The Psychological Profile of a White-Collar Criminal
By Financial Detective Steve Lee
Los Angeles, California, December 15th, 2009—I’ve been asked to comment frequently on the news this year about a lot of fraudulent business activities in 2009. You’ve seen the headlines every single day, the most well-known among them Bernie Madoff’s Ponzi scheme, continuing with the secret UBS Swiss bank accounts of U.S. tax evaders, and most recently with the Galleon Group’s insider trading debacle.
While fraud certainly persists during periods of economic growth, it conflagrates in economic downturns. Tanking financial market values, depressed real estate, smaller paychecks, reductions in employee headcount, erosion of internal controls, desperation for unrealistic returns, stockholder pressure on corporate officers, scope limitations on audit functions, as well as diminished morale, are the factors that fan the flames of fraud in a down market.
Inside the mind of a white-collar fraudster
What does the archetypal white-collar fraudster look like? Much has been written about fraudster demographics. As a group, fraudsters whether executives or employees are dominated by middle-aged white males, the most notorious among them profiled in magazine cover stories. But, what are they thinking when they commit these crimes? Based on my experience in the field, executive white-collar criminals share the following key attributes:
• Calculating and Justifying. Fraudsters typically calculate potential gains and losses before they decide to commit fraud. They know they are far less likely to go to jail for a $50 million swindle than an armed robber who heists $500 from a bank teller. This knowledge emboldens them. The fraudster justifies his actions with a simple credo: the end justifies the means. In fact, for these individuals, anything can be justified. And that’s where they become dangerous.
• Entitlement. This is a corollary to justification. Many times fraudsters defend their acts by pointing to what they believe they are entitled to. They will frequently explain their behaviors with statements like: “I would have received that money anyway” and “I’ve made a lot of money for this company and this is no more than fair compensation.” It is also typically apparent in their lifestyles. Privately, they almost invariably indulge in various forms of excess that can be astonishing; it may be the 35,000 square foot homes, multiple corporate jets, jewel encrusted Breguet or Chopard watches and/or Bugatti, Ferrari and Lamborghini exotic cars.
• Unrestrained by Ethics. Modern systems of ethics center on behavior that either is consistent with moral principles or creates what ethicists refer to as “the greater good”. While fraudsters frequently talk about ethics and engage in moralizing, their actions are almost always inconsistent with either the greater good or an acceptable set of moral rules. They frequently talk a good game around business ethics, honesty and integrity. Their public actions stand up to a cursory review. Their business activities are often suspicious on a day-to-day basis. They usually spin a cocoon of financial opacity around these activities. It is part of the permission they give themselves to act outside moral principals and the greater good. News making examples include Jeffrey Skilling at Enron, Bernie Ebbers at WorldCom, Bernard Madoff and the allegations surrounding Raj Rajaratnam and his Galleon Fund operations.
• Intuitive Behaviorists. The executive fraudster’s ongoing shenanigans rely on a keen understanding of human behavior. They use bluster, force of personality and charm to deflect skepticism and to prevent insiders from turning on them. They also use incentives, fear of reprisals and a sense of being trapped as a co-conspirator to keep insiders in line. Fraudsters count on the laziness of their victims. They gamble that a suspicious client, employee, board member or colleague is averse to “rocking the boat.” Frauds do not usually survive illumination. Victim and co-worker passivity enables executive fraud.
• Loyalty & Trust. Executive fraudsters inspire loyalty and trust not only among their employees, but also among their clients and business colleagues. As cynical as this may sound, loyalty and trust can be the pavers on the road to fraud. For example, an employer might not question a trusted employee walking out of the warehouse with a box because they assume he is conducting the firm’s business. Similarly, investors may have assumed that Madoff offered no sophisticated web-based account access because he did things the “old fashioned” way or because his methods were so proprietary that such information could give away the Madoff “competitive advantage”. We now know that the real reason was because the securities were not really there, just like the trusted employee might be walking away with the firm’s inventory to his pick-up truck. The executive fraudster bets – usually correctly –that his prey will think, “Whatever you say, you’re the boss/expert/smartest-guy-in-the-room.”
