How to Tame ‘Data in the Wild’

GUEST BLOGGER

Misty Carter, CFE
ACFE Research Specialist

Emails, social media posts, blogs, instant messages — what do they all have in common? For one, they are tools used by millions of people each day to communicate with the rest of the world. What else do they have in common? They help detect fraud. You might be wondering, “Why and how is a Facebook update relevant to fraud detection?” Consider how much new data is created every second. Think about how many posts, emails or text messages you personally send each day. Now think about how much of this data is never touched. 

To put it into perspective, a study conducted by International Data Corporation (IDC), a U.S. market research firm, estimated that text, also known as unstructured data, will account for 90 percent of all data created in the next decade. Unstructured data, sometimes referred to as “data in the wild,” is basically free-form data that has not been put into a structured format. Since unstructured data is a relatively unexploited resource for fraud examiners, it makes sense to use it in a way that can provide more insight into areas prone to fraud that might have been previously untouched.

Before coming to the ACFE, I spent 10 years working in the audit field. I found mining through text data during fraud investigations to be one of the most useful tools in my auditing toolkit. Today, many fraud examiners are using a similar data analysis method to help explain, understand, or interpret a situation or a person’s actions or thoughts. This type of non-traditional analysis is referred to as textual analytics. In fact, the FBI and Ernst and Young’s Fraud Investigation and Dispute Services Practice have used textual analysis on email communications from past corporate investigations to determine the most common words used by employees engaged in rogue trading and fraud. As a result of their analysis, they identified the top 15 keywords and phrases used by fraud perpetrators. This list of keywords can be used proactively to prevent fraud from occurring or spot it early in the process.

The use of keywords, however, is only one facet of analyzing textual data. The ACFE’s new online course, Textual Analytics, identifies various techniques that can help fraud examiners, including examples of how data from free-text fields, email, social media sites and other sources can be used to uncover fraud. This course provides an overview of different types of data and how it should be managed prior to being analyzed. It also explains how textual data can be used to assess fraud risk in areas that might not be on management’s radar. 

If you are looking for new and innovative ways to add value to your organization, this course will provide you with the tools necessary to effectively reduce fraud risk exposure while enhancing your fraud detection skills.

Read more about the new course.  

The Wild West ... or Just Wait and See? What Anti-Fraud Professionals Should Understand About Digital Currencies

july-mug.jpg

Guest Blogger

David Long, JD, CFE, CAMS
Principal, Northern California Fraud Prevention Solutions

Recently the digital currency, Bitcoin, has exploded into the news. Much of the news coverage has been decidedly negative. A number of events occurred that have instilled in the public’s mind a vaguely negative impression about Bitcoin, to those at least, who have actually ever heard of Bitcoin. 

In October 2013, the FBI arrested Ross Ulbricht, a.k.a. “Dred Pirate Roberts,” who is alleged to have been the mastermind behind Silk Road, a website devoted to selling illegal drugs and other illicit items and services. The sole medium of exchange on Silk Road: Bitcoin. Then in January 2014, Charlie Shrem, a well-known member of the Bitcoin community and the CEO of BitInstant, one of the most well-known and largest bitcoin exchanges at the time, was arrested on money laundering charges.  Later, in early 2014, Mt. Gox, the Tokyo-based digital currency exchange collapsed and the ensuing loss of millions of dollars-worth of customer’s bitcoins spread through the news like wildfire.  Taken together, these events have caused many anti-fraud professionals working in law enforcement, regulatory agencies, compliance departments, as well as other institutions where digital currencies could conceivably be an issue, to eye Bitcoin and other alternative currencies with a healthy dose of skepticism.

Also, these events have hurt the relative strength of Bitcoin in relation to the dollar. The Bitcoin to dollar exchange rate reached a high of over $1,000 on some exchanges on November 27, 2013; however, the rate dropped to a low of $421.91 on April 7, 2014, and continues to fluctuate, further fueling skepticism about Bitcoin’s long-term viability. 

In spite of the negative news, Bitcoin continues to gain support commercially among merchants and retailers. The Sacramento Kings of the National Basketball Association, the Chicago Sun-Times and Overstock.com, among others, now accept bitcoins as a method of payment. In addition, thousands of small businesses scattered across the U.S. with notable concentrations in San Francisco and New York, also are accepting bitcoins.

Because Bitcoin is a disruptive technology, there were no real applicable regulatory or enforcement mechanisms in place when Bitcoin came into existence in 2009. The nature of the Bitcoin protocol is such that regulations already in existence, in most cases, could not be easily adapted to the Bitcoin protocol. The exchange, transmission, trade, securitization and commoditization of bitcoins all have regulatory implications. Regulators are rightly concerned about such issues as consumer protection, anti-money laundering/countering the financing of terrorism, fraud prevention and more. However, because of Bitcoin’s disruptive nature, the application of existing regulations often place Bitcoin into a regulatory grey area.

