Credit Union Risk Management… - Risk Management Learning

advertisement
Credit Union Risk Management…
“Is the method of management we use to identify,
measure, and control risks that might threaten the
international credit union movement, its members,
employees, and volunteers!”
Presented by:
CUNA Mutual Benchmarking Team - 2007
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Tips for public speaking:
•
•
•
•
•
•
•
Know your audience wants and interests.
Control your topic & promotions
It’s not only numbers that count
Conference breakout vs. fireside chats?
Learn from experience, teach by examples!
Set the tone and expectations early…
Read chapter IV…
RMLearningCenter.com
Outline Benefits:
•
•
•
•
•
Features tell and benefits sell…
Encourage audience participation, but
Control it!
Be honest and admit what you don’t know..
Focus on “best practices” it reinforces good
behavior and avoids a focus on negatives
that only foster defensive attitudes!
• Keep it simple and down-to-earth…
RMLearningCenter.com
UK CU’s are Normal:
• They don’t think it will happen to them..
• They’re prone to ½ life and cynical attitudes
that ignore reality.
• They want to be liked..
• They’re real focus is on family and personal
survival..
• They prefer to be heard and not told…
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
The benefits from this session are
many! We’ll discuss…
Risk Management fundamentals,
The status of RM projects in the UK,
Fidelity bond risk’ controls recommended
for UK credit unions (To safeguard against
Burglaries, Robberies, Frauds, Forgeries, Embezzlements,
Scams, Plastic Card Fraud, Liability, etc.)
The latest criminal “Methods of Operation”
(MOs) in the UK, and we’ll update your…
RMLearningCenter.com
Session Benefits at a Glance – Continued..
We’ll help you update your RM
Strategic Action Plans for…
Creating controllable crime scenes,
Creating defendable zones,
Integrating security systems, and
Adopting “Crime Prevention Through
Environmental Design” principles into your
facility management program, and…
RMLearningCenter.com
Session Benefits at a Glance – Continued..
We’ll help you update your RM
Strategic Action Plans for…
Developing Best Practices’ RM training for
employees, staff and volunteers,
Developing public-to-private partnerships
with law enforcement, fire fighters,
emergency government’ and homeland
security’ personnel, and we’ll introduce
2007 Strategic Action Plans for…
RMLearningCenter.com
Session Benefits at a Glance – Continued..
We’ll introduce 2007 Strategic Action
Plans for…
Developing a “Credit Union’ Incident
Command and Control System” in 2007,
Deploying an “Incident Command and
Control at the CU Chapter level,”
Updating credit union’ housing-in-place and
evacuation protocols! And,
We’ll discuss any risk that threatens the
UK credit union movement!
RMLearningCenter.com
Session Benefits at a Glance – Continued..
“We’ll use case studies to highlight what
the crooks are doing and what we need to
do to catch them!”
For example…
• Is our credit union and chapter ready for the
next natural disaster, terrorist attack, or
pandemic?
• Is our credit union part of any “branch
banking” network?
• What changes should we have made in your
contingency, business continuity, and
management succession plans since 9-11-01?
RMLearningCenter.com
Session Benefits at a Glance – Continued..
“We’ll use case studies to highlight what
the crooks are doing and what we need to
do to catch them!”
For example…
• We know crooks are learning to use the
internet to recruit and train. Are we?
• You’ll learn how to “reverse trace” and
authenticate transactions, and how to analyze a
written statement or internet scam.
• You’ll learn how to manage concentrated risks
and exposures to reduce looting, burglaries,
robberies, and frauds during and after natural
disasters, terrorist attacks, or a pandemic.
RMLearningCenter.com
Evolution Of RM and CU Movement - continued
•
•
•
•
1960s
1970s
1980s
1990s
Robbery and burglary
Forgery and check fraud
Embezzlement and disasters
Violence in the workplace
» Armed robbery, bomb threats and disasters
• 2000 Electronic commerce
• 2001 – 2003 Violence in The Workplace!
– Bomb Threats & Extortion
– Terrorism, Anthrax Scares, Threat of Biological Warfare
– Internet Fraud, Scams, Money Laundering and
– “Criminal Integration”
RMLearningCenter.com
“After 9-11-01 there was a quantum shift
from proactively management risks to
proactive planning to respond to any large
scale community or country crisis!” Rich Woldt
• September 11, 2001 … Terrorists attack the World Trade
Center in New York City, NY USA!
• 2005… The world is racked with tsunamis, hurricanes,
earthquakes, tornados, bombings, and daily threats of
future terrorist attacks.
• Emergency governments around the world adopted the
Incident Command and Control System (ICS) as a
response standard and NIMS to standardize response
terminology.
RMLearningCenter.com
“After 9-11-01 there was a quantum shift
from proactively management risks to
proactive planning to respond to any large
scale community or country crisis!” Rich Woldt
• Emergency governments around the world
adopted the Incident Command and Control
System (ICS) as a response standard and the
National Incident Management System to
standardize response terminology.
RMLearningCenter.com
“After 9-11-00 there was a quantum shift
from proactively management risks to
proactive planning to respond to any large
scale community or country crisis!” Rich Woldt
• From all levels of government the order goes out to form
effective first responder “Public – to – Private”
partnerships. Critical industries are asked to set response
protocols based on:
–
–
–
–
A 72 hours stand-alone performance standard,
Required housing-in-place performance standards,
Required upgrade in high-rise evacuation standards,
Demonstrated active community involvement in contingency
planning with a focus on responding during a natural disaster,
terrorist att
RMLearningCenter.com
This is a “what if” exercise:
• We use “what ifs” much like we use “worst
case scenarios” and “reverse RM logic”
• So if…
RMLearningCenter.com
This is a “what if” exercise:
We know the losses credit unions and the
insurance industry experienced during
Katrina, what if:
• All credit unions and members were identified by
their zip or postal code?
