Benford’s Law is a long-standing statistical precept that remains as relevant and widely accepted in fighting fraud as ever. By wielding it effectively, experts can cut down fraudsters who unknowingly reveal their wrongdoings in dubious digits.
The rule is named for Frank Benford, a physicist who noted that, in sets of random data, multidigit numbers beginning with 1, 2 or 3 are more likely to occur than those starting with 4 through 9. Studies have determined that numbers beginning with 1 will occur about 30% of the time, and numbers beginning with 2 will appear about 18% of the time. Those beginning with 9 will occur less than 5% of the time.
Further, these probabilities have been described as both “scale invariant” and “base invariant,” meaning the numbers involved could be based on, for example, the prices of stocks in either dollars or yen. As long as the set includes at least four numbers, the first digit of a number is more likely to be 1 than any other single-digit number.
Benford’s Law carries striking implications for fraud detection. To avoid raising suspicion, fraud perpetrators often use figures they believe will replicate randomness. Typically, they choose a relatively equal distribution of numbers beginning with 1 through 9.
Fraud investigators can take advantage of such errors and test data in financial documents including:
- Tax returns,
- Inventory records,
- Expense reports,
- Accounts payable or receivable, and
- General ledgers.
Although complicated software programs based on Benford’s Law exist to examine massive amounts of data, the principle is simple enough to apply using basic spreadsheet programs.
Benford’s Law, however, isn’t infallible. It may not work in cases that involve smaller sets of numbers that don’t follow the rules of randomness or numbers that have been rounded (resulting in different digits). Also, smaller numbers are more likely to occur simply because they’re smaller and the logical place to begin a count.
Assigned numbers, such as those on invoices, are also iffy. On a similar note, uniform distributions — such as lotteries where every number painted on a ball has an equal likelihood of selection — may not suit a Benford’s Law analysis. And prices involving the numbers 95 and 99 (often used because of marketing strategies) may call for a different approach.
Benford’s Law isn’t appropriate in every instance. And, as advanced metrics forge new inroads into fraud detection, it could fall out of favor. But Benford’s Law is expected to remain a foundational approach to fraud detection for many years to come.
© 2019 Covenant CPA
When market competition heats up, you might provide extra incentives for your sales staff to perform. But be careful: Some employees may step over the line — to earn bigger bonuses or out of enthusiasm for the challenge — and use unethical sales tactics. Take steps to ensure your salespeople always operate with integrity.
Make a commitment to honesty
Culture starts at the top. If you clearly demonstrate, through both words and behavior, your commitment to honesty, your sales team will get the message. Your customers will too.
Try to anticipate the challenges your sales force may face as they attempt to meet sales goals. The temptation to sell more than your company can deliver, for example — or to recommend a product they know isn’t the best solution for a customer’s problem — may be strong. Those and similar sales strategies may land the account, but they do nothing to build the trust and credibility your business needs to keep that account over the long haul.
It’s also important that your company and salespeople don’t try to slip through loopholes when a situation requires taking responsibility. For example, some insurance companies that wrote coverage on homes and businesses damaged during Hurricane Katrina, Superstorm Sandy, and Hurricane Harvey lost goodwill by quibbling over what damage was covered. Ensuing legal battles and negative publicity have done nothing to raise consumer confidence in the insurance industry.
Promote lasting relationships
When your salespeople make a sale, require them to be clear about what the sale includes and what it doesn’t. Reiterate that their job isn’t simply to make sales, but to build lasting customer relationships. To do that, they must always keep the customers’ best interests in mind. To make sure the message gets heard, consider tying compensation to customer satisfaction and repeat business, in addition to sales revenue quotas.
That may mean acknowledging, for example, that one of your products won’t do everything the customer needs it to do. If a customer asks about a feature your product doesn’t have, your sales reps shouldn’t imply that it does. Instead, they should work with the customer to determine whether the desired feature is necessary and emphasize your product’s other features and benefits. Ultimately, however, they must be honest about any limitations.
Your sales force doesn’t need to steer customers to competitors, but they shouldn’t disparage the competition, either. And incentivizing customers to load up on unneeded products during promotions may boost the bottom line, but it won’t do much to build trust.
Too often sales staffs are encouraged to focus on short-term goals, which makes them more likely to do “whatever it takes” to get a sale. It’s up to you and your managers to prioritize the kind of ethical behavior that’s crucial to your company’s long-term success.
