Professional Documents
Culture Documents
Global Profiles of The Fraudster v2
Global Profiles of The Fraudster v2
profiles of
the fraudster
White-collar crime – present
and future
kpmg.com/fraudster
2 Global profiles
of the fraudster
Introduction
F
raud specialists have long debated to the typical fraudster identified in the today’s strain, but next year it evolves
whether it is possible to develop a investigations KPMG firms reported on into something as bad if not worse,”
profile of a fraudster that is accurate two years earlier. The typical fraudster in says Phil Ostwalt, Global Coordinator
enough to enable organizations the 2013 study is 36 to 45 years of age, for Investigations for the Global Forensic
to catch people in the act of fraud or even is generally acting against his/her own practice at KPMG.
beforehand. The prediction of a crime organization, and is mostly employed in an
One major change is the growing use
before it occurs is, at least for now, the executive,3 finance, operations or sales/
of technology by fraudsters, and not
subject of science fiction. But an analysis marketing function. He/she holds a senior
just in the technologically advanced
of the constantly changing nature of fraud management position, was employed in
countries, such as the US “a concern
and the fraudster can help organizations the organization in excess of six years and,
for all business is that we are about to
stiffen their defenses against these criminal in committing the fraud, frequently acted
see a new generation of people, able to
activities. Forewarned is forearmed. in concert with others.
use more technology and with access
This report contains KPMG’s analysis of Other findings, to much more
596 fraudsters member firms investigated however, are information than
between 2011 and 2013. It is intended different. This
The typical fraudster past generations. All
to provide the reader with insights into time, we have among the 596 of which points to
the relationship between the attributes developed a series included in the 2013 a new era for fraud
of fraudsters, their motivations and the of themes in order and illegal activities,”
environment in which they flourish. We to understand
survey is very similar says Arturo del
have also interviewed KPMG member the changing to the typical fraudster Castillo, Managing
firms’ investigation leaders to gain relationship among identified in the KPMG Director of Forensic,
additional insights. This report builds the fraudster, his/ KPMG in Colombia.
on our 2011 publication, Who is the her environment investigations reported
We believe that
typical fraudster?1 covering 348 cases and the frauds on two years earlier. understanding this
investigated, and on our 2007 publication, committed. And
fluidity will enable
Profile of a fraudster.2 The 2011 report after taking into
organizations to protect themselves
focused on the relationship between account the insights of our investigation
better against fraud and may improve
global patterns of fraud, various attributes leaders around the world, we conclude that
their ability to identify the fraudsters,
of fraudsters and how these may evolve in the type of fraud and the type of fraudster
many of whom perpetrate their crimes
the next five years. are continually changing. “The intriguing
over long periods. A lot of fraudsters are
thing about fraud is that it is always
The typical fraudster among the 596 hiding in plain sight. They may blend into
morphing, like a strain of flu; you can cure
included in the 2013 survey is very similar the background or occupy prominent
1
Who is the typical fraudster? KPMG analysis of global patterns of fraud, 2011
2
Profile of a fraudster survey, 2007
3
The function is also known as general management and includes the Chief Executive Officer.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 3
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
4 Global profiles
of the fraudster
Methodology
By means of a survey, KPMG gathered data from fraud • Environment considers that tend to enable fraud
investigations conducted by KPMG member firms’ forensic
• The impact of fraudster’s capabilities
specialists in Europe, Middle East and Africa (EMA), the
Americas, and Asia-Pacific regions between August 2011 and • The context in which fraudster’s ply their trade across the
February 2013. We analyzed a total of 596 fraudsters who were countries in which KPMG operates
involved in acts committed in 78 countries. The survey examined
The findings in this report are contrasted, where possible, with
“white collar” crime investigations conducted across the three
our 2007 and 2011 analysis to highlight shifts in patterns and to
regions, from interviews from 42 KPMG Forensic practitioners,
provide a perspective on emerging trends.
