• United States



Jim Ratley and ACFE: Going Broad on Fraud

Nov 01, 200614 mins
FraudInvestigation and ForensicsIT Leadership

Five years post-Enron, corporate fraud and white-collar crime continue to make headlines. Jim Ratley of the Association of Certified Fraud Examiners checks in to talk about corporate fraud and effective investigations.

Fraud examination may be considered a niche of corporate security, but it’s a broad niche. Jim Ratley, CFE and president of the Association of Certified Fraud Examiners (ACFE), says today’s CFEs are often required to have skills in areas like accounting, legal, investigation, interviewing and--increasingly--computer forensics. “There are so many aspects to it,” says Ratley.

Over the past five years, since the Enron scandal broke, CFEs have also found themselves in a more central role in American business. Recently, fraud and corporate investigations were back in the headlines when an executive assistant at Coca-Cola allegedly tried to sell trade secrets to PepsiCo and when the pretexting scandal rocked Hewlett-Packard. In a broad-ranging interview with CSO, Ratley spoke about the latest scandals, the keys to successful fraud investigations and how television’s versions of corporate investigations miss reality by a mile.

CSO: What do you think when you see the news coming out about alleged pretexting at Hewlett-Packard, in which phone records of board members and journalists were accessed?

Jim Ratley: Anytime you’re involved in a fraud investigation, it’s an adversarial relationship. People are going to be looking at you to make sure you upheld the standards you should.

[Judging by] what’s reported in the paper here, they went beyond that, and when you do that you put yourself at the same level as the person who potentially perpetrated the fraud. It’s very important we

stick to ethical standards and rules. When you don’t, you open yourself up for attack.

Is the HP case typical to a fraud examiner, or atypical?

It’s really common to be investigating the release of proprietary information. It’s a valuable commodity that companies have. With the onset of the electronic age, it’s becoming even more common. You just had it with Coca-Cola and Pepsi. Pepsi handled it the way that it should be handled. They stepped forward and they were transparent.

Pretexting is entering mainstream conversation, and people are surprised by its use.

Pretexting is a tool that every investigator has used. In its place, it is a valuable tool. But it goes back to knowing how to use it, and knowing when it’s time to pretext and when it’s not. At this point it sounds like it was definitely abused in [the HP] case.

The HP and Coca-Cola cases are insider cases. We often hear the insider threat is far more serious than the outsider threat. Is that still true?

You can’t give prevalence to either one. Both are serious problems. However, the insider threat is much more common. It makes sense since employers have more access. It comes down to access to information. The outsider threat is still a serious problem but it’s just not as common.These latest cases come five years after Enron and all the others, and after the passage of Sarbanes-Oxley and other controls. It makes us wonder if we’re any better off than we were before in terms of fraud.I definitely don’t think we’re safer. The threats are still out there and growing. What I see is often the corporation is still unwilling to invest the resources needed for training and technology to give security people the tools they need to keep up. For the most part, investigative techniques and security departments tend to be reactive. I think security departments need to be proactive and start building preventive measures.

I can already hear readers say, Yeah we know that! But our bosses won’t give us the money!

I know exactly what you’re saying. Someone asked me recently what to do when a fraud prevention program costs more than the dollar amount that would have been lost in a fraud they detected. What to do? And I suggest to you that the fraud prevention program costs more than the dollar amount you show you saved when it is working and effective. Instead of reacting to the fraud and investigating it and bringing it to conclusion, you’re preventing it from happening in the first place. To a lot of management, you’re spending money on a negative, but statistics have shown that you can cut fraud dramatically with just a few simple techniques in a fraud prevention program, the first one being you tell people you’re looking for it. [When you do that] you take that person who might be tempted to perpetrate the fraud and move them back to a person who’s not tempted.

What are some other techniques for fraud prevention?

I think the most important thing is to educate your employees. When you have employee orientation, when you talk about insurance and 401(k)s, I think you throw fraud education into that process. Show them the ethics policy. Say, Here’s what we do and how we look for improper, illegal and unethical acts.

