Escolar Documentos
Profissional Documentos
Cultura Documentos
Retired FBI Special Agent Brock Self processes anonymous tips through his company, Redline Solution, in order
to alert his clients about internal theft, fraud, waste and abuse. Information that meets certain thresholds will
trigger an investigation, often by other retired agents.
About five years ago Brock decided there was a need for employers to have the capability of soliciting
anonymous tips from honest employees about criminal activity within their companies. He developed a
program similar to Crime Stoppers that would allow companies to contract with his business, Redline
Solution, to obtain confidential information from anyone and be paid for that information totally
anonymously and without any personal identification that could later be discovered by either the company
or law enforcement or in civil lawsuits.
From his bank fraud work in the Bureau, Self understood that audits conducted by the Office of the
Controller of the Currency (OCC) and other agencies and companies rarely discovered criminal activity. In
fact, the ACFE report stated that only about 3% of frauds were uncovered through routine audits. He knew
that external audits should never be relied upon as the way to detect the activity of thieves. While audits
may be a deterrent, they have very limited value in detection.
Criminal activity is discovered in a variety of ways, including tips, internal audits, by account reconciliation,
or by document examination. Sometimes the police notify management because of other criminal cases
they are working, or by surveillance activities. Often major thefts and frauds are discovered by accident,
especially when employees take vacations and thus cannot control access to information that would reveal
crimes they have committed.
In one case that my partner and I worked many years ago at a regional bank, this premise was illustrated
when an elderly depositor called the bank to report an apparent accounting error of about twenty dollars in
interest in her IRS 1099 for her two Certificates of Deposit. When she told customer service of the issue
they could not find any record of the two CDs in the computer system.
The bank officer/thief who handled her account was an eighteen year trusted employee. She had about
1500 loyal customers to whom she had sold and maintained their deposit accounts. The only reason the
bank became alerted was that our bank officer was on a two-week vacation, so someone else took the call.
When we investigated and polygraphed the employee, we determined (and got her to confess) that the
scheme had been occurring for eight years, with a total loss of about $800,000. The bank would never have
discovered this scheme if the thief had handled the call, notwithstanding routine audits by the OCC and
other examiners throughout the years. The President of the bank was former Treasury agent who had
implemented many controls within his institution. The problem was that the bank never considered the
idea that documents like certificates of deposit could be generated on a LaserJet printer without their
knowledge. Our thief was kiting CDs in a very effective scheme.
Surveillance hardware as an investigative tool
While audio, video, and GPS hardware can sometimes be helpful in the detection and investigation of
criminal conduct within any business entity, they are rarely as effective as first-hand reporting of illegal
activity. Most anti-theft prevention systems like cameras generally result in a very low percentage
of discovered crimes. They are more effective once a company has been alerted to a problem and are in
the evidence-gathering phase of an investigation.
I have written about one of the leading companies in the United States, Brickhouse Security, which supplies
surveillance hardware and technology to big companies and law enforcement agencies for monitoring
employees, tracking assets, and locating employees using their cell phones and other wireless
devices. Another company, Axis is internationally recognized as a leader in networked cameras and realtime monitoring of events to document and prevent criminal activity. All of these tools should be
considered in an overall security and prevention program in conjunction with a tip line.
Redline Solution and Brickhouse have agreed to offer some form of purchase credit if an employee were to
use covert video equipment to document employee criminal activity and then uploaded video to Redline or
Brickhouse Security that proves valuable in an investigation. Video documentation of criminal activity is one
of the best forms of evidence and can shortcut lengthily investigations and associated costs.
Tip lines and anonymous reporting systems
Theft prevention through tip lines can be likened to off-site computer backup; nobody ever wants to spend
the money on such systems until there is a serious problem, then it is an open checkbook. Tip lines are
good insurance against internal fraud. These systems promote employees watching each other, to the
benefit of the employer. Redline offers a letter to employees to announce the program, and also
uses videos and signage, as well as wallet cards for contact information.
The Redline program was somewhat tricky to set up because of potential legal issues that involve the
transfer of money to a person that does not have to show ID, tax reporting of revenue, verification of the
information, assessment of that information and what it is worth, and follow-up investigation when
warranted. There were also issues of confidentiality and how to ultimately protect the identity of the
person contacting the call center and to protect that information from a subpoena to testify or criminal
investigation process.
