a0o200000028S8v_2

In This Issue of CCI

July 2009 Volume 27 No 2

CCS LECTURENew UK bribery law explained 4Combatting UK money laundering 5BANK SECRECYEnd of the line for tax havens? 6FRAUDIndonesia’s new investor blacklist 8$1.5bn pharmaceutical fraud 9Due dilligence checks on the rise 10PIRACYSomalia’s winners and losers 11CORPORATE SECURITYThe security/privacy paradox 14The rise of insider snooping 16

Alerting business to threats from fraud and corporate crime

Attacking the proceeds of crimeAt this year’s annual CCS lecture, Paul Evans offereda fascinating insight into the measures the UK’s SeriousOrganised Crime Agency (SOCA) uses to destabilise criminals,reduce the harm they do and part them from their ill gotten gains.

The payback logo is part ofThe payback logo is part ofThe payback logo is part ofThe payback logo is part ofThe payback logo is part ofa multi-agency approach toa multi-agency approach toa multi-agency approach toa multi-agency approach toa multi-agency approach totaking the cash out of crime.taking the cash out of crime.taking the cash out of crime.taking the cash out of crime.taking the cash out of crime.

The SOCA strategy:1. To build knowledge and understanding of serious organised crime, the harm it causes, and of the effectiveness in tackling it.2. To tackle criminal finances and profits including through asset recovery.3. To increase the risk to serious organised criminals operating against the UK, through traditional means and by innovation within the law.4. To collaborate with partners, join up domestic and international efforts to reduce harm and provide high quality support to our partners; and as appropriate seek theirs in return.5. To build the capability to make a difference.

Established in 2006, SOCA hasdeveloped its own innovativeresponses to tackle the changingcriminal landscape, using intelli-gence and enforcement activityto detect, disrupt and dismantleorganised criminal networks in theUK, and reduce the harm they doto individuals and communities.

The agency’s rapid evolution todeal with the changing picture oforganised crime has necessitateddevelopment of a new approachand the introduction of severalnew techniques that have beensupported and augmented withthe granting of new powers thatenable SOCA to be more effective,efficient and successful.

Paul Evans, SOCA’s DirectorIntervention, spoke at length aboutthis during his presentation, and

the former Chief of Investigationsat HM Customs began by askingthe audience what they thoughtorganised crime looks like. Thiswas his problem when he started,he said. He didn’t have an answerand nor did many others, yet theyknew from the numbers that it wasgetting worse and that somethingdrastic needed to be done.The question was what?

Taking mass marketing fraud –lottery scams, advance fee fraudsetc - as an example, Mr Evansexplained SOCA’s ‘different’approach to an organised crime thatthe Office of Fair Trading estimatescosts UK victims around £3.5 billionevery year. Working with others,it devised a strategy that aimed todisrupt and dismantle the activitiesof some of these groups, whichalso included measures to increase

awareness of the threat and encour-age innovation to tackle it. A keystrand of this strategy was tointercept mass market fraudre-mailing letters and close downthe ‘address’ they had been sent to.Then it wrote to every one of thevictims explaining they had beentricked, returned their ‘investment’and advised them to think carefullybefore responding to unsolicitedmail of the same type in the future.

Continued on page 2/

2 Commercial Crime International July 2009

Lecture Report

Finally, the agency letter providedcontact details for further adviceand guidance.

What criminals wantThinking further outside the box inits bid to find out what to do aboutorganised crime, SOCA decidedit needed to find out what criminalswant and, importantly, what theyfeared if discovered that the onlyrisk they were really concernedabout was losing their assets.

With money comes the temptationto spend it; to acquire assets, eitherto live it up or plan for the future, orsimply to legitimise it. The momentcriminals do this their risk of detec-tion increases. These people, whobehave normally most of the time,have to break cover to acquireassets and most are apparentlyas susceptible to fear, uncertaintyand doubt as anyone else.

This gives SOCA the opportunityto confirm its suspicions and makea breakthrough. It holds a largenumber of record’s on individualsinvolved in organised crime thatit checks on a regular basis it canspot changes in lifestyle and/orbehaviour that can become thecatalyst for a more detailedinvestigation. And once assets withdubious provenance are identifiedit has a powerful array of tools atits disposal to seize them.

“Building knowledge,” says PaulEvans, “is SOCA’s principlestrategic priority and will underpineverything else we do. Informationis the key to removing criminalassets, increasing the risk tocriminals, developing partnershipsand building capabilities. By invest-ing we improve our understanding,and once we understand whatcriminals want and how they workwe can prioritise the right tasks foraction and deploy the most effectiveand proportionate tools available,”he adds.

Intervention capabilitiesOutlining some of these tools, andnoting that SOCA’s internationalnetwork currently comprises 140officers in 41 countries who workclosely with local authoritiesamongst its 3,200 staff, Mr Evanssaid the agency relied heavilyon partnerships with otherorganisations to get the job done.In particular, he mentioned thecreation of the Organised CrimePartnership Board (OCPB), throughwhich the agency, HM Revenue &Customs, the UK Border Agencyand the Police have put in placesystems for sharing details of theorganised criminal groups knownto each group and agreed a seriesof joint programmes to tackle them.

Supporting this, it has at itsdisposal legislation such as theProceeds of Crime Act 2002,

Serious Organised Crime and PoliceAct 2005, and Serious Crime Act2007, which are proving useful alliesalongside SOCA’s merger with theAssets Recovery Agency last yearthat now puts it at the forefrontof recovering criminal assetsand disrupting organised groupfinances.

Mr Evans made particular referenceto the new civil recovery arrange-ments contained within the SeriousCrime Act and said the agency wasmaking good use of its provisionof Serious Crime Prevention Orders(SCPOs), which at a stroke removeprocesses that could previouslytake up to two years to litigate.SCPOs can be obtained by theprosecution after conviction, orwithout prosecution through the HighCourt, and are designed to makeit more difficult for ‘bad’ peopleto harm citizens. Illustrating theirusefulness, Mr Evans describedhow tax could be levied on an assetat 40% plus a 40% penalty, therebycausing 80% of the value of anasset to disappear virtually over-night by just filling out a few forms.This is a huge shock to any criminalwho values his assets above allelse.

In relation to harming citizenshe also referred to SOCA’s HarmFramework, a useful reference whichcharacterises the harm caused byorganised criminal activities in ‘real

Attacking the proceeds of crime - from page 1

The Annual CCS Lecture once again provided delegates with excellent networking opportunitiesThe Annual CCS Lecture once again provided delegates with excellent networking opportunitiesThe Annual CCS Lecture once again provided delegates with excellent networking opportunitiesThe Annual CCS Lecture once again provided delegates with excellent networking opportunitiesThe Annual CCS Lecture once again provided delegates with excellent networking opportunities

3Commercial Crime InternationalJuly 2009

Lecture Report

world’ terms by type and scale – physical, social,environmental, economic and structural. He saidthis framework was now used in decision-makingfor prioritising tasks and as a means of ensuringthe operations the agency undertakes deliver thebenefits envisioned.

Other asset recovery tools include SuspiciousActivity Reports (SARs), which Mr Evans notedhave been under-utilised, Financial ReportingOrders (SOCA currently has 65 in force thatrequire the individual to set out details of income,assets and expenditure at regular intervals)and ‘co-operation agreements’ which encouragepeople to tell how they committed a crime inreturn for time off their sentence.

Using SARsExpanding the point about the underuse of SARs,he explained how SOCA has been able to create aSARs hotspot map and use this to mount specificoperations. One such Operation was carried outin a UK provincial city which apparently has morecar dealers per capita than anywhere else in theUK. Renowned as a centre for the heroin trade,the area generated a number of SARs as attemptswere made to launder the proceeds of criminal

Newspaper report detailing oneNewspaper report detailing oneNewspaper report detailing oneNewspaper report detailing oneNewspaper report detailing oneof SOCS’of SOCS’of SOCS’of SOCS’of SOCS’s rs rs rs rs recent successesecent successesecent successesecent successesecent successes

activity. SOCA, working with HMRC and local police set out to tacklethe infrastructure supporting organised crime in this city, and in turnto reduce the harm the heroin trade was doing to its citizens.

