1 DELVING IN THE DEVIL’S MIND Knowing the psyche of a fraudster and a corrupt employee Kenny Ong Takaful IKHLAS Sdn Bhd
May 06, 2015
1
DELVING IN THE DEVIL’S MINDKnowing the psyche of a fraudster and a corrupt employee
Kenny OngTakaful IKHLAS Sdn Bhd
2
Business today…
13th April 2009
•Two Domino’s employees
•YouTube
•Apology from Domino’s after 48 hours
•1 million hits
•Twitter: questions on silence
•LinkedIn: suggestions by users in forum
BusinessWeek, May 4, 2009
3
• Shareholder : MNRB Holdings Berhad (100%)
• Established Date : 18 September 2002
• Operational since : 2 July 2003
• Takaful Model : Al-Wakalah
• Business Portfolio : General and Family Takaful
• Number Products : More than 90
• Number of Participants : More than 1,800,000
• Number of Agents : More than 6,000
• Number of Staff : 490
• Regional Offices : 11
• Paid Up Capital : RM295 million
TAKAFUL IKHLAS CORPORATE PROFILE
4
IKHLAS Customized Healthcare Solutions
5
Contents:
A. The Criminal Mind
B. Triggers
C. Minimizing Incidents
D. Future Fraud
When and how do you decide?
7
How many of us drive with the ultimate intention of breaking the
speed limit?
8
Fraud-O-Scope™
Fraud
1. Character
Good
Bad
2. Intelligence
Smart
Not Smart
3. Situation
Open Closed
4. Catchability
Easy Hard
9
The Criminal Mind
Profile of Potential Fraudster
10
“Everyone has a price”
11
Fraud-O-Scope™
Fraud
1. Character
2. Intelligence
Good
Bad
Smart
Not Smart
12
Fraud-O-Scope™
Fraud
1. Character
Good
Bad
1. Family2. Education3. Social4. Movies5. Books6. Religion7. Record8. Attribution
13
Fraud-O-Scope™
Fraud
2. Intelligence
Smart
Not Smart
1. Education level
2. Talent3. Analytical4. Systems5. Ask
questions6. Years of
Service
14
How would you profile him?
15
How would you have profiled him?
16
Where are the Fraud Risks?
Industry
Management
Staff
Frontline
Sup
plie
rs/V
endo
rsR
etail Front
18
Real Fraud, Real Risks
1. Channel Fraud
2. Staff Fraud
3. Management Fraud
4. Distributor
5. Retail Assistant
6. Payroll
7. Undercutting
8. Purchasing
9. Credit Card
10.Ghost Staff
11.Ghost Channels
12.Financial Reporting
13.Theft
14.F/L
15.eCommerce
16.Share manipulation
19
GENERAL FRAUDSTER PROFILE
• Profile: 68.6% – no prior criminal record, – Aged 26-40 years old, – Annual income between RM15k-RM30k, – 2-5 yrs of service
• Struggling financially or large purchases – difficult time in their lives– gets out of hand
• Merger and acquisition or reorganization activity. – ‘I don’t have a career here’ attitude.
20
Possible General Root Causes for Fraud Mindset
1. "Everyone does it."
2. "It was small potatoes."
3. "They had it coming." – the revenge syndrome
4. "I had it coming." – the equity syndrome
21
Possible General Root Causes for Fraud Mindset
1. "Everyone does it.“1. Indiscipline employees commonly organize
themselves in cliques or clusters - the inner circle
2. Rarely does a repeat offender not involve an accomplice or at least a confidant.
3. “If my superior can come to work late and still be promoted, it means I can steal RM10. Both are indiscipline cases anyway.”
22
Possible General Root Causes for Fraud Mindset
1. “It was small potatoes.“1. “What's a RM30 stolen calculator to a company that
makes millions each year or to a boss who drives a Mercedes?
2. “Zero Tolerance Policy” for identified disciplinary cases in any form or for any amount?
23
Possible General Root Causes for Fraud Mindset
1. "They had it coming." – the revenge syndrome1. “The accounts department cuts down my lead time
to submit my claims yet take 60 days to compensate my claims. So I purposely come late to work to compensate.”
2. “The company keeps cutting down our benefits and allowances but keep asking us to produce more. So I compensate by being calculative with the company even for one sen.”
