Kroll Fraud Report

8/14/2019 Kroll Fraud Report

1/44

Annual Edition 2007/2008

Global and local issuesdiscussed.

Sector by sector analysis.Economist IntelligenceUnit overview.Prevention, detection& response.

Global Fraud Report


2/44

Kroll commissioned The Economist Intelligence Unit to conduct aworldwide survey on fraud and its effect on business during 2007.

A total of 892 senior executives took part in this survey. A third of therespondents were based in Europe, 32% in Asia-Pacific and 30% in Northand South America. Ten industries were covered, with no fewer than50 respondents drawn from each industry. The highest number of

respondents came from the financial services industry (18%) followed byprofessional services (11%) and manufacturing (11%). Fully 38% of thecompanies polled had global annual revenues in excess of $1billion.

This report brings together these survey results with the experienceand expertise of Kroll and a selection of its affiliates. It includes contentwritten by The Economist Intelligence Unit and other third parties.

Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstraand all the authors for their contributions in producing this report.

Please note that some of the names and events have been changedin Kroll case studies to prevent identification of subjects and clients.

While every effort has been taken to verify the accuracy of this information,neither The Economist Intelligence Unit Ltd., Kroll nor their affiliates can acceptany responsibility or liability for reliance by any person on this information.

2007 The Economist Intelligence Unit and Kroll. All rights reserved.


3/44

Global Fraud ReportINTRODUCTION......................................................................2

CHAIRMANS VIEW ...............................................................3The sharp rocks under the water .............................................3

EIU OVERVIEW........................................................................4

The Economist Intelligence Unit overview ..............................4

FINANCIAL SERVICES............................................................6Identity theft prevention: A looming requirement ................6

Operation Malaya:

Corruption in the Spanish real estate sector ...........................7

Private equity, hedge funds and emerging markets:

Playing risk for returns ..............................................................8

Alternative securities:

Opportunity for fraud and reward ..........................................9

PROFESSIONAL SERVICES .................................................10Preventing risk in the people business ..................................10

MANUFACTURING...............................................................11Procurement data can help fight fraud .................................11

HEALTHCARE, PHARMACEUTICALS& BIOTECHNOLOGY ...........................................................12Hijacking pharmaceutical brands:A study ......................................................................................12

Counterfeiting in the pharmaceutical industry:Ten pieces of advice .................................................................13

TECHNOLOGY, MEDIA & TELECOMS ............................14Machinations in the Japanese entertainment industry .......14

Old-fashioned fraud:A case study from China ..........................................................15

NATURAL RESOURCES .......................................................16Challenging corruption in the energy sector ........................16

TRAVEL, LEISURE & TRANSPORTATION .......................18Unique profile of the airline industry ....................................18

The gambling industry and money laundering ....................19

RETAIL, WHOLESALE & DISTRIBUTION ........................20Commodity trading and shipping fraud ................................20

Working out weak points can pay off ...................................21

CONSUMER............................................................................22Brand integrity:Anti-counterfeiting, piracy and tainted goods .....................22

CONSTRUCTION ...................................................................24Audits, screening, and expertise help to build integrity .....24

Transparency is the key tomonitoring the supply chain ...................................................25

Red Flags:Behavior that may reveal problems .......................................26

FRAUD VULNERABILITY ....................................................27Where business is feeling the heat ........................................27

EMERGING MARKETS ........................................................28The investment herd stampedes into Lagos:Dangers of fraud in a booming market ................................28

The impact of United States regulation on

other countries .........................................................................29

Culture, compliance and China...............................................30

FRAUD PREVENTION ..........................................................31A proactive strategy for operational risk ..............................31

Human resources:The frontline in protecting your business .............................32

Protecting your investments ...................................................33

FRAUD DETECTION .............................................................34Up to the top: Financial statement fraud..............................34

Protecting data sources from internal theft .........................35

Making employee hotlines work ............................................36

FRAUD RESPONSE ...............................................................37Investigative tactics under scrutiny in the United States .....37

Who is taking responsibility for losing sensitive data? ........37

U.S. Government increases controls over contractors ..........38

Profiting from stolen information .........................................39

KROLL CONTACTS ...............................................................40

KROLL SERVICES ..................................................................41

Kroll Global Fraud Report | 1

CONTENTS


4/44

Andrs Antonius is President of Krolls ConsultingGroup and previously occupied high rankingpositions in the Mexican Government. He holds aPh.D in Economics from Harvard University

The risk of fraud is a part of doingbusiness. It can even be considered aconsequence. No further evidence is

needed than a glance at the businesssection of any major newspaper any day ofthe week. The appearance of fraud at acompany is not necessarily, or even usually,a sign of negligence or ethical laxity at thetop. It is instead often the result of large,complex organizations doing business inmany different venues, currencies, legalframeworks, and cultures, often at the sametime. This context creates severe challengesfor todays managers, legal counsels, andcompliance officers, who must be all-seeingand all-knowing, and never sleep.

While frauds have existed throughouthistory, one might argue that the risks offraud for business are greater today than inthe past. Recent events, be they thebankruptcies of once fabled companiessuch as Enron or Worldcom, themanipulation of the financial system bydrug traffickers and terrorists, or theemergence of complex derivatives, haveheightened the sensitivities of authorities,regulators, and the investing public. Eventhe whiff of a fraud may sometimes besufficient to place a company under severescrutiny or in financial distress.

However challenging this context may be,strategies exist to minimize the risks in anygiven industry or situation. All of themhave a common starting point: the explicitand declared intent by management tomake fraud detection and prevention a topcorporate priority. Any strategy which failsto emphasize this point will necessarily belimited in its success.

Edmund Burke famously said The onlything necessary for the triumph of evil isfor good men to do nothing. In the fightagainst fraud, complacency is often thebiggest obstacle. Complacency regardingfraud arises for many reasons, but mostlybecause some see the inevitability of fraudoccurring as evidence that it cannot beprevented. This confusion may itself createan atmosphere of tacit acceptance, or atleast one in which the questioning ofcertain decisions or transactions isfrowned upon and seen as an impedimentto doing business, when in fact it is oftenthe opposite.

Complacency is also sometimesparadoxically the result of operating in

mature economies and markets. While thebelief often exists that fraud and corruptionare greatest in foreign cultures or emergingmarkets, the largest frauds in history havetaken place in the developed world, ineconomies with highly evolved legal andregulatory systems which exact severepenalties against fraudsters. Bothcompanies and investors logically tend tobe more cautious and vigilant whenexamining business operations oropportunities in countries which areunfamiliar to them. But sometimes theyforget that just like car accidents, mostfraud occurs close to home.

It may be that fraud is perceived as moreprevalent in emerging markets. But withoutdoubt the severity of it the cost, and thereputational impact is as high, or higher,in developed economies.

This first annual Global Fraud Reportpresents the collective knowledge of someof the worlds most talented and diligentfraud fighters. Krolls team of experts is

composed of top forensic accountants,computer forensic and IT specialists,former leading prosecutors, regulators, lawenforcement and intelligence officers, andsome of the most distinguishedinvestigative journalists in the market.They represent decades, if not centuries,of experience in fraud prevention anddetection. And the diversity of their skillsets and international backgrounds meansthat they can effectively address anysituation in any locale in the world.

The Global Fraud Report also contains afascinating survey carried out by The

Economist Intelligence Unit which providesinsights into the frauds that have the mostimpact on companies around the worldand the top risks that todays managersperceive. One survey result that stands outis that while internal financial fraud wasreported as one of the most pervasive andfrequent types of fraud, it was not consideredas important a threat as information theft,money laundering, or the theft of physicalassets. Is this not itself evidence of thecomplacency we must avoid?

Introduction

ANDRS ANTONIUS

2 | Kroll Global Fraud Report

INTRODUCTION


5/44

Recent months have shown thatturbulence in financial markets

reveals rocks at the bottom of thestream. They have always beenthere, but only when the waterlevel drops do the sharp edges

become exposed.

Financial instruments that are overlycomplex and not understood by many,unregulated players and the

creditworthiness of counterparties incertain sectors have already been exposedas major vulnerabilities. Numerous fraudswill be uncovered at a time like this andthen the finger pointing will begin. Asusual, the presence of fraud emerged oncethe water level dropped precipitously.

Throughout the 35-year history of Kroll Inc.,our mission has been to help our clientsachieve greater transparency and a deeperunderstanding of the underlying facts in arange of situations and to assist withsolutions.