• Smart. There is a popular notion that criminals are stupid. Whereas this may be the case in the realm of violent crime, narcotics, and burglary, it is not true of executive-level fraudsters. In fact, they are among the cleverest people we encounter.
• Overconfidence. This is often where fraudsters get caught. Despite their smarts, high-level fraudsters are superstitious learners. Fraud detectives know that fraudsters sometimes observe a single data point and extrapolate it as though it were a rule. For example, if they get away with one fraudulent move, they become addicted and plan their next move with a falsely bloated sense of security. Among those whose frauds are eventually uncovered, there tends to be a belief that “if they haven’t caught me up to now, they won’t catch me in the future.” It’s just not so.
Frauds tend to expand as they age. The velocity of the fraud and the volume of funds required to support it generally grows geometrically or exponentially while the available resources to support the fraud usually grow linearly. The overconfident fraudster may indulge in believing that what he has concealed now can be remedied or rendered opaque in the future. He contends that when a more ideal environment arises, he can resolve the financial discrepancies created by his fraud. He also tends to underestimate the doggedness of lawyers, auditors, bankers, regulators and others who may investigate the transactions that the fraudster has buried.
Tuesday, December 15, 2009
Thursday, October 22, 2009
The Ins & Outs of Cyber Theft Prevention
By Steve Lee, Managing Partner of Steve Lee & Associates
www.stevelee.com
October is National Cyber Security Awareness Month and a recently issued IBM X-Force 2009 Mid-Year Trend and Risk Report describes the current Internet climate as "an unprecedented state of Web insecurity as Web client, server and content threats converge to create an untenable risk landscape." However, despite these findings, the Internet will remain a vital channel for most businesses. So, how can you help create a safer and more secure online environment for your business and its customers?
With the expertise of Stan Stahl, CEO of Citadel Information Security (www.citadel-information.com), Steve Lee & Associates has worked with businesses to help mitigate, investigate and prosecute cyber crime.
Selected trends in online theft: These days, online banking hacks are the cornerstone of cyber theft committed against small and medium-sized businesses. Cybercriminals target business’ bank accounts and have focused their efforts on pilfering money from company demand-deposit accounts. McAfee, a leading security-software company estimates that in 2008, companies around the world lost more than $1 trillion to cybercrime.
Email phishing scams have become highly targeted as well. The attacks are delivered against users by name and can appear deceptively familiar and credible because they may include portions of the user’s password.
Trojans are delivered to unsuspecting small, middle-sized and large organizations through email purportedly from social or business networking sites and even from the IRS. One click and the hackers can access company bank accounts and use money mules to quickly siphon significant amounts of money out of the company’s account.
It’s important to remember that theses cyber crooks, also known as ‘black hats’, have the technological upper hand. Malware development has accelerated far beyond anti-virus and patch development. By the time ameliorative patches are available to detect or pre-empt the malware, hackers have deployed Trojans, viruses, worms, rootkits and spyware that may be several generations beyond the latest, published fix. (NOTE: for more information on malware development, see Brian Krebs’ The Washington Post column “Security Fix” at http://voices.washingtonpost.com/securityfix/)
Think your business’ bank account is protected by “second-factor authentication?” Well, think again. While second-factor authentication is touted by banks as a truly secure solution, it is not. Unfortunately, the awful truth is that no widely utilized online banking solution can guarantee 100% security. Multi-factor authentication is only slightly more robust than single-factor (i.e., user name and password) authentication. Even so, there are ways to help keep your money as safe as possible. Consider the following steps:
To maintain a safer computer infrastructure, your company’s management must consistently address cyber theft by implementing and continuously improving controls and processes:
1. Use a dedicated PC for online banking that is not used for any other transactions. If this sounds like a nuisance, just consider the inconvenience of losing hundreds of thousands or millions of dollars and then having to bring suit against your bank in an effort to recover your money. Remember, the bank will maintain that they are utilizing reasonable security practices. And by currently standards: they may be right. The onus will be on your business to prove your case.