Legislation in 2002 was designed to encourage whistle-blowers to come forward to report fraud after
the Enron debacle.
Sarbanes-Oxley was enacted to protect investors, not the regulated company. Thus, the Act does not
protect informants identity because in Sarbanes-Oxley the whistle-blower must give his name and agree to
testify. Under those conditions, informants can apply to OSHA for compensation. SOX only applies to
accounting fraud, not other crimes, and other forms of misconduct are not covered. So employers need to
set up their own reporting system or contract with vendors like Redline, whether they are covered under
Sarbanes-Oxley or not.
The challenge for Redline was to protect individual sources of information as their primary mission. Redline
now offers a service to many corporate clients in diverse sectors that have recovered or saved significant
dollars in actual or potential losses from criminal activity within their operations.
The company offers a service to take and process anonymous tips for clients. Each caller is assigned a
unique ID which can be used to receive a reward from Western Union, should the corporate client
determine that the information has value. Brock will document the information and if warranted, fully brief
investigators for follow-up. If payment is subsequently authorized by the client, the informant can be paid
in cash with no identification required. Additionally, the call center strips all caller-ID data so no
information as to the originating individual can be captured or recorded.
Redline has been involved in many interesting flavors of theft and fraud cases for its clients, including theft
of metals from copper mines, rerouting of containers of computers by switching address labels at a FedEx
warehouse, falsification of invoices to cover fictitious payments, and an infinite variety of schemes to
defraud its clients. The relevant issue in all of these cases is that the clients would likely never have
discovered their losses without someone reporting these occurrences.
If you are an entity with assets that can potentially be diverted, stolen, converted to personal use, or
employees that can be corrupted, then you should consider the initiation of a confidential reporting system
that provides a method for honest employees to report waste, fraud, and abuse. And it is not just
employees who use Redline and other systems. It is customers, vendors, competitors, shareholders, and
other interested individuals.
Virtually any entity that implements a tip line (either by telephone or web-portal) and commensurate
training program will see lower losses and shorter detection times to stop the losses and catch the
perpetrators.
Critical characteristics and goals of any reporting system must include the following:
Assess potential schemes that pose the greatest risk to the entity;
Reporting mechanism, such as a hotline, for tips and information from both internal and external sources;
The reporting system must maintain the anonymity of the person making the report;
There must be fraud awareness education so that employees understand what constitutes improper,
unethical, or illegal activity, and how fraud can affect the organization and its employees;
Management must encourage a policy of zero-tolerance for fraud and criminal activity;
Management must understand that the initial detection of a fraud scheme is critical, and that important
decisions must be made as to how to proceed, once discovered. This will affect the gathering and securing
of evidence as well as investigative strategies and actions most likely to limit losses.
Impact of tip lines
Organizations that use hotlines for reporting will limit their exposure to losses and reduce the detection
time to stop the bleeding, which for businesses is the most important motivation. As a point of interest, tip
lines were most effective for crimes involving assets, corruption, and financial statement frauds. According
to the ACFE, fewer than ten percent of victim organizations offered rewards for reporting suspicious
activity. It is clear that organizations must take a proactive approach to fraud and may not be aware of the
options available with regard to anonymous reporting systems.
Fraud controls
In their report, the ACFE recommends several anti-fraud measures for organizations in order to prevent
fraud from occurring, and to test the effectiveness of internal programs. Often, there are lapses or
weaknesses in controls that contribute to fraud. These include a failure to report crimes to law
enforcement for fear of bad publicity. Companies often mistakenly believe that internal discipline will be
sufficient to deal with the problem.
The following controls, at a minimum, should be implemented:
Provide for an effective fraud reporting system in which the employees can believe that confidentiality will
be maintained without any fear of reprisal, and that activity will be promptly investigated;
Provide an aggressive and proactive program to offer a perception of detection for employees so they
believe that fraudulent conduct will be aggressively investigated;
Establish an ethical climate and tone of honesty and integrity, beginning with owners and management;
Insure strong anti-fraud controls in place, including physical safeguards, job rotations, mandatory vacations,
and checks and balances;
Implement proper hiring policy including background checks and vetting of employees;
Provide employee support programs to deal with addiction, mental, emotional health, family, and financial
problems;
Insure open communications policies to allow employees to speak freely about pressures in the business
environment and workplace;
profitability, morale, and ultimately many businesses. They are able to get away with their crimes because
the operation of almost all business is based upon trusting employees with resources and responsibility.