When one reviews some of the results fromthis latest survey on fraud, it is clear thatcertain types of exposures have increasedand that all of the old ones persist to somedegree. As our society has become morereliant on information technology,

increased globalization and greaterinterconnectedness, certain exposures haveexpanded right along with them.Dramatically new frauds, such as ID theft,

various IT crimes and false reporting byasset managers, were rarely seen 25 yearsago. The expansion of economies anddramatic increases in liquidity have alsoopened the door to problems becomingmore substantial, based on scale and thespeed of activity. Fraud occurs to a fargreater extent away from the home officeand more distant operations create adisproportionate number of incidents.

Controls are more difficult to regulate andthere are fewer people minding the storein these remote locations. The examples inthe 1990s included Daiwa, Sumitomo,Barings, and Bre-X. These all occurred at adistance from the home office, althoughfraud can also be perpetrated at the center.

Much of todays effort to control exposureto fraud is driven by administrativeregulations, accompanied by criminalenforcement. As the stakes have gone up,many societies have increasinglycriminalized activities that 25 or 30 yearsago would have been dealt withadministratively, such as accountingrestatements and insider trading. Thepolicing of these matters has often arisenfrom new laws, such as Sarbanes-Oxley andrelated rules, which came about as a directresult of some of the more notorious fraudsthat were uncovered from 2000 to 2003such as those at Enron, WorldCom, Ahold,Parmalat and others. As one can see fromthe results of our commissioned survey andrecent headlines, institutional exposure tofraud does not seem to be lessening despitesubstantial increases in oversight activityboth internally and by third parties, suchas the audit profession and specializedorganizations such as Kroll.

As we look ahead, it is clear that theincreased use of information technologytools combined with dramatic growth inthe world economy will lead to morechallenging times. Nowhere will the effectbe greater than in the newly developingmarkets where growth continues to be verysignificant. The culture of these societies,best epitomized by the BRIC countries(Brazil, Russia, India, China) will bechallenging, if profitable, for a new

generation of entrepreneurs. We should payparticular attention to the integrity of thefinancial information since manycompanies in these economies have

traditionally had opaque financial systems.The sheer growth of these economiesprovides a greater opportunity forcorruption, false accounting, and otheraberrational activities. The controls areunder greater stress, the pace of activity ismore intense, and the reward system oftenbased on output and profitability ratherthan controls and ethical behavior.

The multinational corporations andinstitutions that plan for further expansionin emerging markets need to devote agreater share of their control efforts tocertain major risks:

Corruption is endemic in some countriesand it will take many years for that tochange. The recent rise in the number ofForeign Corrupt Practice Act (FCPA) casesin the U.S. is a testament both toincreased activity by law enforcement aswell as to intense competition formarkets. Further complicating thesecases is the wide variation in the extentof the rule of law in BRIC countries. Chinahas historically had weaknesses in itsjudicial system but it is progressing, as isRussia. Brazil and India are much furtheralong the road toward established legalsystems, but allegations of judicialcorruption remain common.

Second, there is a broad-based effort incertain countries to misappropriate theintellectual property of the companies

that developed it. The lack of a properlegal system is aiding this type of fraudand alternative deterrents will have to bedeveloped. Counterfeiting is only oneaspect of the problem, but it is becomingmore perilous as pharmaceuticals andcritical equipment are being copied.These counterfeits can kill and in recentmonths China has begun to address theissue slowly.

Third, there is a continuing series of IT-based frauds that will multiply and causemore substantial damage. Theseexposures range from ID theft,misappropriation of assets andinformation, wholesale financialembezzlement and the manipulation ofaccounts or even trading systems.

Technology, as my friend Sir Martin Sorrellrecently said, is our Frenemy. It can be thetool which is used to commit the act or tounearth the crime. I hope we will use ourresources to train and our technology toarm against the constant threat of fraud inthe future.

The sharp rocks

under the water

JULES B. KROLL


CHAIRMANS VIEW


6/44

Although often reluctant to discuss it,almost every business will at somepoint have been the victim of

corporate fraud. The extent to whichindustries experience different categoriesof corporate fraud varies according to thenature of their business. For example,companies that deal with physical assets,such as consumer goods and retail, aremore likely to suffer from the theft ofphysical assets or supplier fraud.Meanwhile, those that operate in the

knowledge economy, such as professionalservices or technology, are more likely to beconcerned about information theft orintellectual property issues.

business in general and within particularindustries, and to explore the approachesthat companies take to minimize theirexposure to these threats. The findings arebased on a survey, commissioned by Kroll,of nearly 900 senior executives worldwide,40% of whom are C-level, or board-level

executives. The key findings include thefollowing:

Corporate fraud is a serious,widespread challenge that takesmultiple forms:

In the past three years, four out of fivefirms have suffered from some form ofcorporate fraud. Particularly widespreadis the theft of physical assets or stock,which was experienced by 34% ofsurveyed respondents, while one-fifth of

firms suffered from information theft,management conflict of interest,financial mismanagement, internalfinancial fraud, procurement fraud, andcorruption and bribery.

Over the same period, the average damagefrom corporate fraud among largecompanies defined as those with anannual turnover of more than $5 billion was more than $20 million, with about 1in 10 losing more than $100 million.

The theft of, loss of, or attacks oninformation are a major concern, with

20% of respondents describingthemselves as highly vulnerable here and31% believing that IT complexity hasincreased their exposure to fraud.

More generally, nearly half of companiesrank themselves as at least moderatelyvulnerable to a very wide range ofthreats: regulatory or compliance breach(50%); management conflict of interest(49%); financial mismanagement (49%);procurement fraud (47%); theft ofphysical assets (47%); corruption andbribery (46%); and intellectual property(IP) theft (45%).

The prevalence of corporatefraud has held steady recently,but new business models drivenby globalization are increasingexposure at most companies:

Respondents are divided as to whethercorporate fraud is on the increase.Roughly one-third of those surveyed thinkthat the prevalence has stayed the same,one-third say that it has increased, andone-third say that it has decreased.

Eighty-one percent of firms report thattheir exposure to corporate fraud hasgrown.

Industries also vary in terms of the extentto which they are addressing the problem.For example, financial services which, giventhe nature of their business, face especiallyacute threats from internal financial fraudor money laundering, are obliged from aregulatory perspective to demonstrate thatthey have strong controls in place. Lessheavily regulated industries may not havethis impetus, but they nevertheless arelikely to adopt some measures whetherfinancial controls or information

technology (IT) security to prevent ordetect fraudulent activity.

The objective of this report is to examinethe problem of corporate fraud, both for


EIU OVERVIEW


7/44

The most frequent cause of this increasedexposure is high staff turnover, which iscited by 32% of respondents. Close behindare complex IT arrangements (31%), entryinto new markets (28%) and increasedcollaboration between firms (26%) all ofwhich are factors that are closely tied

with modern business practice. Entry intonew markets is of particular concern forlarger firms (38%).

Companies treat corporatefraud as largely a financialand IT issue, but too many areinsufficiently prepared forthese and other risks:

Most businesses (58%) give the internalaudit/finance function the lead role indealing with corporate fraud. The mostwidespread strategies used to combat theproblem are financial controls (used inthis respect at 79% of firms) and ITsecurity (70%). This approach makessense, as many of the biggest fraudproblems relate to finance and technology.

The same numbers suggest, however,that a surprising 21% of firms do not usefinancial controls for this purpose and31% do not use IT security.

These strategies also only indirectlyaddress the most frequent form ofcorporate fraud theft of physicalproperty against which only two-thirdsof firms have measures in place toprotect themselves.

Although this report focuseson differences in corporatefraud between sectors, certainrisks are far more stronglycorrelated with company sizeand location:

Larger companies are obviously bigger

targets. On average, they lose six timesmore money to corporate fraud thansmaller ones.

The extent of corruption and briberyvaries widely from one region to another.The proportion of firms that has recentlysuffered from it in the Middle East andAfrica (39%) is by some distance thehighest. But more than twice as manyEastern European respondents haveexperienced the problem than those fromWestern Europe, (14%), and more thanthree times as many from Latin America(29%) as from North America (9%).

Internal financial fraud shows a similargeographic pattern: Middle East andAfrica (46% of firms), Eastern Europe

(28%), Western Europe (18%), and NorthAmerica (14%).

