Back to Fraud Information Articles
© March/April 2006
Association of Certified Fraud Examiners
Analyze this and that
FraudBasics: Critical Analytic Techniques
From the March/April issue of
Fraud Magazine
B
y
M
a
r
il
y
n
B
.
P
e
t
e
r
s
o
n
,
C
F
E
,
C
C
A
,
A
C
F
E
F
e
ll
o
w
A
s fraudsters become more proficient, CFEs must be able to use equally sophisticated fraud examination skills. Here's
how you can stay on top of your game with criminal analytic techniques.
A young man, who was living with his parents, was cashing legitimate checks for more than $100,000 through a retail
check-cashing company. Criminal analysts reviewing Currency Transaction Reports spotted the checks and investigators
opened a case. Within 90 days, the suspect had pled guilty to investment fraud and first-degree money laundering and
then provided information that led to others receiving similar charges. He was encouraging people to invest in a nonexistent venture. Without the use of analysts, the fraud wouldn't have been found and quickly completed, and many
other investors would have lost their savings.
Fraud examination is a challenging endeavor. Fraudsters use advanced technology and methodologies for planning and
committing sophisticated frauds. Your efforts must be more sophisticated just to match their pace. Therefore, more fraud
examiners are employing analytic techniques to help solve complex cases.
Criminal analytic techniques began developing in the 1970s when the California Department of Justice contracted a
private firm to develop analytic training in conjunction with the development of organized crime and criminal intelligence
units within law enforcement. By the 1980s, it was apparent that crime equals money and analysts were deployed to
fraud, narcotics, money laundering, and corruption units as well. No longer could departments rely solely upon
confidential informants, surveillance, and undercover operations to give them direct evidence of crime; analysts were
needed to trace and show the profits of crime.
Criminal analysis is also taught to private sector analysts, detectives, managers, regulatory professionals, and
prosecuting attorneys. Analytic techniques are an important addition to every fraud examiner's toolbox. Though much of
the material here may be basic, it's often the simplest forgotten procedures that foil a fraud examination.
Financial intelligence units
Over the past decade, financial intelligence units (FIUs) have become part of many bank, credit card, and insurance
company headquarters. Other large companies may use analysts as part of their security divisions, competitive
intelligence sections, or finance departments. But while every firm and company might not have the resources to
organize an FIU or the ability to hire intelligence analysts, all companies and firms can benefit from an analytic approach
to fraud examinations.
An analytic fraud examination approach includes:
1. employing strategic targeting;
2. completing up-front backgrounds on targets;
3. using investigative plans;
4. employing more critical thinking;
5. applying problem-solving methodologies;
6. organizing case data thoroughly;
7. using data analysis techniques; and
8. developing a solid case package for prosecution.
Employing strategic targeting
Strategic targeting involves choosing cases or examinations based on established criteria that allow you to focus your
examination efforts.
You might target cases by monetary thresholds. For example, you might select cases in which the profits of fraud are
known to have exceeded $100,000, $500,000, or $1,000,000. Other organizations target individuals who commit crimes
that have a significant financial impact on those defrauded such as those who prey on elderly victims with fixed incomes.
Some target perpetrators who are in positions of trust such as doctors, lawyers, or bankers. Still others look at the
deterrence value of the examination: will its completion discourage others from committing similar crimes? Some
organizations use combinations of the above and/or other criteria to choose or prioritize their targets. You could construct
a "threat matrix" of targets that would assign a value to each item and choose the target that attains the highest value.
Large organizations might also use data or text mining to choose their examinations. One example would be plumbing
millions of records in a very large database (such as all insurance claims made in the state, or the 180 million plus
records of the database of Currency Transaction Reports, Suspicious Activity Reports, and other Bank Secrecy Act data)
to identify repeat offenders and patterns (for example, same multiple suspicious transactions, similar names, same
companies, or addresses, etc.). After you review those databases and learn the fraud indicators, you can identify,
analyze, and prioritize targets.
