How Mexican Officials Launder Money

/

GUEST BLOGGER

Dennis Lawrence, CFE

Lawrence is a Denver-based risk consultant.

Mexico has rightfully earned its reputation as a hotbed for chaos and corruption. Home to the world’s most powerful drug cartels, both local and national political figures live in constant fear of upsetting the wrong person. Compounded with a weak rule of law in many regions and a complicated relationship with big business, it is no surprise that government officials routinely exploit their positions for personal economic gain. Whether they can figure out a way to successfully launder corrupt payments, however, is a less certain affair.

Financial institutions are cracking down on money laundering in Mexico in light of increasing pressure from regulatory authorities, and it is perhaps more challenging today than ever for government officials to keep bribes undetected. Here are a few real life stories (and methods) of the worst offenders who got caught.

Governor Recruits Broker
Former governor of Quintana Roo, Mario Villanueva, spent the latter half of the 1990s amassing a fortune by authorizing the Juarez cartel to smuggle hundreds of tons of cocaine from Colombia to the U.S. via the Yucatan Peninsula. In exchange for a minimum of $400,000 in cash per load, Villanueva directed state and federal police to offload, transport, store and protect drug shipments destined for American consumers. In search of a way to protect his growing fortune, the governor enlisted the help of Lehman Brothers broker Consuelo Marquez to create several offshore corporations of which Villanueva and his son were beneficiaries. Each was carefully designed to conceal the names of its true owners (entities owned by layers of other companies or trusts is a favorite tactic). Marquez then established brokerage accounts at Lehman Brothers in the names of those offshore corporations and coordinated transfers of drug trafficking proceeds into and out of the accounts at the direction of the governor. Nearly $19 million was laundered through the firm. Villanueva disappeared days before the end of his term in 1999, and was discovered by Mexican police in a remote part of the Yucatan two years later. According to the Federal Bureau of Prisons, the ex-governor is currently incarcerated in Lexington, Kentucky, and is scheduled for release in 2019.

Trusted Intermediaries
Between 2005 and 2011, former Secretary of Finance for the Mexican state of Coahuila, Javier Villarreal, increased the state government’s public debt from $27 million to $2.8 billion, likely with the help of former Governor Humberto Moreira, who has yet to be officially charged with any crimes. According to court records, Villarreal obtained fraudulent state loans amounting to $250 million using falsified documents before tasking his wife and other relatives to open bank accounts in the U.S. The accounts collectively received millions in cross-border transfers from Mexico, likely from entities funneling money to obfuscate the origin of official government funds. Family members went on to create several LLCs for purchasing both commercial and residential properties in Texas.

Villarreal’s mistress, Altagracia Daniela Rodriguez-Garcia, was placed in charge of opening a particularly strategic bank account at a JPMorgan Chase branch in Brownsville, Texas. As instructed, she waited one year prior to quietly adding Villarreal’s name as an authorized signer. Shortly thereafter, Villarreal traveled to the same branch to open an offshore investment account held in Bermuda. The pieces of the puzzle came together when it was learned that he and a co-conspirator held a meeting with JPMorgan Chase bankers in Mexico where they inquired as to whether wire transfers could be deleted from bank systems so that no transactions would be seen going from Mexico to Bermuda via the U.S. Villarreal was arrested by Mexican authorities in 2012 as part of a public corruption investigation, but disappeared for two years before surrendering to U.S. authorities on the international bridge between Juarez and El Paso. In September 2014, he pleaded guilty to money laundering charges in a Texas federal court.

Corporate Fronts
Located in Northern Mexico, the lawless border state of Tamaulipas has been the site of numerous massacres and beheadings in recent years. According to U.S. law enforcement officials, the deterioration in security can be partially attributed to the tenure of former governor Tomas Yarrington who allowed drug cartels to operate freely in Tamaulipas without police interference. Apart from payments related to drug trafficking, Yarrington received an abundance of bribes for public works projects. In exchange for the rigged awarding of contracts, construction company owner Fernando Cano purchased real estate for the governor using front names. As Yarrington’s trust in Cano grew, the wealthy businessman became responsible for personally guaranteeing a $2.5 million loan on an airplane acquired using ill-gotten gains through a front company set up by another conspirator. He subsequently guaranteed numerous other loans linked to real estate opportunities involving similar modus operandi where shell companies were created by individuals in Yarrington’s inner circle and used to obtain expensive properties in the U.S. and Mexico. The governor’s demise came when, in the midst of divorce proceedings, Cano’s angry ex-wife spoke openly about the two mens’ wrongdoings. Yarrington disappeared in 2012 and remains on the run.