It targeted the huge number of MSB’s (money service bureau) in the city,most of who were unlicensed and shut them down, reducing the dealers’money laundering opportunities. It got records of those buying expensivenew cars and discovered many owners had not bothered to tax or insurethem. 46 luxury cars have been confiscated and crushed so far. Then itwent after the car dealers and put many out of business. Finally, it produceda leaflet notifying local residents that SOCA officers were working in theircommunity to reduce safety issues and provide reassurance.

Mr Evans says the response to this initiative was verypositive.“Only now are we starting to see many of thethings originally envisaged in the Proceeds of CrimeAct starting to materialise,” says Mr Evans.

“This, together with the other legislation, means we cannow virtually throw the kitchen sink at organised criminals.At the same time, civil recovery is really starting to takeoff. I believe what all this means for UK criminals is thatlife is going to change.

“Our approach and the measures we have introducedto support it is helping to turn the enforcement process‘inside out’. Latest intelligence indicates a discernableanxiety amongst some organised criminals aboutSOCA’s focus on criminal assets. Our aim now is to turn this anxiety into outright fear.”

The SOCA Compendium contains aThe SOCA Compendium contains aThe SOCA Compendium contains aThe SOCA Compendium contains aThe SOCA Compendium contains alist of all the tools that enable UKlist of all the tools that enable UKlist of all the tools that enable UKlist of all the tools that enable UKlist of all the tools that enable UKlaw enforcement to constrain thelaw enforcement to constrain thelaw enforcement to constrain thelaw enforcement to constrain thelaw enforcement to constrain theactivities of organised criminals.activities of organised criminals.activities of organised criminals.activities of organised criminals.activities of organised criminals.

4 Commercial Crime International July 2009

Lecture Report

UK steps up bid to get to grips with bribery

The publication in March this year of the new UK draft Bribery Billhas provoked plenty of interest and comment on its bid to reformthe criminal law. Its purpose is to provide a new, modern andcomprehensive scheme of bribery offences that will enable courtsand prosecutors to respond more effectively to bribery at home orabroad. Ahead of this year’s CCS lecture, Eoin O’Shea, a Partnerat lawyers Lawrence Graham LLP, presented an overview of the newBribery Bill and assessed its potential.

Eoin O’SheaEoin O’SheaEoin O’SheaEoin O’SheaEoin O’Shea

The fight against bribery is thefight for fair international trade andoverseas development - it supportsaccess to justice and open markets,and is a crucial part of efforts toreduce global poverty.

The World Bank estimates that£1,000 billion ($1 trillion) worthof bribes are paid globally eachyear. Bribery adds up to 10% to thetotal cost of doing business globallyand up to 25% to the cost of pro-curement contracts in developingcountries. Many of the negativeeffects of corporate corruption werereviewed by Lawrence Cockroft,the Chairman of TransparencyInternational UK, in the 2008 AnnualCCS Economic Crime Lecture.

The draft Bribery Bill, part of acomprehensive UK governmentstrategy to fight bribery, is designedto allow the UK to collaborate moreeffectively with its internationalpartners in tackling corruptionaround the world. Its aim is totransform and simplify the law,replacing old and fragmentedlegislation with a clear andconsolidated statute. It will enablepolice, prosecutors and courtsto take effective action againstbribery, whether at home or abroad.

The draft Bill proposes a completecode that effectively makes allprevious legislation on the subject,some of it dating from 1896 obso-lete. Existing statutes are to berepealed, common-law offencesabolished and the previous defini-tions of bribery redefined. Two newoffences are also proposed: thenegligent failure of a commercial

organisation to prevent bribery(subject to a ‘due diligence’defence); and bribery of a foreignpublic official. UK jurisdictionis extended to all persons andcompanies with a UK connection(including those in UK overseasterritories), ‘facilitation payments’are not tolerated, there is no distinc-tion between ‘public’ and ‘private’bribery, and there is no longerany requirement for the AttorneyGeneral’s permission before theCrown can prosecute. The proposedpenalties are also stricter: 10 yearsin prison and an unlimited fine ifconvicted on indictment.

General offencesLooking at the two new GeneralOffences contained in the draft Bill,a payment offence is committedwhen a person offers, promisesor gives financial or other advantageto another, intending to induceimproper performance of the otherperson’s functions. The functionsare those subject to an expectationof impartiality/good faith/trust. It isalso an offence to offer, promise orgive an advantage in circumstanceswhere one knows acceptance wouldin itself be a breach of the expecta-tion of impartiality etc, outlinedabove.

A receiving offence is committedwhen the receiver agrees to receiveor accept a financial or otheradvantage: intending to be thusinfluenced into improper perform-ance of the function subject tothe expectation of impartiality etcoutlined above. As above, there arecircumstances where even a requestor receipt of an advantage is itself

improper without more (for examplea Judge accepting payment froma litigant). The proposed law alsocriminalises request, receipts etcas a reward for past impropriety,as well as circumstances wherethe receiver performs the functionimproperly in anticipation ofadvantage.

The new offence moves away fromthe agent/principal model whichunderlay much of the old law. It isbased on the normative expectationthat a public official or companyofficer or employee will act impar-tially and in good faith and fulfilhis/her requirement of trust. It thusfocuses less on the legalities ofa person’s status and more onexamining a person’s functionsand responsibilities, and howthey are performed.

Corporate offencesThe Bill would introduce an entirelynew offence on corporations(including partnerships). Theessence of the offence is thenegligent failure by a companyto prevent bribery. An offencewould be committed when a personwho provides services for a com-pany – such as an employee oragent – pays a bribe in connectionwith that company’s business,and a “responsible person” withinthat company negligently failsto prevent the bribe.

A ‘responsible person’ would besomeone who is employed by the

5Commercial Crime InternationalJuly 2009

UK must mount a stronger defence against money laundering

company with functions includingthe prevention of bribery, or, if thereis no such person, any senior officerof the company. A senior officeris presently defined as a director,officer, manager, secretary or othersimilar, or a partner or personwith control or management (ifthe company is a partnership).However, this definition is seenby many as very wide, and it maybe cut down in the final legislation.

Corporate bodies charged withthis offence may be able to relyon a defence – that of adequateprocedures. If a company canprove it had adequate proceduresdesigned to prevent bribery in placethen the defence will apply, unlessthe negligence in failing to prevent(the payment of a bribe) is that ofa senior officer.

It is not quite clear what proceduresare ‘adequate’, and whatever they

are why any senior officer shouldwant to concern himself with them,since if he does so but fails toprevent bribery it may deny thecompany the adequate proceduresdefence. The effect of this provisionmay, in fact, be to discourage seniorofficers of companies to engagethemselves with bribery andanti-corruption policies, and thusrelegating these to the lowerechelons of corporate priorities.

Finally, there is a section regardingthe bribery of foreign public officials(FPO). The provision of advantageto a FPO: a) which is intended toinfluence the FPO in their function,and b) which is intended to obtain/retain a business advantage, andc) which is not legitimately due tothe FPO, is an offence.

Of course, what is legitimately dueremains a question of foreign lawin the country where the payment

is made. The provision would makeit incumbent on those doing busi-ness overseas to satisfy themselvesas to the detail of local laws in allcircumstances where they aremaking payments to governmentofficials or offices.

Whilst the Bill has yet to be testedby real-world situations, O’Sheabelieves it has an inherent flexibilityto resolve many of the problemsit is trying to address.

