ASLI - Internal Fraud Investigation & Control Conference 2013
Delving into the devil’s mind – knowing the psyche of a fraudster and a corrupt employee
• Unleashing the mechanisms of a criminal mind
• How a fraudster reacts and behaves in a constrained environment
• How to recognize a fraudster – traits and personality of a corrupt and fraud employee
Content Marketing 101: Overview of Content Marketing
ASLI Fraud Investigation Conference 2013 - Delving into the devil’s mind
1. DELVING IN THE DEVIL’S MIND
Knowing the psyche of a fraudster and a
corrupt employee
Kenny Ong
Takaful IKHLAS Sdn Bhd
1
2. Business today…
13th April 2009
•Two Domino’s employees
•YouTube
•Apology from Domino’s after
48 hours
•1 million hits
•Twitter: questions on silence
•LinkedIn: suggestions by users
in forum
2
BusinessWeek, May 4, 2009
3. TAKAFUL IKHLAS CORPORATE PROFILE
• Shareholder : MNRB Holdings Berhad (100%)
• Established Date : 18 September 2002
• Operational since : 2 July 2003
• Takaful Model : Al-Wakalah
• Business Portfolio : General and Family Takaful
• Number Products : More than 90
• Number of Participants : More than 1,800,000
• Number of Agents : More than 6,000
• Number of Staff : 490
• Regional Offices : 11
• Paid Up Capital : RM295 million
3
19. GENERAL FRAUDSTER PROFILE
• Profile: 68.6%
– no prior criminal record,
– Aged 26-40 years old,
– Annual income between RM15k-RM30k,
– 2-5 yrs of service
• Struggling financially or large purchases
– difficult time in their lives
– gets out of hand
• Merger and acquisition or reorganization activity.
– ‘I don’t have a career here’ attitude.
19
20. Possible General Root Causes
for Fraud Mindset
1. "Everyone does it."
2. "It was small potatoes."
3. "They had it coming." – the revenge syndrome
4. "I had it coming." – the equity syndrome
20
21. Possible General Root Causes
for Fraud Mindset
1. "Everyone does it.“
1. Indiscipline employees commonly organize
themselves in cliques or clusters - the inner circle
2. Rarely does a repeat offender not involve an
accomplice or at least a confidant.
3. “If my superior can come to work late and still be
promoted, it means I can steal RM10. Both are
indiscipline cases anyway.”
21
22. Possible General Root Causes
for Fraud Mindset
1. “It was small potatoes.“
1. “What's a RM30 stolen calculator to a company that
makes millions each year or to a boss who drives a
Mercedes?
2. “Zero Tolerance Policy” for identified disciplinary
cases in any form or for any amount?
22
23. Possible General Root Causes
for Fraud Mindset
1. "They had it coming." – the revenge syndrome
1. “The accounts department cuts down my lead time
to submit my claims yet take 60 days to
compensate my claims. So I purposely come late to
work to compensate.”
2. “The company keeps cutting down our benefits and
allowances but keep asking us to produce more. So
I compensate by being calculative with the company
even for one sen.”
23
24. Possible General Root Causes
for Fraud Mindset
1. "I had it coming." – the equity syndrome
1. Under-compensated or unrecognized -> self-
devised "bonus" plan.
2. Employee has been turned down for a raise or
promotion; after a company-wide salary freeze has
been established; during periods of company
turmoil (restructuring, takeover, new management,
etc.).
24
25. Reminder: Very few people join an
organization with the objective to
commit fraud.
