ASLI - Internal Fraud Investigation & Control Conference 2013 Delving into the devil’s mind – knowing the psyche of a fraudster and a corrupt employee • Unleashing the mechanisms of a criminal mind • How a fraudster reacts and behaves in a constrained environment • How to recognize a fraudster – traits and personality of a corrupt and fraud employee

1. DELVING IN THE DEVIL’S MIND
Knowing the psyche of a fraudster and a
corrupt employee
Kenny Ong
Takaful IKHLAS Sdn Bhd
1

2. Business today…
13th April 2009
•Two Domino’s employees
•YouTube
•Apology from Domino’s after
48 hours
•1 million hits
•Twitter: questions on silence
•LinkedIn: suggestions by users
in forum
2
BusinessWeek, May 4, 2009

3. TAKAFUL IKHLAS CORPORATE PROFILE
• Shareholder : MNRB Holdings Berhad (100%)
• Established Date : 18 September 2002
• Operational since : 2 July 2003
• Takaful Model : Al-Wakalah
• Business Portfolio : General and Family Takaful
• Number Products : More than 90
• Number of Participants : More than 1,800,000
• Number of Agents : More than 6,000
• Number of Staff : 490
• Regional Offices : 11
• Paid Up Capital : RM295 million
3

4. IKHLAS Customized Healthcare
Solutions
4

5. Contents:
A. The Criminal Mind
B. Triggers
C. Minimizing Incidents
D. Future Fraud
5

6. When and how do you decide?

7. How many of us drive with the
ultimate intention of breaking the
speed limit?
7

8. Fraud-O-Scope™
Good
1. Character
Bad
4. Catchability 3. Situation
Fraud
Easy Hard Open Closed
Smart
2. Intelligence
Not
Smart
8

9. The Criminal Mind
Profile of Potential Fraudster
9

10. “Everyone has a price”
10

11. Fraud-O-Scope™
Good
1. Character
Bad
Fraud
Smart
2. Intelligence
Not
Smart
11

12. Fraud-O-Scope™
Good
1. Family
2. Education 1. Character
3. Social
4. Movies Bad
5. Books
6. Religion
Fraud
7. Record
8. Attribution
12

13. Fraud-O-Scope™
1. Education
level
2. Talent
3. Analytical
Fraud 4. Systems
Smart
5. Ask
questions
2. Intelligence 6. Years of
Service
Not
Smart
13

14. How would you profile him?
14

15. How would you have profiled him?
15

16. Where are the Fraud Risks?
Industry
Suppliers/Vendors
Management
Retail Front
Staff
Frontline
16

18. Real Fraud, Real Risks
1. Channel Fraud 9. Credit Card
2. Staff Fraud 10.Ghost Staff
3. Management Fraud 11.Ghost Channels
4. Distributor 12.Financial Reporting
5. Retail Assistant 13.Theft
6. Payroll 14.F/L
7. Undercutting 15.eCommerce
8. Purchasing 16.Share manipulation
18

19. GENERAL FRAUDSTER PROFILE
• Profile: 68.6%
– no prior criminal record,
– Aged 26-40 years old,
– Annual income between RM15k-RM30k,
– 2-5 yrs of service
• Struggling financially or large purchases
– difficult time in their lives
– gets out of hand
• Merger and acquisition or reorganization activity.
– ‘I don’t have a career here’ attitude.
19

20. Possible General Root Causes
for Fraud Mindset
1. "Everyone does it."
2. "It was small potatoes."
3. "They had it coming." – the revenge syndrome
4. "I had it coming." – the equity syndrome
20

21. Possible General Root Causes
for Fraud Mindset
1. "Everyone does it.“
1. Indiscipline employees commonly organize
themselves in cliques or clusters - the inner circle
2. Rarely does a repeat offender not involve an
accomplice or at least a confidant.
3. “If my superior can come to work late and still be
promoted, it means I can steal RM10. Both are
indiscipline cases anyway.”
21

22. Possible General Root Causes
for Fraud Mindset
1. “It was small potatoes.“
1. “What's a RM30 stolen calculator to a company that
makes millions each year or to a boss who drives a
Mercedes?
2. “Zero Tolerance Policy” for identified disciplinary
cases in any form or for any amount?
22

23. Possible General Root Causes
for Fraud Mindset
1. "They had it coming." – the revenge syndrome
1. “The accounts department cuts down my lead time
to submit my claims yet take 60 days to
compensate my claims. So I purposely come late to
work to compensate.”
2. “The company keeps cutting down our benefits and
allowances but keep asking us to produce more. So
I compensate by being calculative with the company
even for one sen.”
23

