Marc Weber Tobias, Contributor

I am an investigative attorney and physical security specialist.

12/30/2012 @ 10:54AM

A Snitch In Time Can Save Employers a Lot of Money

In my article last week I noted that theft, corruption, embezzlement, and related occupational frauds are
rampant in American business and account for billions of dollars annually in losses. On a global basis, the
estimate is an astounding 3.5 trillion dollars. Statistically, internal theft and other schemes carried out by
trusted employees are the source of the problem. At the end of this article I list several recognized security
and accounting controls that should be implemented within any commercial, government or other entity to
prevent, deter and detect abuse. As noted in theACFE Report to the Nations, implementation of one or
more of these controls can significantly reduce exposure to losses from insiders.
In criminal investigations conducted by law enforcement, especially those that involve non-violent white
collar crimes, the vast majority of case solutions come from information provided by informants, rather
than by sophisticated forensics as are portrayed on television. The best and most effective investigative
tool is the development of confidential informants who have specific knowledge of criminal activity and are
willing to reveal it.
The same rules apply in the workplace when there are losses caused by thieving employees, supervisors or
even owners or management. The most effective way to prevent or detect and minimize the impact of
theft, fraud and corruption is to implement a program that allows the reporting of suspicious conduct to
the proper management, security and accounting divisions. An educational program, coupled with an
anonymous reporting system that promotes such vigilance and reporting by employees can substantially
reduce losses from occupational fraud.
In about 1970 I met FBI Special Agent Brockman C. Self. Throughout the years we have remained colleagues
and worked investigations together. I taught Brock how to pick locks, and he taught me some of his skills in
tracking people and information. Brock was one of the best fugitive hunters in the Bureau, and an expert in
bank fraud and embezzlement investigations.
When he transferred to Lakeland, Fla. to become the senior Resident Agent of the FBI office out of the
Tampa Division he had his hands full, as there was no scarcity of either fugitives or thieves in that state.
After almost thirty years Brock retired from the Bureau and began his civilian career as an investigator.

Retired FBI Special Agent Brock Self processes anonymous tips through his company, Redline Solution, in order
to alert his clients about internal theft, fraud, waste and abuse. Information that meets certain thresholds will
trigger an investigation, often by other retired agents.

About five years ago Brock decided there was a need for employers to have the capability of soliciting
anonymous tips from honest employees about criminal activity within their companies. He developed a
program similar to Crime Stoppers that would allow companies to contract with his business, Redline
Solution, to obtain confidential information from anyone and be paid for that information totally
anonymously and without any personal identification that could later be discovered by either the company
or law enforcement or in civil lawsuits.
From his bank fraud work in the Bureau, Self understood that audits conducted by the Office of the
Controller of the Currency (OCC) and other agencies and companies rarely discovered criminal activity. In
fact, the ACFE report stated that only about 3% of frauds were uncovered through routine audits. He knew
that external audits should never be relied upon as the way to detect the activity of thieves. While audits
may be a deterrent, they have very limited value in detection.
Criminal activity is discovered in a variety of ways, including tips, internal audits, by account reconciliation,
or by document examination. Sometimes the police notify management because of other criminal cases
they are working, or by surveillance activities. Often major thefts and frauds are discovered by accident,
especially when employees take vacations and thus cannot control access to information that would reveal
crimes they have committed.
In one case that my partner and I worked many years ago at a regional bank, this premise was illustrated
when an elderly depositor called the bank to report an apparent accounting error of about twenty dollars in
interest in her IRS 1099 for her two Certificates of Deposit. When she told customer service of the issue
they could not find any record of the two CDs in the computer system.
The bank officer/thief who handled her account was an eighteen year trusted employee. She had about
1500 loyal customers to whom she had sold and maintained their deposit accounts. The only reason the
bank became alerted was that our bank officer was on a two-week vacation, so someone else took the call.
When we investigated and polygraphed the employee, we determined (and got her to confess) that the
scheme had been occurring for eight years, with a total loss of about $800,000. The bank would never have
discovered this scheme if the thief had handled the call, notwithstanding routine audits by the OCC and
other examiners throughout the years. The President of the bank was former Treasury agent who had
implemented many controls within his institution. The problem was that the bank never considered the

