AFS FRAUD

1
AFS FRAUD RISK MANAGEMENT SEMINAR

• Thursday 25th June 2009

2
Fraud Risk Best of EnemiesRisk Management

• Gail Chadwick
• gail.chadwick_at_rsmbentleyjennison.com

3

• THE BETTER THE RISK MANAGEMENT
• THE LOWER THE INCIDENTS OF FRAUD

4
Fraud Risk

• Number one fraud risk impact is reputational loss
  (Societe Generale)
• Do you have a fraud risk register?
• Should it be stand-alone or part of your main
  risk register?

5
Challenges (excuses) in managing fraud risk

• Fraud and misconduct not considered High Risk
  within the organisation
• No Fraud Here mentality
• Fraud not defined
• Availability and alignment of internal resources
• Adequacy of funding for anti-fraud programme and
  initiatives
• Reactive fraud management - focus on incident
  response
• No unified Fraud Risk Management strategy
• No senior management designated with ownership
  and responsibility for FRM

6
What should be done

• Consider fraud risk as an integral part of an
  overall corporate risk management strategy
• Develop an integrated strategy for fraud
  prevention and control
• Develop an ownership structure which cascades
  downwards throughout the organisation
• Introduce a fraud policy and ethics statement and
  actively promote them
• Establish a sound control environment
• Establish sound operational control procedures
• Introduce a fraud education, training and
  awareness programme
• Introduce a Fraud Response Plan as part of
  organisational contingency planning
• Introduce a Whistle blowing Policy
• Constantly monitor adherence to controls and
  procedures
• Develop appropriate information and communication
  systems

7
Scenarios document areas of fraud

• Administration
• IT Director
• CEO
• Contracts
• HR

• Employees
• Clients
• IT
• Suppliers
• Company Secretarial

8
Whats your protection?
1st Line of Defence
2nd Line of Defence
3rd Line of Defence
Business Frontline
Independent Assurance
Oversight (Risk Compliance)

• The Board sets risk strategy, policies and
  appetite for the firm
• The second line is commonly Legal, Compliance,
  Finance, HR, Risk Actuarial
• Risk provides support to the business through the
  risk management framework
• Risk provides challenge to Group policies

• Primary responsibility for identifying and
  managing risk
• Management puts in place appropriate controls and
  monitors their effectiveness
• Roles, responsibilities and relationships between
  functions should be clearly documented

• Group Internal Audit provides independent
  assurance of the robustness of the model and
  systems and controls. They report to the Audit
  Committee (Board)

9
Whats your protection? (cont.)

• Your 3rd line of defence - Internal Audit
• Do Internal Audit review ALL aspects of your
  business from a risk and fraud prospective?
• IT HR EUC contracts systems clients etc

10
of Internal Audits

• Risk assessment
• Risk audits
• Controls evidence criteria
• Education training
• Developing risk plans
• Implementing risk platforms
• Developing risk databases
• Policy strategy
• Risk awareness training
• Risk identification evaluation
• Dashboard KPI integration
• 3rd party risk management
• Indirect uncontrolled risk
• Risk software
• IT Audits
• Strategy
• Network management
• Data security (internal external)

• HR
• Human Resources services
• Performance management
• Employee motivation
• People polices
• Organisational change
• Training development
• Payroll
• Human Resources planning
• Human Resources function
• Teaming
• Corporate culture
• Pensions

• Operational Audits
• Corporate Governance reviews
• Board reviews
• Controls assessment
• Outsourcing
• HS
• Marketing
• Supply chain
• Project Programme Audit
• Training education (I.A Ned)
• Universe development
• Annual plan
• Methodology
• Forensic investigations
• SOX
• Self assessments
• Due diligence
• Compliance
• Sales management

11
Excellent!

• We need an army of highly qualified,
• experienced auditors
• for our clients

12
Visiting times

• What is your personal liability?
• More SOX type regulations
• Process owners face firms and jail sentences
• Not just Board level
• FSA fines

13
IT IS real

• The Financial Services Authority (FSA) today
  arrested two people, including a senior corporate
  finance advisor, in connection with an ongoing
  investigation into suspected insider dealing
• The FSA has banned Walthamstow-based mortgage
  adviser Ashfaq Ahmed for submitting mortgage
  applications on his own behalf that were based on
  false and misleading information about his income
• The FSA has fined Blackburn insurance broker
  Aspray Ltd 21k for failings in control of its
  appointed representatives (ARs) and for
  misleading its clients and the FSA
• Asprays did not maintain appropriate systems and
  controls for the recruitment, training and
  monitoring of its ARs

14
Fear factor

• Company had Internal Audit team that
• Did not fully understand risks or fraud
• Did not undertake audits across the company
• Apprehensive about interfaces with Executives and
  Non-Execs
• No Governance reviews or Board reviews

15
What we did

• We found a significant number of issues on the
  first Governance review
• Results for the company
• No more FSA letters
• No Board worries about fraud
• Improved compliance
• Reduced costs

16

• Tomorrow is too late

17

• Any questions?