This was going to be a simple article on the best way to alert companies about occupational fraud and their
employees, and then describe one solution. After reviewing many investigations, discussing this with my
colleagues, and examining the latest ACFE report, I decided that this article should profile the company
thief and the companies that are most at risk, and then talk about one of the most effective means to stop
people we work with from engaging in illegal activities in the workplace. So in this article I will look at who
and what the looters are, and in the follow-up I will describe the work of a retired FBI Special Agent whom I
first met forty years ago in Omaha when I was in law school.
The businesses or entities most at risk
The businesses most at risk to internal fraud and theft, in the order of losses from highest to lowest, are
banking and financial services, government, and public administration, and the manufacturing
sectors. Small employers (fewer than 100 workers) are more commonly victimized than larger companies
because they usually cannot afford strong anti-fraud measures. Theyre also often not in a financial position
to absorb losses and less likely to recover either what was stolen or, in some cases, keep their business
going as a viable entity.
The implementation of anti-fraud control measures is highly correlative with significant decreases in the
cost and duration of occupational fraud. While these controls cost money, not to implement them usually
costs a lot more in terms of dollars, business reputation, litigation, and other costs. Those organizations
that had implemented any of these controls had fewer losses and detection time than those entities that
did not put such safeguards in place.
Some sobering statistics about losses
Businesses, on a global basis, experience losses of about 5% a year from schemes executed by and with
employees. The median loss was about $400,000, and in one-fifth of businesses that were surveyed in the
ACFE study, the loss was at least $1,000,000. In the least costly forms of fraud, the cost to business was
about $120,000.
In about 87% of the cases the appropriation of assets was the leading cause of losses. While financial
statement fraud accounted for only about eight percent of all cases, it had the highest median loss of about
$1,000,000 for each occurrence. Finally, corruption and various phony billing schemes made up about one
third of all cases but more than fifty percent of the dollar losses, for an average of $250,000. This type of
fraud was shown to pose the greatest overall risk on a global basis.
Many cases will never be detected, and of those that are discovered, the actual amount of the losses may
never be known or reported. Almost half of the victim organizations do not recover any of their losses. In
cases that are referred to law enforcement, 55% of the offenders plead guilty, 19% of prosecutions are
declined, and 16% are convicted at trial.
Most who engage in fraud are first time offenders within the criminal justice system. The vast majority
(87%) have never been charged or convicted of a fraud related offense, and almost the same percentage
(84%) have never been punished or terminated by an employer for fraudulent conduct. Only five percent
had prior offenses or had been charged but not convicted;
Two-thirds of the crimes are committed by men 31 to 60 years old. The highest concentration is between
the ages of 36 and 45;
More than 75% of frauds occur in six departments: accounting, operations, sales, executive upper
management, customer service, and purchasing;
The more authority an employee has, the larger the losses will be, with a median value by
owner/executives of $573,000;
The longevity of employment is related to the amount of losses. This is because the longer a person is
employed the more he or she is trusted and is subjected to less scrutiny; and they have a better
understanding of the system. Consider Bernard Madoff and the number of years he was able to defraud
investors;
Employees who commit fraud during their first year (fewer than 6%) will cause an average of $25,000 in
losses. Almost half the losses (42%) are caused by employees who have worked from one to five years.
Those that worked for the company more than ten years caused a median loss of $229,000;
In 81% of cases, fraudsters displayed one or more behavioral red flags associated with fraud that are not
associated with normal audit controls;
College educated employees are most likely to steal, while those with high school are second, and those
with either graduate degrees or some college were least likely to turn into criminals.
Behavioral red flags
Most crimes committed by employees and outsiders colluding with them are usually based upon financial
pressure. If you are an employer, you should watch out for the following indicators of possible trouble.
Such red flags are usually not identified by traditional controls, so they require vigilance and correlation
with different factors. I have noted the approximate percentage of occurrence for the top four indicators.
Wheeler-dealer attitude
Addiction problems
In the next article I will describe one of the most successful and cost-effective method to combat
occupational fraud, and provide a list of the most recognized controls that should be implemented by any
company or entity to protect its employees and assets from theft, diversion, and other criminal activities.