Credit Union Risk Management… “Is the method of management we use to identify, measure, and control risks that might threaten the international credit union movement, its members, employees, and volunteers!” Presented by: CUNA Mutual Benchmarking Team - 2007 RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Tips for public speaking: • • • • • • • Know your audience wants and interests. Control your topic & promotions It’s not only numbers that count Conference breakout vs. fireside chats? Learn from experience, teach by examples! Set the tone and expectations early… Read chapter IV… RMLearningCenter.com Outline Benefits: • • • • • Features tell and benefits sell… Encourage audience participation, but Control it! Be honest and admit what you don’t know.. Focus on “best practices” it reinforces good behavior and avoids a focus on negatives that only foster defensive attitudes! • Keep it simple and down-to-earth… RMLearningCenter.com UK CU’s are Normal: • They don’t think it will happen to them.. • They’re prone to ½ life and cynical attitudes that ignore reality. • They want to be liked.. • They’re real focus is on family and personal survival.. • They prefer to be heard and not told… RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com The benefits from this session are many! We’ll discuss… Risk Management fundamentals, The status of RM projects in the UK, Fidelity bond risk’ controls recommended for UK credit unions (To safeguard against Burglaries, Robberies, Frauds, Forgeries, Embezzlements, Scams, Plastic Card Fraud, Liability, etc.) The latest criminal “Methods of Operation” (MOs) in the UK, and we’ll update your… RMLearningCenter.com Session Benefits at a Glance – Continued.. We’ll help you update your RM Strategic Action Plans for… Creating controllable crime scenes, Creating defendable zones, Integrating security systems, and Adopting “Crime Prevention Through Environmental Design” principles into your facility management program, and… RMLearningCenter.com Session Benefits at a Glance – Continued.. We’ll help you update your RM Strategic Action Plans for… Developing Best Practices’ RM training for employees, staff and volunteers, Developing public-to-private partnerships with law enforcement, fire fighters, emergency government’ and homeland security’ personnel, and we’ll introduce 2007 Strategic Action Plans for… RMLearningCenter.com Session Benefits at a Glance – Continued.. We’ll introduce 2007 Strategic Action Plans for… Developing a “Credit Union’ Incident Command and Control System” in 2007, Deploying an “Incident Command and Control at the CU Chapter level,” Updating credit union’ housing-in-place and evacuation protocols! And, We’ll discuss any risk that threatens the UK credit union movement! RMLearningCenter.com Session Benefits at a Glance – Continued.. “We’ll use case studies to highlight what the crooks are doing and what we need to do to catch them!” For example… • Is our credit union and chapter ready for the next natural disaster, terrorist attack, or pandemic? • Is our credit union part of any “branch banking” network? • What changes should we have made in your contingency, business continuity, and management succession plans since 9-11-01? RMLearningCenter.com Session Benefits at a Glance – Continued.. “We’ll use case studies to highlight what the crooks are doing and what we need to do to catch them!” For example… • We know crooks are learning to use the internet to recruit and train. Are we? • You’ll learn how to “reverse trace” and authenticate transactions, and how to analyze a written statement or internet scam. • You’ll learn how to manage concentrated risks and exposures to reduce looting, burglaries, robberies, and frauds during and after natural disasters, terrorist attacks, or a pandemic. RMLearningCenter.com Evolution Of RM and CU Movement - continued • • • • 1960s 1970s 1980s 1990s Robbery and burglary Forgery and check fraud Embezzlement and disasters Violence in the workplace » Armed robbery, bomb threats and disasters • 2000 Electronic commerce • 2001 – 2003 Violence in The Workplace! – Bomb Threats & Extortion – Terrorism, Anthrax Scares, Threat of Biological Warfare – Internet Fraud, Scams, Money Laundering and – “Criminal Integration” RMLearningCenter.com “After 9-11-01 there was a quantum shift from proactively management risks to proactive planning to respond to any large scale community or country crisis!” Rich Woldt • September 11, 2001 … Terrorists attack the World Trade Center in New York City, NY USA! • 2005… The world is racked with tsunamis, hurricanes, earthquakes, tornados, bombings, and daily threats of future terrorist attacks. • Emergency governments around the world adopted the Incident Command and Control System (ICS) as a response standard and NIMS to standardize response terminology. RMLearningCenter.com “After 9-11-01 there was a quantum shift from proactively management risks to proactive planning to respond to any large scale community or country crisis!” Rich Woldt • Emergency governments around the world adopted the Incident Command and Control System (ICS) as a response standard and the National Incident Management System to standardize response terminology. RMLearningCenter.com “After 9-11-00 there was a quantum shift from proactively management risks to proactive planning to respond to any large scale community or country crisis!” Rich Woldt • From all levels of government the order goes out to form effective