Each year during the Association of Certified Fraud Examiners’ (ACFE) Annual Global Fraud Conference, the ACFE’s Board of Regents sits down with Fraud Magazine to take stock of the current anti-fraud landscape. The Regents, elected by
Certified Fraud Examiners (CFEs) to establish standards and policies for the ACFE, always bring a wealth of knowledge to the discussion. This year, the cadre of experts comprising the 2024-2025 Board of Regents assessed what we’ve learned about managing
fraud risk during a crisis like the pandemic, how artificial intelligence (AI) is enhancing — and complicating — fraud-fighting efforts, and what we can do to attract new people to the field.
FM: In Occupational Fraud 2024: A Report to the Nations, CFEs
reported that 53% of their cases had at least one pandemic-related factor that contributed to the occurrence of fraud in their organizations. What are the key lessons we can learn about protecting organizations (including government) from fraud during
a pandemic or other crisis?
Kimberly Howell, CFE: I think the biggest thing we need to do is implement controls early on. Many of the problems with the U.S. government’s spending and fraud in the Coronavirus Aid, Relief, and Economic Security (CARES) Act were due
to a lack of controls on the funding. The government rushed to get the money out to people instead of thinking through the process.
Robert Smolich, CFE: It was just a rush to get the money out. We were trying to help everybody who was struggling during the pandemic. But without controls, it’s always hard to manage the damage after the fact, and now we’re going to
spend years and years identifying and fixing what went wrong.
Tom Caulfield, CFE: Elected officials, in making their decisions, were balancing protecting government resources and meeting the needs of the people. Not appreciating the risk of fraud was the problem. There was a study that addressed
risks in acquisitions and contracting during the pandemic, and one of the recommendations from it was for agencies to develop strategies for determining risks ahead of the next emergency. (See “COVID-19 Contracting: Opportunities to Improve Practices to Assess Prospective Vendors and Capture Lessons Learned,”
U.S. Government Accountability Office, July 29, 2021.)
FM: What should’ve been done differently?
Caulfield: No. 1 is acknowledging the existence of risks, then figuring out the metrics for a risk assessment. Government officials didn’t acknowledge the level of risk involved. I’m not saying government officials didn’t make necessary
decisions, but I think they failed to acknowledge the risks in the way they distributed funds. I don’t know of anybody — at least in the U.S. — who brought in inspectors general or people in oversight for discussions about the potential risks in fast-tracking
the funds. In the future, governments must acknowledge that risks exist and then take steps to minimize those risks.
FM:
What should we be doing now to get ahead of the next crisis?
Howell: Perhaps instead of creating a board after the fact like the Pandemic Response Accountability Committee (PRAC), we have ready-made plans for the next disaster. The plan’s already in place and it can be used to advise lawmakers.
This is what we need to do before implementing these programs, instead of building them afterwards. When we hear that something could occur, we have a plan in motion, and nothing needs to be built from scratch.
Smolich: Much of what we do [in the U.S.] is based on legislation. It’s not like we could suddenly have all these resources. We need Congress to enact laws to give us the resources, and they didn’t. They did it after the fact. So, we
could do what Kimberly’s suggesting, and create legislation that sets up a preparatory body that can react to these things and help craft that legislation. A good point with resources: Look what happened to the Small Business Administration (SBA).
The SBA Office of the Inspector General handled maybe hundreds of complaints a year before the pandemic, and then was suddenly handling thousands if not tens of thousands of complaints without additional resources. There’s no way to dig out of that
hole. (See “The Small Business Administration was overwhelmed with hotline complaints. Here’s how we helped.” Pandemic Oversight.)
FM: Maheswari, what was the experience in Malaysia with fraud during the pandemic?