18
(No Transcript)
19
When the going gets tough, the tough go
claimingBusiness Integrity and Investigation
Services

• Dave Foley
• david.foley_at_rsmbentleyjennison.com

20
The Fraud Act 2006

• Effective since 15th January 2007
• Created for the first time a specific offence of
  fraud, split into three categories
• Fraud by false representation (s.2)
• Fraud by failure to disclose information (s.3)
• Fraud by abuse of position (s.4)

21
Fraud in Insurance

• Insurance fraud consists of
• Knowingly providing false information when
  purchasing an insurance product in order to
  obtain insurance cover that either would have
  been provide had the true facts been disclosed
  or alternatively to obtain cover on materially
  favourable terms
• Knowingly presenting a fraudulent insurance claim
  by
• Fabricating a fictitious incident to enable a
  false claim to be made
• Deliberately causing an incident to enable a
  false claim to be made
• Including false items as part of a claim arising
  from a genuine incident

22
Some facts and figures

• According to the Insurance Fraud Bureau,
  insurance fraud costs 1.6bn every year
• Of this figure, the impact of organised fraud is
  estimated to be up to 200 million every year
• Fraud can add up to 5 to every policy holders
  premiums
• 1 in 5 state they would falsify or exaggerate an
  insurance claim
• The insurance industry prevented over 700m of
  fraud in 2008

23
Fraud risks and exposures

• Claims (insurance/death/pension) open to
  exaggeration and/or false documentation/ID fraud
  etc
• Organised crime
• Internal staff fraud
• 3rd party outsource frauds
• Mis-selling
• Suppliers and contractor procurement frauds etc

24
What drives people to fraud?
Opportunity
Pressure
Rationalisation
25

• Opportunist
• Will try every product and angle Property,
  Motor, Personal Injury, Travel etc
• Will earn from, and share with, others family,
  friends, colleagues

• Organised
• Always trying to keep ahead
• Sophisticated, no boundaries or limits
• Run as a business
• Excellent risk managers

26
The emerging fraudsters

• 150,000 bankruptcies forecast for 2009 and the
  Government announces serious public expenditure
  restrictions for years to come
• Bank of England base rate at the lowest in its
  314 year history and GDP predicted to fall by
  4.1 during 2009
• Unemployment predicted to rise to over 3,000,000
  by the end of the year
• The prize is shifting to the public sector away
  from the financial, retail and services
  industires
• Pressures increase to maintain current (or
  former) position
• Better educated and acquainted with technology
  and systems

27
High Risk Claims

• Personal property
• Loss of high-value personal possessions rings,
  necklaces, watches, cash etc
• Burglaries staged or exaggerated
• Accidental damage to televisions and electrical
  equipment
• Loss of values close to or exceeding policy limits

28
High Risk Claims

• Commercial property
• Fire/arson
• Malicious damage
• Escape of water
• Theft / burglary / robbery

29
Liability

• Employers
• Redundancy grudge against employer loyalty gone
• Notification of injury during notice period
• Copycat incidents
• Exaggeration
• Public
• Aggressive tactics for compensation
• Claims Management Companies behaviour/referral
  fees
• Copycat incidents
• Personal circumstances
• family/friend/postcode connections

30
Trippers and Slippers

• Multiple accidents involving the same defect
• Duty of care is high maintenance and
  inspections requirements
• Difficulty in proving that an accident didnt
  happen lack of witnesses, no duty to report the
  incident early
• Organised crime

31
Case study

• Cash for Crash Pair Sentenced
• Two men, who were part of a gang that put
  hundreds of bogus car accident claims worth
  almost 3m, have been sentenced
• The court heard details of how more than 300
  invented motor accidents, that were said to
  have happened in the London area between 2005-07,
  that amounted to a combined claims value of
  approximately 3m

32
Key messages

• Fraud is on the increase due, at least, to the
  recession
• Fraudsters are more organised than ever before
• 1 in 5 surveyed would consider inflating an
  insurance claim
• On average, organisations lose between 3-8 to
  fraud
• Its not all bad newsfraud can be countered but
  needs appropriate and proportionate investment

33

• Any questions?