idea that documents like certificates of deposit could be generated on a LaserJet printer without their
knowledge. Our thief was kiting CDs in a very effective scheme.
Surveillance hardware as an investigative tool
While audio, video, and GPS hardware can sometimes be helpful in the detection and investigation of
criminal conduct within any business entity, they are rarely as effective as first-hand reporting of illegal
activity. Most anti-theft prevention systems like cameras generally result in a very low percentage
of discovered crimes. They are more effective once a company has been alerted to a problem and are in
the evidence-gathering phase of an investigation.
I have written about one of the leading companies in the United States, Brickhouse Security, which supplies
surveillance hardware and technology to big companies and law enforcement agencies for monitoring
employees, tracking assets, and locating employees using their cell phones and other wireless
devices. Another company, Axis is internationally recognized as a leader in networked cameras and realtime monitoring of events to document and prevent criminal activity. All of these tools should be
considered in an overall security and prevention program in conjunction with a tip line.
Redline Solution and Brickhouse have agreed to offer some form of purchase credit if an employee were to
use covert video equipment to document employee criminal activity and then uploaded video to Redline or
Brickhouse Security that proves valuable in an investigation. Video documentation of criminal activity is one
of the best forms of evidence and can shortcut lengthily investigations and associated costs.
Tip lines and anonymous reporting systems
Theft prevention through tip lines can be likened to off-site computer backup; nobody ever wants to spend
the money on such systems until there is a serious problem, then it is an open checkbook. Tip lines are
good insurance against internal fraud. These systems promote employees watching each other, to the
benefit of the employer. Redline offers a letter to employees to announce the program, and also
uses videos and signage, as well as wallet cards for contact information.
The Redline program was somewhat tricky to set up because of potential legal issues that involve the
transfer of money to a person that does not have to show ID, tax reporting of revenue, verification of the
information, assessment of that information and what it is worth, and follow-up investigation when
warranted. There were also issues of confidentiality and how to ultimately protect the identity of the
person contacting the call center and to protect that information from a subpoena to testify or criminal
investigation process.
Legislation in 2002 was designed to encourage whistle-blowers to come forward to report fraud after
the Enron debacle.
Sarbanes-Oxley was enacted to protect investors, not the regulated company. Thus, the Act does not
protect informants identity because in Sarbanes-Oxley the whistle-blower must give his name and agree to
testify. Under those conditions, informants can apply to OSHA for compensation. SOX only applies to
accounting fraud, not other crimes, and other forms of misconduct are not covered. So employers need to
set up their own reporting system or contract with vendors like Redline, whether they are covered under
Sarbanes-Oxley or not.

The challenge for Redline was to protect individual sources of information as their primary mission. Redline
now offers a service to many corporate clients in diverse sectors that have recovered or saved significant
dollars in actual or potential losses from criminal activity within their operations.
The company offers a service to take and process anonymous tips for clients. Each caller is assigned a
unique ID which can be used to receive a reward from Western Union, should the corporate client
determine that the information has value. Brock will document the information and if warranted, fully brief
investigators for follow-up. If payment is subsequently authorized by the client, the informant can be paid
in cash with no identification required. Additionally, the call center strips all caller-ID data so no
information as to the originating individual can be captured or recorded.
Redline has been involved in many interesting flavors of theft and fraud cases for its clients, including theft
of metals from copper mines, rerouting of containers of computers by switching address labels at a FedEx
warehouse, falsification of invoices to cover fictitious payments, and an infinite variety of schemes to
defraud its clients. The relevant issue in all of these cases is that the clients would likely never have
discovered their losses without someone reporting these occurrences.
If you are an entity with assets that can potentially be diverted, stolen, converted to personal use, or
employees that can be corrupted, then you should consider the initiation of a confidential reporting system
that provides a method for honest employees to report waste, fraud, and abuse. And it is not just
employees who use Redline and other systems. It is customers, vendors, competitors, shareholders, and
other interested individuals.
Virtually any entity that implements a tip line (either by telephone or web-portal) and commensurate
training program will see lower losses and shorter detection times to stop the losses and catch the
perpetrators.
Critical characteristics and goals of any reporting system must include the following:

Assess potential schemes that pose the greatest risk to the entity;

Focus on the most effective controls;

Reporting mechanism, such as a hotline, for tips and information from both internal and external sources;

The reporting system must maintain the anonymity of the person making the report;

There must be an employee education program which encourages reporting;

