Some amazing and unusual frauds

1
Some amazing and unusual frauds

• Chetan Dalal

2
Types of fraud that affect business

• Type I Frauds that affect and can be detected
  through records and books of account
• Type II Frauds which transcend records and books
  of account

3
Agenda- Discussion of Case Studies on Frauds

• Some unusual frauds
• Some unusual methods
• Required mindset for detection and prevention of
  frauds

4
Cases proposed to be discussed

• The perfect insurance fraud
• The spectacular Mall Robbery
• The amazing fraud by the benevolent and good
  samaritan agent
• The case of the sloppy accountant suddenly
  turning into a brilliant auditor
• The cross deals- derivative fraud

5
Methods of investigation to be discussed

• Benfords law
• Tiger Team Tests
• Birbal Tricks

6
Some amazing frauds

• Part I

7
The perfect insurance fraud
8
An old lady- Rohini- resident of UK-Sri Lankan
OriginWidow with one daughter staying with her
in London
9
Took a 1.4 million pound policy in 2006 January
10
Details of the policy and the case

• Life Insurance- beneficiary the daughter
• Medical Reports all clear in London
• No ailments, diseases
• She was from Sri Lanka now settled in London for
  the last 20 years
• She had siblings, relatives and friends in Sri
  Lanka
• She regularly visited Sri Lanka

11
Rohini- went for a holiday in January 2007 to Sri
Lanka

• She stayed in a large five star hotel in Colomba
• She made her booking through her credit card on
  the internet

12
During her stay in Sri Lanka

• One evening she felt very sick and called the
  hotel attendant.
• The attendant called the manager who in turn
  called for an ambulance
• Rohini was moved to the hospital and admitted to
  the ICU

13
Rohini was declared dead within two hours

• The sister reached the hospital just in time to
  hear about her death
• The doctor issued the cause of death and medical
  certificate

14
Insurance Claim for 1.4 m pounds submitted

• The following documents were submitted
• Death Certificate from Sri lanka
• Funeral Parlour certificate for holding the body
• Hospital cause of death certificate signed by
  the doctor
• UK investigation report based on inquiries made
  with daughter and her husband

15
Investigation launched- procedurally

• Death claim of a large amount
• Death very soon after the policy
• Death in a third world country- where
  verifications would be difficult

16
We were requested to go to Sri Lanka to verify
the circumstances surrounding the death
17
What we did

• Stayed at the same hotel where the insured stayed
  before death
• Visited the Death Registrar, hospital,
  Crematorium, funeral parlour for confirming that
  the documents submitted by the claimant were
  genuine and authentic
• Made routine inquiries with the hotel staff,
  before speaking officially to the hotel manager

18
What we found

• All authorities confirmed the authenticity of the
  following documents
• Death Certificate
• Crematorium Receipt
• Receipt for body kept at funeral parlour before
  cremation
• Hospital bill

19
Red Flags noticed

• No Post mortem report. This was a statutory
  requirment
• Sister was staying opposite the hotel in a posh
  house, all alone. Why did Rohini not stay with
  her?
• Sister refused to meet us
• Doctor missing- left Sri Lanka
• Hotel attendants gave conflicting versions
• Cause of death certificate showed diabetes as
  secondary cause. (she had no diabetes per her
  medical reports)

20
Insurance Companys response

• Red flags were interesting but not enough to
  repudiate the claim
• Some falsification of documentation would be
  needed to contest the claim

21
Why do most investigators/auditors miss out frauds

• They depend on documents as in this case. Since
  documents were OK, the claim was paid
• The Reality and truth were not important

22
Research Paid off

• Luhns algorithm did the trick

23
The actual fraud

• The hotel manager conceded that he had falsified
  the bill and credit card number. No one had
  actually stayed in the hotel
• The doctor at the hospital was given a big amount
  to get a needy family to admit their dying mother
  to the hospital and give her identity to Rohini
• The patient died and her body was cremated. All
  the statutory certificates were therefore
  authentic in so far as they related to the
  cremation, death and hospitalization, except as
  regards the switched identity.
• Rohini had no sister. She was staying in the
  house opposite the hotel as the sister.