where we were able to identify the perpetrator and could
provide detailed contextual information on the crime. This report does not reveal the names of any parties involved to
protect confidentiality. Many of the cases included here did not
The analysis identifies:
enter the public domain; others were publicized but usually without
• Fraudster profiles and details of the more common types of fraud the details. All monetary amounts are reflected in US Dollars.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 5
Three
drivers of
fraud
In order to understand a fraudster’s
profile it is useful to consider three drivers
The Fraud Triangle
of fraud: opportunity, motivation and
rationale. “People commit fraud when
three elements occur simultaneously, the
perfect storm; motivation, opportunity
and ability to rationalize the act. In
almost all cases, this explains why the
fraud occurs and why a particular type
of person becomes a fraudster,” says
KPMG’s Forensic practice in China.
The three drivers are part of a standard
OPPORTUNITY
methodology developed for fraud
investigators in the 1950s. We include
capability as a component of opportunity The Fraud
to create a more complete picture of Triangle
the person who commits fraud. Here is
one way to understand the picture: The
potential fraudster sees a door opened
by opportunity. Motive and rationale
propel him/her towards the doorway and
capability takes him/her through it.4 MOTIVATION RATIONALE
Source: Global profiles of a fraudster, KPMG International, 2013.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
6 Global profiles
of the fraudster
Now, let us look at each of the drivers of often, organizations do not focus on fraud
fraud in turn: prevention by setting up the right controls Opportunistic fraudster
and learn their lesson too late. • Characteristics: first-time offender,
Opportunity
middle aged, male, married with
People do not commit fraud without an “Many companies think of proactive
children, trusted employee, in a
opportunity presenting itself. A plurality anti-fraud measures like insurance – if
position of responsibility, good
of fraudsters in the surveyed cases it may never happen, why spend the
citizen in community
investigated have worked in the victim money?” says James McAuley, Partner,
organization for more than six years, Forensic, KPMG in Canada. Elsewhere, • Typically has a non-sharable
and nearly three quarters of the frauds organizations lack even simple controls. problem that can be solved
were conducted over a 1-5 year period. “Frauds frequently occur because of a with money, creating perceived
This implies that fraudsters do not join an failure to have a basic control in place. pressure
organization with the aim of committing Our investigations show, for example,
• When discovered, others are
fraud. But changes in personal that management does not always
often surprised by the alleged
circumstances or check supporting
behavior of the perpetrator
pressures to meet documentation
aggressive business
Management before authorizing a Predator
targets may create frequently regards transaction. This goes • Often starts as an opportunistic
the conditions fraud risk as a single back to Sweden’s fraudster
conducive to fraud. culture of trust,”
They may commit dot on the risk says Martin Krüger,
• Alternatively, seeks out
organizations where he or she
the fraud once they matrix, not always Partner in charge of
can start a scheme almost
are comfortable in
fully appreciating Forensic for KPMG
immediately upon being hired
their job and enjoy in Sweden. In parts
the trust and respect its real nature and of the Middle East, • Deliberately defrauds
of colleagues (see extent. many organizations organizations with little remorse
sidebar). are only beginning
• Better organized than the
to understand the
How does the opportunity present itself? opportunistic fraudster and with
need for controls to prevent fraud. “We
According to the survey, 54 percent of the better concealment schemes
see many public and privately owned
frauds were facilitated by weak internal
companies exposed to fraud, with few • Better prepared to deal with
controls. This suggests that if many
defenses. Although internal controls auditors and other oversight
organizations tightened controls and the
and fraud risk management is not yet mechanisms
supervision of employees, the opportunity
embedded in the business culture, the
for fraud would be severely curtailed. Too
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 7
dialogue has started,” says Arindam then given the attention and treatment Capability
Ghosh, Associate Director and Head required to manage the risk,” says Mark As noted earlier, we include capability as a
of Forensic Services, Risk Consulting, Leishman, Partner, Forensic Services, subset of the opportunity driver. Capability
KPMG, in Bahrain and Qatar. KPMG in Australia. consists of those attributes of the
fraudster that enable him/her to exploit the
But strong internal controls will not Sanctions, such as civil litigation or
opportunity, when it arises. The attributes
prevent all fraud. For 20 percent of the public prosecution, may deter fraud,
are the fraudster’s personal traits and his/
fraudsters, the fraud was committed but few companies are prepared to risk
her ability to execute the crime.