There must be fraud awareness education so that employees understand what constitutes improper,
unethical, or illegal activity, and how fraud can affect the organization and its employees;

Management must encourage a policy of zero-tolerance for fraud and criminal activity;

Management must understand that the initial detection of a fraud scheme is critical, and that important
decisions must be made as to how to proceed, once discovered. This will affect the gathering and securing
of evidence as well as investigative strategies and actions most likely to limit losses.
Impact of tip lines
Organizations that use hotlines for reporting will limit their exposure to losses and reduce the detection
time to stop the bleeding, which for businesses is the most important motivation. As a point of interest, tip

lines were most effective for crimes involving assets, corruption, and financial statement frauds. According
to the ACFE, fewer than ten percent of victim organizations offered rewards for reporting suspicious
activity. It is clear that organizations must take a proactive approach to fraud and may not be aware of the
options available with regard to anonymous reporting systems.
Fraud controls
In their report, the ACFE recommends several anti-fraud measures for organizations in order to prevent
fraud from occurring, and to test the effectiveness of internal programs. Often, there are lapses or
weaknesses in controls that contribute to fraud. These include a failure to report crimes to law
enforcement for fear of bad publicity. Companies often mistakenly believe that internal discipline will be
sufficient to deal with the problem.
The following controls, at a minimum, should be implemented:

On-going anti-fraud training for all employees;

Provide for an effective fraud reporting system in which the employees can believe that confidentiality will
be maintained without any fear of reprisal, and that activity will be promptly investigated;

Provide an aggressive and proactive program to offer a perception of detection for employees so they
believe that fraudulent conduct will be aggressively investigated;

Establish an ethical climate and tone of honesty and integrity, beginning with owners and management;

Maintain proactive fraud assessments to mitigate vulnerabilities;

Insure strong anti-fraud controls in place, including physical safeguards, job rotations, mandatory vacations,
and checks and balances;

Provide adequate resources and independence for internal audit departments;

Implement proper hiring policy including background checks and vetting of employees;

Provide employee support programs to deal with addiction, mental, emotional health, family, and financial
problems;

Insure open communications policies to allow employees to speak freely about pressures in the business
environment and workplace;

Conduct anonymous surveys and audits to determine employee morale.

Brock Self often quotes Frank Abagnale, the youthful check forgery master in the movie Catch me if you
can, who so aptly believes that because punishment for fraud and recovery of stolen funds are so rare,
prevention is the only viable course of action.
Every employer should implement some form of reporting mechanism to provide a confidential
communications link for its workers to report misconduct and criminal activity. And every employee should
understand thatjob security is affected by profitability. Thieves and fraudsters can impact and destroy
profitability, which can ultimately result in loss of employment for honest workers. It is in their best interest
to be fully engaged in a program of reporting so each employee becomes an independent auditor within
the business.

How Do You Spot The Thief Inside Your Company?

12/21/2012 @ 9:48AM
The vast majority of annual losses that result from criminal activity in business and government entities are
not caused by shoplifters or burglars in the United States. It is employee-thieves cloaked in many forms
who commit their crimes, which are often discovered long after their various schemes begin.
Their many schemes are identified as occupational fraud in theReport to the Nations, produced every two
years since 1996 by theAssociation of Certified Fraud Examiners, or ACFE. The current report is based upon
an analysis of 1388 cases that were investigated and documented by Certified Fraud Examiners in more
than 100 countries on six continents. It provides a detailed look at the prevalence and culture of business
thieves in categories such as misappropriation and theft of assets and cash, skimming, payroll fraud,
financial statements and reporting schemes, conversion of assets, and corruption and misuse of influence.
Based upon the Gross World Product, the ACFE estimates that global losses from fraud may be $3.5
trillion. In my career in both the public and private sectors, my colleagues and I have been involved in
thousands of criminal and civil investigations involving thieving employees, vendors, contractors and
suppliers. Weve caught perpetrators trying to steal, defraud, and convert assets that included anything
from cash to precious metals, and trade secrets and intellectual property. No entity is exempt and, in our
world, just about everyone can be engaged in some form of fraudulent activity and theft, be it office
supplies, time, gasoline, telephone calls, cash, assets, food, liquor, pictures hanging on the wall, bed sheets,
dishes, narcotics, credit cards, checks, information, and whatever else is available for the taking or
diversion. They pad time sheets and expense reports, submit false medical claims, forge mortgage
documents, submit phony bills to clients and customers, and anything else that can be imagined.
Our rule and mantra: If it can be stolen, it will be, and often.
No one is exempt. We have worked cases in businesses, retail stores, banks, factories, hospitals, clinics,
nursing homes, cruise ships, copper mines, construction sites, car dealerships, restaurants, bars, casinos
and literally hundreds of other venues. Any entity can and has been a target, even law enforcement
agencies and jails and prisons, where inmates, correctional officers, teachers and senior staff have been
caught in a variety of schemes to steal, corrupt, defraud, extort and improperly obtain or divert assets and
use their influence for personal gain.
It is a multi-faceted problem but is rooted in two simple premises: everyone wants things they may not be
able to afford (although that is often not the prime motivation for stealing) or they have a financial crisis
that drives them to steal.
The message for every reader: any entity can be the subject of losses.Sometimes you may not even know it
for many months, years, or ever, with the average scheme taking eighteen months to discover.Companies,
governments, and other entities must understand how to mitigate or reduce losses from a multitude of
criminal schemes designed to siphon assets, in many forms, which ultimately destroy many
enterprises. The best protection against fraud is to prevent it before it can occur. If your entity or
enterprise is operating without the proper controls and anti-fraud programs in place then you likely have
been, are, or will be a victim. There are fraudsters everywhere and they are often destroying productivity,