In March 2013, the U.S. Financial Crimes Enforcement Network (FinCEN) issued guidance that characterized certain Bitcoin companies, namely Bitcoin exchanges as non-bank financial institution “money services businesses,” namely “money transmitters.”  Money transmitters must register with FinCEN and follow the Bank Secrecy Act’s (BSA) anti-money laundering (AML) regulations and must develop bank-level AML and Know Your Customer compliance standards for their businesses. 

For anti-fraud professionals whose work might involve digital currencies, it is important to reach out and coordinate efforts with other professionals, whether they are employed in law enforcement, regulatory agencies, or compliance departments. Digital currencies are here to stay, and a proactive approach will go a long way in successfully facing difficult issues related to digital currencies likely to arise in the future.

If you would like to learn more about the Digital Currency Environment’s impact on the anti-fraud profession, register now for the David Long’s upcoming ACFE webinar: Anti-Money Laundering in the Digital Currency Environment.

Hunting the Big Cats of Fraud: Dewey & LeBoeuf LLP

SPECIAL TO THE WEB

Robert Tie, CFE, CFP
Contributing Editor, Fraud Magazine

Despite the global financial crisis, all seemed to be well at Dewey in 2008. But then cash flow began to drop, which eventually forced the big firm to declare bankruptcy — five years after the 2007 merger that created it. Thousands of Dewey employees lost their jobs, and creditors and investors were out hundreds of millions of dollars.

According to the May 14, 2012 article, Dewey's Bienenstock Discusses Law Firm's Demise, by Peter Lattman in The New York Times, "Several former Dewey partners presented prosecutors with evidence of potential financial improprieties."

After a lengthy investigation, the U.S. Department of Justice (DOJ) on March 6, 2014, indicted the former CEO, CFO, executive director and a lower-level manager of the by then-defunct law firm for intentionally issuing false financial statements. At the same time, the SEC filed a civil complaint against the same four employees. It also filed a separate complaint against seven of their colleagues. The CEO, CFO, executive director and manager pleaded not guilty to all criminal and civil charges, and their seven colleagues all pleaded guilty to the civil charges against them.

One of the seven who pleaded guilty is Francis Canellas, the firm's former finance director, who agreed to testify for the prosecution. According to Canellas' plea and cooperation agreement with the DOJ, he and the other 10 defendants falsified the firm's financial statements to fool lenders and investors into thinking Dewey was profitable, even though it wasn't. Multiple insurance companies, deceived by the doctored records, invested $150 million in a private Dewey bond offering, and three banks gave the firm a $100 million line of credit.

"What Canellas told prosecutors about his co-defendants is as yet unproven," Sizemore says. "But we can regard as fact every fraudulent action he admitted taking himself. Each of them is a mirror image of actions taken in virtually every financial statement fraud I've investigated or studied."

As happens in many businesses, Dewey wrote off some of its receivables as bad debt. But the prosecutors and Canellas said that when it became clear the firm wouldn't meet its revenue projections, the defendants fraudulently reversed those write-offs.

"If I were called in to perform a fraud risk assessment at Dewey before the fraud was discovered, I'd want to know how much working capital the firm had and what covenants they had to meet to keep their funding in force," Sizemore says. "And I'd wonder how that firm could pay so many high-priced lawyers, finance its operations and pay its loans — all during a recession."

TIPS FOR FRAUD EXAMINERS

  1. Ask as many questions as necessary, and evaluate the answers for reasonability. "If you don't understand something on a financial statement, or it seems unusual, ask for support documentation," Sizemore says. "Test it for reasonableness in terms of your understanding of the company's expenses and income and the business environment in its industry and locality. If your reasonableness test reveals any red flags, perform ratio analyses. Be sure to compare the company with at least two others or with industry-wide values. Company statistics by industry — number of employees, sales and so on — are available online, and I've used them in numerous investigations. Some are available only by subscription, while others are free."
  2. Be flexible. Sizemore says no single ratio fits all situations. So choose a ratio appropriate for your client's industry and type of business. If you can't find one, use a universally applicable calculation, such as days' sales outstanding in accounts receivable. He also notes that ratios don't prove fraud, but they can help you detect fraud that otherwise might not be evident.
  3. Stay on track. "To conceal red flags, fraudsters will tell you that the support documentation you want isn't available," Sizemore says. "Most red flags have legitimate causes, such as management's inability to run the business effectively. But the only way you can tell is to check the support documentation," he adds.

Read three more tips from Tie and view a table comparing HealthSouth to Dewey & LeBoeuf on Fraud-Magazine.com