• All victims had the following info stream on the
left fore arm: (Zip code, name, age, medical
disability, physical disability, destination land line
number, personal cell phone #?
RMLearningCenter.com
This is a “what if” exercise - continued
• All CUNA Mutual bond/insurance files
could be sorted by zip/postal code?
• All CUNA Mutual employees could be
sorted by zip/postal code?
• All credit unions and CU chapters could be
sorted by zip/postal code?
• All CU members could be sorted by
zip/postal code?
RMLearningCenter.com
Could we not than better…
• Identify our bonded and insured exposures in
harms way?
• Measure our potential claims based on
exposure concentrations?
• Assemble and position response assets to
include CUNA Mutual first responders?
• Track and indemnify victims, thereby
reducing loss adjustment expenses (LAE) and
CU extra expense?
RMLearningCenter.com
Could we not than better…
• Customize RM workshops, presentations, onsite analysis, etc. to regional and local area
risks s
RMLearningCenter.com
Let’s begin with…
A Review of RM Fundamentals!
RMLearningCenter.com
Risk Management fundamentals:
Please define and explain the following:
•
•
•
•
•
The three RM steps?
The two types of risk?
The five RM controls?
The two ways you measure risk?
At least three “tools of transfer?
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Risk Management
“A Method Of Management”
“Our 2007’ goal is to speed up the process!”
1. Identify
Currency & cash items
2. Measure
Frequency & severity
3. Control
RMLearningCenter.com
Two Types of Risks
Pure Risks - only loss, never a gain
•
•
•
•
Robbery & burglary
Embezzlement
Other forms of dishonesty
Fire and disasters
Speculative Risks – You hope to gain, but you can
suffer a loss
• New products, programs, services and laws
RMLearningCenter.com
5 Risk Controls
“Use them in the following order!”
•
•
•
•
•
Avoid
Reduce
Spread
Assume and
Effectively Transfer to Someone Else
– Insurance, Bonds, Hold Harmless Agreements
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
– Underwriter Laboratory’s (UL)
“burglary resistant” ratings and/or
European equivalents,
– UL “fire resistant labels and/or
equivalents, and
– How to rate an unlabeled container!
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
The Evolution of Security Technology:
Underwriter Laboratories Ratings – A Testing Standard
Insurance Services Office ISO & The American Society of Industrial
Security write “Construction Standards”
It’s Burglary “Resistant” NOT Burglary “Proof!”
• Money safes
–
–
–
–
–
–
TL-15 & “E”
TL-30
TR-30
TRTL-30
TRTL-15x6
TRTL-30x6
• Currency vaults
–
–
–
–
–
–
5R
6R
10R
Type I, II, III
Modular
Class I, II, III
RMLearningCenter.com
The Evolution of Security Technology:
Underwriter Laboratories Ratings – A Testing Standard
Insurance Services Office ISO & The American Society of Industrial
Security write “Construction Standards”
It’s fire “Resistant” NOT fire “Proof!”
UL Record Safes
UL Records Vaults
Class A, B, C, D
350 1-2-4 hour
150 1-2-4 hour
125 1-2-4 hour
2 hour
4 hour
6 hour
• Doors should equal the
fire resistance walls,
ceiling & floor!
RMLearningCenter.com
The Evolution of Security Technology:
Automated Teller Machines
“A Story of Evolution from the 1920s”
• Night Deposit Boxes
– Fish and trap resistant chute
– Dual locking container
• ATMs & High Velocity Cash
Dispensers
– Business hour
– 24 hour level #1
– 24 hour level #2
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 Door, lock, window, hinge-pin, security,
 Object, perimeter, and area alarm security,
 Internal and external alarm line security, and
 On-demand, CCTV, and digital surveillance
systems!
 Discuss installation, testing, and maintenance
standards for each of the above:
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 Embezzlement and “internal dishonesty,”
 Scams and “external fraud,”
 Fictitious & unauthorized loans,
 Separation of duties,
 Reverse Tracing,
 Transaction authentication,
 Positive account verification,
 PIN & PAN controls
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 Dual-control procedures,
 Dual access controls,
 Key codes,
 Statement analysis
 Chip & Pin technology
 CVV & CVC
 CVV & CVC #2
 Controlled Member Account Verification
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 Cash flow analysis,
 Disaster recovery, vs. Contingency planning, vs.
Continuity Management, vs. Event Management,
 Kiting,
 Lapping and withholding deposits,
 Cash letters & holders in due course,
 Mysterious disappearance,
 Spot-check verifications, etc…
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 Phishing,
 PHarming,
 Skimming & refreshing,
 Identity Theft,
 How to do a back-ground investigation,
 How to use the internet to do RM research,
 How to do a credit check,
 How to trace transactions back to source
documents!
