The Financial Crime conference is a unique gathering of people representing a diverse
range of organizations affected by financial crime. The conference has representatives
from financial institutions, law enforcement agencies, law firms, accounting firms,
security consulting firms, and members of parliament as well. In the presence of such
qualified and experienced people, the absence of academics was less noticeable. It is a
gathering of practitioners (most of them in their forties and balding), exchanging
experience, establishing contacts that will no doubt be beneficial to their daily job
roles, and invaluable in the need to stay ahead of the criminal in the fight against
financial crime. Most of the speakers were practical minded (no fancy models and
frameworks), covering topics like prevention, detection, investigation, regulation,
legislation, and future trends.
The conference opened with an impressive short introduction by Commissioner William
Taylor QPM (Commissioner of the City of London Police, Queens Police Medal) on the issues
of financial crime facing members of the audience today. The serious straight-to-the-point
talk set the tone for the rest of the morning. The Commissioner was like Tommy Lee Jones
(U.S. Marshall) in the movie "The Fugitive." I am sure those 10 minutes made an
impression of others too, since many speakers afterwards continued to refer to the words
of Commissioner Taylor. Jeremy Roberts QC (Queen's Council) chaired the conference for the
rest of day by keeping a strict control on the schedule and providing informative comments
on topics implied in the speakers' talks.
The remainder of this report will revolve around the efforts of law enforcement
(section 2), financial institutions (section 3), management, accountants, auditors
(section 4), lawyers, regulators (section 5), and security specialists (section 6). Due to
the range of topics covered, I will focus on the main themes surrounding the conference.
Those interested in the details of each speaker and each talk can refer to the two volume
conference proceedings [Trocki 1995].
Media reports and criticism of the role of law enforcement in financial crime resulted
in the portrayal of law enforcement as being either controversial or incompetent. Many in
the financial services and security industry are aware of the limitations of law
enforcement, and the limitations of criminal prosecutions [Sommer 1994]. The conference
was an excellent stage for the speakers from the law enforcement agencies to sell their
agency agendas, vent their frustrations with the system, and coax financial institutions
into closer cooperation.
The Serious Fraud Office (SFO) was established in 1988 to investigate the most serious
fraud cases (around 30 - 60 cases a year), with the notorious section 2 powers to gather
evidence. The high profile of the SFO combined with its recent bad publicity seems to have
threatened its very existence. Chris Dickson (Assistant Director, SFO) mentions the
possibility of the merging of the SFO with the Crown Prosecution Service (CPS), and the
National Criminal Intelligence Service (NCIS). The remainder of the talk focused on the
difficulties of joint investigations, the justification for the compelling powers, and
justification for the existence of the SFO due to its cost-effectiveness. Several of Chris
Dickson's recommendations stimulated interest in the audience, especially the American
model of plea bargaining that would give the SFO some influence in sentencing.
The structure of the Metropolitan Police Fraud Department was affected by the
restructuring program in the overall Metropolitan Police force in the last two years. At
any one time, the Fraud Squad handles between 600- 650 cases, among which advance fee
fraud, public section corruption, investment and banking related fraud, are on the top of
the list. Many of the fraud cases have an international connection. The primary concern of
the Fraud Squad is deterrence, hence the 'burden of proof' related to criminal
prosecutions. Organizations that are more interested in recovering assets by employing
private investigation agencies and accountancy firms to pursue civil prosecutions will not
attain the same level of deterrence, hence encouraging future criminals to pursue a better
and more sophisticated crime. The Fraud Squad uses information received from a variety of
sources including the NCIS, to decide whether to take action, usually in the form of
surveillance by an operational team to determine the identity of the perpetrator and the
scope of the criminal activity. By the time the perpetrator is arrested, a dossier of
evidence would have been collected about the criminal operation.
The National Criminal Intelligence Service (NCIS) is a national post box for suspicious
criminal activities. From there, financial disclosures required of financial institutions
in cases of suspected money laundering are disseminated to the relevant investigative
bodies. Law enforcement agencies are learning to coordinate their activities,
significantly reducing the time lag between a report, and an investigation. The
presentation by Detective Superintendent Ken Macpherson (Metropolitan Police Fraud
Department) shows the significance of NCIS. In this case, law enforcement has been using
legislation and technology to beat the criminals. The case of Anthony Williams (Deputy
Director of Finance, Metropolitan Police) who stole from the police force was disclosed
through the NCIS, and investigated by the Fraud Squad, culminating in a seven and a half
year sentence for Anthony Williams.