Regional variations with intellectualproperty theft and counterfeiting areclosely linked to countries rather thanregions. Among firms operating in theChina, 38% have experienced such fraudin the past three years, compared withjust 14% in rival developing economyIndia. The latter compares favorablywith the overall figure of 19%, and eventhe 9% reported among Canadian andU.S. respondents. That one in elevenfirms in the latter still suffer from thisproblem, however, speaks of relativerather than absolute success inaddressing it.

The frequency of the mostwidespread types of corporatefraud, and those giving rise tothe most concern, vary relativelylittle by region:

Theft of physical assets was reported bybetween 32% and 40% of firms in allregions.

Between 24% and 31% of companies hadsuffered information attack in mostareas, except North America (16%) andLatin America (18%).

Middle East and Africa

Eastern Europe

Latin America

Asia-PacificWestern Europe

North America

% Affected 0 5 10 15 20 25 30 35 40

Percentage of companies suffering fromcorruption/bribery in last 3 years by region

Theft of physical assets

Information theft, loss or attack

Management conflict of interest

Financial mismanagement

Vendor, supplier or procurement fraud

Regulatory/compliance breach

Corruption and bribery

Internal financial fraud or theft

IP theft, piracy or counterfeiting

% Affected 0

Money laundering

5 10 15 20 25 30 35 40

Percentage of companies suffering fromvarious types of frauds in last 3 years

China

Overall Average

Italy

Germany

Singapore

India

United States

Malaysia

Canada

% Affected 0

Australia

United Kingdom

5 10 15 20 25 30 35 40

Percentage of companies affected by IPtheft in last 3 years in selected countries


EIU OVERVIEW


8/44

Detect these red flags in connection with

the opening of an account or activity in

any existing account;

Assess whether these detected red flags

prove a risk of identity theft;

Mitigate this risk as appropriate for its

degree;

Train staff to implement the Red Flag

Program;

Oversee service provider arrangements;

Specifically for credit and debit card

issuers, develop policies and procedures

to assess the validity of a request for a

change of address followed closely by arequest for additional or replacement cards.

How do financial institutions feel about this

proposed rule? Not surprisingly, in the wake

of the U.S. A Patriot Act, further compliance

burdens have not been well received,

especially when some already form part of

Customer Identification Programs. In

addition to the outlined obligations, there

will undoubtedly be additional information

security burdens as well.

Happy or not, although the rule has not

been finalized, financial institutions are onnotice of what some agencies contend

should be minimum standards. Institutions

should be taking steps now to prepare

programs that will prevent the theft of

customers identities. It is ultimately a

small price to pay for maintaining their

own safety and soundness while building

loyal customer relationships and

implementing strong prevention programs.

Liz Marchese is a director in Miami. She has over 20years of banking operations, security and compliance

experience, most recently at Union Planters Bank.She has served three times as president of theFinancial Institutions Security Association (FISA) andis a qualified expert witness.

released a proposed new federal rule,commonly known as the Red Flags Rule.

The proposal, if adopted, would requirefinancial institutions to put in place awritten identity theft program emphasizingthe detection, prevention, and mitigation ofthis crime. The program would have tocontain reasonable policies and proceduresto address the risk of identity theft in orderto protect customers as well as the bank.

The proposal outlines, in some detail, 31patterns, practices, and specific types ofactivity that should raise a red flag, signalinga risk of identity theft in connection with anexisting account or the opening of a new one.

The proposal would require financialinstitutions to:

Verify the identities of persons openingaccounts;

Identify red flags relevant to possiblerisks of identity theft which could harmcustomers or the safety and soundnessof the institution or creditor;

Identity theft is a rapidly growingproblem for financial institutions and

their customers. More than 600,000consumers become victims each year in theU.S. alone, and four of the top five techniquesinvolve financial services: opening newcredit card accounts; using existing ones;opening new deposit accounts; andobtaining loans. Financial institutions willincreasingly absorb much of the economicloss from this kind of fraud.

In the past, many banks have not involvedthemselves, other than to sympathize withaffected customers. Even as the frequencyof identity theft issues has risen, many

banks have thought it sufficient to assistvictimized customers by giving themtelephone numbers to call, directing themto the appropriate credit bureau agencies,or providing other advice on what thecustomers could do for themselves.

In July 2006, however, the United Statesfederal financial institution regulatoryagencies and the Federal Trade Commission

Identity theft

prevention:A loomingrequirement?

Financial Loss: Average loss per company over past three years: U.S.$14.6m (218% of average)Prevalence: Percentage of companies suffering corporate fraud loss over past three years: 83%Increase in Exposure: Percentage of companies where exposure to fraud has increased: 83%

Areas of High Vulnerability: Information theft, loss or attack (26% of sector firms indicatethat they are highly vulnerable) Management conflict of interest (18%)

Areas of Frequent Loss: Regulatory or compliance breach (29% have experienced in past three years)Internal financial fraud or theft (28%) Information theft, loss or attack (27%) Theft of physical assetsor stock (26%) Financial mismanagement (23%) Management conflict of interest (23%)

0 10 20 30 40 50 60 70 80 90 100%

Highly vulnerable Moderately vulnerable Minimally vulnerable Dont know/Not applicable


Theft of physical assets or stock

Money laundering


Regulatory or compliance breach




IP theft, piracy or counterfeitingManagement conflict of interest

FINANCIAL SERVICESREPORT CARD


FINANCIAL SERVICES


9/44

EIU SURVEY

Written by The Economist Intelligence Unit

OPERATION MALAYA:Corruption in the Spanish

real estate sector

Corporate fraud at financial services companiesis a very expensive problem. The particularforms that it takes result from three featuresof the sector: that it deals with money

itself; that this is held largely in an electronicform; and that sector activities are closelyregulated.

The loss per firm is $14.6m, well over twicethe average for all industries and thehighest in our survey.

Increasingly complex informationtechnology has left 43% of respondentsmore exposed to risk. Consequently 27%have suffered from information theft inthe past three years, and 28% considerthemselves highly vulnerable to this mostwidespread worry for the sector.

In practice, regulatory and compliancebreaches make up the most commonproblem, having affected 29% of

companies. This risk represents an area ofhigh vulnerability for 17% of respondents.

Money laundering is understandably aparticular problem in financial services,although less common than the othersdiscussed. More than one in ten firmsconsider themselves highly vulnerable to itand a similar number have actuallysuffered from it in the past three years.Given the attention that governments,regulators and security agencies pay toillicit cash flows in the post 9/11 world,these figures are far too high. Failure herewill attract little sympathy or leniency.

Internal financial fraud is significantlymore common, hitting more than one-

quarter of firms, but theft of physicalproperty is rarely a problem. The assetworth stealing in this industry is moneyrather than stationery.

The sector is working harder than most tocombat corporate fraud, but could do more.

The use of most anti-fraud strategies is farmore widespread within financial servicesthan among other businesses. Forexample, 85% use financial controls tocombat such problems (compared with anaverage of 79%); 80% use IT securitymeasures (compared with 70%); and 69%use staff background screening (comparedwith 57%).

Formal risk management systems are morethan one-and-a-half times more commonin this sector than overall.

Financial services companies are muchmore likely to plan to invest in financialcontrols, IT security and managementcontrols to combat fraud than theircounterparts in other sectors.

However, although 85% of firms usefinancial controls against fraud, this meansthat nearly one in six financial servicesfirms do not. In this industry, sucharrangements should be second nature,and would help with some of the biggestvulnerabilities.

The financial services industry is working

much harder than most but, given thefinancial and legal costs of failure, it needsto do even more.

Since the beginning of the 1990s, Spainseconomic miracle has brought anexponential increase in investment

in coastal areas. Marbella, the worldfamous tourist resort of the internationaljet set, has seen money, mostly foreign,pour into real estate. Sumptuous villashave appeared, accompanied by the rapid,disorderly spread of houses, apartmentsand commercial centers.

The frantic activity of real estatepromoters, backed by flexible andinventive banks, has driven growth byallowing Spaniards to think that theywere making safe investments.Speculators, however, helped byinadequate regulation, brought with themmoney laundering, corruption, coastaland environmental devastation andexploitation of limited natural resourcessuch as water to build golf resorts.

The Importance of Due DiligenceIn this context, an important foreigninstitutional investor asked Kroll to assisthim in a due diligence study of certain

major construction companies in theregion with which he hoped to form anongoing relationship. We found, mainlythrough documentary analysis, that someof these firms did not have a clearbackground incomplete accounts, overlyrapid growth, lack of long-term personnel and that some were too close to localpoliticians. We concluded that there wasa serious risk that these companies mightbe involved in improper business practices,and advised our client accordingly.