2. Make a plan for breach disclosure. Most states, in addition to the District of Columbia , have laws governing "breach disclosure." You may be required to notify consumers if you have reason to believe that there has been a compromise of private consumer information. Insurance industry reports suggest that "breach notification costs" exceed $200 for every person that has to be notified.
3. Explore obtaining breach notification insurance as well as cyber insurance.
4. Establish usage rules like administrative privileges, subnet access, download permissions and acceptable applications. Invest in monitoring systems and enforce the rules.
Once a company protocol is mandated, these procedures must be communicated to employees. Employees need regular, albeit brief, training to help them recognize the red flags of cyber crime. In addition, regular upkeep and modernization of your security infrastructure is critical to preventing cyber theft:
1. Stay current with patches. That means Flash, Adobe, Java and other programs on your company’s computers in addition to Windows patches.
2. Invest in intrusion detection and intrusion prevention solutions. Don’t be penny wise and dollar foolish; a managed service may be your best bet. Yes, they cost more than off-the shelf anti-virus programs. You can be certain that you will never get more value out of software or a service than what you paid! Think about that the next time you decide to use freeware (also known as “unsupportedware”.)
3. Review your banking transactions frequently.
4. All social networking sites must be isolated from the corporate computing environment. They are for your employee’s and your home machine or a dedicated machine at your office that is off your corporate network.
Be mindful of Stan Stahl’s cyber security dictum: “Trust no one.”
www.stevelee.com
October is National Cyber Security Awareness Month and a recently issued IBM X-Force 2009 Mid-Year Trend and Risk Report describes the current Internet climate as "an unprecedented state of Web insecurity as Web client, server and content threats converge to create an untenable risk landscape." However, despite these findings, the Internet will remain a vital channel for most businesses. So, how can you help create a safer and more secure online environment for your business and its customers?
With the expertise of Stan Stahl, CEO of Citadel Information Security (www.citadel-information.com), Steve Lee & Associates has worked with businesses to help mitigate, investigate and prosecute cyber crime.
Selected trends in online theft: These days, online banking hacks are the cornerstone of cyber theft committed against small and medium-sized businesses. Cybercriminals target business’ bank accounts and have focused their efforts on pilfering money from company demand-deposit accounts. McAfee, a leading security-software company estimates that in 2008, companies around the world lost more than $1 trillion to cybercrime.
Email phishing scams have become highly targeted as well. The attacks are delivered against users by name and can appear deceptively familiar and credible because they may include portions of the user’s password.
Trojans are delivered to unsuspecting small, middle-sized and large organizations through email purportedly from social or business networking sites and even from the IRS. One click and the hackers can access company bank accounts and use money mules to quickly siphon significant amounts of money out of the company’s account.
It’s important to remember that theses cyber crooks, also known as ‘black hats’, have the technological upper hand. Malware development has accelerated far beyond anti-virus and patch development. By the time ameliorative patches are available to detect or pre-empt the malware, hackers have deployed Trojans, viruses, worms, rootkits and spyware that may be several generations beyond the latest, published fix. (NOTE: for more information on malware development, see Brian Krebs’ The Washington Post column “Security Fix” at http://voices.washingtonpost.com/securityfix/)
Think your business’ bank account is protected by “second-factor authentication?” Well, think again. While second-factor authentication is touted by banks as a truly secure solution, it is not. Unfortunately, the awful truth is that no widely utilized online banking solution can guarantee 100% security. Multi-factor authentication is only slightly more robust than single-factor (i.e., user name and password) authentication. Even so, there are ways to help keep your money as safe as possible. Consider the following steps:
To maintain a safer computer infrastructure, your company’s management must consistently address cyber theft by implementing and continuously improving controls and processes:
1. Use a dedicated PC for online banking that is not used for any other transactions. If this sounds like a nuisance, just consider the inconvenience of losing hundreds of thousands or millions of dollars and then having to bring suit against your bank in an effort to recover your money. Remember, the bank will maintain that they are utilizing reasonable security practices. And by currently standards: they may be right. The onus will be on your business to prove your case.
