Featured Article

Where heroes unite

28th Annual ACFE Global Fraud Conference

What makes a hero? Superheroes are often recognized by a distinguishing trait: Superhuman strength. Laser vision. A fearless and relentless pursuit for justice. According to ACFE President James D. Ratley, CFE, during the opening session of the 28th Annual ACFE Global Fraud Conference on June 19 in Nashville, Tennessee, heroes have been known to have four things in common: They didn’t start out as heroes; they’ve been placed in extraordinary circumstances, not of their own making; they decide to do the right thing regardless of the personal costs; and they don’t consider themselves heroes while others around them do.

Ratley shared the stories of heroes in the anti-fraud profession. Whistleblower Harry Markopolos, CFE, CFA, uncovered red flags in May 2000 that would eventually lead to the downfall of Bernie Madoff’s $65 billion Ponzi scheme, the largest in U.S. history. “But, as his book is appropriately titled, no one would listen,” said Ratley. “For more than eight years, he persisted.”

Pedro Fabiano, CFE, founded the ACFE’s Argentina Chapter in 1996. At that time, it was the first and only ACFE chapter in the Spanish-speaking world. “Today Pedro is one of the world’s foremost experts in international aspects of fraud investigations,” explained Ratley. “He leads a team of more than 85 people at a microfinance institution operating in more than 20 countries.”

Cynthia Cooper, CFE, along with her team, uncovered the $3.8 billion WorldCom fraud in 2002. At the time, it was the largest fraud in history. “Without regard to her own career or reputation as vice president of internal audit, she and her team worked in secrecy and often at night to document misdeeds at the highest levels in the company,” he explained. “To say that took a lot of courage would be an understatement.

“After hearing these stories, you might not think of yourself as a hero,” said Ratley. “But think about that again. Fraud destroys more lives than any other crime. And the only thing standing in the way of successful frauds is people just like you. … Collectively, Certified Fraud Examiners around the globe have prevented and detected millions of frauds and saved untold billions of dollars. By joining in this global fight, you too are a hero. Welcome to Nashville and the 2017 ACFE Global Fraud Conference: where heroes like you unite.”

Diverse sessions provide wealth of knowledge

Attendees had their pick of diverse anti-fraud topics from the Pre- and Post-Conference and the in-between Main Conference.

Three excellent speakers led Pre-Conference sessions. Keith Elliott, vice president, Operations & Business Development, Reed Research Limited, led “Cyber Intelligence and Social Media Surveillance Investigations.” During the session, Elliott emphasized that anti-fraud professionals must hold themselves to a higher level of accountability during investigations when using social media and new technology. “Google is great,” said Elliott. “But remember, Google is driving the bus.” (Read more from his session at Fraud Conference News.)

Vincent M. Walden, CFE, CPA, CITP, partner, Fraud Investigation and Dispute Services at EY, spoke on “Fraud Risk Management and COSO: What You Need to Know.” In 2016, COSO and the ACFE released the Fraud Risk Management Guide, a new research report that offers a blueprint for helping organizations establish an overall fraud risk management program.

Tom Caulfield, CFE, CIG, CIGI, co-founder, Procurement Integrity Consulting Services, LLC, led the session, “Prevention and Detection of Purchasing, Procurement and Contract Fraud.” (Caulfield also teamed up with Sheryl Steckler, CIG, CIGI, president, Procurement Integrity Consulting Services, LLC, to co-present the breakout session, Conducting a Contract Fraud and Abuse Risk Examination.)

During the Main Conference, attendees learned practical concepts at more than 70 educational sessions in 13 parallel tracks. Tracks ranged from “Cyberfraud and Cybersecurity: How Big Are the Threats?” and “Ethics on the Job and in the Field” to “Refining Fraud Detection Techniques” and “What is Working in Auditing for Fraud?”

Four excellent speakers taught three Post-Conference sessions. Janet McHard, CFE, CPA, CFF, president, McHard Accounting Consulting, LLC, and Liseli Pennings, CFE, training director at the ACFE, team-taught the “Auditing/Investigating Fraud Seminar.”

Jeremy Clopton, CFE, CPA, ACDA, CIDA, director, BKD, LLP, presented “Using Data Analytics to Detect Fraud.” Bret Hood, CFE, director, 21st Century Learning & Consulting, presented “Money Laundering Schemes: Identifying and Investigating.”