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 A contract of “good faith,”
 Deductibles,
 Actual cash value,
 Replacement costs,
 Extra expense,
 Negotiable security,
 Barer instrument,
 Exclusions and endorsements,
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 The three most important points to make when
writing an RMA report,
 How to defend cash item storage
recommendations,
 How to submit a “memo to file” or “incident
report,”
 How to locate physical address for fire
department and how to make emergency call,
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
 The difference between a fire and a bomb threat
evacuation,
 How to respond to an earthquake, tornado,
anthrax scare, and bomb threat,
 How to handle an embezzlement suspect, and
How to take command and control of any
life threatening incident!
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
Duties of an “Underwriter,”
Duties of a “Claims Adjuster,”
Duties of an “Actuary,”
Duties of an “Account Representative,”
What do all the above have in common?
Hint; They are all Risk M-------s!
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Typical Bond Experience
Forgery
12%
Faith.
Perf.
21%
Robbery,
Burglary,
Theft, Fraud
20%
Employee
Dishonesty
45%
RMLearningCenter.com
Miscellaneous
2%
Typical Bond Experience
Robbery, Burglary,
Theft, Fraud
40%
Misc.
5%
Employee
Dishonesty
13%
Forgery
39%
RMLearningCenter.com
Faithful
Performance
3%
Profile of the
Credit Union Embezzler
Suspicious life style
Can’t leave or relinquish control
Tale wags the dog
Overly religious
Easily excited
Works late and alone
RMLearningCenter.com
Profile of the
Credit Union Embezzler
 Full of Rationale & Justifications
 I’m only borrowing,
 Others are doing it,
 I’m underpaid and overworked,
 That’s all I did, I’ll never do it again,
 Always has a need & looks for an opportunity.
 Knows he can escape or blame others.
 You didn’t tell me I was doing wrong,
 Has a “character disorder.”
RMLearningCenter.com
Profile of the
Credit Union Embezzler
 Character disorder?
 We all have them,
 Can’t tell right from wrong,
 Seldom admit they’re a thief.
• Who can your trust?
 Grandma – grew her CU with bogus accounts
 Reverend - sold CDs to family and farmers,
 Uncle - stole member’s money, home and wife –
“The dismembered member”
 Are you guarding your inactive and dormant accounts?
RMLearningCenter.com
Embezzlers are all On
A Path Prison!
Most starts small Open cash drawer
Common funds
Withhold currency
Lap deposits
Kit using multiple accounts
Manipulate family member accounts
RMLearningCenter.com
Embezzlers are all On
A Path Prison!
 Use dormant & inactive accounts
 Transfer funds to accounts they control
 Use expense accounts
 Hide funds in GL clearing accounts
 Collection department fraud
 Most find their way to your loan files
 Unauthorized loans
 Fictitious loans
RMLearningCenter.com
Internal Controls
“Cash handling procedures”
• Audit trails
– Dual verification
– Signed receipts, computer entries, etc.
– Pre numbered cash receipt vouchers
• Individually “locked” containers
• Combination and key controls
• Spare key controls
RMLearningCenter.com
Internal Controls
“Safeguard Your Reputation”
• Dual controls
– Night depository
– Lost and found
– Smart safes & combinations
• Rotate and separate duties
• Require extended vacations
• Never post to your own account!
RMLearningCenter.com
Internal Controls
“Safeguard Your Reputation”
Passwords
 No one but you should know or have
access to your passwords!
 Change it every 90 days!
 Train all Staff first day on the job!
Supervisory override controls!
 Use and audit override printouts!
RMLearningCenter.com
Forgery – Frauds – Scams &
Your “run of the mill con-artist!”
 Forgery controls when “face to face”
 Beware of bogus ID
 Require signed, pictured ID and verify details
 Teach signature verification procedures
 Fraud controls over landlines and Cell Phones
 Caller ID systems
 Ask open ended questions
 Call back procedures
 Fax security procedures
 Good luck
 Call Backs
RMLearningCenter.com
Plastic Cards
Fraud controls and technology
• Card mailing procedures
• Card Activation programs
• PIN & PAN controls with member education
“Personal identification number and personal
account number”
• CVV & CVC “set to decline”
– Visa’s Card Verification Value (CVV)
– M/C’s Card Validation Code (CVC)
• All on-board - “neural networks”
RMLearningCenter.com
Audit Controls
“These should be Required”
• Supervisory Committee
– Surprise cash counts
– 100% Member account verifications
– New account verifications
• Board of Directors
– Rotation & separation of duties
– Cross training to catch a thief
– Independent auditors report to the Board
– Fraud policy – Use it – Review it – Sign it
RMLearningCenter.com
The Fraud Policy
Honesty & Accountability
•
•
•
•
•
•
•
•
Sets tone from the top,
Provides meeting of the minds,
Defines what’s not permitted,
Gives grounds for discipline or dismissal,
Saves legal costs,
Protects reputations,
Review it, update it and
Sign it annually!
RMLearningCenter.com
To Catch a Thief!
“These Should Be Required”
• Credit Committee
– Separation of duties
– Loan officer minute controls
– New loan verification procedures
• Loan Audits
– Finger audits
– Collection audits
RMLearningCenter.com
Fidelity Self Analysis
“It’s Purpose and Evolution”
•
•
•
•
•
•
•
•
Deters and detects embezzlers.
Start with canceled checks.
Follow transactions back to source documents.
Use forgery detection skills.
Leads to a more detailed audits.
Driven by logic and fraud indicators.
Focus on quickly finding fraud indicators
Have written action plans in case you find fraud!
RMLearningCenter.com
Your Crime Fighter’ Goal?