© 2019 Covenant CPA
The Web has opened plenty of new avenues for criminal behavior. For example, you may have heard of cybersquatting. Someone registers a site’s domain name that includes a trademark and then tries to profit by selling that name to the trademark owner.
But are you familiar with typosquatting? You should be — because these schemes can make just about any organization, along with visitors to its website, the victims of fraud.
Like cybersquatting, typosquatting (also known as URL hijacking) involves the purchase of domain names in bad faith. It takes advantage of an inclination among users known as “fat fingers” — basically, our tendency to hit the wrong keys and enter misspelled trademarks or brands. For example, in a case involving the retailer Lands’ End, a typosquatter registered domains such as landswnd.com and lnadsend.com. Other human errors — for example, typing the wrong URL extension (.com instead of .org) or omitting punctuation marks such as hyphens — can also work to typosquatters’ advantage.
Some fraudsters seek to divert consumers away from competitors or just draw traffic to their own sites (often pornography or dating sites). A recent report from security firm DomainTools LLC says that major media outlets, including USA Today, the New York Times and the Washington Post, are frequently targeted. DomainTools found hundreds of fraudulent domain names related to these publications.
Other typosquatters go further. For example, the websites they divert to might feature a phishing scheme, whereby a visitor is induced to enter login information or download malware. Such tactics can make big money for fraud perpetrators — particularly if they target the right sites. Earlier this year, an anonymous typosquatter announced that he had stolen 200 bitcoins (then worth an estimated $760,000) from Dark Web sites over the previous four years.
Typosquatting can also be used for corporate espionage. In one case, a law firm sued a programmer who had obtained a domain name similar to its own, except for a minor typo. The law firm alleged that the defendant had used his doppelgänger domain name to create fake email accounts and intercept email sent to the firm.
When it comes to avoiding typosquatting, awareness is probably the best defense. Your company should regularly check various mistyped versions of its URLs and consider purchasing as many similar domain names as possible. Contact us if you’re worried about fraud — both on- and off-line.
© 2019 Covenant CPA
Affinity fraud — where perpetrators exploit connections of race, religion, age, politics and profession — is one of the cruelest forms of criminal deception. Fraudsters often belong to the groups they target and, in addition to stealing money, weaken the bonds within communities.
Affects individuals and businesses
Affinity fraud targets individuals. But it can also hurt businesses if a big chunk of their workforce is affected. If your company employs a large percentage of immigrants, for example, they may be susceptible to fraud perpetrated by other immigrants and could, as a result, be left penniless. In addition to the effect such emotional trauma can have on company morale, it could make employees more susceptible to stealing in their own efforts to recoup their losses.
Even people who usually are skeptical of common cons are more likely to let down their guard when the pitch comes from someone with a common background. Recently, for example, the Securities and Exchange Commission uncovered a $3 million affinity fraud scheme perpetrated by an investment advisor who targeted his fellow Israeli-Americans living in Los Angeles.
Military veterans are particularly vulnerable to appeals from fake military charities or Department of Veterans Affairs loan schemes. Many of these frauds are committed by individuals posing as ex-service members, but some are perpetrated by actual veterans exploiting their military connections.
Don’t be deceived
No one is immune to affinity fraud. Not only could you be targeted as an individual, but scam artists — potentially including your own employees — could seek contributions as part of your business’s philanthropic activities. Don’t be deceived into believing you can spot such scams. Many affinity frauds are recommended by friends, neighbors and colleagues.
To protect yourself, research any investment opportunity or fundraising organization that approaches you, regardless of who makes the approach. A duped individual may present the opportunity to you in good faith. In fact, that’s why Ponzi schemes are often so successful.
Also, refuse to be pressured into participation before you’re ready, and be skeptical if you’re asked to keep an opportunity confidential or can’t get anything about it in writing. If a suspicious investment offer comes via e-mail, forward it to firstname.lastname@example.org for investigation.
Hard, but not impossible, to fight
Affinity fraud can be hard to fight because victims are less likely to report it than other criminal acts. They may prefer to work within their community to try to resolve the problem instead of exposing it to law enforcement and media attention. But if you suspect a wolf is operating in your community’s fold, speak up. And contact us. We can help you confirm the existence of fraud.