34
(No Transcript)
35
Forensic Accounting for Friendly Societies -
Fraud in Insurance Claims

• Gordon Hodgen
• gordon.hodgen_at_rsmbentleyjennison.com

36
Forensic Accounting in relation to claims

• Analysing Accounting Data
• Financial motives
• Fraud vs over-optimistic Claimants

37
Analysing Accounting Data

• Seasonality in figures
• Trends
• The appeal of percentages
• The detail provided by monthly performance

38
Annual sales
39
Sales by month
40
Financial motives / causes other than

• Identify issues such as over-trading
• Cashflow analyses analysis of bank records in
  addition to accounting records
• Inventory analysis working capital tied up in
  stock can cause many businesses significant
  problems
• Even if the financial situation did not provide
  the reason for a fraud, a financial analysis can
  assist in identifying the prospects of a business

41
Fraud vs over-optimism

• Insureds can often produce claims that appear
  overly optimistic. This can be because
• They simply are optimistic for the prospects of
  the business
• They have a misguided idea that a larger claim
  should give them a stronger negotiating position
  when it comes to settlement
• They are unaware of the need to adjust for
  savings and other similar mitigation issues
• Capacity issues Insureds need to show that the
  results they forecast are achievable this
  interacts with the possibility of underinsurance

42
Fraud vs over-optimism (Cont.)

• Fraud very hard to prove overstatement must
  be extreme to qualify
• Claims for items that did not exist or that were
  damaged are the most obvious form. Accounting
  work plays a large part in identifying these
  elements

43
Income Protection policies

• Warning signs
• Policies with claims very close to inception
• Policies where the stated income and cover rise
  dramatically prior to a claim
• Possible actions
• As well as the possibility of investigation of
  medical or employers records, it pays to have an
  awareness of the availability of Replacement
  Payslips that can show whatever details the
  purchaser requires
• If suspicion is aroused, bank statements showing
  receipt of net income may be required or, if
  allowed, contact the employer directly for
  confirmation of earnings

44
(No Transcript)
45

• Any questions?

46
(No Transcript)
47
Fraud, Corruption Your IT SystemsInformation
Systems Assurance

• Stephen Temple
• stephen.temple_at_rsmbentleyjennsion.com

48
Introduction

• Partner leading Information Systems Assurance
  services in UK
• Qualified Chartered Accountant and Information
  Systems Security
• Previously with Deloitte and Mazars
• Wide ranging experience in
• Friendly Societies (Ancient Order of Foresters,
  Dentists Provident, Family Investments, National
  Deposit)
• Retail Banking (National Savings Investments,
  Citibank)
• Insurance (Cardiff Pinnacle, Groupama, Equity,
  Hastings Direct)

49
Agenda

• The threat landscape
• Trends in 2008
• Forecast for 2009
• The consequences
• Suggested responses

50
The threat landscape

• Very few organisations can now ignore the risks
  of the interconnected world
• Any size
• Any sector
• Incidents have increased in recent years and will
  continue to do so
• Significant increase in awareness amongst
  regulators and the general public

51
The threat landscape

• Some interesting statistics
• For businesses in 2008
• 25 suffered business disruption by a virus
• 14 have experienced the loss of company data
• 10 have experiences the loss of a mobile device

52
The threat landscape

• Its not just a technical risk - 37 of employees
  admit they would sell their companys secrets
• Of these 37...
• 67 would want gt 1m
• 10 would want their mortgage paid off
• 5 would like a holiday
• 5 would do it for a new job
• 4 want to clear their credit card debts
• 2 would do it for a meal!
• 88 believe they have access to valuable
  information
• 67 believe it was easy to steal data
• Polll at InfoSecurity Europe in April 2009

53
The threat landscape

• Types of threat
• Website infection
• E-mail attachment
• Malware
• Spam
• Mobile devices
• Data leakage

54
The threat landscape

• Website infection incidents in 2008
• January Fortune 500 companies
• February ITV (poisoned web advert)
• March Site selling Euro 2008 tickets hacked
• April Cambridge University Press website
  compromised
• June Association of Tennis Professionals website
  infected
• July Sonys US Playstaton (infected by
  scare-ware)
• September Business Week magazine (malware
  attack)
• October Adobe website
• Sophos Security Threat Report 2009

55
The threat landscape

• E-mail threat in 2008
• Attachement based threats on the increase
• Number of threats has declined since 2005 (1 in
  714 emails)
• However, large increase since August 2008
• - InvoZip Trojan a FedEx and UPS parcel
  delivery fake email
• - Agent-HNY Trojan Apple iPhone game (Penguin
  Panic)
• - EncPk-CZ Trojan fake Microsoft security patch
• - Pushdo Trojan fake pictures of Angelina Jolie
  and Nicole Kidman!