first responder “Public – to – Private” partnerships. Critical industries are asked to set response protocols based on: – – – – A 72 hours stand-alone performance standard, Required housing-in-place performance standards, Required upgrade in high-rise evacuation standards, Demonstrated active community involvement in contingency planning with a focus on responding during a natural disaster, terrorist att RMLearningCenter.com This is a “what if” exercise: • We use “what ifs” much like we use “worst case scenarios” and “reverse RM logic” • So if… RMLearningCenter.com This is a “what if” exercise: We know the losses credit unions and the insurance industry experienced during Katrina, what if: • All credit unions and members were identified by their zip or postal code? • All victims had the following info stream on the left fore arm: (Zip code, name, age, medical disability, physical disability, destination land line number, personal cell phone #? RMLearningCenter.com This is a “what if” exercise - continued • All CUNA Mutual bond/insurance files could be sorted by zip/postal code? • All CUNA Mutual employees could be sorted by zip/postal code? • All credit unions and CU chapters could be sorted by zip/postal code? • All CU members could be sorted by zip/postal code? RMLearningCenter.com Could we not than better… • Identify our bonded and insured exposures in harms way? • Measure our potential claims based on exposure concentrations? • Assemble and position response assets to include CUNA Mutual first responders? • Track and indemnify victims, thereby reducing loss adjustment expenses (LAE) and CU extra expense? RMLearningCenter.com Could we not than better… • Customize RM workshops, presentations, onsite analysis, etc. to regional and local area risks s RMLearningCenter.com Let’s begin with… A Review of RM Fundamentals! RMLearningCenter.com Risk Management fundamentals: Please define and explain the following: • • • • • The three RM steps? The two types of risk? The five RM controls? The two ways you measure risk? At least three “tools of transfer? RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Risk Management “A Method Of Management” “Our 2007’ goal is to speed up the process!” 1. Identify Currency & cash items 2. Measure Frequency & severity 3. Control RMLearningCenter.com Two Types of Risks Pure Risks - only loss, never a gain • • • • Robbery & burglary Embezzlement Other forms of dishonesty Fire and disasters Speculative Risks – You hope to gain, but you can suffer a loss • New products, programs, services and laws RMLearningCenter.com 5 Risk Controls “Use them in the following order!” • • • • • Avoid Reduce Spread Assume and Effectively Transfer to Someone Else – Insurance, Bonds, Hold Harmless Agreements RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: – Underwriter Laboratory’s (UL) “burglary resistant” ratings and/or European equivalents, – UL “fire resistant labels and/or equivalents, and – How to rate an unlabeled container! RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com The Evolution of Security Technology: Underwriter Laboratories Ratings – A Testing Standard Insurance Services Office ISO & The American Society of Industrial Security write “Construction Standards” It’s Burglary “Resistant” NOT Burglary “Proof!” • Money safes – – – – – – TL-15 & “E” TL-30 TR-30 TRTL-30 TRTL-15x6 TRTL-30x6 • Currency vaults – – – – – – 5R 6R 10R Type I, II, III Modular Class I, II, III RMLearningCenter.com The Evolution of Security Technology: Underwriter Laboratories Ratings – A Testing Standard Insurance Services Office ISO & The American Society of Industrial Security write “Construction Standards” It’s fire “Resistant” NOT fire “Proof!” UL Record Safes UL Records Vaults Class A, B, C, D 350 1-2-4 hour 150 1-2-4 hour 125 1-2-4 hour 2 hour 4 hour 6 hour • Doors should equal the fire resistance walls, ceiling & floor! RMLearningCenter.com The Evolution of Security Technology: Automated Teller Machines “A Story of Evolution from the 1920s” • Night Deposit Boxes – Fish and trap resistant chute – Dual locking container • ATMs & High Velocity Cash Dispensers – Business hour – 24 hour level #1 – 24 hour level #2 RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Door, lock, window, hinge-pin, security, Object, perimeter, and area alarm security, Internal and external alarm line security, and On-demand, CCTV, and digital surveillance systems! Discuss installation, testing, and maintenance standards for each of the above: RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Embezzlement and “internal dishonesty,” Scams and “external fraud,” Fictitious & unauthorized loans, Separation of duties, Reverse Tracing, Transaction authentication, Positive account verification, PIN & PAN controls RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Dual-control procedures, Dual access controls, Key codes, Statement analysis Chip & Pin technology CVV & CVC CVV & CVC #2 Controlled Member Account Verification RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Cash flow analysis, Disaster recovery, vs. Contingency planning, vs. Continuity Management, vs. Event Management, Kiting, Lapping and withholding deposits, Cash letters & holders in due course, Mysterious disappearance, Spot-check verifications, etc… RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Phishing, PHarming, Skimming & refreshing, Identity Theft, How to do a back-ground investigation, How to use the internet