recklessly, regardless of the controls. harm to their reputation. A jail sentence
And for 11 percent, fraudsters colluded was the fate of only 7 percent of the Capability often depends, therefore, upon
to circumvent the controls. In these fraudsters, while criminal or civil litigation the seniority of the fraudster. A large
cases, the fraudster may be somebody proceedings was for 35 percent. Fifty- proportion of fraudsters holds managerial
who understands five percent of or executive positions5 (25 percent and
the controls fraudsters were 29 percent respectively of those employed
and knows how In Singapore, relatively dismissed from their by the victim organization). “In the next 3
to manipulate
them or who
speaking, there is jobs, thus raising the
risk that fraudsters
to 5 years, we may see the fraudster in the
East Africa region becoming increasingly
finds a flaw in very little corruption, may commit crimes sophisticated and senior in the organization
the controls by mainly because at other companies as company controls improve, and more
accident and where they are
exploits them. No
the enforcement subsequently
fraudsters are successfully tried and
sentenced,” says Marion Barriskell, Head
control system is stringent, and employed in the of Investigations for KPMG in East Africa.
is watertight. business is conducted absence of being The more senior the fraudster, the greater
Human vigilance prosectured. All the the ability to get past controls. “We usually
is required.
in a transparent way, more important, find the fraudster overriding controls.
KPMG’s therefore, to While most companies in Switzerland have
investigators say that organizations need establish regulations to control business standard internal controls, a person can
to monitor continuously the internal and behavior and then to enforce them. “In root out opportunities after 4 or 5 years,”
external environment, yet they have Singapore, relatively speaking, there is says Anne van Heerden, Partner in charge
found that most of them do not do this. very little corruption, mainly because the of Forensic and Consulting practices for
“Management frequently regards fraud enforcement is stringent, and business KPMG in Switzerland.
risk as a single dot on the risk matrix, not is conducted in a transparent way,” says
Among those insiders who collude
always fully appreciating its real nature Lem Chin Kok, Partner, KPMG Forensic
with other employees, the respective
and extent. This often means it is not Services, KPMG in Singapore.
ratios are 24 percent and 38 percent.
As noted earlier, KPMG tends to investigate frauds perpetrated by senior employees, so this finding may not
5
hold among the entire population of fraudsters, in which there may be a high proportion of crimes committed
by lower-level employees.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
8 Global profiles
of the fraudster
Fraud by industry
In every industry, fraud tends to be shaped by the
opportunities for malfeasance. In financial services,
pharmaceuticals, consumer and industrial markets, the
most common fraud is embezzlement. But in energy &
natural resources (ENR), the public sector and information,
communications & entertainment, the most common fraud
is procurement. Financial services yielded the highest cost
of fraud, commonly more than $5 million per fraudster.
Other industries suffered lower costs, often in the $200,000
- $500,000 range. Corruption was more prevalent in
pharmaceuticals, financial services and ENR than in other
industries. In the case of pharmaceuticals and financial
services, this occurred despite the fact that organizations in
these industries operate in a highly regulated environment.
Second, 46 percent of all fraudsters were missing a financial target or the desire for
computer literate, which is increasingly a bigger bonus. “More foreign companies
an asset when so much data is stored in are increasing local management’s
computers and when cyber fraud is likely incentives linked to performance and
to grow in frequency. In terms of personal cutting formal earnings. We see this
traits, the preponderant characteristics triggering increased earnings manipulation
do not tend to support the notion of a and financial statement fraud, as
reclusive loner. The fraudster tends to be managers chase targets,” says Jimmy
highly respected (39 percent of all cases Helm, Partner and Head of Forensic for
surveyed), friendly (35 percent) and/or KPMG in Central and Eastern Europe.
extroverted (33 percent).