The presentation by Michael Varnum, Unit Chief of Economic Crime at the Federal Bureau
of Investigation (FBI) had a distinctively American flair. The Economic Crime unit is part
of the White Collar Crime Program, which also hosts the Financial Institution Fraud Unit,
the Government Fraud Unit, and the Public Corruption Unit. The Economic Crime Unit deals
with telemarketing fraud, insurance fraud, money laundering, computer crimes,
international fraud, securities and commodities fraud, and bankruptcy fraud. One cannot
help but reinforce the impression projected by the FBI in the cinema due to the size and
scope of their operations. Michael Varnum describes numerous cases of economic fraud,
including cases involving Alan Teale (insurance fraud), Norman Bramson (insurance fraud),
Operation Disconnect (telemarketing fraud), Kevin Mitnick (computer hacking), and Barrings
(securities and commodities fraud). The initiatives pursued by the FBI in controlling
computer misuse and frauds include: new levels of international cooperation, privatization
of computer crime laboratories and awareness of the increasing vulnerabilities created by
sophisticated technology.
It is always interesting to hear what the nominally silent lamb and sheep in financial
crime have to say about the field, because all measures are designed ultimately to protect
the victims. These may be quiet sheep, but nevertheless gigantic and powerful ones.
Despite the increasing number of attempted frauds, the increasing sophistication
(corruption or coercion of employees, accountants, and lawyers), and the utilization of
international fraudster networks to outpace detection mechanisms, there is also good news.
Technology has significantly reduced the number of credit card frauds, and legislation has
been helpful in freezing assets derived from crime. Ron Warmington (Vice President,
Citibank) who asked specifically not to be quoted, used two memorable phrases in his
description of the fight against financial crime. "I don't understand"
means that employees should question complex deals instead of pretending to understand. It
is better to sound stupid rather than be stupid. "I know a person" shows
the importance of maintaining a network of contacts throughout the financial sectors and
the law enforcement agencies.
Next, Tony Blunden (Compliance Director, Credit Suisse Financial Products) gave a talk
on crime within the OTC and derivatives market. The financial products in the OTC market
are especially susceptible to fraud since they are secret bilateral contracts. Financial
crime in this market can be classified as employee crime (fraud, insider dealing,
collusion), counterparty crime (collusion, fraud, money laundering), or criminal
activities related to emerging markets (misleading counterparties, underlying products).
The recommendations of the G30 report provide some guidelines for placing procedures in
place, but more important, are tests for the compliance of these procedures and their
effectiveness.
Bankers Trust defines itself as a global risk manager for "people with high net
worth (or rich people)." Therefore, their prevention program according to John Foos
(Managing Director, Securities Services Division, Bankers Trust Company - New York), is
based on a rigorous employee screening process, workplace security controls, peer loss
analysis, fraud databases, and law enforcement liaisons.
For financial organizations, cost effective preventive measures are the best proactive
approaches. However, if forced to react, their priorities are clearly in the following
order, 1) recover their (or their customers') losses, 2) see the criminal punished, 3) fix
the current procedures. This mis-match between law enforcement and financial institutions
means that banks and other victims of financial crime will turn increasingly towards
private investigations and civil litigation. Specialist security agencies will soon
acquire technology from privatized criminal laboratories, drying off stolen assets during
long civil litigation. The security environment envisioned in William Gibson's Virtual
Light [Gibson 1993] seem close to the horizon.
Audits and financial reports are crucial for accounting for corporate resources.