Maheswari
Kanniah, CFE: We had similar issues with the funding. The government had to release the funds quickly and didn’t have any proper policies and procedures for managing such funds during the pandemic. So, there were a lot of frauds being perpetrated
by opportunists taking advantage of the urgent situation. We also didn’t have a “watchdog” or independent party managing the funds or the funding structure for checks and balances. There weren’t any resources to manage the process, and there weren’t
any policies and procedures or a separate governance structure in place for the release of the funds. So, if all these processes were in place and we had a third party or watchdog overseeing this, I’m sure that some of the fraud could’ve been minimized
or eliminated. But of course, we do acknowledge that elimination as a whole may not happen as fraud is ever-evolving and takes different forms and shapes by the minute.
Natalie Lewis, CFE: As a financial investigator for a consulting firm, I haven’t played as much of a role in terms of investigating [pandemic frauds]; but certainly, we’ve seen other frauds that occurred because of the reduction in controls.
It was a widespread issue, not just within the government, but also in corporations. All of a sudden, the basics of strong internal controls weren’t there anymore, and so the opportunity for fraud increased, and we’ve certainly seen an increase in
fraud based on those situations.
FM: In a recent interview with Fraud Magazine,
U.S. Attorney Damian Williams of the Southern District of New York talked about how AI is a vehicle for perpetrating traditional frauds instead of using the technology to create new scams. It’s perpetuating the old ones. What do you think about his
assessment, and what are some of your concerns about AI use? (See “Everything is a priority in the Southern District of New York,” by Jennifer Liebman, CFE, Fraud Magazine, July/August 2024.)
Lewis: I think AI is enhancing the tools that fraudsters have for committing traditional frauds. The frauds aren’t changing, but AI is making it easier for fraudsters to carry them out. Especially with business email compromises, if they’re able to make the documents and emails look more realistic with the use of AI. This fraud hasn’t changed, but it’s going to become more believable with AI.
FM: Are there ways that we can better balance fighting those traditional frauds with the threat that AI poses?
Howell: We must stay up to date with training and education and continue our traditional fraud-fighting methods. But we also need to make sure that we understand the technology because AI is such a broad term. It can be anything from
a Google search to so many other things. Its use is growing, and we don’t really understand how big it’ll grow; we’re only seeing the edges of it now.
Kanniah: And AI can only help us to a certain extent. At the end of the day, you need the human eyeball to notice things. You still need people, especially in banking.
FM: Mahes, could you talk a bit more about what you’re seeing in the financial sector in terms of AI?
Kanniah: There’s lots of talk of AI replacing people. But I don’t think that’s completely true because we still need people to make judgment calls. I do agree though that a certain level of AI should be used at work to help us speed up
certain processes and help with data collection. That helps eliminate a whole lot of work being done manually by the people. So, technology does help us by giving us a proper spreadsheet to work on, but at the end of the day, humans still need to
look at the data and make key decisions by connecting the dots. The long and short of it is that we still need people, especially in banking as it’s a heavily regulated industry.
Caulfield: As professionals, we must be educated, and we must embrace the idea that AI will both help and hurt us. It’s about education and awareness, like any other technology. You know, emails came around and we all had to learn about
forensics. AI is just another technology, and we learn about and become as educated as we can.
Smolich: I think the issue for us concerning AI in government is resources. We’re not recruiting and retaining the expertise we need because we can’t pay them. There’s a financial incentive [to work in the private sector]. Across the
government we’re having a hard time recruiting cyber talent, and we need to invest more time and resources in training the people we do have. But we’re starting to see the government recognize this. For example, the Department of Defense is rethinking
its cyber strategy. The Air Force just opened a warrant officer program for cyber operators. So, from a government perspective, we must think about how we can incentivize folks from the cyber realm to work for us. There’s a lot of money in private
industry but not enough to incentivize that same talent to work for the government. (See “Air Force opens applications
for warrant officer jobs in cyber, IT,” by Courtney Mabeus-Brown, Air Force Times, April 25, 2024.)