An example of this type of targeting was included in an article by Juliana Morehead, J.D., in the July/August 2005 issue of
Fraud Magazine. The article describes an investigation involving Medicaid fraud in California in which criminal analysts
uncovered an important lead. Morehead wrote that the California investigation focused on 16 individuals and 13
corporations and netted the largest sentence ever in a Medicaid fraud conviction - 18 years and eightmonths. Some of
the profits of the crime - a check for more than $100,000 and another for $700,000 - landed in a small New Jersey
variety store, which doubled as a check-cashing business. A fraudulent California MediCal agency wrote these checks to
medical labs in that state and sent them to New Jersey to convert them to cash. Criminal analysts uncovered the New
Jersey piece of the investigation by reviewing thousands of Currency Transaction Reports generated by check-cashing
businesses in the state and following the money back to the crime.
Strategic targeting may also be based on indicators of particular types of fraud that have been developed through
experience. For example, fraud "symptoms" can be divided into six types: (1) accounting anomalies, (2) internal control
weaknesses, (3) analytical anomalies, (4) extravagant lifestyles, (5) unusual behaviors, and (6) complaints (Albrecht and
Albrecht, 2004:84).
Completing up-front backgrounds
Compile as much information as possible on the potential targets to focus your examination and ensure your choice of
targets is viable. Today there are more commercial sources than ever to be tapped such as ChoicePoint, Accurint, LexisNexis, real estate indexes, and others. A simple Google.com search on the Internet can give you information about a
person or business including images, addresses, organizations to which they belong, phone numbers, and other personal
data. Some global Web sites will even translate their content into English. In a recent investigation, people involved in an
insurance fraud case on the East Coast of the United States were found to be registered in Central and South America as
financial brokers and non-bank financial institutions.
You can discover information through regulatory files (such as licensing agencies, Department of Labor, Securities
Exchange Commission, the Financial Crimes Enforcement Network, etc.), judicial filings (civil suits), property (mortgages,
deeds, tax assessments), and vehicle records. The compiled data might give you greater evidence of criminal activity
such as using multiple Social Security numbers or engaging in financial transactions beyond their means.
Using an investigative plan
Investigative plans allow you to organize what you need to know to complete your fraud examination. In their simplest
form they should include the examination's objective, potential sources of information, needed investigative resources,
estimated timeline for completing the work, and the likelihood of success.
Investigative plans are fluid to-do lists that change as the fraud examination evolves. New sources may be uncovered or
prospective sources may be dead-ends. The allocated time may expand or shrink as other demands are placed upon the
fraud examiners. Obviously, they help you organize your resources to get the job done.
The objectives in the investigative plan reflect the purpose of the examination. Is a prosecution likely? Is future
deterrence of crime part of the desired outcome? Investigative plans are developed by analysts, investigators,
prosecutors, or a blend of those individuals. Management's support may be dependent upon the logic and workability of
the plan as well as its likelihood of success. When the plan is written, it should anticipate any pitfalls or problems that
might be encountered (such as difficulties in infiltrating a group or in obtaining records from a distant source) and how
those difficulties might be overcome.
Investigative plans are particularly critical when working with other entities. A plan approved by all those involved can
eliminate costly duplication of efforts and wasted hours of examination.
Employing more critical thinking
During fraud examinations, critical thinking means thoroughly looking at what you know and what you need to know; it
requires you to question your assumptions and preliminary conclusions. It can be used at the initial stages of an
examination through its final presentation. Critical thinking causes us to ask "what's missing?" and then leads us to work
toward filling in the critical gaps in knowledge or preparatory work. It requires that we question the information we have
and the facts of the case in a way that allows us to comprehend the questionable actions and actors more accurately.
When we think critically about what we know and what we don't, we generate questions that might help us explore what
we don't know. These questions also might reflect suppositions of possible changes based on our legal theory of the case.
Here are a few of the standard critical questions.
1. Who had a motive to commit the crime?
2. Who had an opportunity to commit the crime?
3. Who benefited from the crime (financially or otherwise)?
4. How was the crime committed?
5. Where was the crime committed?
6. Were businesses used to commit the crime or to invest its profits?
7. Were nominees used? If so, what was their relationship to the perpetrator(s)?
8. How much are the estimated profits of the crime?
9. Was the crime committed by an individual or a group of individuals?
10. Was the crime planned or opportunistic?
11. What is the modus operandi of the crime?
12. Is the modus operandi one used by known criminals? (If so, who?)
13. Who were the victims of the crime?
14. Where did the victims and perpetrators intersect?
15. Did individuals inside an entity commit the crime?
16. Did the crime involve the use of a computer or a specific type of software?
17. What were the internal controls in place that interfered with the crime?
Applying problem-solving methodologies
A seemingly discrete criminal incident examination may be just the tip of the iceberg of a much larger problem. For
example, one detected error on a financial statement may be an indicator of many other deliberate errors that reflect
financial statement fraud. Likewise, embezzlement at a bank most often reflects an environmental condition that provides
opportunity to criminals (such as a weakness in internal controls). Changing the environment may lessen or eliminate the
crime.
