Hossam El Shaffei, CFE, has been interested in fighting fraud since first seeing normalized bribery occur in his native Middle East. Currently a partner specializing in risk advisory services at RSM Consulting, he has more than 35 years of global and regional work experience in multinational organizations such as the United Nations and United States Agency for International Development. El Shaffei also established ACFE chapters in Egypt and Jordan and recently became an Authorised Trainer for the CFE Exam Review Course in Jordan, Egypt and Lebanon.Read More
Emily Primeaux, CFE
Assistant Editor, Fraud Magazine
He sees you when you're sleeping. He knows when you're awake. He knows when you've been bad or good...
"He," or "she," of course, is the ever present fraud fighter. And in 2016, fraud fighters saw a slew of unsavory characters who clearly ignored the elf on the shelf and instead stole, bribed or colluded to illegally line their own pockets. But for every bad apple, there are unsung heroes — the whistleblowers, journalists, investigators ... the list goes on and on. These heroes go to battle in the trenches every day to root out the crooks and thieves.
In honor of the holiday season, let's ruminate on the past year and the characters that made it onto either the naughty or the nice list.
- Wells Fargo: On Sept. 9, 2016, Wells Fargo negotiated a deal to settle a lawsuit filed by the U.S. Consumer Financial Protection Bureau, the Office of Comptroller of Currency, and the City and County of Los Angeles. Though Wells Fargo didn't admit to any wrongdoing, it did confirm that employees had opened more than two million checking, savings and credit card accounts without customer approval. And in a stunning turn of events, former employees then came forward to say they had called the ethics hotline to report dubious sales practices. However, according to these accounts, some whistleblowers claimed that the bank's strategy for dealing with whistleblowers was to find ways to fire them in retaliation. Though the case is ongoing, John Stumpf has stepped down as the bank's chief executive.
- Andrew Caspersen: On Nov. 4, 2016, this disgraced scion of a wealthy Wall Street family was sentenced to four years in prison for robbing his friends, family and a large hedge-fund foundation in a Ponzi-like scheme. The judge who sentenced him? None other than the ACFE's 2016 Cressey Award winner, Senior U.S. District Judge Jed S. Rakoff. Looks like Caspersen most likely received coal in his stocking this year.
- The Panama Papers: A giant leak of more than 11.5 million financial and legal records from the world's fourth biggest offshore law firm, Mossack Fonseca, detailing financial and attorney-client information for more than 214,488 offshore entities ... otherwise known as the Panama Papers. According to the papers, the leak "exposes a system that enables crime, corruption and wrongdoing, hidden by secretive offshore companies." The leaked documents outed scores of politicians, business leaders and celebrities for fraudulent business practices, including Iceland's Prime Minister, Sigmundur David Gunnlaugsson. He stepped down after documents revealed that he and his wealthy wife had sheltered money offshore.
- The Panama Papers: The papers themselves were a great feat of international cooperation when the International Consortium of Investigative Journalists, the German newspaper Süddeutsche Zeitung and more than 100 news organizations released the Panama Papers. These are the good guys.
- Tyler Schultz: When he discovered that Theranos, a health technology and blood-testing company, was using proprietary Edison machines that frequently failed quality-control checks and produced widely varying results, Schultz (an employee of the company at the time) decided to speak up. He drafted an email to founder Elizabeth Holmes to complain that Theranos had doctored research and ignored failed quality-control checks. What makes this move even more incredible is that Schultz is the grandson of George Schultz, a Theranos board member. Since then, a major investor has sued Theranos for fraud and the company has had to stop blood tests, shut down labs and cut jobs.
- Clare Rewcastle Brown: In 2010, Rewcastle Brown founded The Sarawak Report and Radio Free Sarawak to disseminate news that concerned the Sarawak region of Malaysia and eventually, news surrounding the emerging 1MDB (1Malaysia Development Bhd) scandal. 1MDB is currently being investigated by Swiss, Singh and U.S. authorities. And she's not backing down, despite a Malaysian court issuing a warrant for her arrest for "activities detrimental to parliamentary democracy" and the "dissemination of false reports." She'll be speaking about the scandal at the 2017 ACFE Fraud Conference Europe in London, March 19-21.