25
29. Fraud-O-Scope™
1. Self/Family
2. Straight road
3. Conflicts
4. Bad Bosses
5. M&A
6. Org Character 3. Situation
7. Controls Fraud
Open Closed
8. No changes
9. Power
Imbalance
10.Amount, $$
11.Org Systems
29
30. Fraud-O-Scope™
1. Check &
Balance
2. Oversight
3. Automation
4. Catchability 4. Burden of
Fraud Proof
Easy Hard 5. Line of Sight
30
31. Who is most likely to commit Fraud?
Excellent
Very Good
Average
Not Good
Commit Suicide
31
32. The Four Desperates
1. Desperate 2. Desperate
Competition Consumer
3. Desperate 4. Desperate
Achievers Changes
32
33. Dangers of Direct Incentives
1. lessen internal motivation,
2. switch to mercenary mode,
3. do something and do not do something else,
4. bribe and fraud culture,
5. easier for competitors to recruit,
6. lessen teamwork & helpful culture,
7. less and less impact for same value,
8. mockery of base salary and employment contract,
9. rebellion from non-incentivised staff,
10. end up incentivising everyone for everything?,
33
34. Curse of the Bell Curve
‘A’ ‘B’ ‘C’ ‘D’ ‘E’
Staff Staff Staff Staff Staff
34
37. Possible General Root Causes
for Fraud Mindset
1. "Everyone does it."
2. "It was small potatoes."
3. "They had it coming." – the revenge syndrome
4. "I had it coming." – the equity syndrome
37
45. Strategy: Framework
Leadership • PED
• Involuntary Role Modeling
• Personal accountability and
Commitment
• Corporate Values
• Watch out: Current people promoted
to Key Positions
• Promotional criteria
45
46. Alignment: Framework
• New Employee Background
Person
checks
• Willingness to Punish
• Root Cause Analysis (Mager &
Pipe)
• Rotation
• PED
• Fraud Detection & Analysis
Competency
• High Risk Jobs
• IT breaches through Frontline
46
48. GENERAL STRATEGIES AND
POLICIES
• B1. Classification of Behaviors
– B1.1 Disrespectful Workplace Behavior
– B1.2 Progressive Discipline
– B1.3 Zero Tolerance
48
49. GENERAL STRATEGIES AND
POLICIES
• B2. Recruitment and Selection
• B3. Exit
• B4. Employee Assistance Program
• B5. Anonymous Hotline
• B6. Communication and Feedback
• B7. Training and Education
• B8. Formal Complaint and Grievance
49
50. GENERAL STRATEGIES AND
POLICIES
• B9 Leadership
– 1. Leaders act as role models whether
consciously or unconsciously
– 2. Leaders determine the working
environment
50
52. SPECIFIC STRATEGIES AND
POLICIES
• C1. Theft and Fraud – Root Causes
– Profile: 68.6% - no prior criminal record,
Aged 26-40 years old, Annual income
between RM15k-RM30k, 2-5 yrs of service
– Struggling financially or large purchases
• difficult time in their lives
• gets out of hand
– Merger and acquisition or reorganization
activity.
• ‘I don’t have a career here’ attitude.
52
53. SPECIFIC STRATEGIES AND
POLICIES
• C1. Theft and Fraud - Prevention
– Background checks
– Duties segregated
– Anonymous hotline
– Share the wealth
– Communicate successes
– Make a big noise when discovered
– Video surveillance equipment
53
54. SPECIFIC STRATEGIES AND
POLICIES
• C2. Violation of confidentiality or security
of company information - Prevention
– a. ICT Security Policies*
– b. Ownership of Intellectual Property
– c. Inside Information and Trading of company
shares
54
55. *ICT Security and Fraud (1/3)
Biggest ICT risks
1. Security – All matters relating to the ‘coming-in’
and ‘going-out’ of all systems and information
2. Backup - including Storage of critical and non-
critical information and Disaster Recovery
3. Continuity – Availability of systems and
information at a 24x7x365 standard
55
56. *ICT Security and Fraud (2/3)
The following are threats faced by organizations
from ‘inside’ the company:
• Current Employees,
• On-site Contractors,
• Former Employees,
• Vendors/Suppliers,
• Strategic Partners, and
• OEMs
56
57. *ICT Security and Fraud (3/3)
ICT Security, Backup, and Continuity Strategies 2005-2008:
1. Web browsing and 8. Physical
Internet Access 9. PCs and laptops
2. Username and 10.Remote access
passwords 11.Servers, routers, and
3. Instant Messaging switches
4. E-Mail 12.Internet / external
5. File access permissions network
6. Backups 13.Wireless
7. Crisis management, 14.PDA and cell phone
Disaster recovery and 15.Documentation and
Business Continuity change management
57
58. “Asking the people responsible
for preventing a problem if
there is a problem is like
delivering lettuce by rabbit"
Norman Augustine
CEO & Chairman, Lockheed Martin
58
59. "He has 20 years experience:
1 year of bad experience
repeated 20 times"
59
65. Latest Fraud topics: General
1. Whistle Blowing compensation: tied to $$
amount of fraud exposed
2. New laws proposed -> Not allowed to sue
Accountants, Auditors, Lawyers. What
implications?