© 2019 Covenant CPA
Money laundering is the process by which criminals transform their ill-gotten gains into legitimate-looking funds. It’s widespread and wide-reaching, making it a significant corrupting influence on financial systems, governments and certain professionals.
Criminals use many different types of businesses to “wash” their dirty money, but some are more useful than others. Given its high dollar value and availability of inventory, real estate is one of those favored industries.
The typical money laundering scheme involves three phases:
- Placement. Here the proceeds of criminal activity enter the financial system.
- Layering. This is where the money launderer conducts a series of transactions to distance the money from its criminal source.
- Integration. Finally, the criminal uses the money, which now appears legitimate and divorced of any crime.
Executing money laundering operations effectively is critical if crooks are to engage in complex organized crime operations and long-running fraud schemes. Not surprisingly, law enforcement has prioritized breaking up money laundering operations.
Many laws exist to prevent it, including the Bank Secrecy Act, the Patriot Act, and the Intelligence Reform and Terrorism Prevention Act. Yet given the vast number of transactions taking place within the U.S. financial system, detecting money laundering schemes remains a challenge, particularly when perpetrated by experienced crooks.
The size of many real estate deals allows money launderers to clean large sums of money quickly. And because real estate involves so many routine transactions, it can be easy for criminals to avoid detection. But probably the most attractive aspect of the real estate market from a launderer’s perspective is that there are few, if any, reporting requirements for suspicious activity.
To avoid raising red flags, money launderers may use illegal shell companies — companies that exist in name only and whose primary purpose is to process illegal funds. Shell companies usually grant a real estate buyer anonymity. Depending on the sophistication of the scheme, criminals may use overseas financial systems to make tracing the source of funds nearly impossible.
Nevertheless, to expose a dirty real estate deal, transaction participants need to ask questions about the source of a buyer’s money. Difficult-to-trace funds are a red flag for criminal involvement. Other suspicious signs are when a buyer offers to pay significantly above market or a seller tries to dispose of property quickly — even if it means taking a loss.
The upshot is that, if a property transaction seems “off” and you don’t receive adequate answers to reasonable questions, walk away from the deal. Someone who knowingly sells to a money launderer could be indicted as a conspirator. For this reason, make sure you work with reputable and experienced real estate brokers and attorneys.
© 2019 Covenant CPA
Fraud experts have long suggested that the presence of three conditions, known as the “fraud triangle,” greatly increases the likelihood that an employee will commit fraud. Over the years, this conceptual framework has been expanded to become a “fraud diamond.” Understanding these models can help you protect your business.
The classic fraud triangle consists of:
1. Pressure. An individual experiences some type of pressure that motivates the fraud. Pressure can come from within the organization — for example, pressure to meet aggressive earnings or revenue growth targets. Or, the pressure could be personal, such as the need to maintain a high standard of living or pay off debt from credit cards, medical bills or gambling.
2. Rationalization. Perpetrators must be able to mentally justify their fraudulent conduct. They might tell themselves that they’ll pay back the money before anyone misses it, or reason that:
- They’re underpaid and deserve the stolen funds,
- Their employers can afford the financial loss,
- “Everybody” does it, or
- No other solution or help is available for their problems.
Under the fraud triangle theory, most employees who commit fraud are first-time offenders who don’t view themselves as criminals but as honest people caught up by circumstances.
3. Opportunity. Occupational thieves exploit perceived opportunities that they believe will allow them to go undetected. Poor internal controls, weak management oversight and ineffective or nonexistent audits all create opportunities for fraud. The opportunity leg represents the best avenue for preventing fraud because it’s within your organization’s control.
More recently, experts have proposed a conceptual framework that includes a fourth leg, “capability.” A capable individual is someone who may have the job position, intellectual capacity, confidence, resilience to stress and guilt, and ability to coerce and cajole others that make committing fraud easier.
A similar model to this diamond shape is MICE (Money, Ideology, Coercion and Ego). MICE retains the original three sides of the fraud triangle but shares the opportunity leg with a second triangle that also has sides for criminal mindset and arrogance.