Keynote speakers relentlessly seek the truth

Banking hero: Calvery encourages courageous cooperation among sectors

Cressey Award recipient Jennifer Shasky Calvery, Global Head of Financial Crime Threat Mitigation (FCTM) at the global bank, HSBC, believes that we are at a critical point in our ability to detect, deter and combat financial crime. “We must attack the challenge with decisiveness and resolve,” she said during her Monday opening session address. “If we all approach our goals this way, who knows what we can achieve together?”

Calvery, who headed the U.S. Financial Crimes Enforcement Network (FinCEN) after a long career with the U.S. Department of Justice, began FCTM — a new HSBC function responsible for identifying, analyzing and investigating financial crime.

“Many of you work at or closely with financial institutions,” Calvery said. “We all recognize that criminals of all colors — whether terrorists, corrupt officials, proliferators or fraudsters — need to secretly move money to profit from or facilitate these activities. No one has better line of sight into the movement of these illicit funds than financial institutions.”

“Let’s change often, and collaborate with one another, in our approach to combating financial crime.”

Calvery said HSBC’s senior leadership recently listed qualities that their employees needed to detect money launderers and other criminals from attacking their bank. “Problem solving. Tenacity. Curiosity. Courage. These were just a couple of values we identified, but these particular qualities are at the core of taking risks as we think about new ways to combat financial crime.”

Calvery said many global private and public sectors have a clear appetite to cooperate as they build partnerships. “Over the last 18 months, over 20 governments around the world have committed to develop public-private information sharing partnerships that bring together law enforcement agencies, regulators and the financial sector to detect and disrupt financial crime.

“Winston Churchill said it best … ‘To improve is to change; to be perfect is to change often.’ Let’s change often, and collaborate with one another, in our approach to combating financial crime.”

Body-language hero: When we tell lies, we leak the truth

Do you think you can detect lies? Cliff Lansley thinks you should go one step further and detect the truth.

“Some people call me a professional lie detector. I prefer to use the phrase ‘truth detector’ because when people tell lies, they leak the truth,” said Lansley, body language expert and CEO of the Emotional Intelligence Academy (EIA) and managing director of Paul Ekman International. Lansley was the keynote speaker during Monday’s working lunch session.

Lansley gave an example of a fictitious truth detector in action during a video excerpt from the former Fox television show, “Lie to me.” (Paul Ekman International was a show consultant.) In the excerpt, business people are gathered in a boardroom. At one end of the table a woman is wanting to sell shares of her company to a wealthy business owner at the other end of the table. A body-language scientist — hired by the woman — observes the negotiations. Every time he sees some truth leakage, he’ll touch his legal pad with his pen.

The body-language expert signals to the seller of the shares to push the price higher when he sees the buyer give a slight “no” head shake when he says, “$12.50 a share. I can’t do better.”

“The body contradicts the words,” Lansley said. “This is a micro-gestural slip. The people showing it often don’t know they’re showing it. This is a clue to what the person is really thinking and feeling. … We call that a Point of Interest — PIN. One PIN alone doesn’t matter. We look for three indicators within a short space of time.

“Second, manipulators: When he said, ‘I’m leaving’ and stood up, he was manipulating,” Lansley said. In the video excerpt, the body-language scientist touched his legal pad with his pen again at that point. “He didn’t really want to leave,” and the seller knew she could push a bit more on the price, Lansley said, which she did.

During a two-minute table-group exercise, in which Lansley asked, “What is your ability to detect deception?” most of the attendees thought they could do so 60 percent of the time. But Lansley said that statistics show that most fraudsters and criminals are better than most of us at lie detection — at about 65 percent — and all the rest are no better than chance. Though only a few are genetically predisposed to be good truth observers, the good news, Lansley said, is that most can be trained. After four days of training, he said, 90 percent of non-criminals become good truth detectors.

Lansley described six channels to pay attention to when evaluating deception: content, interactional style, voice, face, body and psychophysiology.

He said no single channel is the most reliable indicator of deception, but fraud examiners must take most or all of them into account to give them confidence as to whether someone is telling the truth or lying.