2. Make a plan for breach disclosure. Most states, in addition to the District of Columbia , have laws governing "breach disclosure." You may be required to notify consumers if you have reason to believe that there has been a compromise of private consumer information. Insurance industry reports suggest that "breach notification costs" exceed $200 for every person that has to be notified.
3. Explore obtaining breach notification insurance as well as cyber insurance.
4. Establish usage rules like administrative privileges, subnet access, download permissions and acceptable applications. Invest in monitoring systems and enforce the rules.
Once a company protocol is mandated, these procedures must be communicated to employees. Employees need regular, albeit brief, training to help them recognize the red flags of cyber crime. In addition, regular upkeep and modernization of your security infrastructure is critical to preventing cyber theft:
1. Stay current with patches. That means Flash, Adobe, Java and other programs on your company’s computers in addition to Windows patches.
2. Invest in intrusion detection and intrusion prevention solutions. Don’t be penny wise and dollar foolish; a managed service may be your best bet. Yes, they cost more than off-the shelf anti-virus programs. You can be certain that you will never get more value out of software or a service than what you paid! Think about that the next time you decide to use freeware (also known as “unsupportedware”.)
3. Review your banking transactions frequently.
4. All social networking sites must be isolated from the corporate computing environment. They are for your employee’s and your home machine or a dedicated machine at your office that is off your corporate network.
Be mindful of Stan Stahl’s cyber security dictum: “Trust no one.”
Roman Polanski: Celebrity Criminal and Justice Evader No More
By Steve Lee, Managing Director, Steve Lee & Associates
www.stevelee.com
www.stevelee.com
October 22, 2009…The clash among Los Angeles County authorities, French political and cultural figures, and celebrities over the arrest and extradition of Roman Polanski threatens to eclipse justice in this infamous matter. This cross-border ruckus reminds us that the American criminal justice system has a long memory and a longer arm – even when it comes to “players” on the world stage.
Yes, international authorities have devoted tremendous resources over decades to Polanksi’s case. That’s in part because he is a public figure. There’s no question that individuals of lesser stature evade the law, and these matters don’t prompt petitions or make news. Given Polanski’s visibility in the global entertainment and cultural community and the notoriety of his crime, officials would be hard pressed to diminish their efforts. All the more so after Polanski essentially thumbed his nose at the Los Angeles Country District Attorney’s office and the Superior Court. It appears that Polanski was offered a “sweetheart” deal and declined to consider it.
Yet Polanski’s celebrity also served to bolster his ability to evade law enforcement. The facts and circumstances around the original court proceedings in the late 1970s indicate there was a good chance that Polanski would have spent a minimal amount of time – if any – in jail. If he did, he likely would have served time at a minimum security facility and received the kind of gentle treatment often reserved for celebrities and white collar criminals.
Mr. Polanski has led a privileged life. There is no doubt that he is a talented man and has made measurable contributions to his chosen art form. He is well loved and revered by many in the film industry and some have been vocal in his defense.
Polanski’s victim is now an adult and has indicated that she would prefer the case be concluded. According to reports in Time Magazine, she has indicated that she does not wish to testify against Mr. Polanski.
Despite all these factors in Mr. Polanski’s favor, the facts are what they are. Polanski was booked on charges of rape, suspicion of sodomy, child molestation, and furnishing dangerous drugs to a minor. He was indicted on drug and rape charges. He entered a guilty plea to having unlawful sex with a minor and then he fled the jurisdiction.
What is at play here is the Fugitive Disentitlement Doctrine, which asserts that a court will not determine the merits of a claim made by a fugitive because any potential enforcement against the fugitive is impractical. Polanski wants the statutory rape charge dropped, but he refuses to return to deal with American justice. Presumably his concern is that the Court in 2009 may not find that his claims of judicial misconduct in the 1970s are well founded. The risk for Polanski is that if the Court found his claims without merit, he would be treated as a self-admittedly guilty sex offender in custody.