Overall, however, O’Shea believesthe draft Bribery Bill is a positivestep forward and, if enacted, marksa radical change in English lawin this area. It should equip theauthorities with at least some of thetools they need to go after overseasand domestic bribery. Compliancewith the new law, once enacted,will require some thought and somework by businesses who will needto comply with it.

THE UK may have done much to tighten up its effortsagainst money laundering and to combat the financingof terrorism recently, but a new report from TransparencyInternational UK has revealed that more flaws still exist.

The report ‘Combating Money Laundering and Recover-ing Looted Gains’ looks at the complex legal andregulatory armoury the UK employs to counter moneylaundering. It focuses on how robust the UK’s currentdefences are against money laundering, what shouldbe done to strengthen them, and how – once thosedefences are breached – the UK should cooperatepromptly to ensure looted funds are returned to thevictim countries.

Noting that once mingled with funds in a large financialcentre like London, dirty money – whether the proceedsof looting by corruption, procurement bribery or othercriminal activities – is easier to launder, the report saysthat in the current system:• A corrupt foreign politician can still stash stolen money in a UK bank account• Trusts and shell companies can still be used to launder dirty money• The UK’s Overseas Territories can still provide havens for the proceeds of corruption.

The report makes several key recommendations toclose the gaps it identified, namely:

On preventing money launderingOn preventing money launderingOn preventing money launderingOn preventing money launderingOn preventing money laundering The UK government should work with its smaller

Overseas Territories (OTs) to ensure their financialcentres and enforcement authorities have the necessaryresources and capacity to prevent money laundering.If not, the UK should either invest in boosting theircapacity or wind down weak OT financial centres.

Tighter systems to reinforce the efforts of UKbanks and other institutions in identifying and doingdue diligence on their high-risk customers – ie thosewhose profiles suggest they may be money launderers.

The establishment of a central database of othercountries’ domestic restrictions on asset ownership bytheir citizens that could help UK institutions more easilyidentify customers who have breached those restrictionsand are likely to be corrupt.

On more effective UK help for foreign countriesOn more effective UK help for foreign countriesOn more effective UK help for foreign countriesOn more effective UK help for foreign countriesOn more effective UK help for foreign countriesin recovering stolen fundsin recovering stolen fundsin recovering stolen fundsin recovering stolen fundsin recovering stolen funds The UK should do more to help return recovered

stolen funds to their rightful owners, particularly throughcivil (as opposed to criminal) recovery routes. A Memorandum of Understanding between all

the UK organisations involved in combating moneylaundering and recovering stolen money should beagreed, aimed at improving co-operation and speedingup the process. Continued on page 6/

6 Commercial Crime International July 2009

Bank Secrecy

Tax havens are under fire -But are they finished?

Faced with a global recessioncaused partly by commercialfinancial crime, governments

have been pushed into takingaction against tax evasion inrecent months by ending thepractice of banking secrecy.

Is it the end of the road fortax havens as protectedjurisdictions where illicittransactions can hide?

Alan Osborn reports.

History may well judge that the era of international tax havens came toan end in the first few months of 2009. This is a bold claim and its truth(or not) may not be known for a year or more yet, but what can be saidis that the crackdown on tax evasion and tax avoidance (as on moneylaundering and other financial crimes) has suddenly and surprisinglytaken a much higher profile in recent months. The key is the astonishingsurrender of banking secrecy by financial centres that until this yearsafeguarded it with every means open to them.

Those who attended a briefing by tax officials at the Organisation forEconomic Cooperation and Development (OECD) in Paris in June toreview the think-tank’s work in countering tax evasion were left in nodoubt of the dramatic changes. “We’ve seen more progress in thelast six months than in the past 30 years,” said a senior official.

“Look at what’s happened: countries like Andorra, Liechtenstein andMonaco resisted to the bitter end and have now finally seen the light.Look at Singapore and Hong Kong - major financial centres outside theOECD - they’ve now committed. Inside the OECD we had four countrieswith strict banking secrecy - Austria, Belgium. Luxembourg, Switzerland- but they have now removed all their reservations. In the last four monthswe’ve seen 40 ‘tax information exchange agreements’ (TIEAs) – half ofthe total signed since 2000 and every single week there are new ones.It’s been absolutely amazing.”

As the OECD noted, “since the beginning of 2009, international taxevasion and the implementation of the internationally agreed tax standardhas been very high on the political agenda, reflecting recent scandalsthat have affected countries around the world, the spotlight that the globalfinancial crisis has put on financial centres generally, and the recentG20 London Summit.” One might wish to add to this the election asUS president last November of Barack Obama who has consistentlyopposed tax havens and banking secrecy.

This all bore fruit at the London G20 meeting in early April when the 20government leaders agreed a number of initiatives against tax havens“on the issues of lack of transparency and lack of exchange of informa-tion.” The main work to develop this is being carried out by the OECD,whose membership is the 30 leading industrial nations but whose GlobalForum on Taxation lists 84 jurisdictions pledged to sharing tax informa-tion.

Calls for moreNot everybody agrees that the proposed OECD measures are strictor comprehensive enough though. John Christensen, director of theInternational Secretariat of the Tax Justice Network (TJN), says theproposals are “very welcome - but there is a big however.” In particularthe measures proposed for information exchange “are frankly timid andineffective and we say they need to be much more ambitious,” he said.

The TJN is an organisation of economists and financial professionalsformed to promote transparency in international finance and to opposesecrecy.

The UK should cushion thehigh cost of asset recovery forclaimant states by supporting aninternational trust fund or providingloans and grants to meet thosecosts – which would be repaidonce the stolen assets arereleased.

The UK should be moreproactive in raising awareness ofits asset recovery process amongforeign countries to addresscurrent confusion and uncertainty.

The Department for Interna-tional Development (DFID) shouldhelp developing countries increasetheir capacity for asset recovery -including investment in recoveryspecialists.

Commenting on the report,Chandrashekhar Krishnan,Executive Director of TI-UK said:“The UK cannot rest on its laurels.It is the world’s largest financialcentre and is therefore vulnerableto reputational damage fromallowing dirty money to circulate.Giving looted foreign funds a safehaven in this country only attractsmore to its shores. That’s why theUK’s defences against dirty moneymust be robust and – if thosedefences are breached - anenergetic and proactive systemshould be in place for repatriatinglooted funds.”

UK money laundering- frompage 5

7Commercial Crime InternationalJuly 2009

Bank Secrecy

Mr Christensen explained that the OECD was proposing informationexchange “by request” which would require the complainant to applyto the courts of the target country “with a smoking gun.”

He told Commercial Crime International that the TJN much preferred theEU model of “automatic information” when bank account information isautomatically provided to other EU countries. This was “a very effectivedeterrent and needs to become the global model,” he said. TJN has beenasked by the G20 countries to produce a model for a global multilateralinformation exchange.

TJN is also pressing for a ‘country-by-country’ reporting system formultinational companies under which separate accounts would have tobe published for each country rather than consolidating everything inone set. “This will make more transparent how they hide their internalprofit-shifting arrangement to shift profits out of 20 countries wherethey are created and into tax havens,” Mr Christensen said.

Dr Ian Roxan, senior lecturer in law and director of the tax programmeat the London School of Economics, said the ‘on request’ agreements“typically contain provisions to limit the application of bank secrecy rulesand to include disclosure of the ownership chain of a local company,where the local company has the information.”

He said this meant that their effectiveness depended to a significantdegree on the investigative efforts of the countries seeking information.“Tax havens may well be able to resist providing information for some-thing that they can characterise as a fishing expedition,” he said.

Approach too narrowThe OECD approach was also described as “narrow” by Ms MaylisLabusquiere, policy officer for Oxfam France, who noted that it requiredonly 12 TIEAs for a country to move from the ‘grey’ (action promised butnot implemented) to the ‘white’ (fully implemented) list and this was toofew. She also called for an end to secrecy over the real owners of trustfunds which were increasingly being used for tax avoidance.