Lewis: It’s not just about training our people to use AI, but it’s also about educating our clients that technology isn’t enough. We still need humans on the case. I had a client say to me, ‘But, you’ve got the technology!’ I said, ‘Yes,
I have the technology, but I still need to review things.’ We have millions of documents we’re reviewing for an investigation, and I can use some form of AI to make work more efficient, but someone must make a judgment call.
Kanniah: It’s not horrible, AI. But the perception that’s out there is totally wrong; we still need us too.
Howell: I agree with both of those comments because nothing can replace a human even with help from AI. A human still needs to look at the data because our experience helps us notice patterns. People forget that and think AI is better
than humans because it can do things faster, and it has all this knowledge. But it only has that knowledge because of us.
Lewis: We’re using an e-discovery tool with an AI feature, and our client recommended we ask this AI tool if a person knew about the fraud. Well, it’s not going to have every conversation that didn’t occur in writing. It’s limited to
what it has in the system. You can use it to pinpoint certain documents that are relevant to the investigation but it’s not going to be the authority on whether or not something occurred.
FM: There’ve
been reports of a shortage of accountants. For example, according to the American Institute of Certified Public Accountants (AICPA), 75% of CPAs reached retirement eligibility by 2020. The Wall Street Journal reported that big companies like Advance
Auto Parts disclosed material weaknesses in their financial statements due in part to a lack of staff accountants. Some attribute this shortage to the perception that accounting is boring and that it doesn’t pay as well as other finance-related jobs.
Considering how integral accountants are to internal controls, how do you think we should be encouraging and developing the next generation of fraud fighters? What are you doing within your organizations to attract and retain people? (See “How much
of a threat is the talent shortage to the accounting profession?” AccountancyAge, Jan. 24, 2024 and “The Accountant Shortage Is Showing Up in Financial Statements,” by Mark Maurer, The Wall Street Journal, July 11, 2023.)
Kanniah: Firstly, in my organization, our current employees are taking CFE exams. In my division each year, I ensure that about two or three staff members sit for the exams so that they have a better understanding of the subject matter.
When you have the academics as a foundation, it’s much easier to apply it when faced with practical issues. Since my division deals with a lot of investigations and fraud, my view is that it’s a good place to start. We do a lot of training throughout
the organization to highlight its importance to the employees. As a financial institution, we also provide training for vendors and clients so they understand the requirements. There’s a lot of fraud in banking, so there’s a real need to educate throughout
the whole organization. We make it part of employees’ key performance indicators (KPI).
Caulfield: We don’t have enough introductions into what fraud fighting entails. That’s why we have our education and outreach programs because once a person gets a taste of what it’s like to be a fraud fighter, they enjoy it. We’ve got
to remind people how relevant the job is. We must also introduce our profession earlier into educational programs. I’m telling people that we’re fraud fighters, and people want to grow up to be us.
It’s team-based. We want to emphasize the diversity of our experiences, the diversity of our backgrounds.”
- Robert J. Smolich, CFE
Smolich: The challenge that we have, especially in traditional law enforcement, is that people don’t think fraud is exciting, right? It can be hard to pull people from other missions into the fraud mission because they don’t want to spend
years working on a case. They want immediate results. They want to resolve a case in 90 days, get it adjudicated and move on to the next case. But I think we can do better to communicate our successes and the great cases we investigate. We do great
things, but we don’t do such a good job explaining the amazing things we do.
One other thing on the question of accountants: We’ve created team concepts, and it’s not just the agent doing the bulk of the work then sending it to an analyst or to an accountant for analysis. It’s team-based. We want to emphasize the diversity of
our experiences, the diversity of our backgrounds. We’re trying to move in that direction. We spend a lot of time on skill development and on leadership development for our agents. We‘re working hard to create pathways for our entire workforce, but
oftentimes we face structural barriers. As we go forward, we need to ensure that we have skill development and leadership opportunities for our entire workforce.
Lewis: It’s important to get people to understand what we do and why they should look at this career earlier in their education. When I was in school for accounting, it was in the latter part of my degree program that I started learning
about fraud in the audit/tax track for accounting. What I’m finding is that the pool of people has dwindled. They’ve already chosen not to go the accounting route at all. They’re either in finance or some sort of information technology (IT) field
that’s a bit better paying. Trying to get people earlier in their education is going to be key.