Truth-seeking hero: Harvard professor digs into the minds of fraudsters

In 2002, Ben Horowitz, a prominent Silicon Valley venture capitalist, hired a talented chief financial officer who advised him to optimize stock option incentives for providing maximum benefit for its executives. Horowitz told Harvard business professor and fraud researcher, Eugene Soltes, the Tuesday morning General Session keynoter, for his 2016 book, “Why They Do It,” that his new CFO had reported “that her previous company’s practice of setting the stock option price at the low during the month it was granted yielded a far more favorable result for employees than ours. She also said that since it had been designed by the company’s outside legal counsel and approved by their auditors, it was fully compliant with the law.”

However, before implementing the new plan, Horowitz discussed it with his general counsel, who told him, “I’ve gone over the law six times and there’s no way this practice is strictly within the bounds of the law.”

Two years later, Horowitz’s CFO was implicated for incorrectly recording the date that she and other executives received their options during her previous job. She served nearly four months in prison for tax evasion related to the fraudulent backdating and was barred from serving as an officer or director of a public company. “The only thing that kept me out of jail,” Horowitz explained to Soltes, “was some good luck and an outstanding general counsel and the right organizational design.”

Soltes explained to the attendees that “so often in business schools, in management programs ... in corporate training exercises, we talk about having the right values, authenticity, a moral compass. … But what’s so powerful about [Ben’s] example is that it shows … it actually has nothing to do with that,” Soltes said.

“Ben is like everybody else. He has the same inclinations, the same limitations, the same intuition about what might be right and wrong when it actually comes to accounting finance policy.”

However, Soltes said, the difference between Ben and many other topflight executives is that he understood that he might be limited in his decision-making ability. “And so what he did was set up a routine process that any time he was about to set off on a change it would serve as a check,” Soltes said. “It would intercede prior to going down a slippery slope that might have adverse consequences for his firm and for himself. And I think this offers some powerful lessons.”

Soltes said that typical ethics training often gives executives confidence that they can now respond correctly to difficult dilemmas. “But in some instances, you might know the right thing to do but when you’re surrounded by these influences, pressures, a lack of time you might respond differently,” Soltes said.

“We need to cultivate humility not confidence. … We need to be more like Ben and say, ‘We’re limited in ways.’ We might not always see the consequences of our actions.”

Soltes said that Steven Garfinkel, former CFO of DVI told him, “What we all think is, when the big moral challenge comes, I will rise to the occasion.” But now he sees how his confidence was misplaced. Garfinkel was convicted for signing false collateral reports and double-pledging assets, and spent 26 months in prison. “There’s not actually that many of us that will actually rise to the occasion. … I didn’t realize I would be a felon,” Garfinkel said.

U.S. Veterans Affairs hero: Whistleblower fought for those who couldn't fight for themselves

Dr. Sam Foote, the whistleblower who brought the U.S. Veterans Affairs (VA) scandal to light in 2014, was awarded the ACFE Sentinel Award during Monday’s working lunch. Foote worked as a physician in the Phoenix Veterans Administration Medical Center for nearly 23 years before he began noticing questionable procedures beginning in December 2012. He saw a disconnect between the waiting times that the director was bragging about and the actual reports of patients.

Relying on trusted contacts inside the organization, he pieced together the various scams that the administrators were using to falsify waiting times. He discovered that they, along with the Veterans Integrated Service Network directors and some Washington officials, could receive bonuses paid for by the lives of 293 veterans at the Phoenix center who died while waiting for care.

“How can you possibly say that this man’s death was not a result of a delay in care?”

He brought his concerns to the attention of the Veterans Affairs (VA) Office of Inspector General. They sent out a team from San Diego, but they said that there was nothing they could do. After retiring in December 2013, he wrote letters to members of the U.S. Congress and went to the media with his story in hopes of forcing the VA’s hand. His diligence in exposing the story and the corruption leading to patient deaths led to a full congressional investigation and the resignation of VA Secretary Eric Shinseki, along with VA Chief of Staff Dr. Randy Petzel. Foote called for the removal of all five members of the Phoenix leadership team and the chief of Health Administrative Services.

“There’s a case I can remember, as flagrant as any,” shared Foote. “A gentleman had suffered sudden death, and he had been resuscitated by being shocked by the paramedics and it saved his life. He needed for his cardiac condition a pacemaker defibrillator. The VA stalled for months; the gentleman had another arrest and he died from it. How can you possibly say that this man’s death was not a result of a delay in care?”