The biggest difficulty was explaining toour client why our findings were

sufficient to cause him concernsregarding his investment. He wanted hardevidence, while we had strong indicators.Our professionals met with the client andeventually he understood our position.

In March 2006, less than one month afterwe delivered the report to our client,Operation Malaya made national andinternational headlines. After a year-longinvestigation, police arrested most ofMarbellas city government on charges ofcorruption, money laundering, andseveral other offenses. The operationcontinued in other Spanish regions,including most of the South, Madrid andthe Basque Country. As a result, 86 peopleare undergoing trial, among them the

executives and owners of some of thecompanies with which our client hadwanted to work. Following our report, ourclient was able to find other partners andhis only loss was a few months time.Without the due diligence study, hewould probably now be trying to explainto a judge and to the press his presenceas a shareholder of some of the indictedbusinesses.

The Mechanism: Land RezoningOperation Malaya exposed the fraud risksthat can be involved in the real estatesector when certain conditions arepresent. A generally positive perception ofreal estate development along with alack of clear rules and scrutiny allowedpoliticians and developers to illicitly splitthe gains from real estate sales inexchange for construction licenses andrezonings of protected land. Constructionfirms paid huge amounts to politicians,knowing that an extraordinarily receptivemarket would pay any price for houses,commercial centers and resorts. To makethings run smoothly, all sucharrangements were handled through oneof the Town Halls advisors, who was in

complete control of real estate operationsin Marbella. Although citizens suspectedcorruption existed, the magnitude of thescheme once fully exposed leftindignation and bewilderment.

Due diligence, even if it does not producea smoking gun, can make clear whichcompanies to avoid and why.

Alessandro Nurnberg is a seniordirector in Madrid specializing ininvestigations into offshorestructures. He previously worked asa tax and legal advisor for TS Group

in Lugano, Switzerland and lateradvised clients on M&A, public sale

offers and fiscal offshore structures at Ernst & Young.

CASE STUDY


FINANCIAL SERVICES


10/44

You cannot pick up a newspaper todaywithout seeing an article thatdiscusses a new hedge fund, a new

investment strategy, incredible returns, andthe successful bets against the market thathave made an unknown manager famous.Around the world, hedge funds are seeingtremendous capital inflows: In Q1 2007these totaled an estimated $60 billion, fourtimes the figure for Q4 2006.1 Total assetsnow are usually estimated at around $2trillion, with some putting the figure ashigh as $3.5 trillion.

The attraction is simple: Historical returns

for hedge funds have bested nearly everyother investment opportunity. The newsfrom emerging markets is even better:Returns in Q2 2007 averaged around 9.7%according to Morningstar, Inc., and inrecent years such investments have seen20% growth. Consequently, hedge fundsfocused on emerging markets haveexploded from $2.6 billion in assets undermanagement in 2003 to nearly $32 billionby late 2006, according to a recent CreditSuisse report (Chart 1).

Such performance has attracted a broadarray of investors including endowmentsand state pension funds. Endowments andstate pension funds continue to expandtheir holdings into hedge funds andalternative investments in emergingmarkets. By March 2006, the CaliforniaPublic Employee Retirement System hadinvested more than $300 million in avariety of Asian hedge funds, and in the

past year the University of Texas, HarvardUniversity, and other schools haveannounced plans to increase theirallocations in emerging market funds.

The performance has also, however,compounded risk: An increasingly largenumber of funds flush with capital arecompeting over a limited number of

investments. A larger number are veryyoung and headed by managers with littleto no track record. Low barriers to entryand low thresholds of regulatory oversightcontinue to allow new funds to proliferate.Many are small over half have fewer than10 employees and depend heavily on onlya few people for their performance, drivingup operational risks.

More problematic still, although China, India,and Brazil still draw interest, the race to keepreturns high has pushed some funds intoriskier investments in new emerging

markets such as Colombia, Angola, Vietnam,and Mongolia. Investors in these marketshave to be prepared to guard againstcorruption and unpredictable political andeconomic climates. Those buying into thefunds, however, may have little knowledgeof where their money is going.

While the news is dominated with storiesof the collapse of large scale funds, a hostof lesser known ones are closing in emergingmarkets. Some have made bad investments.Others have fallen victim to outright fraud.In 2005, the Aman Capital Global Fund,

once the flagship of Singapores hedge fundindustry, collapsed after only one and halfyears when it lost an estimated 18% of itsassets on derivative trading on the Korea

Composite Stock Price Index. While itsmanagers were highly regarded, investorsquestioned the soundness of the fundsinternal risk controls. Last year, CharlesSchmitt, the Hong Kong-based head of theCSA Absolute Return Fund, was sentencedto four and half years in prison forchanneling over $190 million from investorsinto shell companies administered on his

behalf, some of which were used to pay hispersonal expenses, which included aHawaiian home.

Funds investing in emerging marketsrequire extra due diligence. Investors,particularly institutional ones, mustundertake responsible efforts to understandwith whom they are doing business andthe types of investments being made. Withthe amount of capital such institutionalinvestors bring to the table, they are in aunique position to pressure fund managersfor additional transparency andinformation about the funds operations,

performance, and risk controls.

Adequate due diligence is a cost of doingbusiness in any market, especially anemerging one, and should be viewed as partof the investment, not a sunk cost. It iscertainly cheaper than undertakinglitigation, chasing assets, and repairingreputations after a failed investment.

1 Hedge Fund Research Inc.

Peter Turecek is a managing director in New York.He specializes in hedge fund related intelligence,corporate contests and securities fraud.

Julian Grijns is an associate managing director inNew York. He previously worked at Towers Perrin intheir competitive intelligence program.

Private equity, hedge funds and emergingmarkets: Playing risk for returns

HEDG Emerging Markets 36 Months ending November 2006

0

5,000

10,000

15,000

20,000

25,000

30,000

35,000

Assets($mil)

0

25

50

75

100

125

150

175

GrowthofUSD100

Assets (USD) in Emerging Markets Sector

Growth of USD100*

Nov-03

Feb-04

May-04

Aug-04

Nov-04

Feb-05

May-05

Aug-05

Nov-05

Feb-06

May-06

Aug-06

Nov-06

* Performance of the Credit Suisse/Tremont Hedge Fund Index (Emerging Markets sector) if one had invested$100 at inception of the graph

A few simple questions may help

protect the investor from fraud:

Was the investor introduced to the

manager/investment opportunity

through trusted sources?

Does it all sound too good to be true?

What impressions did the investor

get when meeting with the hedge

fund management team?

Were they candid and helpful?

Who are the third party service

providers for the fund lawyers,

accountants, back office administrators?

Are they reputable? Can they provide

independent confirmation?

Who is the fund manager?

What are his or her credentials?

CreditSuisseTremontHedgeFundIndex,January2

007


FINANCIAL SERVICES


11/44

The collapse of the sub-prime mortgagemarket has rekindled a debate aboutthe economic impact of fraud in the

insatiable markets for high yield alternativeinvestments. Did the fraudulent practices ofa few originators and issuers of thesemortgages spark the downfall of the market,or was it due to cyclical economic forces?Watchdog organizations often spend yearsafter the fact trying to find the answer.Investors should ask a more importantquestion: could the potential fraud have beenidentified in advance and therefore avoided?

Just like any stock-picker or analyst,fraudsters follow the market, recognizing ahot market as a ripe one. Fast-paced capitalmarkets are always creating newinvestments, providing fertile ground for

modern-day Charles Ponzis to developschemes that are more complicated andtake longer to unravel. At first glance, theneo-fraudster might seem to be using newand exotic investment vehicles andmethods in order to bilk investors, but acloser look usually reveals a simple daisychain or Ponzi scheme.

Two trendy investments are life settlement-backed securities and alternative energy.There are regular media reports about fraudin these markets, although the underlyingeconomics are sound. Appropriate diligencecan separate the scams from the true

opportunities.

Death Bonds

A recent Business Week cover story reportedthat in May more than 600 Wall Streetbankers gathered at a conference in NewYork to talk about the next exotic investmentcoming down the pike: death bonds, nowcalled life settlement-backed securities.

Is this a resurgence of the discredited viaticalmarket, which emerged in the 1990s in thewake of the AIDS epidemic? Sellers, typicallythe elderly or terminally ill, sold the right

to their eventual life insurance policy deathbenefits for an up front payment. Bundledviatical policies were marketed as securitiesto individual investors.