to do RM research, How to do a credit check, How to trace transactions back to source documents! RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: A contract of “good faith,” Deductibles, Actual cash value, Replacement costs, Extra expense, Negotiable security, Barer instrument, Exclusions and endorsements, RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: The three most important points to make when writing an RMA report, How to defend cash item storage recommendations, How to submit a “memo to file” or “incident report,” How to locate physical address for fire department and how to make emergency call, RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: The difference between a fire and a bomb threat evacuation, How to respond to an earthquake, tornado, anthrax scare, and bomb threat, How to handle an embezzlement suspect, and How to take command and control of any life threatening incident! RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Duties of an “Underwriter,” Duties of a “Claims Adjuster,” Duties of an “Actuary,” Duties of an “Account Representative,” What do all the above have in common? Hint; They are all Risk M-------s! RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Typical Bond Experience Forgery 12% Faith. Perf. 21% Robbery, Burglary, Theft, Fraud 20% Employee Dishonesty 45% RMLearningCenter.com Miscellaneous 2% Typical Bond Experience Robbery, Burglary, Theft, Fraud 40% Misc. 5% Employee Dishonesty 13% Forgery 39% RMLearningCenter.com Faithful Performance 3% Profile of the Credit Union Embezzler Suspicious life style Can’t leave or relinquish control Tale wags the dog Overly religious Easily excited Works late and alone RMLearningCenter.com Profile of the Credit Union Embezzler Full of Rationale & Justifications I’m only borrowing, Others are doing it, I’m underpaid and overworked, That’s all I did, I’ll never do it again, Always has a need & looks for an opportunity. Knows he can escape or blame others. You didn’t tell me I was doing wrong, Has a “character disorder.” RMLearningCenter.com Profile of the Credit Union Embezzler Character disorder? We all have them, Can’t tell right from wrong, Seldom admit they’re a thief. • Who can your trust? Grandma – grew her CU with bogus accounts Reverend - sold CDs to family and farmers, Uncle - stole member’s money, home and wife – “The dismembered member” Are you guarding your inactive and dormant accounts? RMLearningCenter.com Embezzlers are all On A Path Prison! Most starts small Open cash drawer Common funds Withhold currency Lap deposits Kit using multiple accounts Manipulate family member accounts RMLearningCenter.com Embezzlers are all On A Path Prison! Use dormant & inactive accounts Transfer funds to accounts they control Use expense accounts Hide funds in GL clearing accounts Collection department fraud Most find their way to your loan files Unauthorized loans Fictitious loans RMLearningCenter.com Internal Controls “Cash handling procedures” • Audit trails – Dual verification – Signed receipts, computer entries, etc. – Pre numbered cash receipt vouchers • Individually “locked” containers • Combination and key controls • Spare key controls RMLearningCenter.com Internal Controls “Safeguard Your Reputation” • Dual controls – Night depository – Lost and found – Smart safes & combinations • Rotate and separate duties • Require extended vacations • Never post to your own account! RMLearningCenter.com Internal Controls “Safeguard Your Reputation” Passwords No one but you should know or have access to your passwords! Change it every 90 days! Train all Staff first day on the job! Supervisory override controls! Use and audit override printouts! RMLearningCenter.com Forgery – Frauds – Scams & Your “run of the mill con-artist!” Forgery controls when “face to face” Beware of bogus ID Require signed, pictured ID and verify details Teach signature verification procedures Fraud controls over landlines and Cell Phones Caller ID systems Ask open ended questions Call back procedures Fax security procedures Good luck Call Backs RMLearningCenter.com Plastic Cards Fraud controls and technology • Card mailing procedures • Card Activation programs • PIN & PAN controls with member education “Personal identification number and personal account number” • CVV & CVC “set to decline” – Visa’s Card Verification Value (CVV) – M/C’s Card Validation Code (CVC) • All on-board - “neural networks” RMLearningCenter.com Audit Controls “These should be Required” • Supervisory Committee – Surprise cash counts – 100% Member account verifications – New account verifications • Board of Directors – Rotation & separation of duties – Cross training to catch a thief – Independent auditors report to the Board – Fraud policy – Use it – Review it – Sign it RMLearningCenter.com The Fraud Policy Honesty & Accountability • • • • • • • • Sets tone from the top, Provides meeting of the minds, Defines what’s not permitted, Gives grounds for discipline or dismissal, Saves legal costs, Protects reputations, Review it, update it and Sign it annually! RMLearningCenter.com To Catch a Thief! “These Should Be Required” • Credit Committee – Separation of duties – Loan officer minute controls – New loan verification procedures • Loan Audits – Finger audits – Collection audits RMLearningCenter.com Fidelity Self Analysis “It’s Purpose and Evolution” • • • • • • • • Deters and detects embezzlers. Start with canceled checks. Follow transactions back to source