Here are some of the highlights and findings from this annual survey:
- 5% of annual revenues are lost to fraud
- 25% of the fraud incidents involved losses of $1,000,000.00 or more
- Frauds lasted a median of 18 months before being detected
- Small organizations are much more likely to be victims
- Fraud perpetrators often display warning signs they are engaging in illicit activities
While these are consistent with previous years results the article in this latest issue that caught our eye is worth further investigation and analysis. "The Fraud-Terror Link: Terrorists are Committing Fraud to Fund Their Activities."
The threat of terrorism has become the principal security concern in the United States since 9/11. Some might perceive that fraud isn’t linked to terrorism because white-collar crime issues are more the province of organized crime, but that perception is misguided. Terrorists derive funding from a variety of criminal activities ranging in scale and sophistication – from low-level crime to organized narcotics smuggling and fraud. CFEs need to know the latest links between fraud and terror.
Credit card fraud, wire fraud, mortgage fraud, charitable donation fraud, insurance fraud, identity theft, money laundering, immigration fraud, and tax evasion are just some of the types of fraud commonly used to fund terrorist cells. Such groups will also use shell companies to receive and distribute illicit funds. On the surface, these companies might engage in legitimate activities to establish a positive reputation in the business community.
Financing is required not just to fund specific terrorist operations but to meet the broader organizational costs of developing and maintaining a terrorist organization and to create an enabling environment necessary to sustain their activities. The direct costs of mounting individual attacks have been relatively low considering the damage they can yield.
The nexus between those who wish to attack our physical or digital infrastructure assets are after the same outcomes. High number of victims and media exposure. The threshold for financing overt attacks is coming down and the face of terrorism is changing. It has morphed into a pattern of behavior that requires the OPS Risk professionals to see the link and to study the reasons why the Fraud-Terror convergence is happening now.
Small groups of people who are doing pre-operational surveillance on targets in both physical locations and online Internet points of presence are in need of funding. Yet it doesn't take much. The London Bombings of 2005 were financed with a budget of around $15K. Now let's go back to the stats from the latest survey for a minute.
"Internal controls alone are insufficient to fully prevent occupational fraud. Though it is important for organizations to have strategic and effective anti-fraud controls in place, internal controls will not prevent all fraud from occurring, nor will they detect most fraud once it begins."
So where is this wave of fraud schemes coming from and attacking the average person on the street. Actually it's in cyberspace. This is where a tremendous amount of non-profit, charitable and other mechanisms for generating revenue and funding for terrorism occurs. Identity Fraud, Mortgage Fraud, Insurance Fraud and Immigration Fraud all are the precursors to the collection and potential dissemination of funds to those who are planning to harm people and our economic way of life.
We have found in that the best approach to this threat is education, awareness and sharing of best practices. To jump start the conversation in your metro area of the United States you only have to look to your local InfraGard chapter. This is a good first step in opening up the dialogue on topics such as transnational economic crime and who is behind these operations. Here is a good example of what's happening in the Washington, DC area:
"The Communication Infrastructure and Organization of Transnational Cyber Criminal Syndicates"This Intelligence Briefing will address the tradecraft employed by cyber criminals who participate in private, organized transnational criminal operations using self-created and self-maintained infrastructures rather than the tradecraft of those in traditional underground forums that exist on the Internet. Included in the briefing will be discussion of technical infrastructures, communication methods and division of labor of cyber criminal organizations.
Once the Certified Fraud Examiner, IT cybersecurity professional and the intelligence analysts finish their brown bag lunch, you can see the collaboration wheels turning. In the grand scheme of millions and billions of dollars that are spent on sensors, anti-terrorism technologies for homeland security or the dollars wasted on procurement, the simple public-private partnership wins every time. Again, reflecting on the latest Occupational Fraud survey:
operational riskOccupational frauds are much more likely to be detected by tip than by any other means. This finding has been consistent since 2002 when the ACFE began tracking data on fraud detection methods.