56
The threat landscape

• Malware threats in 2008
• Becoming known as scare-ware or rogue-ware
• Pretend bona fide security software
• Five new sites every day
• Norton AntiVirus and AVG have both been targeted
• Not just limited to Microsoft based systems
• Transferred through
• Social networking sites
• USB sticks
• Other software (Adobe Flash and PDFs)
• Sophos Security Threat Report 2009

57
The threat landscape

• Spam
• 97 of all business e-mail is spam
• Most from unwitting home users
• Significant amount from companies with weak
  anti-virus or system patching controls
• Social networking sites also popular (Facebook
  and Twitter)

58
The threat landscape

• Mobile devices
• Increased reliance on flexible and mobile working
• Obvious risk of devices being lost
• But organisations are still not securing them
• Fundamental question of whether sensitive data
  should be allowed to leave an organisation's
  network

59
The threat landscape

• Data leakage
• Incidents filled the headlines in 2008
• TK Maxx
• Home Office PA Consulting
• HMRC NAO
• Mobile and collaborative workforce
• Users insufficiently aware of risks 30 store
  key data on removable media
• Used hardware is a risk
• Sophos Security Threat Report 2009

60
The impact

• Numerous examples recently in Information
  Security failures
• Data leakage (e.g staff emailing out customer
  lists)
• Data loss (e.g laptops left on trains)
• Data theft (outright or colluded)

61
Consequences

• Damage to reputation and brand
• Loss of stakeholder confidence
• Loss of revenue
• Loss of customers
• Regulatory action
• Litigation / legal action
• Damage to employee relationships

62
Consequences

• Disruption is the biggest single impact
• From BERR (nee DTI) survey in 2008, the worst
  incidents cost
• Small businesses 8k - 15k
• Large businesses 80k - 130k
• This is just business disruption cost and
  excludes other direct and indirect costs (e.g
  staff time)
• Potential costs are larger for financial services
  firms because of the threat of an FSA fine

63
Response

• Companies need to look more holistically at
  Information Security Management
• There is no silver bullet but making information
  security part of the business is a key step. This
  is done by
• Bring information security considerations into
  strategic discussions
• Make those responsible for Information Security
  take a more business focused view
• Focusing on changing culture and establishing
  reliable Information Security Management processes

64
Response

• Other actions that are recommended
• Educate staff
• Record your security incidents
• Have your security assesed
• Enhance security access controls security
  tokens
• Enhance data management controls encryption
  data classification and control

65

• Any questions?

66
(No Transcript)
67
Exploring the Myths of the NFRC June 2009
68
Overview

• Reminder of NFIB NFRC
• NFIB Objectives
• High Level Design
• Proof of Concept results
• Next Steps
• Myths explored
• Question

69
National Fraud Reporting Centre

• Public face of the 2005 Fraud Review
• Web and telephone based fraud reporting and
  help/advice facility
• Aimed at individuals and small businesses
• Run by a 3rd party (not a police service)
• Web-site part of DirectGov
• Web reporting pilot from later part of 09
• Telephone advice/support line from Autumn 2009
• National roll-out from 2010
• Data captured will feed in to NFIB

70
(No Transcript)
71
Benefits for Citizens, Business Industry

• Streamlined means of reporting confirmed frauds
• Reduce bureaucracy
• Clear Advice
• URN issued
• Referral where appropriate
• Alerts issued
• Information on Trends
• Reduce time, effort cost
• Fewer victims

72
National Fraud Intelligence Bureau

• Confirmed frauds from public private sector
  data sets
• Analysis and bulk data matching
• Identify Persistent offenders Trends in
  enablers and methodologies Vulnerabilities and
  opportunities for prevention
• Share outputs with law enforcement, government
  and private sector (as appropriate)
• Reassure educate the public
• SPOC

73
Strategic Objectives

• Connect previously unconnected fraud data to add
  value to and make sense of existing fraud
  information.
• Aim to identify what fraud affects the UK, where
  it is being carried out, by whom, against whom,
  in what form and at what cost

74
High Level Design
75
(No Transcript)
76
NFIB Proof of Concept

• Datasets from
• APACS (FISS)
• CIFAS
• OFT Consumer Direct complaints database
• Selected SOCA datasets (false identity documents)
• Data-matching exercise
• High-level findings
• Inform the next stage

77
NFIB Database

• Records supplied from 15 FISS members, 270
  CIFAS members, Consumer Direct and SOCA
  (Amberhill, Pisces Macchie)
• Fields containing data suitable for matching
  names, addresses, telephone numbers, bank account
  numbers, e-mail address, web sites
• Working with data suppliers to verify and
  improve data quality