documents. Use forgery detection skills. Leads to a more detailed audits. Driven by logic and fraud indicators. Focus on quickly finding fraud indicators Have written action plans in case you find fraud! RMLearningCenter.com Your Crime Fighter’ Goal? “Hold People Accountable for Their Actions” • Audit and Internal Controls protect -* Strong employees from fraud opportunities, * Weak employees from temptation, & * Innocent employees from suspicion! RMLearningCenter.com How Do You Handle Suspects? “With Care and Compassion” Never call them a crook! Notify Supervisory Committee! Focus on the facts! Consult authorities on how to proceed! Notify Bonding Company! Dealing with suspects: When, where and how! RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Everyone wants your money! Common scams to get it: Phishing Plastic Card o Credit & debit cards o ATM cards Lotteries & Sweepstakes Internet Auctions / e-Bay Telemarketing Nigerian 4-1-9 Scams RMLearningCenter.com Phishing IT slang .. But it really does mean fishing for information. Account numbers at banks and credit unions Social security numbers Credit card account and security numbers Passwords Personal information; i.e. birthdates, parent’s names, affiliations, etc. “Spam” or pop-up messages & hyperlinks Appears to be from a legitimate business, online service or government agency. Links to genuine websites with legitimate pages; such as privacy policies or product information. 85% of all email sent is SPAM – subsequently receive endless repetition of worthless text or pop-ups. RMLearningCenter.com Phishing What to look for - How to protect yourself - Email Methods Steps to protection Deceptive subject lines Forged sender’s address Genuine looking content Disguised hyperlinks NEVER Web Site Methods Genuine looking content URL appears genuine Collection of information & use of forms Incorrect URL (not disguised) Pop up windows Trojans / worms / spyware provide ANY financial or personal information NEVER click on hyperlinks with emails Use Anti-virus software Keep software updated (automatic upgrades) Don’t open ‘strange’ email Look for “https” and padlock on the site Clean up Spyware & Adware Learn about Internet fraud Check you credit report Ask for help RMLearningCenter.com Phishing Phishing Spoofed Legitimate e-Mail fraudulent website website https://www.empirefcu.org/home/html http://218.4.205.85/manual/empirefcuindex.htm https://www.empirefcu.org RMLearningCenter.com Do NOT give anyone your CARD Number Plastic Cards or 3-digit Security (CVV2) Code Credit ATM cards & debit cards CVV2 Be aware Security of your Code surroundings at ATMs • • Card transactions Checknot thepresent machine for unusual / suspicious things Verified byarea VISAwhen entering your PIN Shield the • Be sure it’s well lit at night Memorize your PIN – Do NOT keep it with your card Do NOT keep it in you wallet or purse Do NOT give it to ANYONE – not even your family members RMLearningCenter.com Lotteries & Sweepstakes (Advance Fee Scheme) Occurs when the victim pays money to someone in anticipation of receiving something of greater value. (“Something too good to be true!!!) Lotteries Sweepstakes “Found money” Work at home How it happens: e-Mail notification with instructions on your “next step” USPS mail, often accompanying a check or money order with instructions Send money for validation of prize Deposit check, then wire funds for “taxes” or other redemption costs RMLearningCenter.com Lotteries & Sweepstakes (Advance Fee Scheme) Your credit union account And now you owe the credit union Beginning balance: 2. Deposit $15,000 $ 55.00 $ 15,055.00 3. Withdrawal $13,000 $ 2,055.00 4. Returned $15,000 check $12,945.00 $12,945.00 and the thief got 2. Receive 3. 4. 1. Deposit 7 One days month pass check it into and later, in your you the thecredit withdraw mail check for union is$15,000 returned $13,000 account to the credita. union as counterfeit CU places $10,000.00 a 7-day is sent“hold” via Western on the Union funds to the instructed person and bank number b. $3,000.00 is spent by you on bills $10,000 RMLearningCenter.com “Ruota di Roma” (Wheel of Rome) Lotteries & Sweepstakes SUPERENALOTTO You have won, With the introduction of new types of games, with the ushering in of on-line technology and with the permits issued under EU law to EU countries to compete for concessions to run games in Italy and on the internet, we are launching our first international program: “Ruota di Roma” (Wheel of Rome) We are running a program where instead of bought tickets and numbers in the ballots we use email addresses. All contestants were selected through a computer ballot system drawn from email addresses taken from all over the world. You have received this message from SuperenaLotto prize dept. because you have visited one of our sponsored sites and have voluntarily given your email address to receive mails from their sponsors. From the results of the Wheel of Rome draw that took place on the 25th of september 2006. Your E-mail address has come up as one of the winners; you have therefore won the sum of One Million United States Dollars (US $1,000,000, 00). This is from a total cash prize of Ten Million United States Dollars (USD$10,000,000.00) shared amongst Ten Lucky Winners in the Category A+. <winerscoordinators@yahoo.com> This cash prize must be claimed not later than the 13th of october 2006. After this date all unclaimed prizes will be declared void. Claimants must