FRA Manager Daniel Roseberry attended the New York Conference of the Association of Certified Fraud Examiners (NYCFE) Spring Fraud Conference: Technology is shaping the fight against fraud, in New York. The NYCFE was formed in 1990 and is dedicated to fraud prevention education through meetings, seminars, workshops and professional networking opportunities for our members. Below are some of Daniel’s key insights from the event.
The Ethically Intelligent CFE
Dr. Bruce Weinstein, The Ethics Guy®, presented five powerful principles driving ethical intelligence that he urged CFEs to consider when confronting decisions inside and outside of the workplace. In his remarks, Dr. Weinstein walked the audience through the following questions based on what he calls the five principles of ethical intelligence:
- Will this avoid causing harm?
- Will it make things better?
- Is it respectful?
- Is it fair?
- Is it a caring thing to do?
At the end of his presentation, Dr. Weinstein explained that if the answer to each of the five questions is “Yes”, then the approach is likely to be ethically intelligent.
The principles are based on Tom L. Beauchamp and James F. Childress’s “Principles of Biomedical Ethics” (Oxford University Press). Dr. Weinstein simplified the names of the principles and broadened their applicability beyond healthcare and biomedical research.
Metadata and How It Is Used in Complex Investigations
Founder of SL Data Management, Sal Llanera, talked about metadata and how it can be an effective tool to use in investigations. Metadata, or data about data, includes things like file dates, file authors, the type of application used to create the file and hash values (i.e., the file’s digital fingerprint). By using these metadata points, an investigator can create an effective exhibit in the form of a timeline of events which most audiences can easily understand. For evidence like this to hold up at deposition or trial, Mr. Llanera stressed the importance of capturing a “forensic image” of metadata and completing a robust chain of custody. Mr. Llanera ended his presentation by walking the audience of CFEs through ways to confront claims of an email never being sent and document manipulation.
Why People Lie
Bret Hood, a former FBI Agent and current adjunct professor of forensic accounting at the University of Virginia, exposed the audience to the inner thoughts of a fraudster as he explained why people lie. Mr. Hood extensively discussed integrity tests conducted by Dan Ariely, a Duke University professor of psychology and behavioral economics, and what the results of those tests proved. One of the results being that people find comfort in following the behavior of others with whom they can relate (i.e., in-group behavior), which lends to the importance of an ethical tone at the top. The discussion also touched on different ways people who lie rationalize the act, including distancing themselves from the lie through euphemisms (e.g., “grease the wheel” vs. bribing). Mr. Hood noted that some key considerations on how to maintain an ethically sound company culture is to celebrate those who are ethical and maintain consistency in the moral code of the company.
Navigating the Threat Landscape: Fraud, Extortion and Espionage
Douglas Bienstock, a Principle Consultant at Mandiant, spoke to the conference attendees about the mechanics of a cyberattack and how bad actors use unauthorized access to commit fraud, extort and spy. Among the topics discussed was the anatomy of a cyberattack, which includes the penetration of a network at an initial point of compromise, the bad actors establishing a foothold throughout a network, gaining access to higher privileged credentials and data exfiltration. Mr. Bienstock concluded his presentation with some takeaways to help prevent the threats of a cyberattack which comprised of educating employees about security awareness, having a strong understanding of the network environment and investing in key technologies (e.g., multi-factor authentication, email screening, Content Disarm and Reconstruction).
Leveraging Data Analytics to Detect Digital Money Laundering
Michael Schidlow, SVP & Head of Financial Crime Compliance and Emerging Risk Audit Development at HSBC, kicked off his presentation by explaining the prevalence of virtual currency (“VC”) transactions and the two classifications of VC: closed VC and open VC. The key difference between the two forms being that closed VC is limited to a closed environment (e.g., a coffee shop gift card) while open VC can be converted into cash using exchanges or ATMs (e.g., Bitcoin). While closed VC does not appear to present as much of a risk compared to open VC, Mr. Schidlow explained that through a scheme called “ghost laundering”, closed VC can be an effective money laundering tool. In order to effectively detect digital money laundering, Mr. Schidlow described the extensive use of analytics to spot anomalies, such as abnormally high volumes of transactions, high frequency of missing data fields and a high rate of inconsistent merchant codes. Once the application of analytics flushes out these irregularities, it then allows for a much more targeted approach to assess root cause.