24
Possible General Root Causes for Fraud Mindset
1. "I had it coming." – the equity syndrome1. Under-compensated or unrecognized -> self-
devised "bonus" plan.
2. Employee has been turned down for a raise or promotion; after a company-wide salary freeze has been established; during periods of company turmoil (restructuring, takeover, new management, etc.).
25
Reminder: Very few people join an organization with the objective to
commit fraud.
26
“Cow don’t drink water cannot push cow head down”
27
Triggers
Conditions for Fraud
28
Fraud-O-Scope™
Fraud3. Situation4. Catchability
Open ClosedEasy Hard
29
Fraud-O-Scope™
Fraud3. Situation
Open Closed
1. Self/Family2. Straight road3. Conflicts4. Bad Bosses5. M&A6. Org Character7. Controls8. No changes9. Power
Imbalance10.Amount, $$11.Org Systems
30
Fraud-O-Scope™
Fraud4. Catchability
Easy Hard
1. Check & Balance
2. Oversight3. Automation4. Burden of
Proof5. Line of Sight
31
Who is most likely to commit Fraud?
Excellent
Very Good
Average
Not Good
Commit Suicide
32
The Four Desperates
1. Desperate Competition
2. Desperate Consumer
3. Desperate Achievers
4. Desperate Changes
33
Dangers of Direct Incentives
1. lessen internal motivation, 2. switch to mercenary mode, 3. do something and do not do something else, 4. bribe and fraud culture, 5. easier for competitors to recruit, 6. lessen teamwork & helpful culture, 7. less and less impact for same value, 8. mockery of base salary and employment contract, 9. rebellion from non-incentivised staff, 10. end up incentivising everyone for everything?,
34
Curse of the Bell Curve
‘A’ Staff
‘B’ Staff
‘D’ Staff
‘E’ Staff
‘C’ Staff
35
Biggest Issue in Financial Product Innovation?
36
Power Imbalance
1. Propose
2. Approve
3. Execute
4. Monitor
37
Possible General Root Causes for Fraud Mindset
1. "Everyone does it."
2. "It was small potatoes."
3. "They had it coming." – the revenge syndrome
4. "I had it coming." – the equity syndrome
38
Minimizing Incidents
Prevent. Deter. Kill.
39
"Fear not the 10,000 moves practiced once. Fear the one move
practiced 10,000 times"Chandni Chow to China
40
How to minimize Fraudulent mindsets….
Attribution.
41
Risk Mitigation Strategies
Culture
ERM
Identified Fraud Risks
StructureResources
Leadership
Person
42
Alignment: Framework
• Org Structure• Job Design – C.Fraud.O.• Policies & procedures• Governance, Internal Controls• Management Systems, SOPs• Central• Special Task Force• Internal Audit, Surprise Audit, Regular Audit
(Surveillance)• Levels of Authority, Power Balancing*
Structure
43
*Power Balancing
1. Propose
2. Approve
3. Execute
4. Monitor
BOD Set 1 BOD Set 2
Approval/Verification
44
Alignment: Framework
• Tools• ICT Systems• Rules detection• Whistle Blower• PED• Profiling/Assessment Tools• Budget for Investigation,
Litigation
Resources
45
Strategy: Framework
• PED• Involuntary Role Modeling• Personal accountability and
Commitment • Corporate Values• Watch out: Current people promoted
to Key Positions• Promotional criteria
Leadership
46
Alignment: Framework
• New Employee Background checks
• Willingness to Punish• Root Cause Analysis (Mager &
Pipe)• Rotation• PED• Fraud Detection & Analysis
Competency• High Risk Jobs• IT breaches through Frontline
Person
47
• PED
48
GENERAL STRATEGIES AND POLICIES
• B1. Classification of Behaviors– B1.1 Disrespectful Workplace Behavior
– B1.2 Progressive Discipline
– B1.3 Zero Tolerance
49
GENERAL STRATEGIES AND POLICIES
• B2. Recruitment and Selection• B3. Exit• B4. Employee Assistance Program• B5. Anonymous Hotline• B6. Communication and Feedback• B7. Training and Education• B8. Formal Complaint and Grievance
50
GENERAL STRATEGIES AND POLICIES
• B9 Leadership– 1. Leaders act as role models whether
consciously or unconsciously
– 2. Leaders determine the working environment
51
GENERAL STRATEGIES AND POLICIES
• B9 Leadership– 1. Educate– 2. Involve– 3. Teach – 4. Eliminate
52
SPECIFIC STRATEGIES AND POLICIES
• C1. Theft and Fraud – Root Causes– Profile: 68.6% - no prior criminal record,
Aged 26-40 years old, Annual income between RM15k-RM30k, 2-5 yrs of service
– Struggling financially or large purchases • difficult time in their lives• gets out of hand
– Merger and acquisition or reorganization activity.