be over 20 years of age. All entries must adhere to the “Ruota di Roma” (Wheel of Rome) Terms and conditions stated in our official page. To view the terms click on this link *************** or paste it in your browser. You must read the terms and conditions and understand them before responding. After reading the terms and conditions, contact your processing agent to file for your claim under reference number: OJHN/08-IL1131/06. Mr. Ernesto Bonino. Email: ********** You are to quote your winning reference number when responding. Finally, we call on you to make sure that you save a copy of this mail because you might be called upon to produce it at anytime. Congratulations once more from all of us at Superenalotto and thank you for being part of our promotional program. Management. Superenalotto. Via Allesio di Tocqueville 13-20154 Milano, Italy NOTICE: If you wish to be taken out of this list do not reply to this mail, reply to the agent with the words remove. If you are not the intended recipient, you must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message. If you believe you have received this message in error, please delete it and all copies of it from your system and notify the sender immediately by reply e-mail. Thank you. ************DO NOT DELETE THIS MESSAGE*********** -------------------------------------------------------------------------------NEVER SEND SPAM. IT IS BAD. RMLearningCenter.com Super Complete New twist: Rather than requiring tax payments in the email, the recipient is referred to an “attorney” who may assess a fee before a certificate can be issued. RMLearningCenter.com RMLearningCenter.com Lotteries & Sweepstakes (How to avoid the scheme) Do NOT respond to them!!!! If it’s too good to be true …. It’s too good to be true!! Ask yourself: “did I enter a lottery?” “did I sign up for a sweepstakes?” especially in a foreign country !!! DON’T Play – Foreign lotteries are ILLEGAL! Legitimate sweepstakes do not request money from you for processing or taxes. Are there rules? If so, are they easily understood? Do they ask for your bank account number, SSAN or credit card number? RMLearningCenter.com Internet Auctions / e-Bay Both buyers and sellers have been scammed through the use of e-Bay or other on line auctions. Buyers Sellers - Non – delivery of items purchased. Misrepresentation of value. Fee stacking. Black-market / counterfeit goods. Shill bidding. Second chance offers Use of Escrow accounts “Act now” pressure Disappearing item RMLearningCenter.com Contact from buyers outside US. Counterfeit checks, money orders Check overpayments 3rd party agents Use of Escrow accounts Demanding e-mail/contacts Offers to pay for shipment Internet Auctions / e-Bay - Avoiding Fraud Understand as much about how the auction works as possible. Find out the actions the website/company takes if a problem occurs. Carefully examine the feedback of the buyer or seller. Evaluate the shipping requests. Arrange for payments – be careful of escrow accounts. Know your legal obligations. Protect your identity and your funds. Do not give out your SSAN or DL to the seller. Protect your credit card security numbers. RMLearningCenter.com Counterfeit Checks RMLearningCenter.com Counterfeit Money Checks Orders RMLearningCenter.com HANG UP Telemarketing - Red Flags - If the caller tells you that …… “You must act ‘now’ or the offer won’t be good.” “You’ve won a ‘free’ gift, vacation or prize, but you have to pay for postage and handling.” “You must send money, give a credit card or credit union account number .. Or have a check be picked up by a ‘courier’.” “Keep this confidential. There’s no need to discuss this with your family or your family attorney or accountant.” “You can’t afford to miss out on this opportunity.” RMLearningCenter.com Telemarketing - Avoiding Fraud Buy only from known, or familiar, companies. Get the sales person’s name, business, phone #, address, and business license number BEFORE you purchase. Do NOT pay for services in advance. Don’t pay anything for a “free” gift or prize. Federal law prohibits payments for taxes. When giving to a charity, always find out the percentage is paid for commissions & administration expenses; and how much goes to the actual charity. Never give personal or financial information over the phone. Don’t be afraid to demand answers. Uncomfortable? … Just hang up! RMLearningCenter.com Nigerian 4-1-9 Scams Similar to an ‘advance fee’ scheme; Nigerian letter fraud also includes: Impersonation, or false identification of sender. Offers opportunities to share in a percentage of millions of dollars. Self proclaimed government official, wealthy exiled family or business exec. Difficulty in transferring funds from their country to the US. Request to contact them for interest. You may be encouraged to travel overseas to complete the transaction. Requests for “plain letterhead”, credit union account information and phone/fax numbers. Subsequent requests for “up-front” money. Often accompanied by fraudulent documents bearing Nigerian letterhead and officials’ signatures. RMLearningCenter.com Nigerian 419 Scams RMLearningCenter.com Nigerian 4-1-9 Scams 5 Rules for doing Business with Nigeria NEVER pay anything up front for ANY reason. NEVER extend credit for ANY reason. NEVER do ANYTHING until their check clears. NEVER expect ANY help from Nigeria. NEVER rely on US to bail you out! PLUS – one question …. Why would ANYONE in Nigeria (or anywhere else