profitability, morale, and ultimately many businesses. They are able to get away with their crimes because
the operation of almost all business is based upon trusting employees with resources and responsibility.
This was going to be a simple article on the best way to alert companies about occupational fraud and their
employees, and then describe one solution. After reviewing many investigations, discussing this with my
colleagues, and examining the latest ACFE report, I decided that this article should profile the company
thief and the companies that are most at risk, and then talk about one of the most effective means to stop
people we work with from engaging in illegal activities in the workplace. So in this article I will look at who
and what the looters are, and in the follow-up I will describe the work of a retired FBI Special Agent whom I
first met forty years ago in Omaha when I was in law school.
The businesses or entities most at risk
The businesses most at risk to internal fraud and theft, in the order of losses from highest to lowest, are
banking and financial services, government, and public administration, and the manufacturing
sectors. Small employers (fewer than 100 workers) are more commonly victimized than larger companies
because they usually cannot afford strong anti-fraud measures. Theyre also often not in a financial position
to absorb losses and less likely to recover either what was stolen or, in some cases, keep their business
going as a viable entity.
The implementation of anti-fraud control measures is highly correlative with significant decreases in the
cost and duration of occupational fraud. While these controls cost money, not to implement them usually
costs a lot more in terms of dollars, business reputation, litigation, and other costs. Those organizations
that had implemented any of these controls had fewer losses and detection time than those entities that
did not put such safeguards in place.
Some sobering statistics about losses
Businesses, on a global basis, experience losses of about 5% a year from schemes executed by and with
employees. The median loss was about $400,000, and in one-fifth of businesses that were surveyed in the
ACFE study, the loss was at least $1,000,000. In the least costly forms of fraud, the cost to business was
about $120,000.
In about 87% of the cases the appropriation of assets was the leading cause of losses. While financial
statement fraud accounted for only about eight percent of all cases, it had the highest median loss of about
$1,000,000 for each occurrence. Finally, corruption and various phony billing schemes made up about one
third of all cases but more than fifty percent of the dollar losses, for an average of $250,000. This type of
fraud was shown to pose the greatest overall risk on a global basis.
Many cases will never be detected, and of those that are discovered, the actual amount of the losses may
never be known or reported. Almost half of the victim organizations do not recover any of their losses. In
cases that are referred to law enforcement, 55% of the offenders plead guilty, 19% of prosecutions are
declined, and 16% are convicted at trial.