Indeed, several investigations leaders
Motivation noted an increase in earnings manipulation,
Fraud, as with any crime, requires a no doubt related to the effects of the
motive, and for the 596 fraudsters, the economic recession. “With the economic
overwhelming reason for committing pressures, several companies facing
fraud is financial. The survey respondents bankruptcy and, unable to meet stringent
were offered 14 possible motivations and targets set by financial institutions, have
could select as many as they believed been resorting to financial-statement fraud
appropriate. Out of a total of 1,082 or earnings manipulation to demonstrate
motivations listed, 614 were motives of growth,” says Yvonne Vlasman, Partner,
greed, financial gain and financial difficulty, Forensic, KPMG in the Netherlands.
and a further 114 were related to business
Greed infrequently seems to spill over into
targets. The only non-financial motive as important in only 16 percent of the
observable patterns of behaviour. Only 18
that comes close is sheer eagerness (or investigations, somewhat surprising since
percent of the fraudsters had expensive
“because I can”) with 106. financial gain is an overriding factor in fraud.
hobbies and 17 percent drove expensive
These 614 motivations cover a wide range vehicles, hardly distinguishing features The only emotion that appears to be
of financial triggers. One such is a desire when the fraudster is a senior executive. significant is a sense of superiority, which is
to enhance one’s lifestyle. “Typically, important for 36 percent of the fraudsters.
Rationale
a person commits fraud to fund an This may be linked to the fact that 29
Fraudsters, as with other types of
extravagant, or at least very comfortable, percent of the frauds were committed
criminals, will frequently provide a rationale
lifestyle; we seldom see people turn by executive directors, the largest single
for their deeds. Emotional motivators
fraudster to make ends meet. Already well job title. Indeed, 44 percent of executive
such as anger and fear were mentioned
off, we often wonder why they take the directors felt a strong sense of superiority,
infrequently among fraudsters. Anger and
risk,” says Anne van Heerden, Partner and no doubt reinforcing their view that they did
fear were important factors in 10 percent or
Head of Forensic for KPMG in Switzerland. not need to play by the rules regulating the
less of the 596 fraudsters. Even a sense of
Other financial triggers include the fear of behavior of the rest of the workforce.
being under-remunerated was mentioned
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 9
As observed by KPMG firms’ investigators, is now illegal; people will need to change towards fraud is changing, from grass
the reason for the fraud is broadly their habits, led, rather than trailed, by roots to business and government; fraud
determined by the ethical and cultural legislation,” says Gert Weidinger, Partner is less acceptable. In short, the window
context, and this varies from country in charge of Forensic Services for KPMG in on endemic corruption is slowly closing,”
to country. Government regulation and Austria. says Barriskell. In Vietnam, there are
the enforcement of the rules can often signs of stronger enforcement, too.
In some East African countries, business
reinforce ethical standards, because a “Kickbacks and bribes in procurement
rules are being tightened and more
fraudster who is prosecuted will find it are widespread; it is part of how business
money spent on prosecution of fraud,
harder to rationalize his/her actions by works in Vietnam, and often considered
and malfeasance is becoming less and
saying that the behavior is accepted in harmless compared to fraud or theft. But
less acceptable. “Over recent times,
the country. “A decade ago in parts of we expect tangible outcomes in the next
there is a decreasing tolerance for fraud
Europe, companies could deduct bribes 3-5 years from the increased emphasis on
as new governments promote freedom
in foreign jurisdictions as a useful cost. reducing fraud,” says John Ditty, Chairman
of speech and invest in the country’s
However, what was previously permitted of KPMG in Vietnam and Cambodia.