24
Case study 2

• The amazing Mall fraud

25
A robbery took place in a mall in January 2006

• Thieves broke in through the door
• They stole case worth more than Rs. 40 lacs
• Police complaint lodged
• Police made inquiries with staff, neighbourhood

26
Findings of the Police

• They concluded that this was the work of a local
  gang of thieves operating in the area and this
  mall was the latest victim
• They suspected that some employee may have helped
  but could not get specific clues against anyone
• They recommended better locks and greater
  security. Case virtually closed

27
Management appointed auditors who were
specialised investigators more for studying
controls and recommending preventive measures
28
Auditors spot red flags

• The time element indicated that the thieves had
  only 20 minutes to complete the robbery while the
  patrolling guards were circling the mall.
• How could they throw about all contents of all
  drawers?
• Where did they have time to steal a few cell
  phone handsets which were on a different floor?
• The alarm had been switch off. Therefore it was
  certain that someone had helped them
• The door that was broken was done with crude
  tools- not the work of a professional gang
• Out of two safes only one was broken into and
  robbed. The second was left untouched?

29
Findings good but inadequate to point out any
means of recovery
30
Auditors try a new approach

• The use the space time dimension approach
• Amazing findings- Late night sales

31
The log in id was traced the store manager. On
being questioned he confessed

• There was no robbery- it was a stage managed
  robbery to cover up stock shortages
• The shortages were built up over a period of
  time. The store manager panicked when he was told
  that a stock taking was to take place
• He converted the stock shortages into
  artificial sales by entering sales at midnight
  along with his accomplice the head cashier during
  the previous two nights. This resulted into stock
  shortages being converted into cash shortages.
• This shortage was then palmed off as robbery by
  breaking open the door and throwing papers and
  documents in the cash room to make it look like a
  robbery

32
More case studies

• The amazing fraud by the benevolent and good
  samaritan agent
• The Time Bomb Fraud
• The case of the sloppy accountant suddenly
  turning into a brilliant auditor
• The cross deals- derivative fraud

33
Silent Business killers

• The Time bomb or the contingency frauds
• The case of the deadly surgeon
• The case of the five star hotel opportunity loss
• The Technical frauds
• - The case of the material rejection

34
Time or logic bomb or slag code

• The classic use for a logic bomb is to ensure
  payment for software. If payment is not made by a
  certain date, the logic bomb activates and the
  software automatically deletes itself. A more
  malicious form of that logic bomb would also
  delete other data on the system

35
Detonating time /logic bombs

• Time bombs- do a Tiger Team test run on
  duplicated data or imaged data through the
  application with various future dates.

36
Time Bomb Frauds

• The case of the deadly surgeon
• The case of the time bomb effect implemented by
  the EDP manager

37
New Methods

• Benfords Law
• Tiger Team Tests

38
Appearance of digits
39
Business Fraud-the gravity of the situation

• Business fraud is exponentially more damaging
  than other risks
• Business fraud, particularly in computerized
  environment averages 500,000 per incident,
  while other and vendor/employee frauds affecting
  business averages 23,500
• burglaries average 450 per incident
• Armed robberies netted 250 per incident.

40
Myth My business is safe from fraud because

• I have got excellent internal checks and controls
• I have best and trusted persons for a long time
• I have a computerized system which cannot be
  breached
• I have my sources for getting intelligence reports

41
No organisation is safe from fraud- why?

• Collusion beats all controls
• Frauds can stem from unnoticed errors which
  remain unaddressed
• Some frauds transcend books of account
• Diversion of income- opportunity frauds
• Redundancy of controls in changing environment
• Existence of Silent business Killers-
  fraudster attacks. These wrongdoers have immense
  intellectual capabilities thus they can inflict
  immeasurable damage and do so using camouflaged
  methods

42
Could your bottom line reflect better results?

• Are you sure that
• Nobody is creating any secret reserve for misuse?
• Funds cannot be siphoned out somehow somewhere?
• No opportunities are diverted elsewhere?
• Stocks with third parties exist as per records
  and that they are in good usable condition?
• There are no program bugs or IT limitations which
  can affect reports, transactions and data
  processing
• Your MIS reports are reliable and accurate?

43
End of SessionThank you

• Chetan Dalal