Kanniah: Over the past seven years, we’ve been organizing trivia games about fraud and ethics, conducted both online and in person at our office. These activities are grounded in our core values of ethics, integrity and culture. We’ve
also developed an outreach program that fosters participation both internally and externally, engaging professionals from various industries and sectors to enhance collaboration and broaden our impact on fraud awareness and ethics. Last year, we broadened
our scope with overseas participation from Singapore, Australia, Indonesia, the United Arab Emirates and South Africa. We also have a university outreach program during International Fraud Awareness Week. We’ve educated students on the significance
of our work and the critical importance of fraud awareness. We plan to expand our university outreach this year to reach more institutions and continue to raise awareness about fraud and ethics.
FM: It seems that women have made important strides in the anti-fraud profession. Just in this room, at this table, the Board of Regents is majority female. How do you think the anti-fraud field is doing overall with gender parity?
Howell: When I talk to young women in college or post-college about going into traditional law enforcement or even the inspector general field, there’s still some hesitation about carrying firearms. I’m much more successful talking to
people who’ve been in the military or police, but if you’re just talking to someone in accounting classes, and especially someone raised in a more traditional background, they might mention that their father wouldn’t let them carry a gun. That’s a
challenge. And many still perceive that law enforcement isn’t a field for women. When I started, there were very few women in traditional law enforcement, and there are many reasons for thinking it’s a male-dominated profession. There are still many
people who don’t think law enforcement is for them, and they might not want to go through the kind of training we must do. I’m not sure how we overcome that.
Smolich: If you look at the federal law enforcement numbers, we’re still not there yet. Women still make up about only 12% of the field. (See “Leadership Spotlight: Women in Law Enforcement Today,”
FBI Law Enforcement Bulletin, June 6, 2023.) We’ve ensured we have diverse hiring boards [in the Inspector General Office for Investigations in the U.S. State Department] because diverse boards hire diverse candidates. When you bring in the right
people, they seek out the right people. We’ve made a significant effort to focus on diversity, and not just talking about it, but making sure that our actions match our words. It’s changing; we’re not there yet, but it’s getting better.
Lewis: I sit on the Georgia Chapter of the ACFE and our board is primarily female. I also sit on the governing board for the city of Atlanta’s inspector general and ethics office. We have a nine-member board and six of us are women. So
I’m seeing more leadership roles. It’s important that we try to have that backfill of people coming in and willing to stick with it to fill some of those leadership roles.
Smolich: We have to incentivize people. We have pay compression in the civil service right now. A non-supervisory special agent makes as much as their supervisor and their supervisor’s supervisor, so there’s no incentive to take that
extra step into leadership and management. If we want to create diverse leadership teams, we have to get people interested in taking on leadership roles. That’s a challenge. We won’t achieve diversity in leadership if we can’t incentivize people to
consider applying for those positions in the first place.
Lewis: During some of my fraud investigations and even when testifying, I’ve heard from a number of attorneys who’ve said that they’re starting to see more female experts retained as testifying experts and that they actually appreciate
it because there are some nuances with testifying, so there’s the thought that during a trial opposing attorneys won’t be as aggressive with female experts as they’d be with male experts. That’s something that I’m hearing from attorneys who are hiring.
FM: What is some advice you’d give to fellow CFEs?
Lewis: Volunteer. Whether it’s on a local level or on a global level, look for ways to give back and get involved. What I give to the ACFE, I get back tenfold, and I think it’s so well worth it. Whether it’s joining your local chapter
or submitting a proposal for a speaking engagement, writing an article or being a mentor. It also depends on your appetite and doing what you’re comfortable with. You might not need to be on stage conducting a training program, but you might prefer
being a mentor in a one-on-one setting.