“Hold People Accountable for Their Actions”
• Audit and Internal Controls protect
-* Strong employees from fraud opportunities,
* Weak employees from temptation, &
* Innocent employees from suspicion!
RMLearningCenter.com
How Do You Handle Suspects?
“With Care and Compassion”
Never call them a crook!
Notify Supervisory Committee!
Focus on the facts!
Consult authorities on how to proceed!
Notify Bonding Company!
Dealing with suspects:
 When, where and how!
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Everyone wants your money!
Common scams to get it:
 Phishing
 Plastic Card
o Credit & debit cards
o ATM cards
 Lotteries & Sweepstakes
 Internet Auctions / e-Bay
 Telemarketing
 Nigerian 4-1-9 Scams
RMLearningCenter.com
Phishing
IT slang .. But it really does mean fishing for information.
 Account numbers at banks and credit unions




Social security numbers
Credit card account and security numbers
Passwords
Personal information; i.e. birthdates, parent’s names, affiliations, etc.
“Spam” or pop-up messages & hyperlinks
 Appears to be from a legitimate business, online service or government agency.
 Links to genuine websites with legitimate pages; such as privacy policies or product
information.
 85% of all email sent is SPAM – subsequently receive endless repetition of worthless text
or pop-ups.
RMLearningCenter.com
Phishing
What to look for -
How to protect yourself -
Email Methods
Steps to protection
Deceptive subject lines
Forged sender’s address
Genuine looking content
Disguised hyperlinks
NEVER
Web Site Methods
Genuine looking content
URL appears genuine
Collection of information & use of forms
Incorrect URL (not disguised)
Pop up windows
Trojans / worms / spyware
provide ANY financial or personal
information
NEVER click on hyperlinks with emails
Use Anti-virus software
Keep software updated (automatic upgrades)
Don’t open ‘strange’ email
Look for “https” and padlock on the site
Clean up Spyware & Adware
Learn about Internet fraud
Check you credit report
Ask for help
RMLearningCenter.com
Phishing
Phishing
Spoofed
Legitimate
e-Mail
fraudulent
website website
https://www.empirefcu.org/home/html
http://218.4.205.85/manual/empirefcuindex.htm
https://www.empirefcu.org
RMLearningCenter.com
Do NOT
give anyone your CARD Number
Plastic
Cards
or 3-digit Security (CVV2) Code
Credit
ATM cards
& debit cards
CVV2
Be
aware
Security
of your
Code
surroundings at ATMs
•
•
Card
transactions
Checknot
thepresent
machine
for unusual / suspicious things
Verified
byarea
VISAwhen entering your PIN
Shield the
• Be sure it’s well lit at night
Memorize your PIN –
Do NOT keep it with your card
Do NOT keep it in you wallet or purse
Do NOT give it to ANYONE – not even your family members
RMLearningCenter.com
Lotteries & Sweepstakes
(Advance Fee Scheme)
Occurs when the victim pays money to someone in anticipation of receiving
something of greater value. (“Something too good to be true!!!)
 Lotteries
 Sweepstakes
 “Found money”
 Work at home
How it happens:
 e-Mail notification with instructions on your “next step”
 USPS mail, often accompanying a check or money order with instructions
 Send money for validation of prize
 Deposit check, then wire funds for “taxes” or other redemption costs
RMLearningCenter.com
Lotteries & Sweepstakes
(Advance Fee Scheme)
Your credit union account
And now you owe the credit union
Beginning balance:
2. Deposit $15,000
$
55.00
$ 15,055.00
3.
Withdrawal $13,000
$ 2,055.00
4.
Returned $15,000 check
$12,945.00
$12,945.00
and the thief got
2. Receive
3.
4.
1.
Deposit
7
One
days
month
pass
check
it into
and
later,
in
your
you
the
thecredit
withdraw
mail
check
for
union
is$15,000
returned
$13,000
account
to the
credita.
union
as counterfeit
CU places
$10,000.00
a 7-day
is sent“hold”
via Western
on the Union
funds
to the instructed person and bank number
b. $3,000.00 is spent by you on bills
$10,000
RMLearningCenter.com
“Ruota di Roma” (Wheel of Rome)
Lotteries & Sweepstakes
SUPERENALOTTO
You have won,
With the introduction of new types of games, with the ushering in of on-line technology and with the permits issued
under EU law to EU countries to compete for concessions to run games in Italy and on the internet, we are launching
our first international program:
“Ruota di Roma” (Wheel of Rome)
We are running a program where instead of bought tickets and numbers in the ballots we use email addresses. All
contestants were selected through a computer ballot system drawn from email addresses taken from all over the
world. You have received this message from SuperenaLotto prize dept. because you have visited one of our
sponsored sites and have voluntarily given your email address to receive mails from their sponsors.
From the results of the Wheel of Rome draw that took place on the 25th of september 2006. Your E-mail address has
come up as one of the winners; you have therefore won the sum of One Million United States Dollars
(US $1,000,000, 00). This is from a total cash prize of Ten Million United States Dollars (USD$10,000,000.00) shared
amongst Ten Lucky Winners in the Category A+.
<winerscoordinators@yahoo.com>
This cash prize must be claimed not later than the 13th of october 2006. After this date all unclaimed prizes will be
declared void. Claimants must be over 20 years of age. All entries must adhere to the “Ruota di Roma” (Wheel of
Rome) Terms and conditions stated in our official page. To view the terms click on this link *************** or
paste it in your browser.
