader – Forensic and Investigation Services, Grant Thornton LLP (Retired), Chicago, Illinois

In May 2025, Sullivan retired after 15 years as a senior partner and co-global leader of the forensic and investigation services practice at Grant Thornton LLP (GT). He served in similar roles at Deloitte and Kroll. Sullivan became a CFE while working in the fraud and security consulting practice at Arthur Andersen & Co.

Throughout his career, Sullivan conducted risk assessments and worked on behalf of boards of directors and special committees for multinational companies. He’s led more than 1,000 audit, tax and advisory professionals to record revenues during his tenure as the market managing principal of GT’s Chicagoland offices. Sullivan previously served as president of the ACFE Greater Chicago Chapter and chair of the ACFE Foundation Board of Directors.

Extortion in South Africa

ACFE Board of Regents member, Annemari Krugel, CFE, put a spotlight on the spate of extortion cases in South Africa. Here are some of the cases dominating the headlines there and how law enforcement is seeking to address the problem.

Earlier this year, former South African Airways (SAA) board member Yakhe Kwinana was arrested in Eastern Cape, South Africa, and charged with extortion, malicious damage to property and pointing a firearm. She’s accused of orchestrating a “reign of terror” in East London, South Africa, allegedly working with armed men to intimidate and extort residents. Reports say she ordered the demolition of victims’ properties to enforce compliance with her demands. Kwinana appeared at the Randburg Magistrate’s Court in March and was granted bail of 20,000 rand ($1,133). Kwinana’s case is one example of extortion in South Africa, which is pervasive across public and private sectors, including construction, transportation, education and small business. In a tragic case, a stray bullet killed a four-year-old girl during an extortion attempt in Cape Town, South Africa, in 2024. Violence erupted when criminals demanded protection money from a retail shop owner.

On Sept. 3, 2024, South Africa’s Minister of Police, Senzo Mchunu, made a statement in Parliament regarding measures by the South African Police Service (SAPS) to address threats posed by extortion in the country. He highlighted the concentration of extortion-related crimes taking place in the provinces of Gauteng, KwaZulu Natal, Western Cape and Eastern Cape, which collectively account for 73% of all crime in the country. He described extortionists as “murderous parasites,” often heavily armed, spreading fear and silencing communities from reporting crimes to the police. Between April 2019 and March 2024, 6,056 extortion cases were reported, leading to 2,389 arrests but only 178 convictions — a mere 7% conviction rate.

In a media statement, Ian Cameron, a member of South Africa’s Parliament and chair of the Portfolio Committee on Police, noted a lack of trust in law enforcement among South Africans, “which has negatively impacted on the ability of SAPS to investigate extortion cases.” In late 2023, the committee adopted a framework to enhance oversight of interventions, targeting seven sectors of concern: construction, transportation, mining, security, small business, vulnerable communities and local government. Cameron has also proposed the formation of a data-driven, specialized intelligence hub, “enhanced community reporting and support and targeting extortion operations.”