Further to my comments about the UK’s Fraud Review, I enjoyed a discussion with Ken Farrow of Control Risks.
Prior to joining Control Risks, Ken was the Head of Fraud and Financial
Crime for Lloyds TSB and, before that, a police officer with the City
of London Police, as well as overseas with the New Zealand Police and
Royal Hong Kong Police. He worked in a wide range of CID roles for
over thirty years, including the Fraud Squad as a chief inspector
specialising in computer crime investigations. In other words, he
knows his stuff.
The first thing Ken mentioned were the recent headlines about the UK Government losing 25 million citizen’s data records.
Apparently, the government has spent over £500,000 trying to find the
two lost discs but to no avail … I guess they need to buy a more
expensive tracker dog then. Ken’s point was that this is nothing
compared to the overall leakage from government departments.
For example, the Department of Work and Pensions
(DWP) issues of 2005. This was a scam based upon an easy ability to
siphon off tax credits. All you needed was a validated bank account
and application, and the money came rolling in. As the BBC reported at
"The attraction of the system to fraudsters has been
relatively low levels of up-front checking of the accuracy and honesty
of applicants … the sheer scale of demand, and a system designed to
focus on processing claims and recovering overpayments later, left the
door wide open to abuse. The temptation was just too hard for
organised crime – always looking for the best return for the lowest
risk – to ignore …
"The main attack has been on the
online portal, which the Revenue closed on 1 December. Fraudsters were
making multiple applications – using false or stolen identities and
claiming for non-existent children – from internet cafes as early as
two years ago."
Now this is old news, I know, but Ken did
surprise me when he said that the losses reported at the time by the
DWP were estimated to be around £15 million. More like £1 billion, he
You think that’s bad? Have a look at banks.
adamant that most financial fraud could be stamped out, if only there
were better checks and vets of employees. When you take on staff, do
you really checkout their background properly?
How about the
hedge fund manager who’s first degree from Cambridge looked
impeccable. His interviewing style was wonderful. His appearance and
CV were second-to-none. Six months after starting with the firm, he
was losing them billions and wanted a massive pay-off. No First
degree. And an interview based upon reading "Quant Analytics for
Dummies" (maybe we should write this one).
Checkout someone’s CV properly, and that’s not just calling up a referree.
check staff regularly for any signs of unusual or erratic behaviours.
Or just check full stop. After all, fraudsters find staff easy to sway.
story of the young bank teller down the local pub being targeted by a
gang. "We know where you live and your mother. If you don’t help us,
then your lovely mam may just have a bad fall."
Or the middle-aged bank manager who feels passed over and resentful.
the professional investment manager who happens to be having such a
good time at Peppermint Hippo that he doesn’t notice the photographer.
All stories which Ken recounts with personal knowledge.
The results are rather startling. Here’s just a few from recent times:
Trader’ – conducts unauthorised trades causing losses of £5 million and
compromises a trader working for a counter-party organisation
- Payroll Officer – auditors discover discrepancies dating back over a 10 year period totalling £250,000+
- PA to two Senior Executives of a major financial institution misappropriates personal funds – £3 million
Female bank clerks access confidential client files and provide
information to professional criminals – £1.75m lost to UK bank.
employee uses his authority to generate loans amounting to £50k then
pays away money to accounts controlled by his relatives
employee uses the opportunity of a bank merger to steal share
certificates valued at £150k and tries to negotiate their sale.
- 2 security printers ‘steal’ confidential information for an ‘insider dealing ring’
- Personnel Officer creates her own ‘fictitious’ employment agency and submits invoices for ghost ‘temps’
executive working for insurance company uses collusive companies to
carry out emergency administrative work at grossly inflated rates to
steal substantial sums of money.
- Accounts Clerk leaves genuine
invoices on desk – unidentified employee replaces them with four false
duplicate invoices – £800k paid away to Latvia.
- $15 million
paid away to Turkey on a handwritten instruction within Forex
department of a major bank. Second attempt to transfer £14.2m to
Germany narrowly averted.
- Group of employees working within a
call centre monitor dormant client accounts and transfer away £12
million to illicit accounts
- Insider steals cheques from a
public utility company. These are then used by criminals posing as
buyers of high value motor vehicles on e-bay.
- Compliance Officer uses his position and knowledge to support an ‘insider trading’ ring
favourite story that Ken recounts, is the one about the computer expert
working for a credit card firm. He kept telling the management that
their systems were compromised. They weren’t interested. He didn’t
get a good bonus or appraisal that year and nore did his team. So the
guy resigns and subsequently threatens to use his knowledge to bring
down the credit card firm’s payment systems unless his demands are
met. His demand? That his team receives a bonus at least as good as
the best performers in the firm.
They ignored him and guess
what? The payment systems started to have a few gremlins and
glitches. So the guy is arrested and taken to court.
The judge hears all of the evidence and … releases the disillusioned techie with a warning and fines the firm.
The quality of mercy … justice delivered.