24. Possible General Root Causes
for Fraud Mindset
1. "I had it coming." – the equity syndrome
1. Under-compensated or unrecognized -> self-
devised "bonus" plan.
2. Employee has been turned down for a raise or
promotion; after a company-wide salary freeze has
been established; during periods of company
turmoil (restructuring, takeover, new management,
etc.).
24

25. Reminder: Very few people join an
organization with the objective to
commit fraud.
25

26. “Cow don’t drink water cannot
push cow head down”
26

27. Triggers
Conditions for Fraud
27

28. Fraud-O-Scope™
4. Catchability 3. Situation
Fraud
Easy Hard Open Closed
28

29. Fraud-O-Scope™
1. Self/Family
2. Straight road
3. Conflicts
4. Bad Bosses
5. M&A
6. Org Character 3. Situation
7. Controls Fraud
Open Closed
8. No changes
9. Power
Imbalance
10.Amount, $$
11.Org Systems
29

30. Fraud-O-Scope™
1. Check &
Balance
2. Oversight
3. Automation
4. Catchability 4. Burden of
Fraud Proof
Easy Hard 5. Line of Sight
30

31. Who is most likely to commit Fraud?
Excellent
Very Good
Average
Not Good
Commit Suicide
31

32. The Four Desperates
1. Desperate 2. Desperate
Competition Consumer
3. Desperate 4. Desperate
Achievers Changes
32

33. Dangers of Direct Incentives
1. lessen internal motivation,
2. switch to mercenary mode,
3. do something and do not do something else,
4. bribe and fraud culture,
5. easier for competitors to recruit,
6. lessen teamwork & helpful culture,
7. less and less impact for same value,
8. mockery of base salary and employment contract,
9. rebellion from non-incentivised staff,
10. end up incentivising everyone for everything?,
33

34. Curse of the Bell Curve
‘A’ ‘B’ ‘C’ ‘D’ ‘E’
Staff Staff Staff Staff Staff
34

35. Biggest Issue in Financial
Product Innovation?
35

36. Power Imbalance
1. Propose
2. Approve
3. Execute
4. Monitor
36

37. Possible General Root Causes
for Fraud Mindset
1. "Everyone does it."
2. "It was small potatoes."
3. "They had it coming." – the revenge syndrome
4. "I had it coming." – the equity syndrome
37

38. Minimizing Incidents
Prevent. Deter. Kill.
38

39. "Fear not the 10,000 moves
practiced once. Fear the one move
practiced 10,000 times"
Chandni Chow to China
39

40. How to minimize Fraudulent
mindsets….
Attribution.
40

41. Risk Mitigation Strategies
ERM
Resources
Structure Identified
Fraud
Risks
Culture
Leadership
Person
41

42. Alignment: Framework
Structure • Org Structure
• Job Design – C.Fraud.O.
• Policies & procedures
• Governance, Internal Controls
• Management Systems, SOPs
• Central
• Special Task Force
• Internal Audit, Surprise Audit, Regular Audit
(Surveillance)
• Levels of Authority, Power Balancing*
42

43. *Power Balancing
1. Propose
2. Approve
3. Execute
4. Monitor
BOD Set 1 BOD Set 2
Approval/Verification
43

44. Alignment: Framework
Resources • Tools
• ICT Systems
• Rules detection
• Whistle Blower
• PED
• Profiling/Assessment Tools
• Budget for Investigation,
Litigation
44

45. Strategy: Framework
Leadership • PED
• Involuntary Role Modeling
• Personal accountability and
Commitment
• Corporate Values
• Watch out: Current people promoted
to Key Positions
• Promotional criteria
45

46. Alignment: Framework
• New Employee Background
Person
checks
• Willingness to Punish
• Root Cause Analysis (Mager &
Pipe)
• Rotation
• PED
• Fraud Detection & Analysis
Competency
• High Risk Jobs
• IT breaches through Frontline
46

47. • PED
47

48. GENERAL STRATEGIES AND
POLICIES
• B1. Classification of Behaviors
– B1.1 Disrespectful Workplace Behavior
– B1.2 Progressive Discipline
– B1.3 Zero Tolerance
48

49. GENERAL STRATEGIES AND
POLICIES
• B2. Recruitment and Selection
• B3. Exit
• B4. Employee Assistance Program
• B5. Anonymous Hotline
• B6. Communication and Feedback
• B7. Training and Education
• B8. Formal Complaint and Grievance
49

