Fraud prevention for credit unions Deposit Insurance Corporation of Ontario November 12, 2013
2
Agenda The cost of fraud Internal fraud The risks of external fraud facing credit unions Fraud prevention Responding to fraud 3
ACFE 2012 Global Fraud Study Key Findings Estimates that organizations lose 5% of annual revenue to fraud Median losses $140,000000 More than 20% of cases caused losses greater than $1 million The frauds reported lasted a median of 18 months before being detected Nearly half of victim organizations do not recover any losses that they suffer due to fraud 4
Risk of fraud to credit unions Fraud probe forces credit union to close Three people have been charged and another is being sought by police in connection with a $9 million mortgage fraud that forced a well-known Cooksville credit union to close Sarnia credit union closed, ex-manager charged with theft A Sarnia credit union has closed after its former manager allegedly defrauded the institution of almost $75,000 5
Fraud What, Who, Why & How? What Fraud is deliberate deceit which is planned and executed to deprive an individual or organization of property, money or any other valuable security. Fraud is committed with intent and includes actions of misrepresentation and/or acts of omission. Who Employees, vendors, customers, other third parties Often who you least expect The long-term employee, in a position of trust, dedicated Why & How The Fraud Triangle 6
Who commits fraud? Internal or external to the organization? Source: Profile of a Canadian Fraudster, published by KPMG Forensic, 2009 7
Common types of internal fraud activity Forged or altered cheques, invoices, purchase orders. Theft or misappropriation of monies, inventory, supplies, services. Payments to fictitious vendors or vendors related to employees (shell companies, numbered companies). Payments for soft costs and consulting services. Fictitious expense reimbursement claims. Falsified overtime or labour claims. Receiving kickbacks or gifts of material value from vendors. Conflicts of interest e.g., Requests for Proposal (RFP) bid rigging family members, related companies, close relationships (kickbacks). 8
ACFE 2012 Global Fraud Study Key Findings (cont d) Most common red flags Living beyond one s means (36%) Financial difficulties (27%) Unusually close relationships with vendors/customers (19%) Control issues, unwilling to share duties (18%) Organizations that had anti-fraud controls in place had significantly lower losses and time-to-detection than organizations without such controls 9
Other concerns Collusion between loan officers and borrowers Undeclared d income/false documents Often isolated to particular branches Loan officers/customers with some connection Manipulated financial reporting 10
Warning signs Rumours and complaints Significant ifi after hours work Low absenteeism no vacation Changes in social relationships Documentation deficiencies Understaffed accounting / audit department 11
Warning signs Low morale & motivation High level l of complaints from customers and suppliers Partial / incomplete payments Excessive write-offs Payments to related parties Unexplained trends in financial reports 12
Recent external fraud issues False documentation, false financial statements, false businesses, identity theft Collusion between loan officers and customers False communications Money laundering 13
Recent example Toronto police arrest 25 in multi-million dollar investment scheme allegedly involved: Organized group of individuals that targeted financial groups for $8 million during a roughly 18 month period Scheme to trick banks and others into lending to false businesses Shell companies, substantial false documents Used legitimate t businesses to help with the deception 14
False documentation Counterfeits, alterations, fictitious documents Electronic age is adding to the challenge Recent examples have ranged from attempts to secure personal loans/mortgages to commercial fraud rings More sophisticated examples involve substantial false documentation, people acting as legitimate business people and false businesses to obtain funds. These schemes often target more than one lender: Personal documents Financial statements Company documents 15
False documentation identification/prevention Observation look for the unusual Font changes and type/style consistent Misalignment, typos Atypical wording Signatures in audit report Difficulties getting typical information Further due diligence in unusual or risky circumstances Verification with third parties if suspicions arise Background checks on key individuals, organizations, customers looking at integrity and reputation, human source intelligence Absence of information may be a red flag 16
Fraudulent financial reporting leading to the overstatement of assets/revenues of a legitimate business Common schemes - examples Playing with timing i differences Fictitious revenues (e.g. false customers) Unrecorded liabilities and expenses Improper asset valuation (e.g. unwarranted write ups, empty boxes) Disclosure failures (e.g. related party transactions, commitments) Compilation reports 17
Money laundering Increased regulatory focus changes effective February 1, 2014 Cost of non-compliance Regulatory penalties Reputational damage Potential litigation, other remedial costs http://www.kpmg.com/ca/en/topics/at-risk-magazine/pages/canadasbid-to-converge-aml-standards-with-global-players.aspx 18
The objectives of fraud risk management Prevention Reduce the risk of fraud and misconduct from occurring Detection Discover fraud and misconduct when it occurs Response Take corrective action and remedy the harm caused by fraud or misconduct 19
Fraud risk management Prevent fraud and misconduct Detect occurrence Respond appropriately 20 20
Sample anti-fraud program elements 21
Prevention Preventative controls are designed to prevent fraud from occurring in the first place Leadership and governance Fraud risk assessment Code of conduct Employee and third party due diligence Communication and training Process-specific fraud risk controls http://www.dico.com/design/2009_audit_committee_handbook.pdf 22
Code of conduct Communicates key standards that define acceptable business conduct Sets the tone for overall control culture Raises awareness of Management s commitment to integrity Resources available to help employees achieve Management s compliance goals CICA 20 Questions Series http://www.cica.ca/publications/risk ca/publications/risk-and-governance/item61006and governance/item61006.aspxaspx 23
Employee and third party due diligence Hiring, retention and promotion of employees, agents and vendors Scope and depth varies based on risk and function Especially important for those having financial responsibility 24
Detection Mechanisms for seeking advice and reporting misconduct Auditing and monitoring 25
Upward reporting mechanism Very effective in uncovering fraud and misconduct at early stage Well-designed hotline: Confidentiality and anonymity Organization-wide availability Real time assistance Classification of concerns Audit Committee notification Follow up Prominent communication 26
Internal controls process level controls Segregation of incompatible duties Verification process/review Reconciliations Financial reporting process controls Controls over access to information and assets Authorizations and approval limits 27
Impact of anti-fraud controls reduction of median loss Source: ACFE 2012 Global Fraud Survey Report to the Nations Source: ACFE 2010 Global Fraud Survey Report to the Nation 28
Response Investigations Comprehensive and objective Determine your goals Enforcement and accountability Consistent and credible discipline is a key deterrence control Corrective action Learn from the experience Employee Fraud Developing an Action Plan 29
Key points to remember Be proactive and take steps to understand and mitigate the risk of fraud prevention is cheaper than investigation and recovery Whistleblower lines, code of conduct, background checks Be aware of and respond to red flags (trust your own intuition) The Fraud Triangle If you suspect fraud, a well planned response is critical 30
KPMG CONFIDENTIAL The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2013 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.
Thank you KPMG Forensic Paul Ross pross1@kpmg.ca