enforcement framework. The attitude
and considered a cost of doing business
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
10 Global profiles
of the fraudster
Nature
versus
nurture
The relative impact of personal and environmental
factors on the propensity to commit fraud
It is important to understand whether For 53 percent of the 198 fraudsters the domain in which the fraud occurred
personal or environmental factors are where corrupt conduct was present, (whether the domain be the right to sign
stronger determinants of fraudulent weak internal controls contributed to contracts, authorize payments, and so
conduct, because this finding will the perpetration of the fraud. Internal on). “We continue to see the archetypal
influence the way fraud is investigated control is, however, not a strong factor fraudster in most fraud investigations in
and how the risk of fraud is managed. influencing whether a person would Central and Eastern Europe to be a senior
If personal factors are dominant, engage in corrupt behaviour. Corrupt executive or manager with authority,
fraud investigations (and fraud risk behaviour involves at least two people, and having been with the company for
management) will focus on the fraudster’s and at least one of them is rarely subject over 4 years, knowing the system and
personality. If environmental factors are to internal controls. The increasing its weaknesses. What has changed is
dominant, the investigation will focus on globalization of organizations is making more collusion, more recklessness,”
the environmental aspects to determine it more and more difficult for the says Helm.
how a fraud occurred. central office to monitor what far-flung
In this sense, unlimited authority reflects
departments are doing. “In the UK more
We isolated those fraud cases KPMG a lack of internal controls, albeit in the
than 60 percent of bribery and corruption
member firms investigated in which we governance of the domain in which
investigations relate to problems in other
were confident that corrupt conduct was the fraud occurred. We observe that in
jurisdictions. This is not about more or
present. Corrupt conduct in the execution 61 percent of the 214 fraudsters with
less corruption in different countries, but
of fraud provides markers that helped unlimited authority KPMG member firms
the fact that the further away from head
build a profile of how fraudsters behave in investigated, the frauds occurred in a
office you go, the more the message
a way that introduces corruption into their weaker regulated environment. Thus,
dissipates, especially in the face of
crimes. These markers consist of certain the environmental themes of controls
significant pressure on people to achieve
behavioral patterns of a specific type of and checks and balances are central to
results,” says Alex Plavsic, Head of
fraudster and help enable the prediction of three of the four categories mentioned
Forensic for KPMG in the UK.
corrupt behavior as a profile element of a above (opportunity, motivation, rationale;
fraudster. In analyzing the corrupt conduct, More relevant, perhaps, is the nature of the other one being capability). “Fraud
key observations were grouped into the the authority under which the fraudster is most common in smaller, family-
three drivers, adding for consideration operated. For 62 percent of the 130 owned enterprises mainly because they
capability as a subset of opportunity fraudsters analyzed where we could lack the controls to protect themselves
(opportunity, motivation, rationale and observe the degree of authority enjoyed against potential fraud. Yet these kinds
capability; the first two categories are by the fraudster and where corrupt of companies form the core of the Greek
environmental factors, the latter two are behavior was involved, we found the economy,” says Christian Thomas, Partner,
personal attributes). fraudster had unlimited authority over Head of Forensic for KPMG in Greece.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 11
22%
6
KPMG Report Corporate Fraud in Latin America 2008-10, published in 2011.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
12 Global profiles
of the fraudster
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 13
Figure 4
18%
31% 42%
Greed
36% Personal gain
Because I can
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
14 Global profiles
of the fraudster
The changing
face of fraud Organizations must adapt to the fraudster’s
ever-changing profile
There is no single template for fraud and expanding role of collusion, as we see in uncover. “We frequently see agents or third
there is no single, unchanging face of the the next section. parties like customs agents pay a bribe
fraudster. The crime and the perpetrator on behalf of a company, then invoicing for
Collaborators, insiders and outsiders
will vary depending on the relative apparently legitimate services to refund
Solos are a tough act. Many fraudsters
importance of the three fraud drivers this outlay. The invoice to the company
may prefer to work alone, because they
and capability of the fraudster noted looks like a legitimate fee for services so it
do not have to rely on others to keep
earlier, and this is often the reason why is difficult to detect,” says Layton.