Corporate failures and cases of fraud highlight inadequacies in the management of public
companies, leading to the establishment of "a code of best practice" by the
Cadbury Committee. Compliance with the code of best practice is not mandatory under
company law, however companies listed in the London Stock Exchange are required to include
a statement of compliance with the code. The code makes it the board of directors' duty to
present a balanced and understandable assessment of the company's position, to ensure a
professional relationship with the auditors, and to establish an audit committee
consisting of at least three non-executive directors. It also makes it the director's
responsibility to establish effective internal financial controls. Martyn Bridges (Partner
- Investigation Services, Touche Ross) gave a good summary of the guidelines in the
Cadbury Report as an attempt to deal with management fraud and corporate governance. There
are doubts how far the self-regulatory framework will work, leaving the audience with the
impression that corporate governance is an area that the U.S. is also doing better than
the U.K.
Richard Coleman (National Fraud and Investigations Group, Coopers and Lybrand) spoke
about forensic accounting, while Ian Trumper (National Fraud and Investigations Group,
Coopers and Lybrand) describes two fraud cases and the problems of recovering the proceeds
of fraud.
Ian Huntington (Head of Fraud Investigations, KPMG) provided a pleasant talk on
financial fraud from the private investigator's viewpoint. His holistic view towards
identifying and managing risks, based on political change, organizational change,
technical change and the global nature fraud risk is a welcoming interpretation of the
security industry (from the social science viewpoint, it considers content, process, and
context). His recommendations for managing the risks effectively are: ensure that risk
managers have access to required information, exercise imagination in the range of
possible fraud, obtain organization-wide involvement, sell the concept to top management,
and dissemination of industry specific knowledge.
Lawyers and legislators are supposedly the monitors of socially acceptable behavior.
They decide which law to apply in cases of financial crime, and whether there is a need
for new laws. When reforms are needed, they make recommendations on the form and content
of the new regulations, and assess the effects of these new regulations on the rest of the
social system.
Legislators are usually seasoned politicians. They have a clear sense of what the
audience wants to hear, and can deliver an eloquent speech to persuade them that the
government is doing all it can. That is my impression of Sir George Young's (MP, Financial
Secretary to the Treasury) lunch time address. He assured the audience the importance of
the City to the U.K. and the need to continue the City's lead as the world's foremost
financial center. Regulations that the government is pursuing to help the City include tax
treaties with other countries so tax is only paid once. There are also efforts by Inland
Revenue to take the profit out of financial crime. The government is dedicated to
protecting financial institutions against financial crime.
Guy Harvey (Partner, Simpson Curtis) gave a talk on the consequences of financial crime
for employees, investors, customers, and media. In the case of employer-employee
relationship, there is a conflict between the recent trend of employee empowerment and the
need for management control to counter fraud. The organizational environment today tends
to create alienation and a culture of mis-trust, making employee fraud (which accounts for
70% of all frauds) more likely to happen. Cases of financial fraud also lead to a loss of
market confidence in general. For example, during the Barrings crisis, more than
[[sterling]]10 billion of funds was shifted away from the City due to loss of market
confidence. Financial fraud also affects customers, even though companies are reluctant to
involve innocent customers, commercial relations are still likely jeopardized, and losses
ultimately have to be passed on to customers in one way or another. Media relationships
may also be strained as companies try to refrain from disclosing too much information,
leaving plenty of room for media speculation. The law is basically weak and reactive in
this regard, a large number of financial fraud cases do lead to insolvency, and civil
remedies usually come too slowly. This leads to the Phoenix syndrome whereby companies are
"born-again," leaving the creditors in prolonged trials for the return of funds
that are no longer existent.
Miles Laddie (Solicitor, Denton Hall) used years of his experience in criminal cases to
say that "Everyone's a Fraudster, or has the potential to become one." His talk
was focused mainly on people problems (e.g., "employees are paid enemies"),
understanding the reasons why people defraud others (low income, gambling, peer pressure),
and how they intend to conceal the crime (personal integrity, likelihood of discovery,
increasing pressures or opportunities). Standard procedures like employment screening can
help in filtering potential employees, and a channel of addressing grievances can reduce
instances of fraud. Two items mentioned in the talk are especially worthy of mention.
First charities, social security agencies, and even the police force are susceptible to
fraud, especially when they seek profitable financial products in an amateur fashion.
Second, fear of adverse publicity is not justified by the results of a survey. It is not
only deceitful to conceal the facts, but also self-defeating since "failure to
prosecute and deal openly with the problems is a positive encouragement to fraud, it is
the ultimate blank cheque."