The industry has changed and aging baby-boomers have fueled a bustling marketfor unrated Death Bonds, which firstemerged in Europe and now are hot in theUnited States, according to Business Week.This market, however, has attracted itsshare of fraudsters, and regulators have

reissued warnings about illegal andunethical practices:

A 2004 Kroll due diligence investigationof a viatical firm revealed that its founderhad formed the company solely to takeadvantage of a hot market. His previoustwo businesses, in distinctly differentindustries, left a trail of litigation and hehad previously sought personalbankruptcy protection.

From the mid 1990s until 2004, MutualBenefit Corp., a Florida-based lifesettlement company, bilked 30,000investors out of $830 million. In 2004, the

Securities and Exchange Commissionsued to shut it down. In 2007, its executiveswere convicted of federal crimes and thecompany, now in receivership, pleadedguilty to racketeering and investmentfraud charges.

Alternative Energy Investments

With oil prices close to all-time highs, thetraditional and alternative energy marketsare booming, and so are investment scams.Investors looking for a quick return arelosing millions of dollars in sham oil andgas investments. In January 2007, the NorthAmerican Securities AdministratorsAssociation reported that, over thepreceding two years, state and provincialregulators had opened more than 260 casesinvolving oil and gas-related schemes andissued 122 cease and desist orders againstpromoters. In particular, a flood ofinvestments into companies with newtechnologies that have no industryexpertise harks back to the dot.com boomand bust of the 1990s.

markets for greenhouse gases, suggestingsome organizations are paying foremissions reductions that do not takeplace. Among other things, it found

organizations buying worthless credits,industrial companies profiting from doingvery little and brokers providingquestionable services.

History: An Investors Guide

Market history and lessons learned fromdue diligence can reveal potential fraud inadvance and may help predict the strengthof a particular security or market. Just as anactuarial or bond rating house uses empiricaldata to predict the quality of an investment,a due diligence investigation of the personsinvolved and their record allows investorsto understand the potential risks.

Michael Fellner is a senior managing director andhead of the Chicago office. He specializes incorporate contests, embezzlement and politicalcorruption and bankruptcy fraud cases. Previouslyhe worked as a journalist and ran his owninvestigations agency.

Lisa Silverman is a managing director based inChicago. She specializes in investigative cases forcorporate contests, theft of trade secrets, patentinfringement and product tampering.

Mark Skertic is a director based in Chicago.

Prior to that he worked for over 20 years as anaward winning investigative journalist at theCincinnati Enquirer, Chicago Sun-Times and theChicago Tribune.

ALTERNATIVESECURITIES:

Opportunityfor fraudand reward

Seven red flags

The company had no track record,

and the principals had no real

experience in the industry;

The business operated in an essentially

unregulated industry or was able to skirtweak or newly emerging regulation;

The principals provided resums that

were lacking in detail and, upon

investigation, proved to be inaccurate;

The principals did not provide adequate

information on, let alone audited

statements of, the financial performance

of their current or past ventures;

The investment involved a needlessly

complicated corporate structure and the

principals controlled multiple shell or

related party companies;

The principals were reluctant to shareinformation about their current or past

business partners;

The principals, their previous partners,

or their companies had been subjects of

significant civil and criminal litigation,

and had numerous liens or judgments.

Appropriate diligence can

separate the scams fromthe true opportunities.

The alternative energy market has evenseen a scam involving an entirely phonyexchange. In May 2007, a federal judgeentered a default judgment againstAmerican Energy Exchange and YorkCommodities after the U.S. CommodityFutures Trading Commission charged themwith fraudulently soliciting customers totrade non-existent energy futures on a non-existent exchange through a fraudulent

broker.Fraud also appears on legitimateexchanges. In April 2007, the Financial Timesreported on widespread failings in the new


FINANCIAL SERVICES


12/44

F

rom one side of Krolls London offices,one has a splendid view ofSt Pauls Cathedral. From another,

there is a vista of Fleet Street, long thehome of the British press; and from a third,the harsh lines of the Old Bailey, LondonsCentral Criminal Court.

If management ever needs a reminder ofthe risks faced by the modern professionalservices firm, a swift walk around thebuilding should suffice. Reputational,ethical and legal issues abound. The centralissue, for professional services firms, isabout governance: getting everyone toaddress the issues systematically andglobally, to link together diverse functions(financial, legal, HR), and above all to get

billable professionals to devote scarce andvaluable time to risk prevention.

Like many professional services firms, Krollhas offices around the world with diversecultural backgrounds, histories and legalframeworks, and getting a commonapproach is a challenge. The solutions tendto lie in pragmatic answers: working withthe grain of the business and getting eachoffice and region involved. Legal, risk andcompliance functions need to co-operate.Standard operating procedures need to beclear, but also simple enough to adapt to awide variety of operating environments.

Many such companies are made up ofindividuals who either are, or operate as,partners: they own the business, and thatcan be a great strength, conferring a senseof responsibility and focus. But at the sametime, it can make the business harder tonavigate: people are jealous of clientrelationships, reluctant to discuss theirbusiness, and ill-disposed to efforts to

centralize or co-ordinate risk management.The only answer is to treat individuals asindividuals, and get buy in while alsoleading from the top, to ensure thateveryone knows that rules are rules.

These are people businesses, somanagement of human capital is critical.Professional qualifications and licensing areimportant, which means ensuring that

background screening is carried out andthat staff references are taken up. Conflictchecking systems are essential but so isthe training and education that enablespeople to understand how to operate them,and how to make sensitive judgmentsabout what constitutes a conflict and howto handle it.

A critical issue for professional servicesfirms is the vetting of projects before theyare taken on. Kroll, like many such firms,has regional risk committees that reviewprojects assessing whether legal,reputational and financial issues are in linewith the law, standard operatingprocedures, and our business model.

Andrew Marshall is a managing director based inLondon and Washington, having previously held theroles of chief risk officer and head of strategy EMEA.He spent 15 years as a journalist including servingas Foreign Editor and Washington Bureau Chief forThe Independentnewspaper.

The professional services industry has a lowexposure to fraud relative to other sectors

The loss per firm for the past three years is$2.3m. This is equivalent to around one-

third of the survey average and is one ofthe lower figures.

Respondents believe that the prevalence offraud has stayed the same over that period.

Fewer professional services firms haveexperienced each category of corporatefraud than the average, except forinformation and IP theft. In particular, only20% suffered from theft of physical assets.Although this arises partly from the sectorbeing knowledge-intensive without aphysical product, the figure is still thelowest for any industry.

This sector includes professions that actively

combat fraud, or for which suspicion of fraudpresents an increased danger becausereputation is so important in maintainingclients. This has several effects on the natureof, and response to, corporate fraud.

These companies are more likely to dealwith the issue directly and combat theproblem themselves. Sixty-one percent saythat they manage it in house comparedwith 45% of all companies.

Accordingly, professional services firms arehalf as likely to turn to the big fouraccountancy firms (16% compared with33% for the average).

In the past three years, a slightly lower

percentage of companies than average hassuffered from bribery and corruption (15%compared with 19%), regulatory breaches(15% compared with 19%) and moneylaundering (2% compared with 5%)

The sector faces the usual problems of aknowledge industry, but may not beaddressing them aggressively enough.

The most frequently reported types offraud are information theft (29%) and IPtheft (21%). These are also two of thethree areas where the greatest number ofrespondents feels highly vulnerable (26%and 19% respectively).

Complex IT structures have increasedexposure to fraud at one-third of companies.

However, the proportion of companiesusing IT security and countermeasures tocombat fraud is only 69% and just 57% saythat they intend to increase investment inthat area. Both of these figures are slightlylower than the average. Meanwhile, onlyone-third of professional services firms saythat they engage in IP monitoring this islower than the average and just 37% arelooking to invest in this area.

The professional services sector should payparticular attention to IT security and IPmonitoring, especially as legal andaccounting firms should already be strong inother aspects of fraud control.