And give them a way to report it if they see it. Anonymous hotlines make a difference.

What do CFEs talk to each other about at cocktail parties these days?

The advancements in the IT end of [the] fraud examination field. Within the next five years I would guess the trained fraud examiner is going to have to have a strong background in computer forensics. Technology has made our world much, much better. We have more tools. More solid audit trails to go after fraudsters. Most people are unsophisticated when it comes to the new technology. Other than the use of the computer, they have no idea how to hide or bury their trail. That makes life great for me because I do know how to go in and find what’s been on their computer. But at the same time, technology has given the perpetrator much more opportunity to violate trust and perpetrate the fraud.

So computer forensics are the core of what you do these days?

What I’ve found is there are so many facets to fraud examination. You need somebody who has the legal background to prevent something like what we’re reading about in the paper now [with HP]. You need someone with the investigative skills, for doing admission-seeking interviews and document collection. You need someone who can look at financial documents and understand what they’re seeing. You need someone who can pull stuff off computers. It’s hard to find any one person who has a background in all of those.

What else are CFEs talking about?

Probably about the prosecution of offenders. Back five years ago, before some of the big corporate scandals, it was practically impossible to get somebody prosecuted, and if you did, it was generally a plea bargain. I’m familiar with one case in California where a woman stole over $10 million and served less than 11 months in jail. Often, fraud was swept under the carpet.

So in one sense, the effect of those scandals has been positive?

Fraud’s not as hidden anymore, and I hope it stays this way. It has given corporate security an avenue to pursue. In the past, they’ve contacted local law enforcement or federal bureaus and they got no response to a fraud case. And that’s still a problem, I don’t mean to say it’s no longer an issue, but less so. Also, you are sometimes still restricted to civil prosecution, which can be useless because the perpetrator doesn’t have any money. People don’t steal money to save it. They steal it to replace money they’ve already spent.

Is it necessary for CFEs to think like a thief to understand the crime?

Where we run into a problem as fraud examiners is that it’s very hard not to judge someone by your own standards. If you’re driving down the highway, anyone driving slower than you is an old fogey and anyone driving faster is an idiot. So we tend to want to judge people by our own standards, and you can’t do that with a fraud perpetrator. I’ve been involved in cases where the only reasonable outcome of the person’s actions were they were going to be caught. We had a case where a young lady, 23 years old, had a lapping scheme, where someone would pay their bill and she’d steal the money, and then when the next person paid their bill, she’d put part of that money to the first person’s account. This lady made less than $20,000 a year, and in six months she stole over $200,000. Now theoretically, if she had stayed there the rest of her life and continued to lap those accounts, she’d be all right. But that’s not going to happen, so the only way it could go undetected is if she could replace that $200,000. But she couldn’t do that because in that six months, she paid cash to have her house remodeled, she bought a dog for $1,000, she had some cosmetic surgery for $3,500 and she bought an $80,000 sports car.

That’s a lot of red flags.

Well when management called us and described the situation their first question was, Do you think we have a problem? And when we asked them what her job position was and we told them what we thought was happening, it took them less than 10 minutes to find the evidence in the lap drawer of her desk while she was gone to lunch. They recovered the car but for the rest of it there was no recovery. You could sue her but that’s throwing good money after bad.

But if the perp knew they’d get caught, why would they do something like that?

I asked a fraud perpetrator, Walt Pavlo, who went to prison for stealing money from MCI, “How did you ever think you were going to get out of this once it started?” And he had already been to prison so he could smile from time to time. He looked at me and smiled and said, “That’s a great question. I never thought about it until after I started the fraud.” Dr. Donald Cressey, who studied white-collar crime, had the fraud triangle where he laid out the three elements of financial crime. One is the opportunity. The next is the financial need, which the company has no control over. I mean I’ve heard one story of a person who stole because his financial need was his neighbor had two Mercedes and he only had one, so [he] felt like less of a father. So it can be ridiculous, but in their heads they think it’s a financial need. But the third and most controllable element is the rationalization. We perceive ourselves as we intend to be. I perceive myself as an excellent driver, yet on the other hand my wife, who rides with me all the time, has a much more accurate perception of my driving ability. I cannot tell you how many fraud perpetrators I’ve talked to who tell me, “You know, they’ve never paid me overtime.” I had one person who saved his company $40,000. He was a claims adjuster for an insurance company. And he told me, “They never gave me my piece of the rock, so I took it.” And his piece of the rock eventually turned out to be $2.5 million. And you talk to some of these people and it’s a rude awakening for them. It’s almost like they’ve been in a trance or something and they break out of it right there and say, “You know, $2.5 million is too much for saving $40,000.”