Even though fraud has always been with us, rapid technological change creates
opportunities for abuse. Information technology crucial to modern banking and finance is
especially weak as it is today due to three reasons: 1) the ease of access, dissemination,
and hence disclosure if misused, 2) the ease of modification without leaving concrete
evidence linking to a certain individual, 3) the large sums of money involved and hence
the hugh payoff if fraud is successful.
The use of technologically exotic solutions to relieve security problems is highly
attractive to organizations. However the security profession is well aware that no system
is secure by itself, more often than not the weak link prove to be humans. Advances like
holograms and smart card technology for example, may have reduced the number of problems
related to credit card fraud. However they also tend to create new ones as organizations
learn to cope with changes to the existing system, and criminals learn to defraud the
system. The introduction of security technology also has to be balanced against business
costs, risks and values. Without re-iterating the importance human issues, I will focus on
the impact of new technologies on both fraud and detection.
Martin Samociuk (Managing Director, Network Securities Limited) began by talking about
technology used in modern fraud cases, starting for example with interception of
information, electronic radiation, and passwords, then targeting insiders to take
fraudulent action. The audience may or may not be relieved that there are technologies
(e.g. expert systems and neural networks) to assist in both active and passive detection
of such fraud also.
Stephen White (Director, Incity Solutions) gave a similar talk on prevention based on
human issues, systems issues, network issues, and monitoring. The standard recommendations
for access controls using passwords, encryption, securing secondary backup, ensuring data
destruction, transaction logging, use of firewalls on public networks and disaster
recovery are all discussed in the context of balancing security and business overhead.
A good example of using technology to combat financial crime is trade monitoring at the
London Stock Exchange (LSE). Alan Wilson (Manager, Surveillance Department, London Stock
Exchange) talked about monitoring systems at the London Stock Exchange for deterring,
detecting, and investigating criminal offenses like market manipulation, insider trading,
and money laundering in the equity market.
Rowan Bosworth-Davies (Titmuss Sainer Dechert) presented a haunting look at the future
of financial crime based on the breakdown of nation states, the emergence of a global
marketplace, intellectual elites, and a dispossessed underclass. With the diminishing role
of the state, there is reason to believe the victims of the future will carry out
everything from protection, investigation and prosecution. Such circumstances would
require a large security industry in the private sector, whereby the state police may be
acquired and merged together with large security firms. The criminal environment of the
future will be dominated by powerful drug cartels and class warfare. This post-Robocop
scenario is also shared by authors like Mike Davies, Ian Angell, and William Gibson.
The conference ended with an hour long debate on the motion that "criminal law is
structured correctly to combat with financial crime". Among the issues raised in the
debate were the semantics of criminal law, the deterrence value of criminal conviction,
and the inadequacies of the current legal system. The debate was not very focused since
the two sides seem to be arguing about different issues. David Lee (against the motion)
could easily point to legal proceeding that seem to benefit no one. While Chris Dickson
(for the motion) would point to practical issues of enforcement and funding. The results
of a vote from the audience was 8 for the motion, 44 against, and 12 people abstaining.
The majority of the audience believed the legal and penal system were insufficient to
handle financial crime, in spite of the advances made in the legislation to combat
financial crime. An appropriate conclusion after listening to 19 speakers (2 MPs, 2 QCs, 4
senior law enforcement officers, 3 lawyers, 3 bankers, 3 accountants, and 2 security
consultants) over 2 days (8 hours per day).
The conference consists of an up-to-date report on the status of financial crime.
Plenty of advances have been made in computer security, auditing, investigation,
prosecution, legal reforms, and law enforcement, but obviously the current status is
hardly satisfactory, and unacceptable for most practitioners. The future of this field is
filled with tension, and will be one of the most interesting developments to observe.
The conference was an eye opener for me personally, even though I realize after
speaking to some classmates that there are not much differences with the Organized Crime
conference held in February 1995 at the Dorchester Hotel. Most speakers accept the fact
that fraud will always be there, yet they bring along a suitcase full of practical
knowledge. The most significant lessons learnt from this conference are summarized below.