Oxfam France recently published a study showing that developingcountries were losing out on up to $124 billion every year in lost incomefrom offshore assets held in tax havens.

These are valid points but scarcely invalidate what an OECD official callsa “sea change” in attitudes towards banking secrecy in recent months.Will the new openness and cooperation really put an end to tax evasion?

“We’ve made great strides but we haven’t yet eliminated every loopholeand it may be impossible to do so,” said Peter Skinner, a Labour MEPwho sits on the European Parliament’s economic and monetary affairscommittee. “It’s always been impossible to eliminate fraud because onefraud has always been replaced by another. We need not just cooperationbut use of the same standards, the same regulatory approaches every-where and if we don’t get that there’ll always be loopholes,” he said.

Most experts however believe that tax evasion using offshore companieswill fall sharply under the impact of the new disclosure requirements.

While there may be hold-outs for a while, “they will be increasinglyisolated and disreputable” said an OECD official. “In this respectat least we can look forward to a more honest world,” he added.

BANK of America, RBC CapitalMarkets, and Deutsche Bank haveagreed to pay about $6.7 billionto settle SEC charges that accusedthe financial firms of lyingto investors about the risksof auction rate securities.

Under the terms of the settlementthe three firms will pay nearly $6.7billion to about 9,600 customerswho invested in the high-risksecurities before the auction ratesecurities market froze in February2008.

According to the SEC, Bank ofAmerica, RBC, and Deutsche Banktold prospective investors thatauction rate securities were highlyliquid investments and just as safeas cash. In late 2007 and 2008,with the worldwide market for thesecurities crumbling, the bankscontinued to push the investmentson clients who did not know thestatus of the market, the SEC said.The banks also were accusedof failing to inform their clientsof the risks before leaving themhigh and dry when the auctionrate securities market froze.

Now Bank of America is to pay$4.5 billion, Deutsche Bank $1.3billion, and RBC $800 million toformer clients who lost money inthe investments. In addition, underthe settlement agreed last montheach firm will offer to purchaseauction rate securities at par fromindividuals, charities, and smallor medium businesses that pur-chased the securities from thefirm, even if those customers latermoved their accounts to anotherfirm. They will also pay eligiblecustomers who sold their auctionrate securities below par thedifference between par and thesale price of the securities.

Auction ratesecurities

settlements

8 Commercial Crime International July 2009

INDONESIA’s Stock Exchange (IDX) says it plans to regularly publish a listof investors and brokers with ‘questionable’ track records. The move is partof new measures to help prevent fraud in the capital market and providegreater protection for the investing public. The country currently has almostone million individual investors, who are served by a total of 119 securitieshouses.

The new IDX blacklist will be made available online and will be used as aform of early warning to help stock market authorities and securities housesdetect potential scams in the capital market. It is to be based on reports -from fellow investors or brokers - about possible wrongdoings, but will onlybe accessible to securities companies with a password. Public access tothe list will be allowed, but only when any allegations have been confirmedby police investigation.

IDX has been stepping up efforts to improve its surveillance systemafter being hit by a series of frauds in the capital market in recent months,causing big financial losses to the investing public and tarnishing thecredibility of the stock market authorities.

The latest case involves one of Indonesia’s largest securities companies,PT Sarijaya Permana Sekuritas, whose president commissioner HermanRamli allegedly embezzled investor funds worth Rp 245 billion ($24.1million). Herman is now in custody and the police are investigating the case.

An earlier and bigger fraud involves PT Antaboga Delta Sekuritas, whoseowner also swindled customers’ funds amounting to at least Rp 1.4 trillion.Both cases - in which the culprits amassed their ill-gotten money overseveral years - had prompted serious questions over the capital marketauthorities’ ability and capability to monitor and detect possible investmentfrauds as soon as they occur.

A fund manager pleaded guiltylast month to operating a $80 millionPonzi scheme. Joseph S Fortefaces up to 80 years in jail whenhe is sentenced for wire, mail andbank fraud, and money laundering.

Forte lured nearly 80 investorsby promising impressive returnsranging from 18% to 38% andpledging they would suffer nolosses. He used his Ponzi schemeto collect roughly $80 million frominvestors, paying some ‘returns’on their investments using moneycontributed by other investors.He also claimed he was profitablytrading in S&P 500 stock indexfutures contracts through a partner-ship named Joseph Forte LP.

A convicted investment fraudsterwill serve 15 years in prison andhas to pay more than $6.2 millionin restitution to the people heconvinced to invest in his boguscompanies.

Duane C Boechler, 52, wassentenced last month followinghis earlier conviction for schemingto defraud people of the money theyinvested with his companies from1998 through 2007. A licensedsecurities agent until 1999, Boechlerstarted a number of businesses -including Affiliated Valuables,Affiliated Homestead and AffiliatedNatural Resources - and convincedpeople to invest $7.6 million in thecompanies.

He helped his victims take out loansto invest with him, often using theirhouses as collateral; he inducedthem to sell other investments andcash out retirement accounts.Boechler gave at least six peoplemortgages on property he owned,each believing they had the onlymortgage. And whilst he madesome interest payments to hisinvestors, he never repaid theprincipal in full, using the invest-ments for his personal benefitinstead.

Indonesia steps-up investor protectionin response to recent frauds

Ponzi fraudster pleads guilty

Fraudster paysa high price

Instead he paid himself millions.

Forte consistently claimed that histrades were profitable, reportingfabricated investment returns.Despite the actual losses, he wasable to continue raising money fromnew investors by falsely reportinghigh return rates. His method wastwo-fold: On a quarterly basis,he sent to an accountant emailmessages containing false repre-sentations about his trading activity,the status of the investors’ invest-ments and the worth of the partner-ship. At Forte’s instructions, theaccountant then sent the investors,via US mail, quarterly investmentstatements that were created basedon Forte’s misrepresentations.

2009 Malta International2009 Malta International2009 Malta International2009 Malta International2009 Malta InternationalFinancial Crime ForumFinancial Crime ForumFinancial Crime ForumFinancial Crime ForumFinancial Crime Forum11-12 November 2009 at theHilton Hotel, Malta. Euro 900.

Highlighting and examining thecurrent issues affecting financialfraud, due diligence and financialintelligence. Hosted by the ICCFinancial Investigation Bureau,Malta Financial Services Authorityand the Malta FinancialIntelligence Analysis Unit.

See wwwwwwwwwwwwwww.icc-ccs.org2009Malta.icc-ccs.org2009Malta.icc-ccs.org2009Malta.icc-ccs.org2009Malta.icc-ccs.org2009Malta

Diary Date

Fraud

9Commercial Crime InternationalJuly 2009

AN elderly UK couple alleged to beat the centre of an international fraudinvestigation linked to a ghost armsscam involving the reconstruction ofwar torn Iraq have gone on the run.

American prosecutors say thecouple, who run Zeroline from theirhome in Belton, near Yarmouth, tookpart in the large scale fraud afterthe fall of Saddam Hussein. Whencaught, Peter and Heather Tarrant,both in their 60s, could be hauledbefore American courts over allega-tions that $8.5m in fake shippingbills were created for militaryhardware that was never delivered.

The alleged Zeroline fraud is one ofabout 80 investigations that the UShas launched into potential wasteand frauds from the billion dollarreconstruction of Iraq. Accordingto Companies House, Zeroline is aprivate company limited by sharesand as of March 31, 2008 had totalassets, less current liabilities, of

HUNDREDS of investors mayhave lost up to 10 billion rand($1.2 billion) in what could be SouthAfrica’s biggest corporate fraud.

Media reports last month allegedthat Barry Tannenbaum, a SouthAfrican businessman now livingin Australia, lured around 400investors over four years with thepromise of 200% annual returnslinked to pharmaceutical imports,and forged AIDS drug orders toreassure investors when moneystarted to dry up.