You must read the terms and conditions and understand them before responding. After reading the terms and
conditions, contact your processing agent to file for your claim under reference number:
OJHN/08-IL1131/06.
Mr. Ernesto Bonino.
Email: **********
You are to quote your winning reference number when responding.
Finally, we call on you to make sure that you save a copy of this mail because you might be called upon to produce it
at anytime.
Congratulations once more from all of us at Superenalotto and thank you for being part of our promotional program.
Management.
Superenalotto.
Via Allesio di Tocqueville 13-20154
Milano, Italy
NOTICE: If you wish to be taken out of this list do not reply to this mail, reply to the agent with the words remove.
If you are not the intended recipient, you must not, directly or indirectly, use, disclose, distribute, print or copy any
part of this message. If you believe you have received this message in error, please delete it and all copies of it from
your system and notify the sender immediately by reply e-mail. Thank you.
************DO NOT DELETE THIS MESSAGE***********
-------------------------------------------------------------------------------NEVER SEND SPAM. IT IS BAD.
RMLearningCenter.com
Super Complete
New twist: Rather than
requiring tax payments in the email, the recipient is referred to
an “attorney” who may assess a
fee before a certificate can be
issued.
RMLearningCenter.com
RMLearningCenter.com
Lotteries & Sweepstakes
(How to avoid the scheme)
 Do NOT respond to them!!!!
 If it’s too good to be true …. It’s too good to be true!!
 Ask yourself: “did I enter a lottery?” “did I sign up for a sweepstakes?”
especially in a foreign country !!!
 DON’T Play – Foreign lotteries are ILLEGAL!
 Legitimate sweepstakes do not request money from you for processing or taxes.
 Are there rules? If so, are they easily understood?
 Do they ask for your bank account number, SSAN or credit card number?
RMLearningCenter.com
Internet Auctions / e-Bay
Both buyers and sellers have been scammed through the
use of e-Bay or other on line auctions.
 Buyers 








 Sellers -
Non – delivery of items purchased.
Misrepresentation of value.
Fee stacking.
Black-market / counterfeit goods.
Shill bidding.
Second chance offers
Use of Escrow accounts







“Act now” pressure
Disappearing item
RMLearningCenter.com
Contact from buyers outside US.
Counterfeit checks, money orders
Check overpayments
3rd party agents
Use of Escrow accounts
Demanding e-mail/contacts
Offers to pay for shipment
Internet Auctions / e-Bay
- Avoiding Fraud  Understand as much about how the auction works as possible.
 Find out the actions the website/company takes if a problem occurs.
 Carefully examine the feedback of the buyer or seller.
 Evaluate the shipping requests.
 Arrange for payments – be careful of escrow accounts.
 Know your legal obligations.
 Protect your identity and your funds.
 Do not give out your SSAN or DL to the seller.
 Protect your credit card security numbers.
RMLearningCenter.com
Counterfeit Checks
RMLearningCenter.com
Counterfeit Money
Checks Orders
RMLearningCenter.com
HANG
UP
Telemarketing
- Red Flags -
If the caller tells you that ……
“You must act ‘now’ or the offer won’t be good.”
“You’ve won a ‘free’ gift, vacation or prize, but you
have to pay for postage and handling.”
“You must send money, give a credit card or credit union
account number .. Or have a check be picked up by a ‘courier’.”
“Keep this confidential. There’s no need to discuss this with
your family or your family attorney or accountant.”
“You can’t afford to miss out on this opportunity.”
RMLearningCenter.com
Telemarketing
- Avoiding Fraud  Buy only from known, or familiar, companies.
 Get the sales person’s name, business, phone #, address, and business
license number BEFORE you purchase.
 Do NOT pay for services in advance.
 Don’t pay anything for a “free” gift or prize. Federal law prohibits
payments for taxes.
 When giving to a charity, always find out the percentage is paid for
commissions & administration expenses; and how much goes to the actual
charity.
 Never give personal or financial information over the phone.
 Don’t be afraid to demand answers.
 Uncomfortable?
… Just hang up!
RMLearningCenter.com
Nigerian 4-1-9 Scams
Similar to an ‘advance fee’ scheme; Nigerian letter fraud also includes:
 Impersonation, or false identification of sender.
 Offers opportunities to share in a percentage of millions of dollars.
 Self proclaimed government official, wealthy exiled family or business exec.
 Difficulty in transferring funds from their country to the US.
 Request to contact them for interest.
 You may be encouraged to travel overseas to complete the transaction.
 Requests for “plain letterhead”, credit union account information and
phone/fax numbers.
 Subsequent requests for “up-front” money.
 Often accompanied by fraudulent documents
bearing Nigerian letterhead and officials’ signatures.
RMLearningCenter.com
Nigerian 419 Scams
RMLearningCenter.com
Nigerian 4-1-9 Scams
5 Rules for doing Business with Nigeria
 NEVER pay anything up front for ANY reason.
 NEVER extend credit for ANY reason.
 NEVER do ANYTHING until their check clears.
 NEVER expect ANY help from Nigeria.
 NEVER rely on US to bail you out!
PLUS – one question ….
 Why would ANYONE in Nigeria (or anywhere else
in the world for that matter) contact YOU for
assistance to transfer their money into the US?