3. Credit Crunch = Tighter Cash Flow = More
desperate people = more Fraud?
4. Sub-prime crisis + Société Générale =
Transparency, Disclosure, Relationship
Transparency
65
66. Fraud: Research Options?
1. Profile of a Fraudster in Malaysia
2. New Fraud Risks in the 21st century business
environment
3. Internet, eCommerce, and ICT related Fraud
risks and prevention
4. Company Culture and its influence on Fraud
Risks
5. HR practices that can decrease Fraud in a
company
66
68. Mistakes and Lessons
Learned
1. Price to Pay for Fraud/Risk Mitigation =>
Business Flexibility
2. Control vs. Growth
3. Rules vs. Humanity/Motivation
4. Not tackling the root cause i.e. Motive +
Opportunity i.e. Humans
5. Focus on FAC vs. Sales/Marketing => who has
control?
6. Relationship Role vs. Enforcement Role
68
69. In the end…
• Great Wall of China
– humans are the weakest link
– bad treatment of staff will lead to weak link i.e.
easier to bribe, easier to con, etc;
– bad treatment examples: insulting, lose face,
broken promises, no dignity, public criticism,
restructure without communication
69
70. Thank You.
soft copy of slides:
http://totallyunrelatedrandomanddebatable.
blogspot.com/
Notas del editor
Refer to Handout 1: Possible General Root Causes for Fraud
Refer to Handout 1: Possible General Root Causes for Fraud
Refer to Handout 1: Possible General Root Causes for Fraud
Refer to Handout 1: Possible General Root Causes for Fraud
Refer to Handout 1: Possible General Root Causes for Fraud
This looks better right? But… also still not good enough, right? Refer to Handout 4: 1. Priority, Targets and Standards
Refer to Handout 1: Possible General Root Causes for Fraud
Actions and Behaviors under “Zero Tolerance”: theft and fraud** violation of confidentiality or security of company information** possessing or consuming non-prescribed narcotics on company property reporting to work intoxicated/impaired instigating a fight on company property carrying a weapon on company property intentional harassment, including racial, religious, or sexual harassment directly or indirectly inciting racial or religious issues act of violence toward superior, an employee or customer physically threaten or abuse superior, an employee or distributor misrepresentation of important facts in seeking employment tampering or forging company information and property sabotage or intentionally harming the company Conflict of interest General Treatment for “Zero Tolerance” These are behaviors that are commonly excluded from a progressive discipline approach and that subject the employee to either immediate Domestic Inquiry (D.I.) or criminal prosecution. (upon professional legal advice) There should also be publication and circulation of the “Zero Tolerance” Handout for all employees.
Refer to Handout 2: General Strategies And Policies
is important.
Here are some ways to for leaders to create a better working environment: Educate our core employees all about the business so they understand their impact on its day-to-day success. Involve employees in important decisions relating to work processes and customer satisfaction. Teach core workers the skills that are traditionally reserved for managers. This helps them learn to make better decisions and support business objectives. Identify and eliminate obstacles to employee commitment. These can include giving managers too much status or privilege, micromanaging and restricting employees’ access to information.