EIU SURVEY Preventing risk inthe people business


Areas of High Vulnerability: Information theft, loss or attack (26% of sector firms indicatethat they are highly vulnerable to this threat) Management conflict of interest (21%)

Areas of Frequent Loss: Information theft, loss or attack (29% have experienced in past three years)IP theft, piracy or counterfeiting (21%) Management conflict of interest (21%)Theft of physical assets or stock (20%)


Management conflict of interest

0 10 20 30 40 50 60 70 80 90 100%



Money laundering






IP theft, piracy or counterfeiting

REPORT CARD PROFESSIONAL SERVICES


PROFESSIONAL SERVICES


13/44

Internal audit managers can increasingly

rely on the data in procurement systemsto analyze the behavior of staff.E-procurement tools let organizations seenot just how much a department isspending with a supplier, but what is beingbought by individual staff members. Mostprocurement departments use this data toanalyze contract compliance and theopportunity for greater savings, but it canalso be used to detect fraudulenttransactions before they occur.

Some advisors still suggest that companiescan detect fraud if they monitor their stafffor signs of sudden affluence. While this maybe a sound signifier for fraudulent activity, itis hardly a reliable method of detection.Monitoring spend activity is the bestopportunity that organizations have ofidentifying staff who process fraudulenttransactions. In most cases, this activity ispredictable and, if managers establish aservice to monitor buyers, much of it can beidentified before any payment is made. Inlarge international organizations, wherethousands of orders can be raised per day, itis not feasible to monitor every transaction,but they can be profiled in order to flag thosethat carry the highest risk of fraud.

Profiling can help identify the types ofbuyer most likely to commit fraud andcombine this with the transactions mostlikely to attract it. For example, a temporarystaff member raising a high value ordershould be seen as high risk. Similarly, thepurchase of desirable consumer goods,such as audio-visual equipment or alcohol,should be flagged as high risk. Individualbuyers can be put on probation, theiractivity monitored and transactions flaggedaccording to different levels of security risk.

Very high risk transactions can be sent forre-approval by departmental managers orinvestigated by audit managers beforebeing processed. This additional step serves

a dual purpose: as well as identifying fraud,it can act as a deterrent by showing that abuyers activities are being monitored.

Our extensive experience in fraudinvestigations suggests that the following isa reliable guide to setting up a transactionprofiling service:

Do:Test the profile and monitor the volume

of flagged transactions;Provide clear communication to buyers

about why a transaction has been flagged;Handle investigations or re-approvals

quickly and efficiently;

Update profiles if buyer circumstancesand departmental needs change;

Review profiles annually in order toensure they are effective;

View profiling activity as a long-termcommitment.

Dont:

Infer that buyers are acting fraudulentlybefore investigating the transaction;

Assume that a profiling service willcapture all fraudulent transactions;

Transgress any equal opportunitieslegislation when profiling buyers;

Allow buyers to be aware that they are or

are not being monitored: they shouldassume that they always are.

provides consulting and research servicesfor public and private sector organizations. Itspecializes in services for organizations who wantto improve their procurement and supply chainmanagement through the use of e-procurement.

Manufacturers as a whole are lessworried than those in other sectorsabout corporate fraud.

The figures for perceivedvulnerability to corporate fraudwithin this sector are generallyabout the same as the overallaverage, although in some instancesthey are slightly lower. Only in onearea, procurement fraud, isvulnerability perceived to be higherthan average.

Spending on the leading anti-fraudstrategies is also less widespread inthis field than among the overallsurvey respondents, especially for IT

measures (used at 59% ofmanufacturers against 70% overall),management controls (54% to 64%)and staff screening (48% to 57%).Future investment in these fieldsalso looks set to lag behind that byother sectors.

In practice, however, little reasonexists for complacency.

Manufacturers have experiencedhigher than average incidences ofseveral types of fraud, including:theft of physical assets (47%compared with 34% for the overallsample), corruption and bribery(28% compared with 19%), financialmismanagement (26% comparedwith 20%) and intellectual propertytheft or counterfeiting (23%compared with 13%).

The loss per firm for this sector isslightly above average, as is theproportion of firms suffering fromat least one form of fraud in thepast three years.

The growth in exposure to fraudis hitting more companies inthis industry than on average(88% compared with 81%).The necessities of globalizedcompetition mean that entry intonew markets, IT complexity andincreasing collaboration betweenbusinesses are all increasing the riskof fraud at a faster rate thanelsewhere.

Manufacturing companies need tounderstand better the degree of riskthey face, and to invest accordingly.


EIU SURVEYProcurement data can helpfight fraud


Areas of High Vulnerability: Information theft, loss or attack (18% of sector firms indicatethat they are highly vulnerable) Corruption and bribery (15%)

Areas of Frequent Loss: Theft of physical assets or stock (47% have experienced in past three years)Corruption and bribery (28%) Financial mismanagement (26%) Vendor, supplier or procurementfraud (25%) Information theft, loss or attack (23%) IP theft, piracy or counterfeiting (23%)


% 0 10 20 30 40 50 60 70 80 90 100



Money laundering







MANUFACTURINGREPORT CARD


MANUFACTURING


14/44

In June 2007, MarkMonitor undertook anin-depth study of the online hijacking ofpopular pharmaceutical drug brands,

including millions of emails and billions ofWeb pages. It focused on six popularprescription drugs three of the mostpopular drug brands, according to industry

reports, and three of the drugs mostsearched-for on popular search engines and identified over 3,100 Internet pharmaciesselling one or more of these, along with 390individual listings on bulk exchange sites.

The key findings of thestudy include:

Business practices at many onlinepharmacies are spotty. Traffic intended forlegitimate websites is diverted to suspiciousones, diluting overall brand and marketingefforts. Many of these pharmacies faketheir accreditation deliberately, so it is

almost impossible for a visitor to knowtheir provenance. The recent death of aCanadian woman who ingestedquestionable drugs purchased online showsthe dangers of not shopping at anaccredited drugstore.1

There are strong indications that the drugssupplied are not genuine. One-tenth of thesites require no prescription, and only fourout of more than 3,000 sites have VerifiedInternet Pharmacy Practice Site (VIPPS)accreditation. More worrying still, averageprices for medications are about a fifth ofthose charged by the certified sites.

Online pharmacies endanger consumersidentity information as well as their health.The majority of the servers hosting thesewebsites do not protect customer transactiondata with Secure Socket Layer encryption,and more than 20% of the post-purchaseemail analyzed in the study contained linksto unprotected customer data.

The problem extends to drug exchangesand drug distribution channels. Twenty-oneof the 390 individual listings studied onthese bulk exchange sites offered deeplydiscounted prices that raise questions

about product integrity. China was theprimary source of these listings (31%),followed by India (19%). This activity posesa serious risk to the overall drug supplychain, compromising product delivery byputting phony or dangerous medicationsinto the retail network.

1 http://www.medicalnewstoday.com/articles/76431.php

Hijackingpharmaceuticalbrands: A study

is in the business of protectingenterprise brands online, helping strong corporatereputations become even stronger in the digitalworld. It can help the world's largest companiesestablish brands online and help them combat the

growing threats of online fraud, brand abuse andunauthorized channels. Over half of the Fortune 100trust MarkMonitor for online brand protection andInternet fraud prevention. www.markmonitor.com



Areas of High Vulnerability: IP theft, piracy or counterfeiting (25% of sector firms indicate that they are highlyvulnerable to this threat) Information theft, loss or attack (24%) Regulatory or compliance breach (21%)

Areas of Frequent Loss: Regulatory or compliance breach (31% have experienced in past three years)Theft of physical assets or stock (25%) Financial mismanagement (25%) IP theft, piracy or counterfeiting(22%) Management conflict of interest (22%)

Dont know/Not applicableMinimally vulnerableModerately vulnerableHighly vulnerable



Money laundering







0 10 20 30 40 50 60 70 80 90 100%

HEALTHCARE, PHARMACEUTICALS AND BIOTECHNOLOGYREPORT CARD

HEALTHCARE, PHARMACEUTICALS & BIOTECHNOLOGY


15/44

EIU SURVEY


The production and sale of counterfeit drugsis much more attractive than that of manyother products for a variety of reasons: costscan be considerably reduced if cheapersubstances, often not even pharmacologicallyactive, are used; no large facilities orsophisticated plants are required asmanufacturing can take place in a back yard;cheap or slave labor can be employed; andproducers do not have to engage in complexR&D. What makes counterfeit drugs mostattractive and keeps gross margins up is theample and elastic market they enjoy.