RMLearningCenter.com
Some Statistics
Top 5 Fraud Complaints for Wisconsin Consumers
Computer
Complaints
17%
Internet
Auctions
28%
Sweepstakes/
Lottery
17%
Foreign Money
Offers
18%
Source: Federal Trade Commission
Work-AtHome
20%
RMLearningCenter.com
Who to Contact


U.S. Secret Service (www.secretservice.gov)
Financial Crimes Division
950 H Street, N.W.
Washington, D.C. 20001
(202) 406-5850
E-Mail: 419.fcd@usss.treas.gov
U.S. Postal Inspection Service (www.USPS.com/postalinspectors)
POSTAL INSPECTION SERVICE
433 W HARRISON ST FL 6
CHICAGO IL 60699-0002
Phone : 312-983-7900
Fax : 312-983-6300
RMLearningCenter.com
Who to Contact

U.S. Treasury Dept (www.ustreas.gov)
 Bureau of Engraving and Printing
14th & C Streets, SW
Washington, DC 20228
(202) 874-3019
 Office of the Comptroller of the Currency (www.occ.treas.gov)
Customer Assistance Group
1301 McKinney Street
Suite 3450
Houston, TX 77010
FAX: 713-336-4301
RMLearningCenter.com
Who to Contact

Federal Bureau of Investigation (www.fbi.gov)
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Federal Trade Commission (www.ftc.gov)
Consumer Response Center
600 Pennsylvania Ave., NW, H-130
Washington, D.C. 20580
RMLearningCenter.com
Who to Contact

Major Credit Bureaus:
web
request copy fraud unit
Experian
experian.com
(800) 397-3742 (888) 397-3742
Equifax
equifax.cm
(800) 685-1111 (800) 525-6285
TransUnion
transunion.com (800) 888-4213 (800) 680-7289
http://www.scambusters.org/
http://www.internetfraud.usdoj.gov/
http://www.sec.gov/investor/pubs/cyberfraud.htm
http://onguardonline.gov/index.html
http://www.lookstoogoodtobetrue.com
RMLearningCenter.com
Thank You
Rich Woldt
Risk Management 007
RMLearningCenter.com
Risk Management fundamentals – continued..
Please define and explain the following:
Physical security first
– Doors, locks, safes, and vaults
Alarm security
– Object, area, perimeter - Line security
Surveillance & Access Controls
Discussion of installations, maintenance,
and testing standards for 2007!
RMLearningCenter.com
Risk Management
Security Technology
Evolving with the Movement!
“Credit Unions are driven to safeguard life, liberty
and the pursuit of economic freedom.” As member
services evolved so have regulations, security management
methods and subsequent security technology:
NCUA Regulation #748 – Minimum Security
Devices and Procedures
NCUA Regulation #749 Off-site Record
Reconstruction Program
RMLearningCenter.com
Risk Management Methods
New, more effective crime fighting methods!
• Facility Security Analysis:
– Crime Prevention Through Environmental Design
(CPTED)
• Defendable Zones
– Security Integration
• Proprietary, Community, County, State & Federal,
Chapters, Leagues, National Associations, etc.
• Controllable Crime Scenes, a trap that works!
• Casing puts you out in front!
RMLearningCenter.com
Casing – Staying ahead of the crooks!
“Walk-the-walk and you’ll Talk-the-talk”
Crooks case targets to increase their
probability of success. We case targets to
solve crimes, correct security concerns,
safeguard against the next crime, and
increase the probability crooks will be
caught, prosecuted, convicted, and sent to
prison for a long, long time!
RMLearningCenter.com
Combating terrorism, armed robbery &
the fear of violence in the workplace!
•
•
•
•
•
•
Defendable zones
Hi-tech alarms and warning systems
Digital surveillance
Security system integration
Best practices training
GPS & Cellular Technology
RMLearningCenter.com
RMLearningCenter.com
2004 – There is a shift to –
Proactive Risk Management
The Evolution of International RM Projects
• Accountability and Ownership
• Training Alternatives
– Self assessments, case studies and best
practices!
– Casing your own crime scenes!
– Creating controllable crime scenes!
• Expanding to Community, County,
Country and International Protocols!
• Pursuit through capture, prosecution,
conviction and sentencing!
RMLearningCenter.com
RMLearningCenter.com
Revised Risk Management Principles,
Current Methods and Updated Protocols
2004 and Beyond
• CPTED - Crime Prevention through Environmental Design
• Security Integration
• Security Application & Technology
– Before, during and after disasters
• Community Response and Recovery
– Emergency Response Protocols
•
•
•
•
Law Enforcement – Blue Team
Fire, EMT, Hospitals –
Credit Unions & Corporate America – Red Team
FEMA, Red Cross, Salvation Army, HAZMAT, etc. – Orange Team
– Professional Associations and Support Groups
• ASIS, FCI, ACFEI, RMLC, chapters, Leagues, Associations, etc.
RMLearningCenter.com
A “Zoned” response works best during a recovery operation. It’s easier to inventory and
protect recovery resources, and position personnel to support either a strike or mission
based operation. Traffic flows in one end of the site and out the other to minimize
congestion, accommodate supply lines, decontaminate personnel and assist victims
through triage, tracking them through hospitals and full recovery.
Before Food Flows Out!
Ground Zero
Demilitarized Zone
Response and Recovery Zone
Reconstruction Zone
Response, Recovery &
Command Center Zone
Recovery personnel and resources flow in
one end of the site and out the other!
After biological attack
food and supplies flow in
to critical incident
command centers!