quiet and to share the spoils with, but
it is difficult to detect fraud. “We do not
most fraud requires collaboration. The When a fraudster colluded, 21 percent of
see one personality profile that commits
fraud is often too the frauds were
fraud; all types of people commit fraud
complex for one embezzlement,
if the opportunity presents itself,” says
person to execute;
A full 70 percent of compared with
Nigel Layton, Partner, Head of Forensic,
Risk Consulting at KPMG in Russia and
it requires others fraudsters in our survey 27 percent when
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 15
Collusion appears to be a growing are doing business with and through people act alone). There was also a disparity in
trend. The proportion of cases involving you can trust,” says Plavsic. For 43 percent the method of detection. Solos were
collusion rose from 32 percent in the of fraudsters, the collusion involved both predominantly detected by management
2007 survey, to 61 percent in 2011 and 70 insiders and outsiders, and for a further review (27 percent) and by accident in
percent in 2013. Regionally, however, the 19 percent, the collaboration consisted a quarter of the cases. When there was
picture is less clear-cut. Between 2011 of a sole insider collusion, the top
and 2013, there was an increase in the and one or more fraud detection
proportion of cases involving collusion outsiders. KPMG
Fraud involving methods were by
in the EMA and Asia-Pacific regions, but firms’ investigators collusion does more anonymous informal
not in the Americas. Collusion tends to say that in most of financial damage, too. tip offs (22 percent)
be higher in countries where business these cases where and by formal
is often driven by social relationships, insiders worked with Thirty-three percent whistle blowing
such as Africa and parts of Asia. But outsiders, it was the of cases involving (19 percent).
in more patriarchal places, fraud is insiders who took
collaboration entailed If cyber fraud
often committed by senior personnel the lead, since he/
instructing their underlings to carry out she tends to identify a total cost to the becomes more
important, as
illegal transactions. “People sometimes the opportunity and victim organization of seems likely, it
help perpetrate a fraud not for any to know the soft
personal benefit but because they are spots in a company’s
more than $1 million. remains to be
told to,” says Jamieson. defenses. Indeed, For solos, 24 percent seen whether
the prevalence
Insiders and outsiders
more than 42 percent involved more than $1 of outsiders will
of fraudsters had
An important form of collusion is
worked for the victim
million. grow. In theory,
between the insider and the outsider, more hackers will
organization for more
especially when it is procurement be looking for the
than six years.
fraud, such as inflating invoices. Indeed, weak points in organizations’ defenses,
many organizations fail to conduct due Corruption was a common element in but they could be insiders just as much
diligence of their suppliers and corporate cases of collusion; we found 29 percent as outsiders. We now turn to the growing
customers.7 “The ultimate defense in of collusion-related cases involved bribery role of technology in fraud.
today’s environment is to ask whether you (which cannot be present when people
Third-party risk management: What you don’t know about your business partners can hurt you, KPMG 2013
7
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
16 Global profiles
of the fraudster
Adventures in
cyber space
New technology has created novel types of
fraud behavior
Cyber security has become a buzzword organizations take steps to defend likely to become a rapidly growing problem
at an alarmingly rapid rate. Much of the themselves.“Computer and network for organizations and will take place on
publicity surrounding the term has focused technologies make it possible for white- a much greater geographical scale than
on reports of government attempts8 collar criminals to operate more efficiently before. “Cyber crime has increased and
to impede the development by other and with less risk; it eases access, we expect cyber-attacks and high-tech
governments of nuclear weapons and effectively lowering barriers for a new fraud to grow exponentially,” says Lem.
similar strategic events. But companies generation of fraudsters,” says İdil Gürdil,
One method of defending against
find themselves increasingly vulnerable Head of Risk Consulting for KPMG in
cyber crime is to develop strong IT
to cyber attacks, many of which, we must Turkey.
systems designed to detect hackers and
assume, go unreported. “The worrying
Growth in store prevent them from damaging internal
thing about cyber-attacks and high-tech
At this point, the scale of detected infrastructure or stealing data. “In Italy, like
fraud is that it is so easy for perpetrators to
cyber fraud9 appears to be small. Of the elsewhere, there has been a tremendous
gain access; many companies don’t even
cyber-related crimes we analyzed, most increase in cyber-attacks,” says Pasquale
know it is happening,” says Vlasman.