• ‘I don’t have a career here’ attitude.
53
SPECIFIC STRATEGIES AND POLICIES
• C1. Theft and Fraud - Prevention– Background checks– Duties segregated– Anonymous hotline – Share the wealth– Communicate successes– Make a big noise when discovered– Video surveillance equipment
54
SPECIFIC STRATEGIES AND POLICIES
• C2. Violation of confidentiality or security of company information - Prevention– a. ICT Security Policies*– b. Ownership of Intellectual Property– c. Inside Information and Trading of company
shares
55
*ICT Security and Fraud (1/3)
Biggest ICT risks
1. Security – All matters relating to the ‘coming-in’ and ‘going-out’ of all systems and information
2. Backup - including Storage of critical and non-critical information and Disaster Recovery
3. Continuity – Availability of systems and information at a 24x7x365 standard
56
*ICT Security and Fraud (2/3)
The following are threats faced by organizations from ‘inside’ the company:
• Current Employees, • On-site Contractors, • Former Employees, • Vendors/Suppliers, • Strategic Partners, and • OEMs
57
*ICT Security and Fraud (3/3)
1. Web browsing and Internet Access
2. Username and passwords
3. Instant Messaging
4. E-Mail
5. File access permissions
6. Backups
7. Crisis management, Disaster recovery and Business Continuity
8. Physical
9. PCs and laptops
10.Remote access
11.Servers, routers, and switches
12.Internet / external network
13.Wireless
14.PDA and cell phone
15.Documentation and change management
ICT Security, Backup, and Continuity Strategies 2005-2008:
58
“Asking the people responsible for preventing a problem if there is a problem is like
delivering lettuce by rabbit"
Norman Augustine
CEO & Chairman, Lockheed Martin
59
"He has 20 years experience: 1 year of bad experience
repeated 20 times"
60
Future Fraud
We all need help
62
Finance Today…
$19.90
63
New Fraud Opportunities
Change in Business Models: InexperiencedeCommercePartnersFranchiseDownstream/UpstreamM&A Targets
64
eCommerce Frauds
AccountTakeover
Pharming
Counterfeit Advances
Phishing
Application
Lost/Stolen Credit Cards
eCom Frauds?
65
Latest Fraud topics: General
1. Whistle Blowing compensation: tied to $$ amount of fraud exposed
2. New laws proposed -> Not allowed to sue Accountants, Auditors, Lawyers. What implications?
3. Credit Crunch = Tighter Cash Flow = More desperate people = more Fraud?
4. Sub-prime crisis + Société Générale = Transparency, Disclosure, Relationship Transparency
66
Fraud: Research Options?
1. Profile of a Fraudster in Malaysia
2. New Fraud Risks in the 21st century business environment
3. Internet, eCommerce, and ICT related Fraud risks and prevention
4. Company Culture and its influence on Fraud Risks
5. HR practices that can decrease Fraud in a company
67
End Points
68
Mistakes and Lessons Learned
1. Price to Pay for Fraud/Risk Mitigation => Business Flexibility
2. Control vs. Growth
3. Rules vs. Humanity/Motivation
4. Not tackling the root cause i.e. Motive + Opportunity i.e. Humans
5. Focus on FAC vs. Sales/Marketing => who has control?
6. Relationship Role vs. Enforcement Role
69
In the end…
• Great Wall of China– humans are the weakest link– bad treatment of staff will lead to weak link i.e.
easier to bribe, easier to con, etc; – bad treatment examples: insulting, lose face,
broken promises, no dignity, public criticism, restructure without communication
Thank You.
soft copy of slides: http://totallyunrelatedrandomanddebatable.
blogspot.com/