Lack of reliable information
There is lack of reliable information in this field, but no lack of guestimates, for
example, it has been estimated by various sources that:
1) economic loss from computer crime in the U.S. ranges from US$ 164 million (1991 USA
research) to US$ 5 billion (1990 SEARCH)
2) economic loss from computer crime in the U.S. and Western Europe estimated to be US$
140 billion (1993 Kremlin International News Broadcast)
3) revenues generated by narcotics sales in the U.S. range between US$ 60 - 120
billion, of which US$ 40 - 100 billion reinvested in financial and commercial entities
(1988 U.S. Drug Enforcement Agency)
The lack of reliable sources on the dark side of crime, and the unwillingness of
victims to report crimes makes it difficult to assess the nature of the crime. With the
end of the Cold War, nation states might like to turn their intelligence efforts on
financial crime. The National Criminal Intelligence Service (NCIS) is a good example of
the importance of criminal information for law enforcement.
The Profile of a White Collar Criminal
The criminal is not represented in the conference, nor was he/she asked to speak.
Police investigators should have very good information in this regard, and the sharing of
such information would be very interesting. Ron Warmington gave an interesting profile of
the "entrepreneur fraudster" providing a hint of what everyone is up against.
The profile describes the white collar criminal as: a person well educated with big
company or services experience, divorced (twice), early retired with no pension, sick with
expensive medical bills, once wealthy and influential with good contacts, expensive in
life style, now bust but still well-dressed, charismatic, amusing, plausible, and amoral.
The compilation of criminal cases may be regarded as highly sensitive, but up-to-date
information on criminal cases is essential to recognizing flaws in other systems. John
Foos calls it a fraud intelligence file. Others call for industry cooperation. Being a
victim should not be a sin. Criminal cases should be brought to light, scrutinized, and
studied.
Implementing day to day discipline
Technological, organizational, political and environmental change benefits no body in
particular. Those protecting against financial crime have to learn to utilize their
resources like the criminals have, with the same if not higher degree of vigilance.
Searching for flaws within the system and mending them involves the same process,
identifying problems, risks, internal weaknesses, use of imagination, and access to
information. Successful companies are those that have a organized strategy, involving
employees, top management, industry cooperation.
Prevention of financial crime should be regarded as a part of risk management.
Companies should also bare in mind that their security costs represents additional
barriers and hence costs to the criminal also.
I find Ian Huntington's comment that "implementing day to day discipline is much
harder than dealing with the occasional crisis" especially memorable. In many cases,
it is not a lack of information, or not knowing what to do, but building up the discipline
to implement it on a daily basis.
Taking Action
There is the impression that the U.S. is more advanced in corporate governance, and
several other areas, probably due to the chaotic environment and the corresponding
pressures. The situation can be improved on, but it would require the major players in law
enforcement, financial institutions, accountancy, management, lawyers, legislators, and
technology specialists have to get their acts together. Even though the conference is
supposed to be an exchange of ideas, the division of this report should make the agenda of
each key player quite clear and distinct. The law enforcement presentations though
impressive, gave the impression of superiority, as if they had superior integrity and
criminals deserve to be prosecuted. The legal system still favors criminalization, which
is doubtlessly a frightening experience for anyone. They neglect the fact that victims in
financial institutions just want their money back. White collar criminals are sympathized
upon because they are easily lead astray by opportunity. The industry should not try to
substitute discipline (or vigilance) with new technology or market forces even in the face
of increased uncertainty. The frightening spectre of the future envisioned by Professor
Ian Angell's globalized cyber society gives much food for thought on the actions to take
in order to attain socially desirable results. Combating financial crime effectively
requires the cooperation of all the players involved. Perhaps there are already very close
links and cooperation between the major institutions, and the danger from the white collar
criminal is no longer a major threat. Or perhaps they are not sufficient to counter the
threat from financial crime?
References
Gibson, W. (1993). Virtual Light. Penguin Books.
Sommer, P. (1994). Investigating Computer Crime: First Steps. In Twelfth
International Symposium on Economic Crime, Jesus College, Cambridge: 11-17 September,
1994
Trocki, V. (1995). Proceedings of the Financial crime
conference. In V. Trocki (Ed.), Financial Crime Conference. Cafe Royal, London:
Compliance Control Limited.