occurred by way of methods used such Soccio, Forensic Associate Partner, KPMG
Organizations, corporate or otherwise, are as infections of computer systems with in Italy. “In a business world reliant on
struggling to keep pace with the growing malware, attacks on computer networks technology, if a company does not have
technological sophistication of hackers. and so on. Weak internal controls often a robust IT security system to protect
“While some sectors are better prepared facilitated the fraud which comprised, against attack, even internal attack, it
for cybercrime than others, companies inter alia, fraudulent financial reporting has a really big problem. A strong IT
that have experienced high-profile cyber and misappropriation of assets. The security system is a prerequisite to doing
incidents do not necessarily appear in a fraudsters were mostly employed by the business.” A lot of organizations, however,
better position to deal with future attacks. victim organization, mainly in IT, but also have been slow to build their defenses.
These companies are also struggling with in finance and operations. They ranged in “Many companies fail to develop adequate
how to manage this risk proactively,” says seniority from staff level to executives, detection or warning reports to provide
Ostwalt. were aged between 18 and 55 years, and alerts on unusual transactions in the
were employed by the organization for system, so it is difficult to detect and track
A few years ago, hackers were motivated
between one and six years. In most cases unusual activities,” says Rex Chu, Forensic
by political objectives and disrupted
they also acted in collusion with others, Director at KPMG in Taiwan.
computer networks to make an ideological
who were also mostly employed by the
point; but it’s only a matter of time until Given that it takes an average of three
victim organization.
fraudsters harness the full power of to five years to detect fraud and that
technology to enrich themselves and Interviews with member firms’ cyber-related crimes are so novel, it
criminal organizations, unless legitimate investigators suggest that cyber fraud is may be some time yet before cyber
8
Stuxnet, for example, is a computer worm discovered as recently as June 2010 that is reported to have been
developed by the US and Israel to attack Iran’s nuclear facilities.
9
There is no commonly accepted definition of cyber fraud. Fraudsters have been using computers to help them
perpetrate their crimes for decades. This is computer-assisted fraud. Cyber fraud requires a quantum leap in
the technological capability of the fraudster, including the ability to decipher heavily encrypted data and break
through highly sophisticated computer firewalls.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 17
fraud has a significant impact on our internet, smart devices and the ability to same passwords and encryption
statistics. “While investigations don’t analyze vast amounts of data. techniques to commit the crime. “The
yet show high levels of high-tech fraud key change led by technology is the
In the future, it will still require a group
or organized cyber crime in offshore ease with which intellectual property
of people operating in concert to commit
markets, global trends make it seem can now ‘walk out’ of an organization.
fraud, but the technological tools will
a question of time,” says Charles Companies do not seem to realize how
change. A forger is no longer needed
Thresh, Managing Director of KPMG in exposed their systems are to loss of
in such a group, but a person who can
Bermuda. “We expect to see mobile sensitive information,” says Niamh
construct a phishing email. A plausible
technology change not only the way Lambe, Director and Head of Forensic
person is no longer needed to present
fraud is perpetrated, but also how money for KPMG in Ireland. The environment of
a stolen cheque at a bank teller, but
laundering takes place.”This makes computers, the Cloud and the internet
a hacker who can access a protected
it difficult to form a profile of cyber makes cyber fraudsters even more
computer network. Perhaps human
fraudsters. The typical hacker may well elusive than before. This behavior differs
features and emotions will no longer
be in his/her early twenties, but this may from what investigators are used to,
be a significant part of the profile;
have little bearing on the age of inside and it is something they will have to
instead, electronic features, signatures
fraudsters who are adept at infiltrating adapt their methods to. But even cyber
and behaviours may be all that a victim
computer networks. It may turn out that crimes are still likely to be driven by
organization will know of the cyber
the average age of cyber fraudsters is the same psychological profiles found
fraudster. “To unravel the frauds of
lower than for other types of fraudsters. previously; only the behavior may have
the future, the best investigators will
Or we may find that senior managers changed. “In the next 3 to 5 years, fraud
be those who are able to reduce large
collude with young hackers working on risk will be affected by the growing
amounts of data to identifiable events
the outside. reliance on IT and new technologies like
with good technology solutions, operating
mobile payments for every aspect of the
Ostwalt says that “ultimately, the seamlessly across borders and with good
business. The old fraud risks will still be
fraudster of tomorrow will depend on the corporate intelligence capability to give
around; all we are doing is layering on
opportunities of the day”.Two decades them quick historical and geographical
more areas of risk,” says McAuley.