Financial crimes involving members of government are certainly not limited to Mexico, but as it stands today, the country is a magnet for public corruption. With that said, perhaps the sole commonality among almost all political figures who launder money is that they can’t do it alone. Family members, confidantes, bribe givers and the occasional corrupt financial services employee all play a role in the process… not to mention the banks that safeguard the funds themselves. Consequently, it only takes one mistake at the bank resulting in a Suspicious Activity Report, one angry colleague-turned-police informant or one careless act in an otherwise perfectly run multi-year operation to trigger the downfall of another elected official. The only question is, who’s next?

[Note: All figures are in U.S. dollars.]

The Role of Fraud Examinations in Cybercrime

/

SPECIAL TO THE WEB

Scott Swanson, CFE

It’s easy for us, as armchair analysts, when we hear about daily data breaches, to point our fingers and poke holes in the ways institutions fail to mitigate risk and threats of data loss and leakage. Take, for example, the sophisticated cyberattack of CareFirst BlueCross BlueShield (CareFirst) on May 20. According to the article, CareFirst Announces Cyberattack; Offers Protection for Affected Members, on the CareFirst website, the attackers gained limited, unauthorized access to a single CareFirst database. The company discovered the breach as a part of its ongoing IT security efforts in the wake of recent cyberattacks on health insurers.

According to the article, CareFirst engaged a cybersecurity firm to conduct an end-to-end examination of its IT environment. Evidence suggested that attackers could have potentially acquired member user names created by individuals to use CareFirst’s website, as well as members’ names, birth dates, email addresses and subscriber identification numbers.

In truth, staffs within most IT security and compliance departments are diligent in their roles — they do the best they can with what they have. I believe that information security should have a place in IT. But IT shouldn’t hold the reins of information protection and investigation; if it does, perhaps anti-fraud experts can help.

IS A CYBERBREACH ACTUALLY CYBERFRAUD?

Right now, fraud examiners should be licking their chops. Fraud, by its nature, includes any intentional or deliberate act to deprive another of property or money by guile, deception or other unfair means (2015 Fraud Examiners Manual, 2.201). Similarly, theft is when someone takes something from another without consent. A fraudster’s main objective is to hide the act even if the act is completed. This is also is the objective with many data breachers. The acts are largely unknown before and after penetration. The intent is to steal … by means of fraud.

Look at Target, Sony, Home Depot, OPM, etc. In most cyberbreach cases, the incidents are identified long after the penetration and the thieves have absconded with the targeted data.

When I perform periodic testing as a risk consultant to commandeer information and breach controls, I find my pathway in most cases through ruses that will enable me access — technologically, physically or by human shortcomings. Here are some examples of how a cybercriminal might gain access to secure information in these three ways:

Technology

  • Obtain a network or access password by asking an employee.
  • Spear phish to feign a trusted co-worker or site to trick the individual into logging into a trap-identity capture. For example, recreate a LinkedIn invitation in an email with an authentic look and feel of the actual website that grabs the user’s name and password when they believe they’re logging in to the invitation.
  • Gain access to an unattended device or endpoint (i.e. desktop computers and devices such as laptops, smartphones and tablets) that an employee left on a desk or counter during office hours. When employees leave their systems unattended and fail to log off, passersby can access information that isn’t password protected.

Physically 

  • Enter a facility without authorization by picking the lock or by entering through unlocked doors and other unrestricted access points. Or a fraudster can simply enter while a thoughtful person holds the door open as they both enter the building.
  • Steal hard-copy information that’s unattended such as paper forms, bills and customer information near printers, fax machines and in unlocked garbage containers.
  • Peer over an employees’ shoulders while they access private content, read information lying in the open or access files that aren’t locked away to see unsecured information.