It seems like a psychologist could be a valuable partner to a CFE.

The fraud examiners themselves know this stuff. Usually a psychologist has three months to get someone to admit they hate their mother. A corporate security person has three hours to get someone to admit they killed their mother. It’s a big difference, and I’ll match the trained fraud interviewer against any psychologist you want. If they’re skilled, if they’re experienced, the fraud investigator knows how to play somebody like that. If someone comes up and tells me, “They owed me that money,” I’ll fall right in line. I’ll say, “Tell me about that.”

What are some other tips for successful interviews?

First off, there are no lucky interviews. The good interviewers I know never walk into an interview without as much preparation as is available. They know the case backwards and forwards. They know the documents backwards and forwards. That way, when you come up to me and make a statement that might not be factual, I can confront you with it. I might confront you now or 30 minutes from now, and I have to know how to confront you. If I just say, “You lied to me,” well, now I’ve challenged you and that might not work. Instead, I might throw in some tie-down or tag questions to make you lie to me: “Now you’d never do anything like that wouldja?” Later on, “Let me show you this document here.” And that way I’ve not challenged you. I make it easy for you to tell me what you’ve done. I’m not judgmental. I impress you with my knowledge of the incident. There is an art to the interview. People get better during their careers. I’ve never met the best interviewer in the world because that person hasn’t been invented yet. The good ones keep getting better. If I were a corporate executive in charge of security, with a limited training budget, the one thing I would make sure everyone on my staff were trained to do is interview and do admission-seeking interviews. That’s the backbone to everything we do.

Dealing with suspects is one thing. What about clients? Don’t fraud victims sometimes resist admitting they’ve been duped?

It’s one of the major obstacles we run into. And here’s why: We’ve all worked around people we don’t like. And television trains us that law breakers, fraud perpetrators, are going to be people we don’t like. In reality, when we get to work, it’s the person we go to church with, the person that last November we went to dinner with, that we called a friend. And it’s so hard for us to realize that person will cross the line. Generally speaking when I go into an investigation, and they say it could be anyone except Joe over there, Joe’s the first person I look at. No one’s watching him because they trust him.

Can you share any stories of new kinds of fraud you’re seeing?

There are few new frauds. We had a young man in central Texas who had a secret European investment fund. If you invested your money, in 30 to 45 days, you’d get a 75 to 100 percent return on your money. His girlfriend’s parents gave him $80,000 and a few months later he gives them a million dollars back. Well they were big church members, so they told everybody at church. Before long you had people taking equity loans on their houses and cashing out their 401(k)s. The guy had a five million dollar mansion on a lake here in Texas. He had a jet, nine luxury cars and a helicopter. If you invested more than $20,000 with him, you got a helicopter ride. And of course he didn’t have any secret investment fund. He had a Ponzi scheme. He was paying earlier investors with later investors’ money.

This scheme dates back to 1923, with Charles Ponzi. Yet it’s used over and over successfully. Right after that a former NFL football player was doing the same thing, using a foreign currency investment scheme. We actually don’t run across much that’s new. We run across people who are innovative in how they perpetrate the older frauds. Oftentimes at a seminar I’ll mention a fraud, but I won’t mention the name of the company. At the end of the lecture, a person will come up to me and say, Oh I work for that company. They probably didn’t, but the same thing happened at their company. We see the same stuff over and over again.