A profile of the thieves within the workforce

The ACFE report analyzed a number of parameters to identify who he or she is: education, criminal history,
employment history, job description, administrative level and responsibilities, gender, lifestyles, and other
factors that tell the story. In my world I have found that long-term employees are the most suspect because
of their knowledge of the inner workings of the entity and understanding of the controls that they must
circumvent.
Identification of those engaging in criminal activity in business can be difficult and most often is not
discovered in audits. In fact, only about three percent of business crimes are identified in this way because
of the variety of schemes, lack of controls, and cleverness of the perpetrators. The best case in point
involved an investigation that my colleague, retired FBI Special Agent Wayne Barnes conducted for a cruiseship line several years ago that was owned by one of the largest ship conglomerates in the world. Barnes,
who worked major fraud cases and counterintelligence investigations, was the FBI Agent who was
ultimately responsible for identifying Robert Hanssen, one of the Bureaus senior counterintelligence
operatives who became a double-agent for the Russians and is now spending the rest of his life in federal
prison.
Money was missing but the cruise line had no idea how, where, how much, and for how long; all they knew
was that they were missing significant funds. It was a real mystery because cruise lines do not deal in cash
on board except in the casino which was tightly controlled and all revenues accounted for. Somehow cash
was disappearing from the cruise line.
After a detailed inquiry by investigators and accountants on several ships simultaneously, Barnes identified
the scheme and one of the ring leaders, who ultimately confessed that multiple paymasters on different
ships were working together to pay employees that were on shore leave and not even working. They
coordinated payments across many ships so nothing would appear unusual or out of place so as not to be
picked up by an audit. The employee admitted that the scheme had been going on for many years and the
total for the fraud, according to investigators, could have reached $60 million.
During all of that time, neither the cruise line nor their parent company had any clue and evidently no
suitable controls in place to detect the sophisticated scam. The losses were never even reported to the
parent company. The case illustrates the necessity of implementing various industry-recognized security
and accounting controls and the fact that routine audits will generally not discover such fraud schemes.
A profile of a perpetrator
Employees become criminals for a variety of reasons but most relate to financial or other crises in their
lives. While a few employees take jobs in order to commit crimes, it is not the norm other than in organized
crime. Workers are able to become thieves and engage in frauds as a result of four primary conditions: lack
of controls (35% of cases in large businesses and 45% in small businesses), the ability to override existing
controls, a lack of high-level review, and a poor ethical tone being set for the operation of the business
from owners and management.
As a rule, occupational fraud is carried on by men and women who fit into the following profile:

Most who engage in fraud are first time offenders within the criminal justice system. The vast majority
(87%) have never been charged or convicted of a fraud related offense, and almost the same percentage
(84%) have never been punished or terminated by an employer for fraudulent conduct. Only five percent
had prior offenses or had been charged but not convicted;

Two-thirds of the crimes are committed by men 31 to 60 years old. The highest concentration is between
the ages of 36 and 45;

More than 75% of frauds occur in six departments: accounting, operations, sales, executive upper
management, customer service, and purchasing;

The more authority an employee has, the larger the losses will be, with a median value by
owner/executives of $573,000;

Losses caused by managers averaged $180,000 and by employees, $60,000;

The longevity of employment is related to the amount of losses. This is because the longer a person is
employed the more he or she is trusted and is subjected to less scrutiny; and they have a better
understanding of the system. Consider Bernard Madoff and the number of years he was able to defraud
investors;

Employees who commit fraud during their first year (fewer than 6%) will cause an average of $25,000 in
losses. Almost half the losses (42%) are caused by employees who have worked from one to five years.
Those that worked for the company more than ten years caused a median loss of $229,000;

In 81% of cases, fraudsters displayed one or more behavioral red flags associated with fraud that are not
associated with normal audit controls;

College educated employees are most likely to steal, while those with high school are second, and those
with either graduate degrees or some college were least likely to turn into criminals.
Behavioral red flags
Most crimes committed by employees and outsiders colluding with them are usually based upon financial
pressure. If you are an employer, you should watch out for the following indicators of possible trouble.
Such red flags are usually not identified by traditional controls, so they require vigilance and correlation
with different factors. I have noted the approximate percentage of occurrence for the top four indicators.

Living beyond means 36%

Financial difficulties 27%

Unusually close association with vendors or customers 19%

Control issues, unwilling to share duties 18%

Divorce, family problems

Wheeler-dealer attitude

Irritability, suspiciousness or defensiveness

Addiction problems

Past employment-related problems

Complained about inadequate pay

Refusal to take vacations

Past legal problems

Complained about lack of authority

Excessive family peer pressure for success

Instability in life circumstances

Excessive pressure from within organization

In the next article I will describe one of the most successful and cost-effective method to combat
occupational fraud, and provide a list of the most recognized controls that should be implemented by any
company or entity to protect its employees and assets from theft, diversion, and other criminal activities.