This market takes different forms aroundthe world, but is always there. According tothe World Health Organization, in wealthiercountries, the most frequently counterfeitedmedicines recently have been cholesterol

lowering medicines, drugs used fortreatment of growth hormone deficiency andfor cancer. In developing countries the mostcounterfeited medicines are those used totreat life-threatening conditions such asmalaria, tuberculosis and HIV/AIDS. ...However, there are variations that encouragespecific types of counterfeit medicine,depending on the geography, climate andseasonality inherent to each country.1

Intellectual property fraud againstpharmaceutical companies not only resultsin lost market share, but strongly impactspublic health and the brands of targeted

firms. The following ten pieces of advicedistill lessons Kroll has learned in helpingclients minimize losses from this fraud.

1. Apply good manufacturing practicesrigorously: Security standards along eachstep of the manufacturing chain must bestrictly enforced. Periodic reviews, sampletesting, simple policies such as cleandesks, familiarity with business partners,strict inventory controls, and formal logisticsprocesses all help reduce potential losses.

2. Use distinctive packaging: Althoughcounterfeiters will seek ways to copy drugpackaging, mechanisms to differentiateproducts and security items hologramseals, embossing, security codes, self-destructing seals, scrape-off inks, anddifferent tagging and tracking systems make it much more difficult for them.

3. Report instances of counterfeit drugs: Adatabase created by the whole industry willenable mapping of the appearance of suchdrugs and help investigative agencies toidentify counterfeiters. Because many of thesubstances used to manufacture theseproducts are imported, the industry mustextend its efforts globally, beyond thecountry where the drugs are made or sold.

4. Control invoices:There are cases wheremanufacturer invoices are also faked, addingcredibility to the counterfeit drugs and

Corporate fraud is a particularly seriousissue for this sector

The loss per company over the pastthree years has been $11.7m, morethan 75% above the average.

Among the industries questioned forthis survey, healthcare, pharmaceuticalsand biotechnology are among themost likely to expect an increase inprevalence of fraud, with 40%reporting growth and only 28%pointing to a decline.

Companies in this sector are morelikely than the average to feel highlyvulnerable to every type of corporatefraud risk, with the exception ofmoney-laundering.

As a highly regulated knowledgeindustry, areas related to data andgovernment relations pose the biggestconcerns.

The areas where firms are most likelyto feel highly vulnerable are IP theft(25%), information loss (24%),compliance breaches (21%) andcorruption (18%).

Complexity of IT is the most commoncause for increased exposure tocorporate fraud in this industry.It is cited by 41% of respondents.

Actual losses show a mixed picture,including that more work is needed inthe areas of IP protection andcompliance.

The sector has not suffered undulyfrom information theft and corruption.Twenty-two percent have experiencedthe former during the past three years,compared with 20% for the overallsample, and 8% have experienced thelatter, which is again lower than theaverage of 19%.

In contrast, 31% have experiencedregulatory or compliance breaches(compared with an overall average of19%) and 22% have experienced IPtheft (compared with 13% for theaverage).

Less than half of companies in thissector engage in IP monitoring andonly one-third intends to invest instarting or improving suchprogrammes.

This sector has been able to do very wellin certain key areas, but needs to addressspecific weaknesses, notably complianceand intellectual property.

Counterfeiting in the pharmaceutical industry:Ten pieces of advice

making the job of law enforcement agentsharder. Controlling the invoice printingprocess, using specific forms that includesecurity items, and electronic invoicing help

inhibit such practices.

5. Monitor product and scrap disposal:Drugs are perishable and, as such, therecovery and handling of expired productsshould be an intensely audited effort. Thesame is true for products returned fordifferent reasons, even those of quality.Production leftovers and obsolete equipmentshould be destroyed under the supervisionof the management and control group.

6. Make hotline systems a part of consumerservices: Putting these two systems togethercreates a lot of information thatinvestigators can use. Mapping the areasmost affected by counterfeiters will only beeffective if the information collected isamply disseminated using these channels.

7. Study the enemy:The Internet is anincreasingly important mechanism to reachout to consumers. Counterfeiters haveknown this for a long time. Watching theirsales activity through use of a reverse chaincan help establish their distribution logistics.Search filters, search engines, specific searchclippings, statistical survey modeling, anddata mining are effective Internetmonitoring tools.

8. Periodically review the processes involvedin product creation and development:Project drafts, notes on pieces of paper,formula matrices, as well as photolithsprinted without proper control can all be ofgreat value to counterfeiters.

9. Train and retrain: Programs developed bysecurity auditors and managers should bebroadly disseminated within theorganization and periodically reviewed toinculcate a culture of security.

10. Promote teamwork: When staff frommarketing, information technology, sales,legal, finance, operations, and institutional

relations get together and share information,coordinated by an integrated intelligencecenter, success against fraud improvesdramatically.

By doing the above, pharmaceutical firmscan go a long way to shielding themselvesfrom the threat of counterfeiters, therebyprotecting public health and their ownintellectual property.

1 WHO Drug Information Vol 20, No. 1, 2006

Vander Giordano is a managingdirector based in Miami andspecializes in business development

for Latin America. He is a memberof the Brazilian and International BarAssociations and has worked in anumber of areas in the airline industry.


HEALTHCARE, PHARMACEUTICALS & BIOTECHNOLOGY


16/44

Off-the-book money remains asimportant as ever in Japansentertainment industry, and

methods for facilitating such paymentshave become an established part ofbusiness models for many companies.Cash and personal relationships are all-important in this world, where under-the-table payments are not always regarded asa vice. The result is that many companieshave extremely lax internal controls, withpractices such as payment in cash to avoid

income tax or executives having severalcompanies with opaque activities.1

The case of Alpha Video helps todemonstrate the extent of such activity andthe difficulties in stopping it. The companywas launched in Japan some fifteen yearsago and subsequently purchased by theEuropean firm Beta. Alphas operations

were limited for some time, but suddenlypicked up five years ago, following theappointment of Akira Z as CEO. Z embarkedon a series of new projects outside thecompanys main field of videos andadopted a strategy to raise Alphas brandprofile. In cooperation with externalfunders, he embarked on capitalreinforcement and strengtheningmanagement.

Zs initiatives led to cost overruns,unaccounted payments, and thereassignment of accounts, which led Betato intervene vigorously. Since the CEO washighly regarded by his staff and the market,these attempts to improve controls did notgo smoothly. However, Beta discovered acase of account-rigging carried out twoyears before Beta had purchased Alpha, andthe company was shocked into action.

Machinationsin the Japaneseentertainmentindustry

An in-house investigation found that Z hadwithout Board approval carried out awindow-dressing fraud (where accounts aremanipulated so that revenue is bookedbefore year-end but later reversed) using alisted Japanese company. In the year inquestion, the company had suffered major

losses on video sales. Z arranged to sell to abusiness called Japan Video, therepresentative of which was an old friend,several hundred videos with content of nocommercial value for 300 million. JapanVideo had no plans to use the merchandise,which remained in Alphas warehouse.Originally, the plan had been for JapanVideo to sell back the videos for the sameamount at the end of its financial year,but instead the company ostensibly soldAlpha a variety of projects for a total valueof 300m over a years period. Those

involved denied absolutely that these saleswere part of an exchange because of theimpact that the window-dressing mighthave had on Japan Videos reputation as alisted company.

Other examples of kickbacks and shellcompanies to hide illegal payments latercame to light, although these were for thepersonal benefit of the management ratherthan for that of the business. Aninvestigation by Kroll showed that both thelegal and financial departments had issuedrepeated warnings. A senior legal officerwho had discovered what was going onmade a direct appeal to a higher authorityand in a quintessentially Japaneseoutcome was himself forced to resign.These efforts bore no fruit in a companythat kept no proper records, even of Boarddecisions. Only the arrival of Beta led to areview of corporate governance and thehiring of Kroll.

It need not be this way. Data from theUnited States suggests that theentertainment industry does not have aparticularly high rate of improper activityin comparison with others. In Japan,

however, the tactics used are overt andsenior executives need to increase theirawareness of the magnitude of the effectsthat fraudulent activities may be having oncorporate governance.

1 All the names and significant details have beenaltered in this account, to prevent identification of thecase.

Tsuyoki Sato is a managing directorand director of operations in Tokyowhere he has carried out fraudinvestigations in industries includingentertainment, IT and manufacturing.

He is a member of the Association ofCertified Fraud Examiners (ACFE) and

the American Society of Industrial Security (ASIS). Hepreviously worked as an investigative reporter.