Today, tougher scrutiny of standards of celebrity justice coupled with a fervent distaste for and intolerance of child abuse might make prosecutors less willing to cut the kind of deal that was available to Polanski in the 1970s. Perhaps it is that change in the criminal justice climate that makes Mr. Polanski and his attorneys wary of a return to California. Attitudes change, but the reality of the acts that were performed does not. If they were criminal then, and they are criminal now, then justice needs to prevail.
We must be mindful that it is the individual that goes on trial for his or her acts, not the artist for his or her art.
Tuesday, September 15, 2009
Physical Theft In The Workplace
Physical Theft In The Workplace
By Steve Lee, Managing Director
www.stevelee.com
www.stevelee.com
September 15, 2009...What are the components of physical theft effecting enterprises? We're talking about larceny, embezzlement and misapplication. Black's Law Dictionary defines "larceny" as the "felonious stealing, taking and carrying...away another's personal property with intent to convert it or deprive the owner thereof." When an employee or another person unlawfully converts or removes one's property for his own benefit, the crime is embezzlement. When it's done for the benefit of someone other than the wrongdoer, it is misapplication. In all cases, it's theft.
While cash theft schemes occur three times more often than non-cash (inventory and other assets) theft schemes there is still plenty to talk about with these non-cash theft schemes.
Friday, August 21, 2009
Who is most likely to be the whistle-blower in a corporation??
Who is most likely to be the whistle-blower in a corporation??
August 21, 2009...There's no question that whistleblowers, employees who bring concealed misconduct to the attention of superiors, work in the financials departments at a company but aren't typically the CFO. It is often controllers, assistant controllers, assistant treasurers, and senior bookkeepers who "blow the whistle" because of their understanding of the links between the company's financials and the processes and transactions that go into financial statements. These employees raise concerns about how numbers, figures, and calculations that don't quite make sense, may develop into a larger problem, or are flat out wrong.
This was the case at Enron, where former vice president Sherron Watkins warned that the company "had a hole in the ship and was going to sink" after scrutinizing its assets against accounting standards. Consequently, Enron declared bankruptcy in December 2001, rendering thousands unemployed and resulting in millions of dollars in losses for investors.
Once a whistleblower voices a financial, legal, or ethical violation, immediate action must be taken by investigating, preserving evidence, establishing audit trails to prove or disprove fraud or other misconduct, determining damages, installing procedures and controls to mitigate further misconduct, and preventing retaliation.
Steve Lee, Managing Partner at Steve Lee & Associates can be contacted at: stevelee@stevelee.com.
This was the case at Enron, where former vice president Sherron Watkins warned that the company "had a hole in the ship and was going to sink" after scrutinizing its assets against accounting standards. Consequently, Enron declared bankruptcy in December 2001, rendering thousands unemployed and resulting in millions of dollars in losses for investors.
Once a whistleblower voices a financial, legal, or ethical violation, immediate action must be taken by investigating, preserving evidence, establishing audit trails to prove or disprove fraud or other misconduct, determining damages, installing procedures and controls to mitigate further misconduct, and preventing retaliation.
Steve Lee, Managing Partner at Steve Lee & Associates can be contacted at: stevelee@stevelee.com.
Thursday, August 20, 2009
Wednesday, August 19, 2009
U.S., SWISS AGREEMENT ON SECRET UBS BANK ACCOUNTS REPRESENTS THE TIP OF A VERY LARGE ICEBERG
U.S., SWISS AGREEMENT ON SECRET UBS BANK ACCOUNTS
REPRESENTS THE TIP OF A VERY LARGE ICEBERG
REPRESENTS THE TIP OF A VERY LARGE ICEBERG
August 19th, 2009….UBS has at long last succumbed to pressure from the Swiss government, agreeing to provide the IRS with the names of certain would-be taxpayers suspected of sheltering funds in those top secret Swiss bank accounts we’ve all heard so much about. At first blush, this seems like a big deal. After all, those tight-lipped, look-the-other-way Swiss banking types that we’ve grown so fond of over the years weren’t supposed to just cave like that, right? Well, the forensics investigation team at Steve Lee & Associates (www.stevelee.com) doesn’t think this is such a big deal after all.
Subscribe to:
Posts (Atom)