The full extent of the scheme is stillunclear, but lawyers and investiga-tors believe hundreds of investorsincluding top businessmen fromSouth Africa, the United States,Germany and Australia, wereinvolved, and that it could turnout to be South Africa’s biggestcorporate fraud. Tannenbaum wasapparently well-liked and had a

OAPs on run from Iraq fraud investigation

New corporate fraud may be South Africa’s ‘Madoff’‘sterling’ reputation in Johannes-burg’s elite business circles.Business colleagues describehim as unassuming and friendly.

But Investigator SpecialisedServices Group (SSG), a privatelaw enforcement agency hired byinvestors to look into Tannenbaum,said he told investors they werefunding a pharmaceutical ingredientimport business.

Tannenbaum operated through hisFrankel International and FrankelChemical Corp. companies, andstates in brochures that his fatherwas a founder of South Africa’sNo 2 pharmaceuticals firmAdcock Ingram. Actually it washis grandfather.

Documents posted on the Internetby SSG include what they say areforged purchase orders from Africa’sbiggest generic drug maker, Aspen,

which Tannenbaum allegedly usedto show investors that funds werecoming soon. Aspen has confirmedthat it bought small amounts ofsupplies from Frankel, but saidthe purchase documents, includingsome involving life-prolonging anti-retroviral AIDS drugs, were fake.In April, the money suddenlystopped, and investors triedto recover their cash.

The fraud has been likened to thatof Bernard Madoff, with observerssuggesting that Tannenbaumstarted legitimately. And likeMadoff, it appears his schemecollapsed when investors de-manded to be paid and new fundscould not be found. No one knowswhere the money is at the moment.

Confronted by reporters at his officein Australia, Tannenbaum denied theallegations and refuted claims thathe operated a Ponzi fraud.

£135,458. Mrs Tarrant is describedas its company secretary/directorand her husband is listed as anengineer.

During the chaotic aftermath of thewar Zeroline was somehow awardeda contract to supply 51 armouredvehicles to Iraq’s Interior Ministry inJune 2004. The vehicles were neverdelivered to Iraq and the contractwas ripped up in December 2005 byUS authorities, but not before $8.5mhad been paid for their delivery sixmonths before.

The fraud allegations against theTarrant’s surfaced after Massachu-setts businessman Benjamin Kafkaadmitted his role in the $8.5m fraudin April and agreed to cooperatewith prosecutors. Kafka worked forthe American branch of AlchemieTechnology Group, a London-basedfirm to which Zeroline subcontractedthe building and delivery of thearmoured vehicles.

Legal papers claim that Zerolineand Alchemie presented falsedocuments to JPMorgan Chasebank in London in June 2005,claiming payment for the vehicles -despite the machines never beingdelivered. The fake documents aresaid to a bill of lading made out toa fictional company GNX Logistics.Prosecutors allege that Kafka knewand permitted others to create afalse bill of lading indicating ship-ment and receipt of the vehicleson a business form of a non-existententity called GNX.

THE US Securities and ExchangeCommission said in June that ithas opened nearly 300 cases ofsuspected securities fraud so farthis year, up 32% from last year.And the agency has alreadyobtained emergency orders tofreeze the assets of about 30 fraudsuspects, compared with onlyseven at this point a year ago.

US fraud up

Fraud

10 Commercial Crime International July 2009

Fraud

GROWING recognition about the importance of duediligence in the present economic climate has sparkeda rise in enquiries from ICC Financial InvestigationBureau (FIB) members keen to know more about someof the people approaching them, and/or their assets.

The FIB says it has been offering a due diligencechecking service for a while, but it is only recently thatthis has begun to vie with document investigationsin popularity. It appears banks want to know moreabout the people they may be doing business withahead of any transaction, says FIB Divisional DirectorJohn Lavers. They rarely tell us why, so we don’t knowin many instances if they are suspicious of a particularperson or are just conducting due diligence as a matterof course and as part of good business practice.

Mr Lavers says that many of the due diligenceinvestigations conducted by his staff do not revealcause for concern, but occasionally they detectsuspicious activity and, in a minority of cases, clearevidence of fraudulent intent. Nevertheless, the back-ground information collected from a number of diversesources can be very useful for future comparison if, forexample, a person’s business profile or lifestyle wereto suddenly change, perhaps indicating involvementwith or pressure from organised crime.

Evaluating riskOutlining the nature of its work, the FIB says it isfrequently asked to examine the relationship betweentwo people and their individual or combined links toothers, possibly high profile political people. Its checksinclude the individual’s social/personal/businessconnections, together with any specified link themember is interested in. A confidential report isprepared that also includes its conclusions and,when appropriate, any advice regarding further contact.

This may include, for example, its advice in a recentenquiry that the subject posed a high risk based on thefact that he had direct access to politically exposedpersons and that his father had been linked to criminalactivities in the past. The client wanted to know if theson had any criminal links to his father, if he had anybusiness links with his father’s companies and what, ifany, influence the father might be exerting over his son.

FIB investigators were able to discover that in thecourse of his work for a bank the son had daily contactwith one of his father’s accomplices. The accomplicewas linked to the father’s criminal activity, but thereappeared no evidence of a criminal link between theson and his father’s accomplice. Further enquiriesdid discover that the son was present on at leastone occasion when his father kidnapped a prominent

banker, and that the son had refused to testify againsthis father at his subsequent trial. There was alsoevidence of shared company or business interests,and of the son’s political contacts within the governmentof the country where he resides.

“This is just one example of the type of informationwe are asked to find out. In fact, requests for our duediligence checks are varied, but whatever they are wehave a number of difference sources and methods thatwe use to ensure the reports are as comprehensive andaccurate as possible,” says Mr Lavers.

Similar techniques are also employed when the FIB isasked by members to investigate people who provideproof of funds that are set against assets they say theyown. Recently, for example, a person said his companyhad sold the exploratory rights for oil & gas develop-ment that it claimed to own off the coast of West Africa,but the documents he provided as proof of ownershipwere insufficient on their own to confirm this. Investiga-tors discovered it was extremely unlikely the man couldhave procured or sold the assets in the way he claimedand, after examining the business practice of thecountry concerned, concluded it was highly likelyhe obtained them using fraud, corruption or bribery.It therefore suggested that further investigations wereneeded to confirm the source and actual whereaboutsof the funds, and that the applicant be asked to providefurther documentation to support his claim.

Whilst detailed due diligence reports of the typeoutlined above take time to compile and often attractadditional cost, the FIB reminds members that itsstandard checking service, provided within their mem-bership package, can often reveal sufficient informationto warrant caution and may be enough to resolve theirconcerns. For example, it says a recent enquiry involv-ing a loan secured by a Bank Guarantee for a project inSouth Africa quickly revealed that two of those involvedand their company had previously been reported to theFIB for involvement in a suspicious Bank Guaranteein 2008. Added to this was the fact that the documentsubmitted contained enough ‘red flags’ and anomaliesto make it highly suspicious in its own right.

“Given this information, revealed only after a superficialcheck, there was more than enough evidence to alertthe member to be careful, and I’m sure they will notbe taking this business any further,” says Lavers.

“The point is that whatever the degree of detail, ourapproach and methods can help produce the mostrelevant and useful due diligence a member requiresat less cost and in a shorter timescale than they couldundertake in house,” he adds.

FIB members step up requests for due diligence checks

11Commercial Crime InternationalJuly 2009

Piracy

Piracy’s winners and losers explainedSome of the anomalies in the current Somali piracy problem are illustrated in a series of articlespublished last month that help to clarify the winners and losers, and present another perspectiveon the situation. Andy Holder reports.

Royal Marine and Navy personnelRoyal Marine and Navy personnelRoyal Marine and Navy personnelRoyal Marine and Navy personnelRoyal Marine and Navy personnelfrom HMS Portland approach andfrom HMS Portland approach andfrom HMS Portland approach andfrom HMS Portland approach andfrom HMS Portland approach andboard two suspected pirate skiffsboard two suspected pirate skiffsboard two suspected pirate skiffsboard two suspected pirate skiffsboard two suspected pirate skiffsin the Gulf of Aden.in the Gulf of Aden.in the Gulf of Aden.in the Gulf of Aden.in the Gulf of Aden.