Human shortcomings

  • Failure to comply with policies and procedures. Most policies and procedures exist as rules on a form that’s either in some nebulous manual or on a database for employees. Without carefully implementing policies and procedures in alignment with natural, daily activities, most employees won’t think about the controls unless they’re culturally ingrained.
  • Failure to create adequate controls. Organizations create controls to minimize activities that could create undue risk. However, risks are always changing and not all controls are sustainable, if indeed they were properly created in the first place.
  • Failure to identify and plan against dynamic risks, threats and vulnerabilities. Most risk assessments are a snapshot in time, yet organizations often don’t periodically reassess them to identify changes and indicators of adverse events.

Regulatory authorities and directives, such as the ones governing the Health Insurance Portability and Accountability Act of 1996, mandate that organizations need to protect information with technology, physical security and appropriate functional controls. Now, if information protection falls under IT, are companies really using the best resources to cover physical security and processes that fall outside of computer or device-based controls, such as business procedures? Probably not because the key loophole is usually human behavior. That’s a corporate risk and security issue, and it’s also a legal and human resources problem. The fact that the mechanism might have used technology shouldn’t drive “ownership” of the problem to IT. So who can transcend all of these business units? A properly trained fraud examiner.

Read the full article on Fraud-Magazine.com.

National Post Editor: Globalization of Fraud Calls for a Globalization of Law Enforcement

/

INTERVIEW WITH

Diane Francis, bestselling author, Editor-at-Large at The National Post and keynote speaker at the upcoming 2015 ACFE Canadian Fraud Conference in Ottawa, August 30-September 2

What role do you think the media currently plays in combating fraud?

The role of media, unfortunately, is shrinking as budgets, space and personnel shrink. There are some important think tanks and NGOs, plus other organizations in this space, who are compiling data, providing transparency and advising police, fraud investigators, corporations and governments about wrongdoing.

Personal finance frauds are fortunately still relatively well-reported wherever the legal system is politicized and transparent, as in the West. But elsewhere problems exist, and the grim reality is that the globalization of fraud is a potentially disastrous situation. Crimes in one jurisdiction could always be hidden or successful if borders were placed between the crime, victims and perpetrators. Now with borders gone and broadband everywhere, cybercrime, money transfers, bitcoin structures and other innovations are facilitating fraud on a scale that's historically unheard of.

More international cooperation and collaboration is essential, and conferences and organizations like the ACFE are critical to achieving both.

What is unique about the group of fraud-fighters you will address in Ottawa?

This is the world's largest anti-fraud organization and it connects jurisdictions, specialties and agendas in a unique way through its conferences and other educational content. I have written three of my 10 books on white-collar crime, notably fraud and money laundering, and retain an abiding interest in the topics because of their importance not only to economies but to societies worldwide.

What do you most hope attendees will take away from your address?

Warning signs and the need to push for the globalization of law enforcement.

Read more about Francis and other keynote speakers at ACFE.com/Canadian. Register today.

Mitigating the Fraud Potential in Disaster Claims

/

GUEST BLOGGERS

TomDiana1.png

Thomas Diana, Esq. and Brian Tenzer, Esq.

Disaster mitigation is a growing, lucrative business.

Where once there were a few major disaster water mitigation companies, now there are scores of smaller enterprises. Unfortunately, a lack of strict oversight and enforceable guidelines enables unscrupulous enterprises to take advantage of these situations. Fraud investigators should be aware of the propensity for these emerging enterprises to inflate damages and charge for work not performed.

“Assignment of benefits” contracts are problematic. To avoid the worry of dealing with mitigation charges, insureds are asked to assign their insurance benefits, which authorize mitigation companies to bypass the insured and bill insurance companies directly. Many insureds don’t know what they are signing, and terms of the contracts are not fully explained to them.

While insurers typically honor invoices that follow applicable industry standards, some mitigation companies inflate their estimates by up to 500 percent. They might use unnecessary equipment, run it longer than required or claim damage is more widespread than it actually is. Consumers ultimately pay for these inflated charges through increased premiums as insurers don’t underwrite for such risks.

Another problem is the lack of prompt notice to carriers. With assignment of benefits in hand, mitigation companies demand payment after the work is completed rather than while work is being performed. Claims should be reported immediately so the carrier has an opportunity to confirm the scope of damage and adjust the loss. However, because courts have validated assignments, insurers often are left with the unenviable choice of either paying inflated claims or undertaking expensive litigation.

