Citi that never sleeps gave sleepless nights to their Indian customers! A huge fraud to the tune of Rs. 400 Crores ( USD 86 Mill) rocked the financial world involving insiders. The fraud involved wealth management team – a relationship manager called Mr. Puri. According to news reports Puri diverted wealth management customers funds to his personal account & was trading in stocks. How can this happen in such a large global bank with fort-knox security? where are the checks & balances – where are the auditors?
Apparently Mr. Puri was using the entire Citi machinery – its computer systems, mails to generate falsified statements of accounts, portfolios and receipts merrily & was running this happily for sometime. Citi also used to get BLANK investment forms signed off by the stupid high net-worth investors! The critical question is – How could this massive fraud go unnoticed for such a long time. More important is – How can a low level official such as Mr. Puri orchestrate this complex fraud as one man army? was he alone – certainly not possible.
Let us examine some best practices -
Most people in India do not know that fraud is a legal term and not a concept that changes with time. Fraudulent incidents in the information age have devastating effects. Every single piece of information in today’s knowledge driven era has a value attached to it, and is thus prone to fraud. Information leakage and technology or people failure in an organization result in major financial losses. Traditionally, audit was the best way to investigate frauds; however, in recent times with economies going from boom to bust, this profession has innovated drastically.
Recruiting a proficient team
A person investigating fraud must understand that every organization is susceptible to fraud as human behavior cannot be controlled, unlike policies, laws, and hierarchy. Hence, the question is how to investigate fraud after an incident has been reported.
Investigating fraud is not a one-man job and requires a competent and experienced team. The fundamental of any investigation is to have professionals with the right skills, knowledge, and experience. This team needs to be focused on the assignment and ensure resolution within a reasonable timeframe. Inexperienced or under-trained personnel could hinder the fraud investigation process.
Depending on the magnitude of the incident, the fraud investigation team should consist of:
• A legal attorney/professional who is able to identify applicable compliance provisions, statutory regulations and their violations. In majority of frauds detected, the evidence obtained is purely circumstantial in nature and thus requires special skills to put forth the point in an appropriate manner and visualize the implication in the court of law.
• A forensic accountant/auditor, who is not necessarily an accountant but an individual with a techno-functional background in specialized areas like business, finance, Information Technology (IT), and law.
• A cyber forensic expert with appropriate technical knowhow and experience. Today, computer is a tool as well as a victim in financial crimes. Cyber forensic expertise is one part of forensic accounting practice that deals with various aspects of digital evidence, data recovery, data analysis, password recovery, and risk profiling of user. These crimes are most difficult to probe and prosecute because of jurisdictional issues and many times are cross-border in nature.
• A field investigator who based on requirements of a forensic auditor collates the evidence, which is crucial for any investigation to be successful. Awareness of legal environment is critical for a field investigator and all evidence should be gathered and collected with respect to law of the land. Any violation of the same may result in the evidence getting tainted and becoming unacceptable in the court of law.
Using the SPEC (scope, plan, execute, close) model
Having an initial investigative hypothesis of the incident helps to understand where exactly the fraud investigation should commence. The SPEC model can be used to investigate fraud.
• Scope: Post incident reporting, investigator/s need to gain maximum first hand information of the actual job. Understand and evaluate various factors such as cultural, regulatory, and legal to investigate a fraud. Speculate on different levels of investigative hypothesis, by approving and/or disapproving facts of the incident/s and the process of gathering evidence for the same. It must be noted that this is not the planning stage.
• Plan: Plan the fraud investigation in a phased manner to maintain its intent and purpose. The plan stage includes establishing the investigative hypothesis, process mapping, scheduling timeframes, resource allocation, and reacting appropriately to facts/information while executing an investigation.
• Execute: This includes supervision of the case, proving and/or disproving facts/information, and triggers raising such incidents. While investigating a fraud, the investigators should apply their knowledge, expertise and skills to deduce potential outcomes based on different theories such as the Fraud Triangle by Dr. Donald Cressey.
• Close: This is the final stage of a fraud investigation, where the case is closer to completion. Investigation outcomes of the incident and appropriate recommendations are documented in a logical, coherent report.
An important fact is that corporations in India today do not update themselves on the different and continuously developing types of frauds and methods to investigate frauds. Corporations “act” or rather “react” only when a fraud occurs in their own backyard. Review of internal procedures and technological advancements not only in audits but also various departments assist in reducing fraudulent activities. Training the staff regularly by organizing fraud awareness programs keeps them abreast of the changing nature of frauds and ways to combat them effectively.
