Fraud, Bad Business Decisions, and Waste and Abuse


Mary Breslin, CFE, CIA
President, Empower Audit

In light of International Fraud Awareness Week, I wanted to take a look at why fraud awareness in every organization needs to specifically define what fraud is for your organization.

Six weeks after the U.S. government bailed out AIG, the AIG executives held a weeklong retreat at a five-star hotel – The St. Regis Monarch in California – and spent half a million dollars. Congress consequently held hearings questioning why a seemingly exorbitant amount of money was spent on an executive retreat immediately after receiving more than $80 billion from the American people to be bailed out. The half a million spent at St. Regis included expenses for rooms up to $1,200 per night, large bar tabs, spa treatments including massages, manicures, pedicures, facials and hair treatments, and more than $150,000 on banquet fees.

When I teach my internal audit fraud course, I like to begin by playing a clip from the congressional hearings that details the expenses, and questions why and how this money was spent. The video does not show any conclusion; it shows the frustration of the congressmen and women trying to understand how after needing to be bailed out by the government, AIG could rationalize those expenditures. One could argue they needed to gather for strategy meetings after the bailout. Sure, but did they need to do it at a five-star resort? And were the spa treatments and bar tabs necessary?

I then poll my class participants and ask them if it is fraud. Most say “no.” The vast majority of people feel it is either waste and abuse, or simply a bad business decision. Most also feel that once the money was given to AIG it was their money to spend as they saw fit. I like to use the AIG example because AIG recovered and was able to pay the money back, which I believe impacts our perception. If AIG had failed, would everyone shake their heads at the company spending a half a million dollars on a retreat and readily call it fraud? But was it fraud? Were the executives acting with appropriate fiscal responsibility and integrity? If not, is that fraud? Or is it waste or abuse? Or maybe it’s simply a bad business decision?  We very rarely have trouble labeling actions as fraudulent in hindsight, especially when the company failed or became embroiled in a scandal. But do we see as clearly while it is happening? I think not.

Finally, we also have a much easier time labeling fraud in theoretical situations. This is why organizations need to define what fraud is to them before facing potential fraud risks. If organizations do not clearly define what they consider to be fraud, and the difference between fraud, waste and abuse, and bad business decisions, then as questionable situations arise they may not be seen as a real threat. Just ask Wells Fargo.

Talking to My 4-Year-Old About Wells Fargo


Mandy Moody, CFE
ACFE Content Manager

“Mom, what is the guy’s name again who stole all of the money?” This question from my 4-year-old was yet another reminder to me that I need to be careful what I talk about in front of her. She is pretty much the opposite of my husband; she listens to everything.

Two days ago when the news broke that Wells Fargo CEO John Stumpf was resigning, I was in the car with her on our way home from her preschool. She overheard me call my co-worker to tell her that he was stepping down and to tweet something on our Twitter account. She could hear the excitement in my voice; excitement from knowing that someone was being held somewhat accountable for the millions of dollars taken and numerous fake accounts created over the past 10+ years. She asked me what happened and I told her that someone had stolen a lot money from people and that he was going to leave his job because he was in trouble.

“Is he a bad guy?” she asked.

“Well, he did something bad, and now he has to say he is sorry and stop what he is doing,” I said. That was the best I could come up with after an eight-hour workday.

“But, we are good guys, right, Mom?”

“Yeah, we are the good guys,” I told her.

So, flash forward 24 hours and she wants to talk about John Stumpf again on our way home from school. Honestly, I think she just likes saying his name. I reminded her of the story again and this time I told her that I get to work with people every day who try very hard to keep people like John Stumpf from stealing money. I told her that I love meeting these people and helping them stop anyone who wants to take something that isn’t theirs.

I then told her that she could grow up and be anything she wanted to be. Yes, I am one of those moms that constantly reminds her that she can do anything boys can do and can do anything she works really hard at (except soccer; I’m pretty sure that ship has sailed). I told her she could be a teacher like her daddy or a writer like me. I told her she could be a business owner like our neighbor who I am pretty sure she loves more than me. I told her she could be an animal doctor or a mail carrier (she’s obsessed with mail carriers). I then told her she could be someone who helps people keep their money safe; someone who works hard to always do the right thing even when it is hard. I didn’t explain the Certified Fraud Examiner to her because we all know that would lead to something about frogs, but I did tell her about how dedicated these people are to make sure we stay the “good guys.”

So, it was no surprise to me when I then asked what she wanted to be when she grows up that she answered without hesitation and with eyes beaming, “I want to be a leopard!”

How One Known Fraudster Opened Up 17 Bank Accounts


Martin Kenney
Managing Partner, Martin Kenney &Co., Solicitors

If you haven't read the story of Daniel Fernandes Rojo Filho before now, I recommend you do so. It's a salutary and shocking tale … and a striking warning for those in charge of due diligence at banks.

Rojo Filho, a 48-year-old Brazilian national and self-proclaimed billionaire living in Florida, managed to open at least 17 bank accounts (signed in his own name) in mid-2014 at banks such as Citigroup Inc., JP Morgan Chase and Wells Fargo, though he was a known fraudster. (See the Bloomberg Business article, Ponzi Suspect's 17 Accounts Raise Questions, by Neil Weinberg, Oct. 8.)

In doing so he made a mockery of these banks' "Know Your Customer" (KYC) systems — systems that were supposedly tightened after the financial crash of 2008.

How did an individual whom the U.S. authorities investigated in 2009 about an alleged conspiracy (involving drug trafficking, money laundering and a Ponzi scheme), manage to so brazenly continue with his businesses? A simple web search by any banking compliance manager would have yielded plenty of clues to his identity.

According to court documents, as a consequence of his 2009 criminal actions, Rojo Filho and others were ordered to forfeit assets, including tens of millions of dollars in Lamborghinis, gold bars and other valuables. Ultimately, he agreed to further sanctions in 2013 when he forfeited another $25 million in accounts held by his children and businesses.

So when banks conducted their due diligence and KYC checks, one would assume that his name would raise a few red flags. But that didn't happen. Incredibly, the banks somehow missed the historical data and public records and allowed Rojo Filho to gain access to the financial systems once again. He didn't even need to use a fake name to secure the accounts — he applied in his own name and signed off using his own signature! He set up 17 of the accounts in his company's name, DFRF Enterprises, which is derived from his initials.

Not surprisingly, Rojo Filho is now facing several new charges, including an indictment in August that he allegedly used these new accounts to set up a sham investment scheme, based upon high-yield returns from non-existent gold mining operations. Other lawsuits are potentially heading his way, with the Securities and Exchange Commission (SEC) adding its weight to the process.

Read more about Rojo Filho and how the KYC process could be improved on