Proponents of this model argue that perpetrators with characteristics matching the original fraud triangle are “accidental fraudsters.” This means that they wouldn’t commit fraud in the absence of motivation. Those on the side of the additional criminal mindset/arrogance/opportunity triangle are predators, or pathological fraud perpetrators. These individuals require only opportunity. This is another reason why focusing on the opportunity side is the best way to prevent fraud in your organization.
Designed to help
It’s important to remember that employees who seem to display fraud triangle or diamond characteristics won’t necessarily commit a crime. The models are designed to identify risk and eliminate fraud opportunities. Contact us for more information about protecting your organization from fraud.
© 2019 Covenant CPA
Even if you haven’t heard much about it lately, know this: Health care fraud is alive and well in the United States. Here’s a roundup of recent stats, law enforcement initiatives, common fraud schemes and how you can help prevent these crimes.
Just the facts
During fiscal year (FY) 2018, the Health Care Fraud and Abuse Control Program (a government initiative that coordinates federal, state, and local law enforcement) won or negotiated over $2.3 billion in health care fraud judgments and settlements. During the same period, the Department of Justice (DOF) opened 1,139 new criminal health care fraud investigations. In addition, the DOJ filed charges in 572 criminal cases.
What does this mean for you? The National Health Care Anti-Fraud Association estimates that health care fraud costs the nation at least $68 billion annually.
Many players, many games
Health care fraud can be perpetrated in a variety of ways by many different players. For example, insurance companies may bilk government programs such as Medicare and Medicaid by submitting false documentation, mishandling claims, charging excessive rates or failing to pass along discounts.
Fraud by insured employees is another problem. Employee-initiated schemes include submitting fraudulent claims — often in collaboration with shady medical providers.
Dishonest providers, including doctors, nurses, chiropractors and pharmacists, are responsible for a large volume of health care fraud. They may bill for unnecessary or harmful medical procedures, bill for procedures never performed, “upcode” inexpensive procedures to expensive ones, or bill for brand names and dispense generics. Corrupt practitioners may recruit healthy individuals and bill their insurance companies for costly medical services that are never provided.
What you can do
Fraud thrives in high volume environments. So, the more health care transactions your business or organization processes, the greater the potential for fraud to slip through undetected, and the more vigilant you must be.
You can help combat these schemes by strictly complying with audit obligations. For instance, randomly sample products and services invoiced and compare them with what was actually delivered to the patients. Looking for discrepancies can net you stolen goods and even large-scale thefts. It also sends a message to potential perpetrators that you’re watching.
Role of internal controls
In addition to contractual audits, internal controls play an important role in preventing and uncovering health care fraud. Contact us if your organization needs help building a robust internal control system.
© 2019 Covenant CPA
When the value of a stock skyrockets, its investors may think they’ve hit the jackpot. But if the stock in question is part of a “pump-and-dump” scheme, investors may, in fact, lose their shirts. Here’s how to avoid getting taken by this type of investment fraud.
A penny for your stocks
In the typical pump-and-dump scam, a fraud perpetrator buys shares in an inexpensive, relatively illiquid stock (often referred to as a “penny” stock) whose price will react dramatically when trading volume increases. Then the crook makes false or misleading statements to encourage people to sink their savings into the stock and drive up its price. When it hits a certain dollar amount, the fraudster sells, locking in short-term gains and causing the stock to crash. Investors are left with what often are worthless shares.
This summer, the FBI uncovered an international pump-and-dump scheme that netted its perpetrators $15 million in profits over a five-year period. The criminals bought millions of shares in small, thinly traded companies, then staffed call centers to hype the stocks to senior citizens. The scheme might have continued indefinitely if not for the fact that one of the crooks’ “co-conspirators” wasn’t the greedy stockbroker he claimed to be, but an undercover agent.
Hot tips, cold shoulder
As the above case suggests, investment scammers often target seniors with retirement savings to invest. Novice investors who aren’t familiar with how the stock market works are also popular marks. However, even experienced investors can get snared when offered a “hot tip.”
You can help avoid becoming a victim by following some common-sense guidelines. For example, never buy a stock based on an email or telephone solicitation, no matter how compelling the sales pitch. Simply hang up the phone or delete the message.
If you’re intrigued by the sound of an investment, do your research to determine whether the company is 1) legitimate, and 2) a good investment opportunity. Also pay attention to the stock’s trading volume. The more thinly traded a stock, the greater the potential for fraudulent manipulation.