Foote explained that many people asked him why he blew the whistle. “I’ve asked myself that many, many times,” he explained. “And I think the No. 1 reason was because I knew that if I didn’t come forward, Sharon Helman [the Phoenix VA Health Care System director] was on a track to become the next vision director, higher up over the hospital director, and that she would be able to continue this fraud that was being perpetrated against our Arizona veterans. I just didn’t think I’d be able to sleep at night if I allowed that to happen.”

For choosing truth over self, Dr. Foote was and is a true anti-fraud hero.

Counterespionage hero: Spies now conduct espionage from their couches

“There are no hackers; there are only spies,” cybersecurity expert Eric O’Neill told attendees at the Tuesday working lunch. “Hacking is nothing more than the necessary evolution of espionage. As we took our information out of file cabinets and we put it into databases, and then because we wanted to communicate quickly we hooked those databases up to the internet … we exposed ourselves to a new way of espionage.”

O’Neill knows a bit about espionage. In 2001, when he was working as an FBI covert field operative or “ghost,” the agency involved him in a sting to catch Robert Hanssen, veteran FBI agent and decades-long spy for the Russians.

The FBI created a new department at headquarters, appointed Hanssen as its head and placed O’Neill as his assistant. O’Neill was able to lift Hanssen’s Palm Pilot from his briefcase in his office, deliver it to FBI analysts on another floor who quickly extracted information about Hanssen’s upcoming clandestine information drop to Russian agents and place the device back into Hanssen’s briefcase.

O’Neill’s undercover surveillance of Hanssen eventually helped lead to Hanssen’s conviction and lifetime prison sentence. The 2007 movie, “Breach,” starring Ryan Phillipe, Chris Cooper and Laura Linney was based on Hanssen’s story.

O’Neill now operates The Georgetown Group, of Washington, D.C., an investigative and security consultancy and national security strategist for Carbon Black, a provider of zero-gap endpoint security protection software in Waltham, Massachusetts.

O’Neill asked the attendees, “What is the No. 1 way we communicate today in business?” It’s still via email, he said. And therein lies the ongoing problem.

O’Neill told attendees that agents of the GRU (Soviet Main Intelligence Center) who once tried to recruit government workers in D.C. bars to become spies, now have become “cyberattackers — trained in cyberespionage, sending phishing emails, trying to get people to click on links. It’s the new way espionage works,” O’Neill said.

“Why do [Russian spies] now need to spend a huge amount of time recruiting you when they can send you an email and virtually recruit you. Steal your credentials. Become you within your company’s network and do what I want. Make you into the bad guy, and you never even knew it,” O’Neill said.

In 2014, a North Korean group called the “Guardians of Peace” attacked and locked up Sony’s computer systems to possibly retaliate against the corporation for producing “The Interview,” a movie about the fictitious assassination of North Korea’s leader, O’Neill said. The hackers stole sensitive emails and planted “cyberbombs” that once detonated would erase data on computers, he said.

O’Neill also discussed how Russian cyberspies last year attacked the personal email account of John Podesta, Hillary Clinton’s former presidential campaign chairman. One Sunday morning last year, Podesta received an email that read, “Your account might have been compromised. … We’ve stopped the attempt, but change your password. Click this link.” He was suspicious, so he sent the email to his chief of staff who sent it to the campaign’s head of high-tech security. The security director mistakenly tells Podesta in an email that the original suspicious email request is legitimate but go directly to a Gmail website and change your password there. (The IT manager later said he meant to write “illegitimate,” O’Neill said.) Podesta only reads the first part of the IT manager’s email and clicks on the link, thus exposing his emails to the world, O’Neill said.

O’Neill gave three ways organizations can combat cyberattacks:

Technology: Installing good cybersecurity that focuses on the endpoints, technology such as phones, laptops, servers and thumb drives, to leverage “zero trust”— “which is like having the best club in Hollywood, and no one is going to get past that big bouncer. … Only those programs, those executables you want to launch are allowed onto your system.”

People “You have to have people who understand the technology. … If you don’t, it’s all a waste of time.”

Process: “Training people. It’s learning not to click on links! Don’t be a John Podesta.” Also, avoiding “CEO attacks,” in which a fraudster, in the guise of a top executive, will try to convince an employee to wire money.