Caulfield: There’s value in volunteering for things you’re not as familiar with so that you can expand your education. If you’re an investigator, don’t underestimate the value of the knowledge you’ll gain by volunteering to be part of
something that could be linked to audits. When I was working in government, I remember making sure that everybody knew this was a partnership, and we can all learn from each other.
Howell: I would encourage all to make sure that their employer knows the value of being a CFE, the value of the education that’s provided, the value of the networking to them, to the organization, not just to the individual. If you join
an organization that’s not familiar with the ACFE, let them know how you’re this great employee because of the access you have to all this training. Whoever you’re working for should know the value of that.
The participants
Kimberly A. Howell, CFE
Howell is the Inspector General (IG) for the Corporation for Public Broadcasting (CPB). Before joining the CPB, Howell worked in federal law enforcement for 25 years, conducting and leading nationwide health care, grant, procurement, counterfeit and intellectual
property fraud investigations. In 2011, she joined the Senior Executive Service and led compliance and oversight efforts and worked with federal, state, and local law enforcement agencies on various initiatives. The governor of Maryland appointed
Howell to the Maryland Commission on Judicial Disabilities in 2018. She’s also an adjunct associate professor with the University of Maryland Global Campus’s criminal justice program and has a master’s degree in public administration.
Maheswari Kanniah, CFE
Kanniah is the executive director and group chief regulatory and compliance officer for Kenanga Investment Group. Kanniah has a 44-year career in the financial-services sector with expertise in compliance, governance, ethics, financial crime and risk
management. In 2023, she received the Outstanding Achievement in Outreach and Community Service award from the ACFE and was the first Asian to receive this recognition. As past chair of the Compliance Committee with the Malaysian Investment Banking
Association, Kanniah spearheaded various consultations with the securities commission, stock exchange and Central Bank of Malaysia for regulatory changes. She currently serves on the board of the Institute of Corporate Directors Malaysia.
Robert J. Smolich, CFE
Smolich has over 22 years of U.S. military and civilian law enforcement experience. He’s currently the assistant inspector general for investigations of the U.S. State Department’s Office of the Inspector General where he leads a 77-person office in charge
of overseeing criminal, civil and administrative violations affecting State Department programs and operations, including the U.S. Agency for Global Media and the U.S. Section of the International Boundary and Water Commission. Smolich is also an
Air Force Reserve Colonel (Special Agent) with the Air Force Office of Special Investigations. He serves as the individual mobilization augmentee to the Commander, Field Investigations Region 2 (Air Combat Command), where, when in status, he leads
30 offices that conduct investigative, counterintelligence and force protection support for the U.S. Air Force and U.S. Space Force in the U.S., South America, Middle East, Europe and Africa.
Thomas A. Caulfield, CFE
Caulfield is chief operating officer of global anti-corruption consulting firm Procurement Integrity Consulting Services. He’s spent more than 40 years working in both the public and private sectors. His work in the public sector includes service in the
U.S. Marine Corps, the CIA and Council of the Inspectors General on Integrity and Efficiency. His roles included chief learning officer; inspector general for investigation, procurement integrity officer; polygraph examiner; and criminal investigator.
Caulfield briefly returned to federal service during the COVID-19 pandemic to build the Special Inspector General for Pandemic Recovery’s Office of Investigations.
Natalie Lewis, CFE
Natalie Lewis is senior vice president at consulting firm J.S. Held LLC and a member of the Governing Board of the Office of the Inspector General for the City of Atlanta. Throughout her career, Lewis has conducted fraud investigations across the globe
for companies of all sizes, from small, closely held businesses to Fortune 50 companies and governmental organizations. She’s worked on internal investigations and cases involving embezzlement, Ponzi schemes, the Foreign Corrupt Practices Act (FCPA)
and asset misappropriation. Lewis is on the board of the ACFE’s Georgia Chapter.
Jennifer Liebman, CFE, is editor-in-chief of Fraud Magazine. Contact her at JLiebman@ACFE.com.