Areas of High Vulnerability: IP theft, piracy or counterfeiting (22% of sector firms indicatethat they are highly vulnerable to this threat) Information theft, loss or attack (21%)

Areas of Frequent Loss: Theft of physical assets or stock (28% have experienced in past three years)Information theft, loss or attack (27%) Vendor, supplier or procurement fraud (24%)Corruption and bribery (21%)


0 10 20 30 40 50 60 70 80 90 100%



Money laundering







REPORT CARD TECHNOLOGY, MEDIA AND TELECOMS


TECHNOLOGY, MEDIA & TELECOMS


17/44

EIU SURVEY


As a knowledge industry, this sector ismore concerned about information theft

and IP issues than most, but is much lessfocused on other corporate fraud issues.

The areas of most common concern areIP and information theft. More than onein five respondents consider themselves

highly vulnerable in these areas.

Complex IT structures have increasedexposure to corporate fraud at 35%

of businesses within this sector.

Accordingly, IT security is the leading areafor investment it is currently used by

57% of companies. In addition, IPmonitoring is much more common than

average (52% compared with 36%).These companies are also much more

likely to have their legal department

lead efforts against fraud (22% take thisapproach, compared with 13% amongall respondents).

The record suggests that the level ofconcern companies are showing is justified.

The loss per business in this sector from

corporate fraud is less than two-thirds ofthe average.

Physical theft of assets, which is the

most widespread problem in this sector,financial mismanagement and

management conflict of interest areall less common than average.

Although the number of firms hit by IPand information theft in the past threeyears is slightly higher than average,

the differences are not dramatic.Nineteen percent have experienced IP

theft, compared with an average of13%, and 27% have experienced

information theft, compared withan average of 22%.

While this sector seems to suffer less than

most from corporate fraud, there is no

reason for complacency.

On average, firms lost U.S.$4.9m over the

past three years from corporate fraud.

More than eight out of ten firms in thissector have suffered from fraud during

that period.

A higher percentage of companies thanusual, 91%, think that their exposure

has increased.

Fewer than six out of ten companies areincreasing their investment in IT

countermeasures for fraud, and less thanhalf are doing so for IP monitoring.

This sector is doing well but shouldincrease its existing efforts, especially in

the areas of information technology and

intellectual property.

CASE STUDY

Old-fashioned fraud:A case study from ChinaIn 2000 the managing director of atechnology, media, and telecom subsidiaryof one of Asias biggest conglomerates wasintroduced to Mr. X, president of a group ofCalifornian companies. Mr. X spoke withpassion about new technologies hisbusinesses had developed that wouldrevolutionize the deliveryof cable television. Alimitless choice ofcontent would beavailable at the touch of abutton with no downloaddelays. Moreover, the

system was inexpensiveand required minimalbandwidth.

Mr. X persuaded theconglomerate to investin shares of hiscompanies and topurchase pilots of thesystem. In return, itreceived exclusive rightsto commercialize Mr. Xssystem across China. As the projectprogressed, Mr. X repeatedly requestedmore money, claiming each time that his

researchers were on the brink ofsignificant breakthroughs and that theadditional funds were required to getthem across the line. From time to time,he took huge bonus payments, explainingthat he was using them to pay scores ofconsultants who were involved in theproject behind the scenes.

After several years and more than U.S.$700million, the Asian conglomerate acceptedthe painful reality that it had receivednothing of value just incomplete partsof an expensive, substandard system andthat it never would. It commenced legalproceedings in California against Mr. Xand his companies and had the lattersaccounts effectively frozen. By now it wassuspicious that a British Virgin Islandscompany, which Mr. X had described asan independent, third-party supplier, wasin fact controlled by him or associates.Mr. Xs companies had purchased largequantities of memory modules from thisfirm and resold them to the Asianconglomerate. The suspicion was that theBVI company had purchased the memorymodules from a genuine supplier and thensold them to Mr. Xs group at highlyinflated prices; its involvement had beenrequired simply to hide huge mark-upsfrom the final purchaser.

The conglomerate had the Californiancourt issue a letter of request to a court inHong Kong seeking production ofdocuments relating to the BVI companysbank accounts there. The Californiangroup and the BVI firm resisted all theway to the Hong Kong Court of Appeal.

A director of the BVIcompany listed a Tokyoaddress in an affidavit: onchecking, it turned out thatthe address was that of apublic car park. He alsogave an office address in

Shanghai, which proved notto exist at all.

With the aid of the HongKong courts, the Asianconglomerate finallyobtained the bank records.These showed that Mr. Xsmother and brothercontrolled the BVIcompanys accounts. Mr. Xsdefense in the Californian

proceedings collapsed, as did those of hiscompanies. The conglomerate obtained ajudgment for U.S.$2.8 billion (including

U.S.$2 billion in punitive damages).

The case highlights the importance ofconducting thorough due diligence onnew business partners and technologies.Although it is not what happened here,some businesses are blind to theinvestment risks when faced with thevast China market and its opportunities.On the more positive side, the case alsoshows that a coordinated effort by amulti-jurisdictional team of lawyers andinvestigators can achieve significantrecoveries even when pursuing a

sophisticated fraudster. The courts inmany jurisdictions will be eager to assistand this case should, in particular, givereassurance to Asian companies seekingto pursue U.S. companies through theAmerican courts.

ORRICK is an international law firm withapproximately 980 lawyers located throughoutthe United States, Europe and Asia. The firmtraces its roots back to 1863 and since that time,it has expanded its practice groups and extendedits global reach with one core strategy in mind:focusing on solutions and results in responseto its clients current and future needs. Its size,resources, geographic breadth, advanced IT

systems and business-orientedculture ensure that its clients receiveresponsive, value-added services.


TECHNOLOGY, MEDIA & TELECOMS


18/44

F

or energy companies, especially thosein the upstream oil and gas sector,combating fraud of all types is an

everyday challenge embedded in theiroperating environment. The sheer scaleand complexity of the industry and thevast revenues projects can generate evenwhen energy prices are relatively low,explain the challenge.

Knowledge is power and much of the fraudfound in the industry revolves aroundinformation-seeking. The capital intensiveprojects of energy companies cost billionsof dollars and take years to plan andcomplete. With so much at stake and fiercecompetition among potential suppliers

and contractors, details of bid documentsare an especially valuable commodity.

In addition to obtaining details aboutbids, suppliers and contractors try to out-do their competition in the intelligence-gathering business, which in some casesfurther leads them to illicit tacticsincluding bribery. A cottage industry ofagents has arisen to service theindustry, and their audacity is legendary:Were pretty clean otherwise, said oneindustry executive, but when it comes totenders and information on things likeproduction-sharing contracts or details ofa deal that another company has cut,well, that can be a different story.

Challenging

corruption in theenergy sector


NATURAL RESOURCES


19/44

EIU SURVEYFraud presents a big challenge to thenatural resources industry.

Companies consider themselves mostexposed to corruption with nearly

one-quarter ranking their firms as highlyvulnerable, which is almost double theaverage. One in five puts themselvesin the same category with respect toinformation theft.

The loss per company during the pastthree years has been U.S.$11.5m, morethan 70% higher than the average.

The prevalence of corruption, which isreported by 20% of firms in this sector,is very close to the average of 19%,while the prevalence of informationtheft, which is reported by 15%, is wellbelow the average of 22%.

Businesses in this industry are more

likely than average to face issues oftheft of physical assets, which has beenexperienced by 39%, managementconflict of interest, experienced by 31%,or regulatory breaches, experienced by24%. Perceived vulnerability in theseareas, however, is roughly similar to thatof the survey average.

The sectors willingness to address a rangeof threats limits damage.

For nine out of the ten anti-fraudstrategies listed in the survey, adoptionwithin the sector was noticeably morewidespread than the average, usuallyby about 10%. Financial controls, for

example, were used by more firms tocombat fraud than any other sector,including financial services.

A higher than average proportion ofnatural resource firms was also planningadditional investment for seven out ofthe ten strategies. Protection ofphysical assets theft of whichrepresents the most common problem will see the most widespread attention,with 62% of firms spending here.This is well ahead of the 45% average.

Despite the high cost of fraud percompany, these efforts by the sector arehaving some positive effects.

Thirty-four percent of companies reportsuffering no fraud at all within the pastyear, which is well ahead of the overallaverage of 19%.

Fraud exposure has stayed constant ordeclined at 28% of firms, compared with18% for business as a whole.

The high loss per company, spread overa relatively low proportion of firmsactually affected by fraud, indicates that,when something goes wrong in this sector,it is

Kroll Fraud Report

Documents

Transcript of Kroll Fraud Report