The media has been quick, and quite right, to vilifypiracy and bang the drum for action. After a slow start,governments caught the mood and sent naval ships todiffuse the situation. Their actions were further boostedlast month in Rome when G8 ministers agreed the needfor a common strategy to deal with piracy and highlightthe jurisdiction problems that sometimes result in therelease of captured pirates. At their meeting, the G8ministers cited the need to strengthen their abilityto investigate and prosecute piracy, in additionto recovering assets illegally obtained by pirates.

And in another move last month NATO defence minis-ters backed a plan for a long-term NATO anti-piracymission off Somalia after the current operation ends.NATO Secretary-General Jaap de Hoop Scheffer saida British-commanded task force involving six NATOnations would take over the mission from July 1 foranother 12 months, whilst other nations have indicatedthey may join the new mission in the future.

All good so far then, but their words must have seemedparticularly poignant a few days later when nearly adozen pirates captured by HMS PortlandHMS PortlandHMS PortlandHMS PortlandHMS Portland in the Gulf ofAden had to be released because they were not actuallycaught in the act or on the point of launching an attack.

Forces farceHMS PortlandHMS PortlandHMS PortlandHMS PortlandHMS Portland is one of many ships serving with theCombined Maritime Forces Task Force 151, a multina-tional naval group that currently consists of vesselsfrom the United States, Britain, Turkey, South Korea,Singapore, Denmark and Japan. It was establishedto conduct counter-piracy operations and has largelybeen deemed a success.

According to the report of the incident, HMS PortlandHMS PortlandHMS PortlandHMS PortlandHMS Portlanddetected two skiffs on its radar that it suspected werenot innocent fishing vessels. The frigate steamed closerto the skiffs and saw that both vessels were filled withweaponry and ammunition. The ship’s Lynx helicopterwas sent to hover over the skiffs while teams of RoyalMarine and Navy personnel in rigid inflatable boatssped towards the craft and disarmed the ten men onboard (see photos below). Officials noted the skiffswere equipped with extra barrels of fuel, grapplinghooks and a cache of weapons that included rocket-propelled grenades, machineguns and ammunition.

Despite this overwhelming evidence of their intent,the ship set the pirates free, though not before itconfiscated their weapons and put all the pirates intoone of the skiffs with enough fuel to get them to theSomali coast and told them to go home. The other skiff

was then set on fire.

Explaining the action, a UK Ministryof Defence official said “Because ofthe rules of engagement, we canonly arrest suspected pirates if wecatch them in the act or on the pointof launching an attack on a vessel.”

Piracy

“Clearly, with all the weaponry in the skiffs, there wasintent to commit piracy, but we hadn’t actually caughtthem in the middle of an attack so had to release them.We basically removed or destroyed all the piracyparaphernalia,” he added.

A pirate’s experienceNothing else is apparently known about the releasedpirates. They might go home, as advised, or they mightreturn to try again. The chances are that they are not toodissimilar to the people profiled by Christian ScienceMonitor in a recent article, which describes how ninemen got into their small, wooden boat one morning andleft their village to seek their fortune in the Gulf of Aden.Their goal, shared by a Somali businessman livingabroad who funded their weapons and boat, was toattack commercial ships and hold them for ransom.

Among them was Hassan Abdullahi, a fisherman withno seafaring experience who had never before workedas a pirate. Yet all nine leaving Bossasso were going tomake their way west 250 miles along the Somali coastbefore turning north towards Yemen, where the busyshipping lanes narrow near the entrance to the Red Sea.The motive was money and their plan was to attack thefirst ship they came across.

Hassan, says the article, is the lowest rung in a criminalnetwork that includes corrupt port officials, politicians,and investors from Europe, Asia, and America. The bigmoney – with the average ransom now estimated at $2million, and ransoms paid said to total $80 million lastyear – never reach people like Hassan, say Somalipiracy experts. At most, mere gunmen stand to earn$10,000 to $20,000 apiece. But in a country devastatedby two decades of war, where the average income is$500 a year and 60,000 people are at immediate riskof starvation, $20,000 for a little dangerous work is arisk worth taking.

Aged 20, Hassan told the magazinehe decided to give piracy a try afterseeing friends getting rich. But hisfirst (and only) attempt didn’t go well.Having given themselves away bybuying provisions from locals andasking advice on the best courseto plot to Yemen, they were sittingducks for one of the three patrolvessels operated by the independentrepublic of Somaliland coast guard.Having been tipped off by villagers,it knew where to find them and allnine were quickly captured in theensuing fight. Back in Berbera’scentral jail all admitted their criminalintent to attack ships, and six dayslater Hassan and the others were alljailed for 20 years for violating the

waters of a countrythey didn’t evenknow existed.

Hassan and hiscolleagues clearlypaid a high price fortheir inexperience,but they were perhapsmore fortunate thansome other piratesthat had earlier setoff to attack a‘merchant’ ship sailingnear the Seychelles.It turned out to bethe French naval shipNivoseNivoseNivoseNivoseNivose. When itspotted the attackthe NivoseNivoseNivoseNivoseNivose headed intothe sun to camouflage its identity before turning toconfront the attackers whilst launching two boats anda helicopter. The helicopter fired warning shots andwithin minutes all 11 pirates in the three boatssurrendered. Some were as young as 17.

Attacks downThe action taken by HMS PortlandHMS PortlandHMS PortlandHMS PortlandHMS Portland and the NivoseNivoseNivoseNivoseNivose isevidence that the naval presence is having an effect,however, and the piracy monitoring agency the Interna-tional Maritime Bureau (IMB) notes that the number ofsuccessful ship hijackings in the region is down signifi-cantly in recent months. Only one in 11 attacks in Maywas successful says the IMB. Moreover, there havebeen no hijackings in the Indian Ocean since May 2,and in the Gulf of Aden there were no successfulhijackings between May 7 and June 11. And whilstpirates continue their operations in the region, it isnotable they are now attacking more at night, it adds.

Hassan AbdullahiHassan AbdullahiHassan AbdullahiHassan AbdullahiHassan Abdullahi

Pirates like these mistook the French warshipPirates like these mistook the French warshipPirates like these mistook the French warshipPirates like these mistook the French warshipPirates like these mistook the French warshipNivose for a merchant vessel and attacked.Nivose for a merchant vessel and attacked.Nivose for a merchant vessel and attacked.Nivose for a merchant vessel and attacked.Nivose for a merchant vessel and attacked.They were all soon quickly captured.They were all soon quickly captured.They were all soon quickly captured.They were all soon quickly captured.They were all soon quickly captured.

Commercial Crime International July 200912

Capturing the real villainsUnfortunately, say observers, capturing men likeHassan does as much to solve piracy as arresting adrug dealer does to win the war on drugs. The publicface of Somali piracy may look like Hassan, but behindhim is a vast network of investors and corrupt officialswho buy the speedboats, weaponry, and GPS devices;who select targets from the Lloyd’s of London listof insured ships; and who distribute the bulk of thedividends among themselves using undergroundmoney transfer systems.

J Peter Pham, an expert on Somali pirate financingcompares it to an IPO (initial public offering). “Fora start-up operation, you need more money, between$150,000 and $250,000, but if you want to providecapital to an existing operation, then you can give$50,000 to have a share in the profits,” he said recently.

Some pirate crews are given satellite phones to getreal-time intelligence on the location and crew of atarget. Some rent out “mother ships” to carry them farout to sea. Many of today’s successful pirates trackships from port to port, often relying on inside informa-tion. The British newspaper The Guardian has reportedthat pirates have “consultants” in the close-knit ship-brokerage and insurance industries of London to helptarget ships. But shipping schedules are easilyobtainable on the Web and in the local business press.Seeking ransom, the pirates are more interested in thecrew than the cargo, Pham says.