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Proactive Risk Management
Methods, Strategies and Accountabilities
“Our goal is to harden criminal
targets against criminal acts”
And creating controllable crime scenes to
reduce internal and external losses!
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Violence In The Work Place
“Credit Unions Combat Intimidation”
• Policy & plans
– Tone from the top
– Communicated to all
•
•
•
•
Set “no tolerance zone”
Report & document
Follow-up & document
Train a response team
– All department managers
– Offers third party intervention
RMLearningCenter.com
Threat Assessment Teams
Document - Document - Document - Document - Document
• Listen to co-workers
– Encourage reporting
– Keep confidential & demonstrate
action
• Investigate immediately
• Review the records
• Document events and action
taken
• Report to the “entire”
crisis management team
• Follow-up!
RMLearningCenter.com
Family & Contingency planning – keeping in touch!
Attackers divide and concur – Don’t let them!
• Locate:
–
–
–
–
–
Tested contact numbers and verified schedules
Tested answering machine procedures
Sealed envelopes and updated itineraries
School contact numbers and class schedules
Neighbor names and contact numbers
• Lockdown & Link
– Private security, law enforcement and 3rd party
intervention
– “Secured” landlines, fax machines, internet addresses,
etc.
– EOC and Red Cross Tracking and intervention.
RMLearningCenter.com
Experience has taught --“Knowing what to expect will put you in control”
• Smart criminals offer little time!
• Buy time & they’ll lose!
• They’ll be prepared to provide “Proof of life”
– Demand Proof the hostage is unhurt and alive.
• Take control! Tell them -–
–
–
–
–
I must notify our auditor! He’ll call the police!
I must involve others! I can’t control what they’ll do!
I have people in my office. What should I do? How?
Our policy requires me to tell my manager!
What should I tell him?
• Ask open ended questions and take notes:
– Who, what, where, why and when
RMLearningCenter.com
Survival –
Take care of the family!
Continued: Hostage
• Assign one person as their advocate.
• Keep the family “fully” informed.
• Contact their physicians, if health is
a concern!
• Protect family members from the
media and unwelcome visitors.
• Use media effectively.
RMLearningCenter.com
Hostage Survival
Steps in the right direction!
•
•
•
•
•
Have a written extortion policy.
Have a violence in the workplace team.
Notify Others - according to policy and plan.
Never go it alone.
Contact Police and FBI!
– Request a Detective and trained Hostage Negotiator.
– Per plan, attempt to verify the person in fact has been
kidnapped. Don’t over-reacting (Bogus busy signals, a
change in plans, etc.)
RMLearningCenter.com
Continued: Hostage Survival –
Make sure you following your plan!
• Limit knowledge to your critical incident management
team!
–
–
–
–
Need to Know.
Gossip will endanger the hostage
Beware of an accomplice in the office.
Beware of Media leaks
• Arrange protection and care for victim’s immediate
family.
• Determine payment guidelines for authorities.
– The family decides to pay or not
– The credit union should have a board approved extortion
policy (kept confidential).
RMLearningCenter.com
Continued: Hostage
Survival –
“Whether you’re the hostage or part of the recovery team –”
Take care of yourself!
•
•
•
•
•
•
Rest when possible.
Use professional negotiators (another voice).
Avoid coffee & drink water!
Exercise to keep alert.
Accept – “You’ve done your best!”
Remember family and call them.
– “This is a time to come together and stick together”
– Time to build a “Sense of Being in Control”
RMLearningCenter.com
Forensic Investigation –
Give me the facts - only the facts
“You’re still in control when you get the call or receive the letter”
Expect him to say -• We’re observing you!
– Ask how?
• You only have a short time!
– Ask how much?
• We’ll harm you and your family!
– Ask how?
• We’re holding someone you care about!
– Ask who and where?
• You bring the money!
– Ask what if I can’t and ask for detailed instructions
• I want half a million dollars, now!
– Ask how can I get that much?
RMLearningCenter.com
Forensic Investigations:
Assemble “Pertinent” Information!
 Current photographs in differing attire.
 Travel itineraries for past 30 days (Envelopes)
 Landline, cellular & pager numbers
 Health Records:
 Condition, required medications, allergies,
distinguishing characteristics (tattoos, piercing, scars, etc.)
 Other contacts (family, friends, business Associates,
recent visitors, tenants, landlord, neighbors, etc.
 Assess information hostage might provide:
 Financial & Other
RMLearningCenter.com
Extortion
Is your credit union ready?
• Extortion policy and plan
– Involve law enforcement
– Notify board of directors
•
•
•
•
•
All upper management and board
Envelopes - bigger every year
Cellular phone - technology integration
Locate, lock-down, and link
Defensive driving, walking, and alert living
RMLearningCenter.com
Executive’ Protection
Safety, security and survival is a 24 hour effort!
 Identify and prioritize targets:
– Kidnap, Extortion, Robbery, Stalking and Terrorist
 Identify and prioritize “Motives”
– Attackers are driven by “motive”
• Money, currency, greenbacks and more money
• Confidential, top secret and proprietary information
• Anger, revenge, sexual attractions, opportunists
 Family & Contingency planning “keep in touch”
• Do you know where your family is?
• Do they know how to contact you?
RMLearningCenter.com
Executive’ Protection Continued
– Target Assessment
When -Where & Why
• Are you running like a railroad?
– Vary routes, times, persons and patterns
– Be inconspicuous and unpredictable
• Have you been lured from your zone?