Note Of all the Consumer Direct data, only
trader complaints have been used
78
Next stage for the NFIB

• Move to a pilot rather than a second proof of
  concept - trial the IT solution in an
  operational context people and structures
  supported by investigative and analytical
  processes 
• In principle agreement reached to use a system
  developed by/for SOCA.
• Pilot due to start August 09 initially 14 week
  period
• Analytical team being expanded (contractors plus
  CoLP resources) Always interested in receiving
  secondees from non-police sector

79
Next stage for the NFIB

• Increased number of data providers/broader
  provision
• Engage data providers in the governance structure
• High level output from Pilot will be shared with
  participating bodies but not at an individual
  (names) level
• Evaluate fraud crimes in line with National Crime
  Recording Standards and Home Office Counting
  Rules
• In-depth analysis development of intelligence
• Pilot integration with West Midlands Police

80
Next stage -Pilot for NFIB
Confirmed
Target Partners
81
NFIB Myth Busting

• How will the NFIB be populated?
• Two main reporting channels Individuals and SMEs
  via the website or Call Centre
• Bulk data uploads will come via trade
  organisation and trade bodies e.g. CIFAS, IFB etc

82
Data enters data warehouse
Cleansed and processed
De-duped
Rules applied and matching identified
Matches reviewed and developed to form intel
packages
UNIFI
Filtering
Results fed to appropriate agency
IMPACT
Police Forces
Lead Force
PNC
Other Law Enforcement and Regulators
83
NFIB Myth Busting

• Will the NFIB take suspicions of fraud from
  trade bodies?
• No only confirmed fraud data and data that is
  subject to a Fair Processing Notice will be
  accepted

84
NFIB Myth Busting

• If we have data that does not meet FPN
  requirements, but is still a confirmed fraud how
  can this be passed through to the NFIB?
• We encourage you to contact the National Lead
  Force for Fraud or the local police force in
  these cases. The NLF will have a case acceptance
  criteria.

85
NFIB Myth Busting

• Will the NFIB be providing any data back to
  industry/trade bodies?
• Top level details of matches will be shared with
  the trade organisations who feed in to the NFIB.

86
NFIB Myth Busting

• Will private investigation teams be able to gain
  access to the NFIB?
• No access will be only granted to police and
  law enforcement agencies
• DPA requests will be evaluated on a case-by-case
  basis
• Details of top level matches will be shared with
  the trade organisations who feed in to the NFIB

87
NFIB Myth Busting

• How will the NFIB ensure they have the specialist
  skills to understand the data received from trade
  bodies?
• The NFIB will be actively encouraging secondees
  from the private sector, with specialist fraud
  skills, for periods of up to 24 months

88
NFIB Myth Busting

• Why is the NFIB only taking feeds from trade
  bodies rather than individual organisations?
• It is more efficient for the project team to
  negotiate with a trade body (who can represent
  all its members) and sign an over-arching
  contract rather than contracts with each
  individual member

89
NFIB Myth Busting

• We struggle to get some forces to accept our
  fraud cases at present what will change when
  the NFIB comes along?
• With no central data base at present, it has been
  impossible for Chief Constables, or ACPO to know
  the frauds perpetrated in their force area.
• The NFIB will facilitate a National co-ordinated
  approach to fraud investigations by providing NIM
  based products to all forces.

90
NFIB Myth Busting

• How quickly will the NFIB be able to analyse the
  data will it be real-time analysis?
• Regular data feeds into the NFIB will be received
  but it will not be a real time system.
• Where organisations have time critical work that
  requires to be undertaken e.g. to preserve
  assets, they should continue to take the
  necessary precautions to protect assets

91
NFIB Myth Busting

• Will the NFIB be both strategic operational?
• The NFIB will be strategic and tactical.
• Operational intel role but not conduct operations
  itself - crimes and intel packages will be
  disseminated out to law enforcement
• Will work closely with the National Lead Force
  for Fraud and will work with operational teams
  through the provision of fraud packages and intel
  to support investigations

92
NFIB Myth Busting

• Will the NFIB take on all investigations on
  behalf of the trade bodies who feed in to it?
• No the NFIB will not replace existing processes
  or procedures.
• It will perform a data matching/mining role
  passing intel packages to Forces for them to
  investigate further. Careful co-ordination at
  local level with be undertaken to prevent blue
  on blue

93
NFIB Myth Busting

• How will the NFIB liaise with external agencies?
• Where appropriate, a SPOC system will be in place
  for liaison with external agencies.

94
No hiding place for Fraudsters
95
(No Transcript)