The average ransom has risen sharply from $1 millionto $2 million in the past six months. “Generally, roughly30% of the ransom goes to the investors, 20% goesto the government officials and port officials or evenIslamists who guard the boat while negotiations aregoing on,” says Pham, who has interviewed formerhijackers and knowledgeable Somali and Puntland

government officials. The remaining 50% goes to thepirates themselves, often paid out on the deck of thehijacked ship.

Big winnersThe big players invest their money well, it is alleged.They buy property and, with a good accountant, laundertheir money in a stable third country such as Kenya,the United Arab Emirates or South Africa. Indeed, pirateransom money is believed to account for the suddeninflux of money in the Somali refugee enclave ofEastleigh in Nairobi. Ibrahim Ali Abdullah, a prominentSomali businessman there, says that while most streetsin Eastleigh remain unpaved, gleaming glass-and-steelstructures offering imported electronics and clothing atbargain prices are sprouting up.

Another beneficiary of the current situation is reportedto be London’s shipping insurers, because as thefrequency of attacks rises, so, too, does their coverageof vessels plying pirate-infested waters.

Lloyd’s of London syndicates make money insuringships routed through the Gulf of Aden - US insurers donot cover piracy. Figures released recently by marinebroker Aon reveal the surcharge for separate kidnapand ransom coverage could mean a shipowner paysan extra $30,000 per journey – for every $3 million worthof coverage – through high-risk seas – 10 times thatcharged last year.

With 22,000 Gulf transits a year, additional premiumscould be worth up to $400 million, notes Pham. Piracy,which for decades has been deemed ‘low risk’ anddesignated a ‘marine peril’, is now a ‘war risk’ thatdemands more expensive coverage. There are alsoadditional protection and indemnity premiums coveringcrew safety – an issue of increasing importance asshipowners weigh the risks of hiring armed guards.

One shipping broker for a leading marketplayer says his firm is surcharging a minimumof 0.125% of the hull value, rising to 0.2 at thetop. War policies without the amended piracyclause cost around 0.025% early last year.

“Piracy does provide opportunities for someunderwriters and premiums are higher,”concedes Neil Smith, senior manager ofunderwriters at the Lloyd’s Market Association,which represents the shipping industry. “Butthere’s a very real risk of a total loss on theinsurers’ side when you have pirates operatingwith machine guns and RPGs.”

Mr Smith urges caution in quantifying theprofit from piracy, as premiums change on analmost daily basis, keeping pace with the risk.

Forces close in on a vessel believedForces close in on a vessel believedForces close in on a vessel believedForces close in on a vessel believedForces close in on a vessel believedto be a pirate mother ship.to be a pirate mother ship.to be a pirate mother ship.to be a pirate mother ship.to be a pirate mother ship.

Commercial Crime InternationalJuly 2009 13

“The Security/Privacy Paradox” – getting it right!“The Security/Privacy Paradox” – getting it right!“The Security/Privacy Paradox” – getting it right!“The Security/Privacy Paradox” – getting it right!“The Security/Privacy Paradox” – getting it right!Privacy is considered a human right in Europe and to this extent organisations have focusedon protecting the privacy of their customers’ data. However, there’s a blurring of lines betweenmonitoring employee’s activities to make sure that the organisation is secure, with the employeesperception of a ‘right to privacy.’ In this article, Adam Bosnian, VP of Products, Strategy &Sales at Cyber-Ark shows organisations how to balance the security need to monitor employeeactivities whilst respecting their right to privacy.

To ensure the security of personal data, organisationshave grasped the need to manage the people within theorganisation by restricting the data they have accessto, specifically, providing access only to the informationneeded to complete their specific business relatedactivities. While this ‘controlled’ access is in line withthe fundamental security tenet of ‘Least Privilege’,in order to ensure the integrity of its information,an organisation also needs to be able to identifyif someone has done anything that they shouldn’t havedone with this information, or the underlying systems.For this reason companies need to know 1)1)1)1)1) who islogging in to the system, 2)2)2)2)2) what they’re doing and3)3)3)3)3) if they had the right and approval to do so. Thisis managed in order to deliver another fundamentalsecurity tenet ‘Trust, but Verify’, so that the organisationcan justify the activity based on the final piece of thepuzzle – the captured and recorded activity log.

The actual identity of the users requiring access to keyinformation is a vital element of robust, secure process.To that end, it is important to note that with many‘privileged’ accounts within an organisation, there isno named, specific user. Instead, with these powerful,built-in accounts found in all applications, systems,operating systems, databases et al, the risk of ageneric ‘system administrator’ account - designed tobe used by many people without specifically recordingthe actual identity of any of them, is evident. In thiscase, a secure company must have a way of knowingwho is behind a generic identity and collect subsequentactivities in the same way.

An integral part of an effective corporate governanceregime includes provisions for civil or criminal prosecu-tion of individuals who conduct unethical or illegal actsin the name of the enterprise. It is therefore elementarythat organisations must monitor and record employeesconduct, compiling an audit trail that proves compliancewith policies and takes preventative measures for databreaches. As the value in collecting the data is for thepurpose of identification, only knowing that someone isaccessing, changing or removing valuable informationisn’t enough. Organisations need to be able to pinpointthe individual, the associated activity, and whether thisactivity is in line with policy.

Do employees have a right to privacy?Historically organisations in the UK have fallen foul of

the Data Protection Act (DPA) for failing to adequatelyprotect customers’ information – and this is replicatedacross the globe. However, even taking the securityrequirements and practices discussed previously,employees also have a right to the same protectionfor any identifiable data that is collected as part ofaudit trails and governance compliance.

Privacy concerns exist wherever personally identifiableinformation is collected and stored - in digital form orotherwise. Globally there are a number of differentlegislations that affect the way data is stored and used.The US has deployed a variety of different laws andregulations at both the national and state level that seekto provide consumer protection in a number of sectorswhere privacy issues have emerged. Examples includeHIPAA, which addresses the requirement for healthcareproviders and payers to keep Personal Health Informa-tion (PHI) secure and private, as well as other legislationrequiring the credit card and financial services industryto also protect customers’ non-public personal data andfinancial information such as the Payment Card Industry(PCI) standards and Gramm-Leach-Bliley Act (GLBA).

However, many uses of data fall outside the scopeof this existing regulatory structure, and as such,are less strictly regulated. In Europe, The EuropeanUnion Data Protection Directive (EU DPD) definesfundamental principles for privacy protection andincludes mechanisms for cross-border transfers ofpersonal data. Essentially, all principles are similarto the DPA in the UK that states anyone who processespersonal information must comply with eight principles,which make sure that personal information is:

√ Fairly and lawfully processed√ Processed for limited purposes√ Adequate, relevant and not excessive√ Accurate and up to date√ Not kept for longer than is necessary√ Processed in line with your rights√ Secure√ Not transferred to other countries without

adequate protection

Can we watch them?It’s important that concerns over privacy do not deflectfrom the strong case for monitoring employees’ behav-iour. Carsten Casper, Research Director with Gartner,

Corporate Security

Commercial Crime International July 200914

Insider snooping - from page 12

Ominously, 1 in 5 companies admited having experi-enced cases of insider sabotage or IT security fraud.Of those companies, 36% suspect that their competi-tors have received their company’s highly sensitiveinformation or intellectual property. Privileged Account Controls ineffectiveOrganisations are increasingly aware of the need tomonitor privileged account access and activity, saysthe survey, with 71% of respondents indicating thatprivileged accounts are partially monitored, while 91%of those who are monitored admitted they are “okaywith their employer’s monitoring activities.” Despitethese efforts, 74% of respondents revealed that evenwith the controls being put in place to monitor them,they could still get around them, making currentcontrols ineffectual. Highlighting the ineffectiveness of current controls andaccess policies, 35% of IT administrators admitted theywere using their administration rights to snoop aroundthe network to access confidential or sensitive informa-tion. The most common areas respondents indicatedthey access are HR records, followed by customerdatabases, M&A plans, redundancy lists and lastly,marketing information. “This survey shows that while most employees claimthat access to privileged accounts is currently moni-tored and an overwhelming majority support additionalmonitoring practices, employee snooping on sensitiveinformation continues unabated,” says Cyber-Ark. “Businesses must wake up and realise that trust is nota security policy; they have an organisational responsi-bility to lock down sensitive data and systems, whilemonitoring all activity even when legitimate access isgranted,” the company added.