By examining the context of the crime you might determine if it's connected to other criminal activities or environments
and discover an underlying problem rather than respond solely to a symptom - the criminal incident.
For example, an increase in insurance claims due to alleged auto thefts might be the symptom of a problem that may
actually reflect the lack of secure parking at a train station. Focusing on improving secure parking may significantly lessen
the number of auto thefts in the community. Likewise, at the other end of the "supply chain" is a "wholesaler" who's
shipping the cars to other locations or breaking them down for parts to re-sell. Identifying and shutting down the resale
end of the operation would also reduce car thefts because it would leave the thieves without a nearby outlet for their
stolen property.
Organizing case data thoroughly
Obviously, organize all paper and electronic files with indexes so you can later easily extract evidence that could prove
innocence or guilt. Taking inventory of files early in this process will ensure that you'll have time to correct omissions
before possible prosecution and have copies ready for other investigators and prosecutors.
Many entities use Access, in-house, or other proprietary software to organize databases. Design these investigative
databases to accept all critical information that can be easily extracted and sorted for examinations.
Using data analysis techniques
With some training, fraud examiners can develop analytic devices. Vendors often provide one- or two-week analytic
training courses and may allow private-sector examiners and analysts to attend. (Law enforcement agencies sponsor
classes lasting from one to several weeks for their analysts; attendance in these generally is limited to government
employees.) Analytic software companies (such as i2, which sells Analyst's Notebook) also provide training for using their
technology.
Additionally, there are simpler devices that you can create using readily available software and limited training. For
example, an examination of staged accidents could be easily depicted using a map that shows the locations of those
accidents along with the persons involved, dates, and times. This graphic might help uncover patterns to the acts that
could show their fraudulent nature.
You can enter criminal profits into a simple Excel spreadsheet to show how they were placed into a bank account and
trace where they went. Or you might use Excel to create timelines or translate financial information into bar or line
graphs. With the drawing toolbox in Excel or a charting tool like Visio you can produce simple link charts of association,
telephone records, and commodity and event flow. Of course, chart summaries, conclusions, and recommendations
should accompany each graphic.
For example, the chart on this page illustrates the example of Medicaid fraud in Morehead's Fraud Magazine article. It
shows the general scheme used by the fraudsters to gain profits in California and launder them through a check casher in
New Jersey.
Developing case packages for management/prosecution
A case package with solid analysis of the facts and strong visuals can sway managers and prosecutors. A case
presentation package might include:




a graphic that explains the case;
a summary of the case and all the major players;
a listing of the proofs currently held and further needed evidence; and
an inventory of case documents.
The graphics might include a timeline plus charts of association, commodity flow, and event flow created in a visualization
software package.
Power of analysis
An analytic approach to fraud examination is methodical, logical, generates clear products, and provides a wellconstructed package. It allows fraud examiners to use the power of analysis without having the resource of analysts in
their organizations. Simple critical thinking isn't simplistic but can be the impetus for case resolution.
Sources
Albrecht, C. and Albrecht, W.S. (2004). Fraud Examination & Prevention. Thompson.
Morehead, J. (2004). "Medicaid Fraud: An Unhealthy Prescription." Fraud Magazine, 19(4), pp. 20-23, 50-52.
Marilyn B. Peterson, CFE, CCA, ACFE Fellow, recently retired from government after 25 years of service. She's a member of the Board of the
ACFE Foundation and the Fraud Magazine Editorial Review Board. She's now teaching, writing, consulting, and providing expert witness
testimony. Her e-mail address is:
mailto:marilynbp@comcast.net
The Association of Certified Fraud Examiners assumes sole copyright of any article
published in Fraud Magazine. Fraud Magazine follows a policy of exclusive publication.
Permission of the publisher is required before an article can be copied or reproduced.
Requests for reprinting an article in any form must be e-mailed to:
FraudMagazine@ACFE.com.