50. GENERAL STRATEGIES AND
POLICIES
• B9 Leadership
– 1. Leaders act as role models whether
consciously or unconsciously
– 2. Leaders determine the working
environment
50

51. GENERAL STRATEGIES AND
POLICIES
• B9 Leadership
– 1. Educate
– 2. Involve
– 3. Teach
– 4. Eliminate
51

52. SPECIFIC STRATEGIES AND
POLICIES
• C1. Theft and Fraud – Root Causes
– Profile: 68.6% - no prior criminal record,
Aged 26-40 years old, Annual income
between RM15k-RM30k, 2-5 yrs of service
– Struggling financially or large purchases
• difficult time in their lives
• gets out of hand
– Merger and acquisition or reorganization
activity.
• ‘I don’t have a career here’ attitude.
52

53. SPECIFIC STRATEGIES AND
POLICIES
• C1. Theft and Fraud - Prevention
– Background checks
– Duties segregated
– Anonymous hotline
– Share the wealth
– Communicate successes
– Make a big noise when discovered
– Video surveillance equipment
53

54. SPECIFIC STRATEGIES AND
POLICIES
• C2. Violation of confidentiality or security
of company information - Prevention
– a. ICT Security Policies*
– b. Ownership of Intellectual Property
– c. Inside Information and Trading of company
shares
54

55. *ICT Security and Fraud (1/3)
Biggest ICT risks
1. Security – All matters relating to the ‘coming-in’
and ‘going-out’ of all systems and information
2. Backup - including Storage of critical and non-
critical information and Disaster Recovery
3. Continuity – Availability of systems and
information at a 24x7x365 standard
55

56. *ICT Security and Fraud (2/3)
The following are threats faced by organizations
from ‘inside’ the company:
• Current Employees,
• On-site Contractors,
• Former Employees,
• Vendors/Suppliers,
• Strategic Partners, and
• OEMs
56

57. *ICT Security and Fraud (3/3)
ICT Security, Backup, and Continuity Strategies 2005-2008:
1. Web browsing and 8. Physical
Internet Access 9. PCs and laptops
2. Username and 10.Remote access
passwords 11.Servers, routers, and
3. Instant Messaging switches
4. E-Mail 12.Internet / external
5. File access permissions network
6. Backups 13.Wireless
7. Crisis management, 14.PDA and cell phone
Disaster recovery and 15.Documentation and
Business Continuity change management
57

58. “Asking the people responsible
for preventing a problem if
there is a problem is like
delivering lettuce by rabbit"
Norman Augustine
CEO & Chairman, Lockheed Martin
58

59. "He has 20 years experience:
1 year of bad experience
repeated 20 times"
59

60. Future Fraud
We all need help
60

62. Finance Today…
$19.90
62

63. New Fraud Opportunities
Change in Business Models: Inexperienced
eCommerce
Partners
Franchise
Downstream/Upstream
M&A Targets
63

64. eCommerce Frauds
Lost/Stolen
Credit Cards
Account
Application
Takeover
eCom
Frauds?
Pharming Phishing
Counterfeit Advances
64

65. Latest Fraud topics: General
1. Whistle Blowing compensation: tied to $$
amount of fraud exposed
2. New laws proposed -> Not allowed to sue
Accountants, Auditors, Lawyers. What
implications?
3. Credit Crunch = Tighter Cash Flow = More
desperate people = more Fraud?
4. Sub-prime crisis + Société Générale =
Transparency, Disclosure, Relationship
Transparency
65

66. Fraud: Research Options?
1. Profile of a Fraudster in Malaysia
2. New Fraud Risks in the 21st century business
environment
3. Internet, eCommerce, and ICT related Fraud
risks and prevention
4. Company Culture and its influence on Fraud
Risks
5. HR practices that can decrease Fraud in a
company
66

67. End Points
67

68. Mistakes and Lessons
Learned
1. Price to Pay for Fraud/Risk Mitigation =>
Business Flexibility
2. Control vs. Growth
3. Rules vs. Humanity/Motivation
4. Not tackling the root cause i.e. Motive +
Opportunity i.e. Humans
5. Focus on FAC vs. Sales/Marketing => who has
control?
6. Relationship Role vs. Enforcement Role
68

69. In the end…
• Great Wall of China
– humans are the weakest link
– bad treatment of staff will lead to weak link i.e.
easier to bribe, easier to con, etc;
– bad treatment examples: insulting, lose face,
broken promises, no dignity, public criticism,
restructure without communication
69

70. Thank You.
soft copy of slides:
http://totallyunrelatedrandomanddebatable.
blogspot.com/