Convicted bank fraudster thankful to attendees for allowing 'Lex Luthor' to talk to the Justice League

The contrition of convicted fraudsters* who speak to attendees at the end of each ACFE Global Fraud Conference ranges widely. Some are desperately sorry and others are still rationalizing. Former bank executive James Scalzo, who went to prison for bank loan frauds totaling $1.4 million, seemed to want to convince attendees of the full repentance of his crimes.

“I want you to know that I did it, I’m responsible for it and I own it. It’s my mistake,” he said, with a catch in his voice, during the Wednesday closing session. “If I can discourage or stop one person from making the same mistake I made, all the pain and suffering would have some sense of giving back and be worth it.

“And I know what you might be thinking: ‘It would never be me. I could never go through that. I don’t know anybody who would do that.’ But I would tell you not too long ago, I sat in those chairs and heard someone tell stories similar to myself and I thought that could never be me.”

Between April 1, 2008 and October 31, 2009, while Scalzo was employed as a bank officer at Fox River State Bank in Burlington, Wisconsin, and then Consumer’s Credit Union in Round Lake Beach, Illinois, he originated and approved multiple fraudulent loans, according to the Eastern District of Wisconsin U.S. Attorney’s Office.

He wrote the fraudulent loans using the names of people — including some of Scalzo’s relatives — who weren’t qualified to receive the funds or didn’t know Scalzo was using their names on loan documents, according to “James Scalzo sentenced to 35-month prison term for bank fraud,” by Cary Spivak, the Milwaukee Journal Sentinel, July 19, 2013, .

Scalzo’s victims included an elderly couple whose home he used as collateral for a fraudulent loan by forging the owners’ signatures, according to the Journal Sentinel article. The home later went into foreclosure.

Scalzo transferred funds from the loans by cashier’s check or wire to his personal accounts. He applied some of the loan funds against earlier loans to conceal the $1.4 million fraud. Scalzo served 27 months of his 35-month sentence.

From the mailroom to executive suites

In 1989, a helpful Kenosha, Wisconsin, banking executive pulled Scalzo out of the bank’s mailroom and placed him in a management training program. He worked his way up the ladder to the commercial lending department.

“You are heroes. You provide a valuable service, a line of defense, something that hopefully deters people — such as myself — from committing financial crime.”

“I lived beyond my means, and I lost my respect for money,” Scalzo said. “I would equate it to somebody in the medical profession who deals frequently with death and maybe becomes immune to it.”

Scalzo said he wanted an eventual avenue out of banking, so he began to pursue investment real estate on the side. He and his partners would buy properties to rehab and flip, but they then had a cash flow problem, and the market began to crater. “So, I panicked and made a loan that I benefited from,” Scalzo said. “Wrong, horrible, disgusting indiscretion. And I used my aunt and uncle’s home as collateral because I didn’t have the credit authority to give myself or my partners an unsecured loan.” The jig was up when mortgage paperwork showed up at his aunt and uncle’s address. They turned him into the U.S. attorney’s office for fraud.

“I appreciate what you folks do for a living,” Scalzo said. “When I saw the [ACFE conference] website and I saw ‘Where Heroes Unite,’ I thought these people invited Lex Luthor to give a speech to the Justice League!

“You are heroes. You provide a valuable service, a line of defense, something that hopefully deters people — such as myself — from committing financial crime,” Scalzo said. “I applaud you and respect you.”

*The ACFE doesn’t compensate convicted fraudsters.

Mark your calendar for the 2018 Conference in Las Vegas!

The 29th Annual ACFE Global Fraud Conference will be held June 17-22, 2018, at the Mandalay Bay Resort and Casino in Las Vegas, Nevada.

You’ve always wanted to attend an ACFE Global Fraud Conference, and now’s your chance to finally do it. Visit FraudConference.com to register.

See you in Las Vegas in 2018!

Emily Primeaux, CFE, is associate editor of Fraud Magazine. Her email address is: eprimeaux@ACFE.com.

Dick Carozza, CFE, is editor-in-chief of Fraud Magazine. His email address is: dcarozza@ACFE.com.

For more extensive coverage, visit FraudConferenceNews.com. Also click here to read more about the first-ever Women's Networking Reception, other award winners and more.