– False alarms and home invasions
• Is your backup in place and ready to roll?
– Callback procedures and action plans
• Have family’ contingency plans been rehearsed?
RMLearningCenter.com
Executive Protection
“Getting Back On-board – Self Defense”
• Learn to evaluate your surrounding
and potential threats, “early.”
– “People waiting for the bus watch one direction.”
• Drive with windows up, doors locked,
keep your space, and know a bailout
route.
– Stop so you can see their back tires.
– Drive 5-MPH faster than they can run.
– Rear-end a squad car.
RMLearningCenter.com
Executive Protection
“The Art of Self Defense”
• Martial arts:
– Learn from aficionados.
– Learn how to use your
fingers, elbows, legs, arms,
teeth, and body weight as a
weapon.
– Invite a black belt to speak
at your staff meetings.
RMLearningCenter.com
Military Training
Do you remember?
Staggering troops during search and
rescues?
“Move out alpha – Cover me bravo!”
Using the vertical & horizontal butt
strokes?
Your basic “rear-strangle” take
down hold?
Following through to submission?
RMLearningCenter.com
Executive Protection
“Getting Back On-board”
• Limit carry-on to what will fit
under your feet.
• Select an aisle seat if you plan
to fight, a window seat if you
plan to hide.
• Select a seat near the cockpit if
you plan to defend, and a seat
near the back if you don’t.
RMLearningCenter.com
Executive Protection
“Getting Back On-board”
• Identify your shield:
– Computer, briefcase, backpack, jackets,
blankets, pillows and cushions.
• Identify your weapons:
– Hot coffee, anything you can throw, sharp
objects, keys, your body is a weapon.
• Don’t hesitate.
– ACT and REACT until you’re in control.
RMLearningCenter.com
Very Good!
Let’s Review!
RMLearningCenter.com
Has evolved from Disaster Recovery to Business
Resumption to today’s “Contingency Planning!”
• Disaster Recovery (1940s - 1970s)
– (Influenced Civil Defense Programs)
– 1970s NCUA #749 & off-site storage of vital CU
records”
• Business Resumption (1980s – 1990s)
– Earthquakes & The New Madred Fault warning,
– Planning to survive a credit union disaster
• World trade center bombing 1993
• Oklahoma city bombing 1995
RMLearningCenter.com
Has been driven by worse case scenarios!
• 2000 – Y2K Contingency Planning
• 9/11/01 – terrorist strike the word trade
center
• The 9/11 impact on Contingency Planning
RMLearningCenter.com
Contingency Planning - Fundamentals:
Building the solid foundation for your future!
• Set the “tone from the top”
– Or you’ll be pushing a rope uphill!
• Select appropriate plan writers and alternates,
– Or you’ll miss important details!
• Designate and train “Recovery” Teams:
– Damage Assessment Team (DAT)
– Disaster Recovery Team (DRT)
• Focus on “Your Worst Case Scenarios”
• Write plans that will help you survive, recover and grow!
– RMLC faculty recommend the “Parking Lot” Approach
RMLearningCenter.com
Contingency Planning – Four (4) “key” functions:
“Recovery often depends on your focus, immediate action and
plans that outline proven response protocols!”
• Life safety: First aid, evacuation, & tracking victims through recovery.
• Protect: Physical property from fire, vandalism, the elements, etc.
• Transportation: From danger to shelter, food, telephones and
entertainment.
• Communications: Notifying friends, family and fellow employees.
Includes proactively handling the media.
It’s your shift to “Critical Incident Management”
RMLearningCenter.com
Continued - Shifts to proactive Risk Management
“A 3-Day program for stepping up to the plate!”
Day one – Shift from your “Standard Management” to
“Critical Incident Management” mode! Immediately:
Provide victim assistance, activate recovery teams,
declare the disaster, establish communication links, set
up EOC, ICC and staging areas and focus on taking
control.
Day two – Regroup, reevaluate, assemble facts and
communicate facts via plan-approved channels. Begin
the formal recovery process.
Day three – Focus on getting back to work, and back
to normal! Reach out to extended victims and set up a
program to monitor the victim recovery process.
RMLearningCenter.com
Chapter & Community Responses to
Biological Attacks!
Before Food Flows Out!
Ground Zero
Demilitarized Zone
Response and Recovery Zone
Reconstruction Zone
Response, Recovery &
Command Center Zone
After biological attack
food and supplies flow in
to critical incident
command centers!
RMLearningCenter.com
Contingency Planning – The “ Parking Lot” Approach!
How to build the solid foundation your future depends on!
• Adopt a common methodology for all locations,
– It helps cross training and rotating staff, and
– Ensures a focus on critical services!
• Keep it simple, flexible, realistic and fun!
– Include and request input form all employees
– Use Bergee’s ABC & 1-2-3
– Keep it confidential & secure!
• Schedule tests, updates, and Board approvals.
RMLearningCenter.com
Questions Please
Rich Woldt CPP, CFE
CEO- The Risk Management Learning Center
ACFEI – Level III Certified Homeland Security Instructor
Licensed Private Detective
Rich@RMLearningCenter.com
608-712-7880
RMLearningCenter.com
Thank You!
Rich Woldt CPP, CFE
CEO- The Risk Management Learning Center
ACFEI – Level III Certified Homeland Security Instructor
Licensed Private Detective
Rich@RMLearningCenter.com
608-712-7880
RMLearningCenter.com
Download