Almost every single corporation, organization and high net worth family – whether it has had to deal directly with an internal financial crime or not – confronts insider risk. Recently, we undertook a complex investigation into whether a key member of a company’s procurement department had used her authority, system access and process knowledge to manipulate account records, key supplier relationships and long-term purchasing contracts for her own financial gain.
A Middle East Government
We were asked to conduct a high-profile investigation for a Middle Eastern country. The government had uncovered preliminary indications of a massive financial fraud involving several key financial markets and major financial institutions around the world – including one of the largest brokerage firms in the Middle East. The unusually complex Ponzi-related scheme involved multiple years and potential fraud losses of more than $200 million to our client relating to complicated, undetected methods of misusing and misdirecting funds sometimes with the explicit support of regulatory officials. The crimes included embezzlement, bank fraud, money laundering and rogue trading as well as the likely abuse of regulatory authority. And the suspects included long-standing employees with strong records of performance with the entities involved.
A U.S. Retail Service Provider
When inventory counts kept coming up short, this company’s in-house investigative team started asking questions. As the inquiry increased in complexity, we were asked to step in. After reviewing records, interviewing plant managers and persons of interest, and conducting covert surveillance, we uncovered a long-running scheme loosely managed by three to five retail delivery drivers that involved theft of company raw materials and sale to wholesalers who were willing to look the other way.
A Small, Elite Hedge Fund
After terminating one of the firm’s top three executives, the firm and its IT security team identified red flags suggesting the executive had spent several hours downloading proprietary content and client-related information from the fund’s network to her private laptop. We were asked to conduct forensic analysis to determine the extent of the data loss and provide information that would support litigation against the individual. Over the course of this complex review, we gained access to the subject’s personal laptop, and confirmed both the extensive transfer of files – by date, file name, file size and other data – and three attempts to wipe the drive on the day that the subject learned about this financial crime investigation. The fund is examining its legal options. The good news is that there are very few significant financial crimes whose architecture – who did what, when and how – can’t be systematically uncovered with the right investigative approach and care. Time is typically scarce, however. Because until deficits in controls are addressed along with critical process improvements, significant risks remain. What about you? What steps does your organization take to mitigate insider risk? Are you better at response than prevention? Are you systemic and integrated in your approach? Do you audit and review your policies in this area regularly?