The full report can be found athttp://wwwhttp://wwwhttp://wwwhttp://wwwhttp://www.cyber.cyber.cyber.cyber.cyber-ark.com/landing-pages/-ark.com/landing-pages/-ark.com/landing-pages/-ark.com/landing-pages/-ark.com/landing-pages/downloads/snooping-survey-2009.asp. downloads/snooping-survey-2009.asp. downloads/snooping-survey-2009.asp. downloads/snooping-survey-2009.asp. downloads/snooping-survey-2009.asp.

Type of Information 2009 2008Customer Database 47% 35%Email Server Admin Account 47% 13%M&A Plans 47% 7%Copy of R&D Plans 46% 13%CEO’s Password 46% 11%Financial Reports 46% 11%Privileged Password List 42% 31%

believes, “Security and privacy are not, and should notbe seen as, mutually exclusive or opposing concepts.Modern legal and technical tools allow a balancedconsideration of both.”

Here are guidelines to avoid breaching privacy rightswhilst gaining employee support:1.1.1.1.1. Put policies in place explaining what is accept-able versus improper activity and/or behaviour – if youdon’t tell them how can they be expected to know?

2.2.2.2.2. Educate employees about what’s expected fromthem and why it’s important, to gain their appreciationand support for these important security measures andprocesses. Many employees may not even realise thattheir activities can cause a security breach.

3.3.3.3.3. Inform them that you can, and will monitor themand explain why

a.a.a.a.a. It is important that employees understand thisworks in their interests too as, if there is unacceptableor illegal activity, through monitoring it will be easyto identify the offender. This eliminates the fingerof suspicion and the ill-feeling it can cause for thosenot involved and doing the roles in line with companypolicies. If they’re not doing anything wrong they havenothing to fear!

b.b.b.b.b. Employees should be aware that personalactivities during company time and/or using companyproducts will also be monitored and recorded so thereare no surprises.

4.4.4.4.4. Capture relevant information. When choosing asolution make sure that what it will capture is accurate,relevant and is kept secure from prying eyes

5.5.5.5.5. Recognise that an employee has a right to knowwhat information you have, and be able and willing toaccess and share it with them

Carsten concludes, “Enterprises and individuals shouldnot be forced to achieve security at the expense ofprivacy, or vice versa.” Introducing a full lifecyclesolution to secure, manage, log and monitor all privi-leged activity benefits all, whether it be with privilegedinformation, privileged users or privileged processes.

With this type of full security solution in place, anemployee is comforted by the knowledge that theiremployer knows they are doing their job in line withcorporate governance and security policies. Theemployer is meanwhile reassured by the evidencethat proves his employees are doing, and seeing, onlywhat they are supposed to. And customers know theycan trust the organisation to protect their personalinformation. Rather than allowing security and privacyto be at odds, following these steps will allow organisa-tions to reduce the security risk whilst mitigating anyprivacy issues.

Commercial Crime InternationalJuly 2009 15

CommerCommerCommerCommerCommercial Crime Intercial Crime Intercial Crime Intercial Crime Intercial Crime Internationalnationalnationalnationalnationalis published monthly byis published monthly byis published monthly byis published monthly byis published monthly by

CommerCommerCommerCommerCommercial Crime Services.cial Crime Services.cial Crime Services.cial Crime Services.cial Crime Services.Cinnabar WharCinnabar WharCinnabar WharCinnabar WharCinnabar Wharf, 26 Wf, 26 Wf, 26 Wf, 26 Wf, 26 Wapping Highapping Highapping Highapping Highapping High

StrStrStrStrStreet, London E1W 1NG, UK.eet, London E1W 1NG, UK.eet, London E1W 1NG, UK.eet, London E1W 1NG, UK.eet, London E1W 1NG, UK.TTTTTel: +44 (0) 20 7423 6960el: +44 (0) 20 7423 6960el: +44 (0) 20 7423 6960el: +44 (0) 20 7423 6960el: +44 (0) 20 7423 6960Fax: +44 (0) 20 7423 6961Fax: +44 (0) 20 7423 6961Fax: +44 (0) 20 7423 6961Fax: +44 (0) 20 7423 6961Fax: +44 (0) 20 7423 6961

E-mail: [email protected]: [email protected]: [email protected]: [email protected]: [email protected]: wwwebsite: wwwebsite: wwwebsite: wwwebsite: www.icc-ccs.org.icc-ccs.org.icc-ccs.org.icc-ccs.org.icc-ccs.org

Editor: Andy HolderEditor: Andy HolderEditor: Andy HolderEditor: Andy HolderEditor: Andy HolderEditorial TEditorial TEditorial TEditorial TEditorial Tel: +44 (0) 1903 877081el: +44 (0) 1903 877081el: +44 (0) 1903 877081el: +44 (0) 1903 877081el: +44 (0) 1903 877081

ISSN 1012-2710ISSN 1012-2710ISSN 1012-2710ISSN 1012-2710ISSN 1012-2710No part of this publication may be reproduced, storedin a retrieval system, or translated in any form or byany means, electronic, mechanical, photocopying,recording, or otherwise without the prior permissionof the publishers.While every effort has been made to check the informa-tion given in this publication, the authors, editors, andpublishers cannot accept any responsibility for any lossor damage whatsoever arising out of, or caused by theuse of, such information. Opinions expressed in Com-mercial Crime International are those of the individualauthors and not necessarily those of the publisher.

Copyright 2009. All rights reserved.

Subscription Order Form

£95/$160

NameJob Title OrganizationAddress

Postcode CountryTel No Fax NoE-mailNature of Business

Please charge my Mastercard/Visa/Delta CardCard numberExpiry DateSignature Date

I enclose a cheque payable to Commercial Crime Services (drawn on a UK bank)

Please invoice me/my organisation at the address above

Please return the completed form to:Commercial Crime ServicesCinnabar Wharf, 26 Wapping High Street, London E1W 1NG, UK.

Telephone Hotline +44 (0) 20 7423 6960

I would like to subscribe to Commercial Crime International.I understand that I may cancel my subscription at any time and receivea refund of the unexpired portion.

Corporate Security

Insider snoopingon the rise

More than a third of IT staff admitto abusing administration rights tolook at confidential information and74% say they are able to get aroundcontrols designed to protect sensi-tive data. The figures are containedin the latest ‘Trust, Security &Passwords’ survey compiled byCyber-Ark of more than 400 seniorIT professionals in the US and UK.

Noting an escalation in the situationsince last year, and despite theincreased awareness that hasfollowed numerous reports of databreaches, Cyber-Ark says that oneof the most revealing aspects of thesurvey was the types and quantityof information employees would takewith them if they were fired. As the

economic climate has worsened, the survey found a sharp increase in thenumber of respondents who say they would take proprietary data andinformation that is critical to maintaining competitive advantage andcorporate security. When asked “What would you take with you,” the surveyfound a six-fold increase in staff who said they would take financial reportsor merger and acquisition plans, and a four-fold increase in those who would

take CEO passwords and researchand development plans. Of theinformation targeted, respondentsindicated they would be most likelyto steal the following types ofinformation:

continued on page 11/