Too good to be true
The bottom line: When an investment sounds too good to be true, it probably is. If you’d like to invest (say, for retirement or other financial goals), but don’t know how to pick stocks or build a portfolio, work with a reputable financial advisor. There are no guarantees in investing, but your advisor can help you steer clear of scams and invest only in securities that meet your criteria.
© 2019 Covenant CPA
Early revenue recognition has long accounted for a substantial portion of financial statement fraud. By recording revenue early, a dishonest business seller or an employee under pressure to meet financial benchmarks can significantly distort profits. Fortunately, fraud experts have tools to expose such manipulation.
Early revenue recognition can be accomplished in several ways. A dishonest owner or employee might:
- Keep the books open past the end of a period to record more sales,
- Deliver product early,
- Record revenue before full performance of a contract,
- Backdate agreements,
- Ship merchandise to undisclosed warehouses and record the shipments as sales, and
- Engage in bill-and-hold arrangements.
In this last scenario, a customer agrees to buy merchandise but the company holds the goods until shipment is requested. It and any of these schemes might be carried out by one employee or several in collusion.
Probably the most obvious marker for early revenue recognition is when a company records a large percentage of its revenue at the end of a given financial period. Significant transactions with unusual payment terms can also be a danger sign. When these or other red flags are unfurled, it’s time to investigate.
Fraud experts might compare revenue reported by month and by product line or business segment during the current period with that of earlier, comparable periods. They typically employ software designed to identify unusual or unexpected revenue relationships or transactions.
Reading the signs
If, for example, an expert suspects merchandise is billed before shipment, he or she will look for discrepancies between the quantity of goods shipped and quantity of goods billed. The expert will also examine sales orders, shipping documents and sales invoices; compare prices on invoices with published prices; and note any extensions on sales invoices.
What if the expert suspects merchandise was shipped prematurely? He or she compares the period’s shipping costs with those in earlier periods. Significantly higher costs could indicate an early revenue recognition scheme.
The expert also may sample sales invoices for the end of the period and the beginning of the next period to confirm the associated revenues are recorded in the proper period. If phantom sales are suspected, reversed sales in subsequent periods and increased costs for off-site storage may provide evidence of fraud.
Exposure can be fatal
If improper revenue recognition is exposed to the public, the resulting scandal can destroy a company. Contact us immediately if you suspect it or other forms of financial statement fraud.
© 2019 Covenant CPA
When it comes to reducing fraud loss and duration, active detection methods (such as surprise audits or data monitoring) are far more effective than passive methods (such as confessions or notification by police). This was a major finding of the latest Association of Certified Fraud Examiners (ACFE) Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse. Yet many companies fail to use active methods to their full potential.
Active vs. passive detection
The ACFE study found that frauds detected using passive methods tend to last longer and produce larger losses than those detected by such active methods as:
- IT controls,
- Data monitoring and analysis,
- Account reconciliation,
- Internal audit,
- Surprise audits,
- Management review, and
- Document examination.
These active methods of detection can significantly lower fraud durations and losses. For example, frauds detected by IT controls had a median duration of five months and a median loss of $39,000. By comparison, fraud detected through notification by police had a median duration of 24 months and a median loss of $935,000.
Surprise audits and proactive data monitoring and analysis can be especially effective ways to fight fraud. On average, victim-organizations without these antifraud controls in place reported more than double the fraud losses and their frauds lasted more than twice as long as victim-organizations with these controls in place. Yet only 37% of the organizations in the ACFE study had implemented surprise audits or data monitoring and analysis, however.
Close-up on tips
The ACFE categorized tips — the leading fraud detection method — as “potentially active or passive,” because they may or may not involve proactive efforts designed to identify fraud. Organizations that use hotlines for reporting misconduct detected fraud by tips more often (46% of cases) than those without hotlines (30% of cases).
More than half of tips came from employees, but nearly one-third came from outside parties, such as customers and vendors. To ensure that tips are used as an active detection method, an organization should set up a hotline and promote its use among employees, supply chain partners and others. If possible, users should be able to make anonymous reports.
Don’t wait for fraud to find you
Occupational fraud poses a significant threat to organizations of every type and size. Waiting to react until fraud rears its head can result in serious financial losses. Instead, adopt active detection methods that can be deployed continually. Contact us for help.
© 2019 Covenant CPA