This year, insurers sought mitigation relief from the legislature, but lawmakers weren’t swayed by the magnitude of this epidemic and carriers ultimately lost the battle. Another is likely to ensue this coming session. Meanwhile, legal battles in court will continue.

In the interim, carriers could lobby national organizations to enforce mitigation standards to prevent companies from charging whatever they want for unneeded services. Next, the issue must be presented to lawmakers as a consumer-protection measure. Quantify what mitigations should cost versus what they are costing. Then tabulate the expected premium increase resulting therefrom.

Finally, carriers may consider resolving claims through a three-step approach:

  • Utilize appraisal where available. Aggressively dispute unusual and inflated claims.
  • Contact the insured. Verify the extent of damage; how many days mitigation took place; the number of employees and machines used; where machines were placed; and, how often machines were checked. Then compare everything to the invoice.
  • Take certain cases to court, and force the mitigation companies to prove the loss is covered and that their charges are reasonable.

We don’t believe there is much sympathy for unscrupulous mitigation companies. If carriers will try this approach, they just may start derailing overinflated claims.

Brian S. Tenzer is a Partner at Goldstein Law Group in Fort Lauderdale, Florida. He received his Bachelor of Science in Criminology from Florida State University and his law degree from the Sheppard Broad Law Center at Nova Southeastern University. A highly regarded insurance defense attorney, Tenzer serves on the Florida Advisory Committee on Arson Prevention and is a member of the Broward County Bar Association, National Society of Professional Insurance Investigators, National Fire Protection Association and Florida Property & Casualty Insurance Fraud Task Force.

Tom Diana is in his 10th year of legal practice in Florida, focusing his practice on matters related to insurance and construction. He has provided continuing legal education to licensed adjusters, developed guidelines for claims and underwriting departments, drafted approved policy forms, and joined legislative efforts leading to the ratification of Florida Senate Bill 408 in 2011.

The No. 1 Key to Professional Development: Always Be Learning

/

GUEST BLOGGER

Kathy Lavinder, CFE
Owner and Executive Director of Security & Investigative Placement Consultants

Is there one key to professional advancement and long-term success? Yes and that key is lifelong learning. Continuous learning is the hallmark of ambitious and curious individuals. That’s why I probe job seekers on their professional development efforts and activities. When getting to know a potential candidate and evaluating someone for a role I regularly ask these questions:

  •  What courses have you taken recently? 
  • Have you attended any seminars or training this year? 
  • What are you reading to stay abreast of developments in your field? 
  • What are your educational aspirations? 
  • Are you working on any professional certifications?
  • Is there someone in your organization, or elsewhere, who you view as a mentor?

The employers who rely on my firm to find them the best applicants for their fraud prevention, investigation and detection roles want to see candidates who are never satisfied with their professional status quo. So many résumés I receive emphasize years of experience when they should emphasize experience that reflects responsibilities that have changed, roles that have evolved and a progression in one’s career. Someone may say they have 20 years of experience, but I will want to determine if that 20 years of experience is really just one year of experience times 20. 

Here’s the bottom line: There is simply no more dynamic landscape than the one in which anti-fraud specialists work. That reality means continuous learning is essential, not optional. There are so many ways to learn, with peer learning being one of the most obvious and accessible. Do not view your peers as competition; view them as unique individuals who through different educational and professional paths can offer you the benefits of their experiences. Do not view your supervisor as simply the boss, but look to learn from this person. Even if you dislike someone’s management style, you can learn from a negative. You will see role models, and possibly mentors, all around you if you look.

Formalized professional development is at the heart of the ACFE experience. Mine the organization and its broad array of members who live to battle fraud, as well as the personal and professional relationships that grow out of membership in the ACFE for all that they can offer. Do not view your participation as a “tick-the-box” endeavor. You’ll be missing out on so much if you do. 

Also, don’t overlook your potential for contributions to the anti-fraud field. Give back, share, teach and mentor. You will also learn in that process. The questions posed to you, the scenarios others will lay out and the case studies that will be referenced can all add to your understanding and personal development. You’ll also gain confidence in public speaking while sharing your ideas and experiences in a supportive and collegial setting.

“Always be learning” should be your new mantra. With the ACFE as part of your broader peer group you will have the best platform possible for doing that.