in the world for that matter) contact YOU for assistance to transfer their money into the US? RMLearningCenter.com Some Statistics Top 5 Fraud Complaints for Wisconsin Consumers Computer Complaints 17% Internet Auctions 28% Sweepstakes/ Lottery 17% Foreign Money Offers 18% Source: Federal Trade Commission Work-AtHome 20% RMLearningCenter.com Who to Contact U.S. Secret Service (www.secretservice.gov) Financial Crimes Division 950 H Street, N.W. Washington, D.C. 20001 (202) 406-5850 E-Mail: 419.fcd@usss.treas.gov U.S. Postal Inspection Service (www.USPS.com/postalinspectors) POSTAL INSPECTION SERVICE 433 W HARRISON ST FL 6 CHICAGO IL 60699-0002 Phone : 312-983-7900 Fax : 312-983-6300 RMLearningCenter.com Who to Contact U.S. Treasury Dept (www.ustreas.gov) Bureau of Engraving and Printing 14th & C Streets, SW Washington, DC 20228 (202) 874-3019 Office of the Comptroller of the Currency (www.occ.treas.gov) Customer Assistance Group 1301 McKinney Street Suite 3450 Houston, TX 77010 FAX: 713-336-4301 RMLearningCenter.com Who to Contact Federal Bureau of Investigation (www.fbi.gov) J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001 (202) 324-3000 Federal Trade Commission (www.ftc.gov) Consumer Response Center 600 Pennsylvania Ave., NW, H-130 Washington, D.C. 20580 RMLearningCenter.com Who to Contact Major Credit Bureaus: web request copy fraud unit Experian experian.com (800) 397-3742 (888) 397-3742 Equifax equifax.cm (800) 685-1111 (800) 525-6285 TransUnion transunion.com (800) 888-4213 (800) 680-7289 http://www.scambusters.org/ http://www.internetfraud.usdoj.gov/ http://www.sec.gov/investor/pubs/cyberfraud.htm http://onguardonline.gov/index.html http://www.lookstoogoodtobetrue.com RMLearningCenter.com Thank You Rich Woldt Risk Management 007 RMLearningCenter.com Risk Management fundamentals – continued.. Please define and explain the following: Physical security first – Doors, locks, safes, and vaults Alarm security – Object, area, perimeter - Line security Surveillance & Access Controls Discussion of installations, maintenance, and testing standards for 2007! RMLearningCenter.com Risk Management Security Technology Evolving with the Movement! “Credit Unions are driven to safeguard life, liberty and the pursuit of economic freedom.” As member services evolved so have regulations, security management methods and subsequent security technology: NCUA Regulation #748 – Minimum Security Devices and Procedures NCUA Regulation #749 Off-site Record Reconstruction Program RMLearningCenter.com Risk Management Methods New, more effective crime fighting methods! • Facility Security Analysis: – Crime Prevention Through Environmental Design (CPTED) • Defendable Zones – Security Integration • Proprietary, Community, County, State & Federal, Chapters, Leagues, National Associations, etc. • Controllable Crime Scenes, a trap that works! • Casing puts you out in front! RMLearningCenter.com Casing – Staying ahead of the crooks! “Walk-the-walk and you’ll Talk-the-talk” Crooks case targets to increase their probability of success. We case targets to solve crimes, correct security concerns, safeguard against the next crime, and increase the probability crooks will be caught, prosecuted, convicted, and sent to prison for a long, long time! RMLearningCenter.com Combating terrorism, armed robbery & the fear of violence in the workplace! • • • • • • Defendable zones Hi-tech alarms and warning systems Digital surveillance Security system integration Best practices training GPS & Cellular Technology RMLearningCenter.com RMLearningCenter.com 2004 – There is a shift to – Proactive Risk Management The Evolution of International RM Projects • Accountability and Ownership • Training Alternatives – Self assessments, case studies and best practices! – Casing your own crime scenes! – Creating controllable crime scenes! • Expanding to Community, County, Country and International Protocols! • Pursuit through capture, prosecution, conviction and sentencing! RMLearningCenter.com RMLearningCenter.com Revised Risk Management Principles, Current Methods and Updated Protocols 2004 and Beyond • CPTED - Crime Prevention through Environmental Design • Security Integration • Security Application & Technology – Before, during and after disasters • Community Response and Recovery – Emergency Response Protocols • • • • Law Enforcement – Blue Team Fire, EMT, Hospitals – Credit Unions & Corporate America – Red Team FEMA, Red Cross, Salvation Army, HAZMAT, etc. – Orange Team – Professional Associations and Support Groups • ASIS, FCI, ACFEI, RMLC, chapters, Leagues, Associations, etc. RMLearningCenter.com A “Zoned” response works best during a recovery operation. It’s easier to inventory and protect recovery resources, and position personnel to support either a strike or mission based operation. Traffic flows in one end of the site and out the other to minimize congestion, accommodate supply lines, decontaminate personnel and assist victims through triage, tracking them through hospitals and full recovery. Before Food Flows Out! Ground Zero Demilitarized Zone Response and Recovery Zone Reconstruction Zone Response, Recovery & Command Center Zone Recovery personnel and resources flow in one end of the site and out the other! After biological attack food and supplies flow in to critical incident command centers! RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Proactive Risk Management Methods, Strategies and Accountabilities “Our goal