The naughty list may never be empty, but at least we have those on the nice list to turn to. And while 2016 saw some pretty egregious schemes, we can enter 2017 knowing that there are those willing to investigate and speak up. Here's to the new year!
Unaoil, a Monaco-based oil consulting company, was recently exposed in a media investigation for potentially supporting or facilitating bribes on behalf of large multinational firms in the oil and gas industry. Though the company is from Monaco, Unaoil is believed to have supported companies in winning contracts across Middle Eastern and African countries. The investigation, which Fairfax Media and The Huffington Post conducted, identified several emails providing references to the routing of bribes.
The Unaoil case provides several lessons on using forensic email reviews to help gather evidence or indications of fraud, misconduct and regulatory non-compliance. Investigators who use these reviews rely on communication as a raw form of evidence that exhibits subjects' unethical or illegal intent. Keyword searches are an effective method of identifying evidence in the huge volumes of data stored in digital devices. Investigators choose keywords based on context and relevance to the case.
An analysis of the evidence gathered by Fairfax Media and The Huffington Post on the Unaoil case reveals a number of lessons on forensic email reviews for investigators.
Using code words in communication
Many of the leaked Unaoil emails and excerpts contain several code words referring to individuals, organizations, events and the contexts of the communication. Individuals are referred to as "Doctor," "Ivan," or "Lighthouse." Keywords can help disguise intent in communication. For example, bribers or bribe receivers (public officials) might not be red-flagged in email if they identify themselves by code name or keyword.
Of course, these reviews wouldn't be effective unless investigators are aware of the keywords subjects are using because generic keywords might show inconsistencies.
Investigators should look for:
- Data (files created, system logs, etc.) and communication (email and chat logs) pertaining to a specific time period (a month, quarter or a year that's relevant to the incident or the issue in question).
Dissecting the chain of events
The leak in the Unaoil case included emails referencing the opening of a separate bank account to channel funds; a request for depositing funds into an unknown, third-party, offshore account; and a payment rejected by a bank, which noted the transaction "may conflict with U.S. government sanctions." In that case, the rejected payment was subsequently cleared by the bank.
Automated communications from a banking channel on payouts or deposits might be ignored assuming they're irrelevant. However, if someone attempts to place some of these transactional communications into the overall chain of events relating to the issue or the incident in question, it helps in identifying relevant evidence on a violation or misconduct. Such communication might not contain any of the keywords (including names of key people) that are considered in the review.
When looking at the chain of events, investigators should consider the following three key factors:
- Inconsistent nature of received communication.
- Unusual patterns of communication and the use of "Bcc:" in emails.
- Communication representing financial transactions or financial manipulation.
These outliers help put together events and look at them from a bird's-eye view. Looking at the chain of events in this way enables the investigator to identify potential red flags. For instance, a Bcc: communication might show that the perpetrator intended to involve the subject in the blind copy field without the receiver knowing it.
Forensic email reviews help uncover clues
Organizations should consider using forensic email reviews in new ways to uncover information to understand key players' communication patterns, including what and with whom they communicating, and files they're sending and receiving. If you conduct this type of analysis on each individual for an isolated sample period you might identify specific keywords.
These reviews should extend beyond keyword-based searches to examine communication among identified individuals, time-period-based information exchange, inconsistent/unusual patterns or nature of communication, and any suspect references to financial transactions and manipulation.
The Unaoil case demonstrates how you can use these tactics in forensic email reviews to help unravel large-scale, complex fraud schemes and discover communication patterns, preserved digital evidence and, most importantly, fraud perpetrators' own words — saved for posterity.
Read the full article, with even more tips for reviewing emails, at Fraud-Magazine.com.
Sundaraparipurnan Narayanan is the associate director of forensic services at SKP Business Consulting LLP. His email address is: SNarayanan@skpgroup.com.