Handling Internal Fraud Investigations Do’s and Don’ts From a Credit Union Perspective Mike Mossel – RSM McGladrey, Inc June 15, 2011 – ACUIA Conference Who Is This Guy?? Mike is the National Managing Director for McGladrey’s Credit Union Risk Advisory Services. Mike is responsible for managing all of McGladrey’s risk advisory-related services provided to credit unions. Mike’s practice consists of 21professionals who provide services to over 300 clients annually. Mike has over 30 years of internal audit experience – 20 years exclusively within the credit union industry. Mike’s credentials include certifications as a Certified Fraud Examiner (CFE), Certified Bank Auditor (CBA), Certified Risk Professional (CRP) and Certified Financial Services Auditor (CFSA). Presentation Outline Internal Fraud…..the Unspoken Risk – what is this animal? Awareness: First Line of Defense – Case Studies General Legal Aspects of Fraud Fraud Examination Methodology Expectations for Fraud Prevention & Detection Internal Fraud The basic questions-------??? 1. Who does it? 2. Why do they do it? 3. How do they do it? Internal Fraud Most frauds are committed by long-term employees with responsibilities. Many times fraudulent funds are right in the employee’s account Three elements of fraud: - Integrity Motive Opportunity Internal Fraud The most recently common types of internal frauds based on our experience: Loans Identity Theft GL Accounts Stolen Cash Unauthorized use of corporate credit cards Kickbacks on sales of repossessed vehicles or indirect loan dealers Procurement/Purchasing Functions Case Study #1 Theft of $996,000 through the funding of RE loans - Lack of adequate segregation of conflicting duties Lack of secondary review Lack of adequate control over GL reconcilement Case Study #2 Theft of $1.3 million through the ATM GL Clearing accounts - Lack of adequate segregation of conflicting duties Lack of secondary review Lack of assigned responsibility Lack of adequate control over GL reconcilement Lack of proper follow up Lack of identifying fraud indicators Case Study #3 Theft of $140,000 through improper system access - Lack of adequate assignment of system access Lack of periodic review Lack of adequate secondary controls over GLs Case Study #4 Theft of $139,000 through branch over/short accounts - Lack of secondary review Lack of assigned responsibility Lack of adequate control over GL reconcilement Lack of proper follow up Lack of identifying fraud indicators General Legal Aspects of Internal Fraud Elements of Fraud: Misrepresentation Knowingly and with intent Reliance Injury General Legal Aspects of Internal Fraud Ways to Prove Intent: Alteration of documents Concealment Destruction Lying Personal Gain Obstruction Pattern Testimony Confession Fraud Examination Methodology Circle the Wagons Document Examination Interview Process Display of Physical Evidence Circle the Wagons Confidentiality On a Need to Know Basis Document Examination Personnel files Performance records Prior audit/investigative files Financial accounts and disclosures Documents pertinent to the investigation – wherever that takes you Interview Process Neutral Third Party Witnesses Corroborative Witnesses Co-Conspirators Accused Interview Process Characteristics of a Good Interview: Thoroughness Pertinence Objectivity Timeliness Observation Interview Process Characteristics of a Good Interviewer: Good listener Demonstrates fairness Works informally Lacks bias Projects professionalism Presents no threat Interview Process Overview of Question Methodology: Introductory Informational Assessment Closing Admission seeking Display of Physical Evidence Overestimation of the amount of physical evidence Display one piece at a time Display in reverse order of importance When to cease displaying evidence Organized and thorough file documentation Expectations for Fraud Prevention & Detection Procedural & Behavior Policies: The written documents that guide your employees….an instructional manual of sorts! Management should determine that the credit union has designed written policies in the operations, codes of conduct, conflict of interest policies, and fraud policy. Make sure they are effectively communicated to all employees. Expectations for Fraud Prevention & Detection Credit Union Policies: Should clearly define the expectations for all aspects of operations. Should be approved by the Board of Directors. Expectations for Fraud Prevention & Detection Code of Conduct Policies – written standards that promote: Honest and ethical conduct. Compliance with credit union policies and other rules and regulations. Internal reporting of anyone that violates the code. Accountability for adherence to the code. Establishes a “tone at the top.” Expectations for Fraud Prevention & Detection Fraud Policy: Establishes a “tone at the top” that fraudulent acts will not be tolerated. Documents specifically what constitutes fraudulent acts. Establishes responsibility for deterrence, detection, investigation and reporting. Expectations for Fraud Prevention & Detection Whistleblower Policy: Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system Tips are overwhelmingly the #1 method of initial detection Implement hotlines to receive tips and specific avenues for employees to report Allow anonymity and confidentiality Employees should be encouraged to report suspicious activity without fear of reprisal Expectations for Fraud Prevention & Detection Employee Training: Employee training is vital What constitutes fraud How it hurts everyone in the credit union How to report any questionable activity Identifying red flags Living beyond means Financial difficulties Control issues Close relationship with vendor/member Take Aways Frauds are nasty but investigating them is an absolute necessity Internal controls are a must Proper fraud examination methodology Policies and training Questions & Answers www.rsmmcgladrey.com @ mike.mossel@mcgladrey.com