is to harden criminal targets against criminal acts” And creating controllable crime scenes to reduce internal and external losses! RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Violence In The Work Place “Credit Unions Combat Intimidation” • Policy & plans – Tone from the top – Communicated to all • • • • Set “no tolerance zone” Report & document Follow-up & document Train a response team – All department managers – Offers third party intervention RMLearningCenter.com Threat Assessment Teams Document - Document - Document - Document - Document • Listen to co-workers – Encourage reporting – Keep confidential & demonstrate action • Investigate immediately • Review the records • Document events and action taken • Report to the “entire” crisis management team • Follow-up! RMLearningCenter.com Family & Contingency planning – keeping in touch! Attackers divide and concur – Don’t let them! • Locate: – – – – – Tested contact numbers and verified schedules Tested answering machine procedures Sealed envelopes and updated itineraries School contact numbers and class schedules Neighbor names and contact numbers • Lockdown & Link – Private security, law enforcement and 3rd party intervention – “Secured” landlines, fax machines, internet addresses, etc. – EOC and Red Cross Tracking and intervention. RMLearningCenter.com Experience has taught --“Knowing what to expect will put you in control” • Smart criminals offer little time! • Buy time & they’ll lose! • They’ll be prepared to provide “Proof of life” – Demand Proof the hostage is unhurt and alive. • Take control! Tell them -– – – – – I must notify our auditor! He’ll call the police! I must involve others! I can’t control what they’ll do! I have people in my office. What should I do? How? Our policy requires me to tell my manager! What should I tell him? • Ask open ended questions and take notes: – Who, what, where, why and when RMLearningCenter.com Survival – Take care of the family! Continued: Hostage • Assign one person as their advocate. • Keep the family “fully” informed. • Contact their physicians, if health is a concern! • Protect family members from the media and unwelcome visitors. • Use media effectively. RMLearningCenter.com Hostage Survival Steps in the right direction! • • • • • Have a written extortion policy. Have a violence in the workplace team. Notify Others - according to policy and plan. Never go it alone. Contact Police and FBI! – Request a Detective and trained Hostage Negotiator. – Per plan, attempt to verify the person in fact has been kidnapped. Don’t over-reacting (Bogus busy signals, a change in plans, etc.) RMLearningCenter.com Continued: Hostage Survival – Make sure you following your plan! • Limit knowledge to your critical incident management team! – – – – Need to Know. Gossip will endanger the hostage Beware of an accomplice in the office. Beware of Media leaks • Arrange protection and care for victim’s immediate family. • Determine payment guidelines for authorities. – The family decides to pay or not – The credit union should have a board approved extortion policy (kept confidential). RMLearningCenter.com Continued: Hostage Survival – “Whether you’re the hostage or part of the recovery team –” Take care of yourself! • • • • • • Rest when possible. Use professional negotiators (another voice). Avoid coffee & drink water! Exercise to keep alert. Accept – “You’ve done your best!” Remember family and call them. – “This is a time to come together and stick together” – Time to build a “Sense of Being in Control” RMLearningCenter.com Forensic Investigation – Give me the facts - only the facts “You’re still in control when you get the call or receive the letter” Expect him to say -• We’re observing you! – Ask how? • You only have a short time! – Ask how much? • We’ll harm you and your family! – Ask how? • We’re holding someone you care about! – Ask who and where? • You bring the money! – Ask what if I can’t and ask for detailed instructions • I want half a million dollars, now! – Ask how can I get that much? RMLearningCenter.com Forensic Investigations: Assemble “Pertinent” Information! Current photographs in differing attire. Travel itineraries for past 30 days (Envelopes) Landline, cellular & pager numbers Health Records: Condition, required medications, allergies, distinguishing characteristics (tattoos, piercing, scars, etc.) Other contacts (family, friends, business Associates, recent visitors, tenants, landlord, neighbors, etc. Assess information hostage might provide: Financial & Other RMLearningCenter.com Extortion Is your credit union ready? • Extortion policy and plan – Involve law enforcement – Notify board of directors • • • • • All upper management and board Envelopes - bigger every year Cellular phone - technology integration Locate, lock-down, and link Defensive driving, walking, and alert living RMLearningCenter.com Executive’ Protection Safety, security and survival is a 24 hour effort! Identify and prioritize targets: – Kidnap, Extortion, Robbery, Stalking and Terrorist Identify and prioritize “Motives” – Attackers are driven by “motive” • Money, currency, greenbacks and more money • Confidential, top secret and proprietary information • Anger, revenge, sexual attractions, opportunists Family & Contingency planning “keep in touch” • Do you know where your family is? • Do they know how to contact you? RMLearningCenter.com Executive’ Protection Continued – Target Assessment When -Where & Why • Are you running like a railroad? – Vary routes, times, persons and patterns – Be inconspicuous and unpredictable • Have you been lured from your zone? – False alarms and home invasions • Is your backup in place and ready to roll? – Callback procedures and action plans • Have family’ contingency plans been rehearsed? RMLearningCenter.com Executive Protection “Getting Back On-board – Self Defense” • Learn to evaluate your surrounding and potential threats, “early.” – “People waiting for the bus watch one direction.” • Drive with windows up, doors locked, keep your space, and know a bailout route. – Stop so you can see their back tires. – Drive 5-MPH faster than they can run. – Rear-end a squad car. RMLearningCenter.com Executive Protection “The Art of Self Defense” • Martial arts: – Learn from aficionados. – Learn how to use your fingers, elbows, legs, arms, teeth, and body weight as a weapon. – Invite a black belt to speak at your staff meetings. RMLearningCenter.com Military Training Do you remember? Staggering troops during search and rescues? “Move out alpha – Cover me bravo!” Using the vertical & horizontal butt strokes? Your basic “rear-strangle” take down hold? Following through to submission? RMLearningCenter.com Executive Protection “Getting Back On-board” • Limit carry-on to what will fit under your feet. • Select an aisle seat if you plan to fight, a window seat if you plan to hide. • Select a seat near the cockpit if you plan to defend, and a seat near the back if you don’t. RMLearningCenter.com Executive Protection “Getting Back On-board” • Identify your shield: – Computer, briefcase, backpack, jackets, blankets, pillows and cushions. • Identify your weapons: – Hot coffee, anything you can throw, sharp objects, keys, your body is a weapon. • Don’t hesitate. – ACT and REACT until you’re in control. RMLearningCenter.com Very Good! Let’s Review! RMLearningCenter.com Has evolved from Disaster Recovery to Business Resumption to today’s “Contingency Planning!” • Disaster Recovery (1940s - 1970s) – (Influenced Civil Defense Programs) – 1970s NCUA #749 & off-site storage of vital CU records” • Business Resumption (1980s – 1990s) – Earthquakes & The New Madred Fault warning, – Planning to survive a credit union disaster • World trade center bombing 1993 • Oklahoma city bombing 1995 RMLearningCenter.com Has been driven by worse case scenarios! • 2000 – Y2K Contingency Planning • 9/11/01 – terrorist strike the word trade center • The 9/11 impact on Contingency Planning RMLearningCenter.com Contingency Planning - Fundamentals: Building the solid foundation for your future! • Set the “tone from the top” – Or you’ll be pushing a rope uphill! • Select appropriate plan writers and alternates, – Or you’ll miss important details! • Designate and train “Recovery” Teams: – Damage Assessment Team (DAT) – Disaster Recovery Team (DRT) • Focus on “Your Worst Case Scenarios” • Write plans that will help you survive, recover and grow! – RMLC faculty recommend the “Parking Lot” Approach RMLearningCenter.com Contingency Planning – Four (4) “key” functions: “Recovery often depends on your focus, immediate action and plans that outline proven response protocols!” • Life safety: First aid, evacuation, & tracking victims through recovery. • Protect: Physical property from fire, vandalism, the elements, etc. • Transportation: From danger to shelter, food, telephones and entertainment. • Communications: Notifying friends, family and fellow employees. Includes proactively handling the media. It’s your shift to “Critical Incident Management” RMLearningCenter.com Continued - Shifts to proactive Risk Management “A 3-Day program for stepping up to the plate!” Day one – Shift from your “Standard Management” to “Critical Incident Management” mode! Immediately: Provide victim assistance, activate recovery teams, declare the disaster, establish communication links, set up EOC, ICC and staging areas and focus on taking control. Day two – Regroup, reevaluate, assemble facts and communicate facts via plan-approved channels. Begin the formal recovery process. Day three – Focus on getting back to work, and back to normal! Reach out to extended victims and set up a program to monitor the victim recovery process. RMLearningCenter.com Chapter & Community Responses to Biological Attacks! Before Food Flows Out! Ground Zero Demilitarized Zone Response and Recovery Zone Reconstruction Zone Response, Recovery & Command Center Zone After biological attack food and supplies flow in to critical incident command centers! RMLearningCenter.com Contingency Planning – The “ Parking Lot” Approach! How to build the solid foundation your future depends on! • Adopt a common methodology for all locations, – It helps cross training and rotating staff, and – Ensures a focus on critical services! • Keep it simple, flexible, realistic and fun! – Include and request input form all employees – Use Bergee’s ABC & 1-2-3 – Keep it confidential & secure! • Schedule tests, updates, and Board approvals. RMLearningCenter.com Questions Please Rich Woldt CPP, CFE CEO- The Risk Management Learning Center ACFEI – Level III Certified Homeland Security Instructor Licensed Private Detective Rich@RMLearningCenter.com 608-712-7880 RMLearningCenter.com Thank You! Rich Woldt CPP, CFE CEO- The Risk Management Learning Center ACFEI – Level III Certified Homeland Security Instructor Licensed Private Detective Rich@RMLearningCenter.com 608-712-7880 RMLearningCenter.com