ago, illicitly taking money from, say, a bank reach,” says Déan Friedman, leader of
was usually accomplished by a closely knit KPMG’s Investigations Network in the Modern criminal organizations
gang, sometimes using violent methods Europe, Middle East and Africa region. Cyber crime is likely to become a
or forged signatures to achieve their ends. growing area of interest to criminal
The cyber criminal may strike at
The opportunities of today to take money organizations; they are already becoming
the heart of the protection taken by
from a bank have been transformed by the more sophisticated technologically, says
organizations and perhaps use those
Oswalt. He notes that there is a black
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
18 Global profiles
of the fraudster
market for stolen intellectual property way, using sophisticated technology of assets. Organized criminal groups
and that criminal groups are involved in and placing people in organizations to continue to perpetrate the kidnapping of
it. “Organized crime is getting better at obtain information and perpetrate fraud. corporate executives, especially in Latin
extracting money from corporations. In The quintessential internal fraudster is America and Africa, but there is good
recent months member firms have seen a now backed by organized crime,” says reason to believe that in many parts of
rise in payment diversion fraud, where the del Castillo. Unfortunately, the scale the world they will extend their reach by
fraudster relies on new or relatively naive of involvement in fraud of all kinds by engaging in cyber fraud.
employees to change vendor payment criminal organizations is hard to gauge,
details to divert payments to offshore because it is so difficult to detect. Only
destinations,” says Plavsic. 15 of the 596 fraudsters colluded with
criminal syndicates, 13 of them with both
Cyber fraud would seem to be a logical
internal and external collaborators. Also,
step. “Organized criminals go about
13 of them involved the misappropriation
white collar fraud in a slightly different
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 19
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
20 Global profiles
of the fraudster
Culture of
corruption
The impact of national traits on fraud
and detection
In some countries, offering gifts is a tertiary education and was employed by checks on directors as they are awarded
normal part of business practice, whereas the victim organization for more than six greater responsibility and trust. In Canada,
in others it is considered bribery. To years, except for Czech Republic where there was a fairly even distribution of
a large extent, culture influences our the fraudsters were equally split between fraud, implying that the level of seniority
actions and determines what we consider fraudsters that were employed between may not play a large role in the ability to
ethical and compliant behavior. Due one and four years, four to six years and commit fraud, whereas in South Africa and
to different parameters set in different more than six years. In India, by contrast, India the majority of fraudsters were in
national cultures, a person in China, the majority of the fraudsters were management.
for example, might have a different employed for a period of one to four years.
Type of fraud
understanding of fraud than someone in But there were more people committing
Within all countries there were more
North America. “Local employees and fraud after working for the victim
frauds committed with multiple
business partners are bound to have a organization for only one to four years
transactions than with single transactions;
different perspective on ethics. While gifts in the UK, Canada, Czech Republic and
the latter was selected a maximum of two
and related parties may be fraught with India, than in South Africa and Germany.
times per country. Of the six countries
risk elsewhere, for many places in the This could be due to a higher level of trust
Canada was the only country where all
Asia-Pacific region they are an important awarded to the individual in the first four
the frauds were committed with multiple
part of building a relationship and doing countries.
transactions. Where frauds are committed
business,” says KPMG’s Forensic practice
The results showed that the most with multiple transactions the fraudster
in China. Therefore, it is interesting to
common department where fraud was is more likely to be caught, which could
look at the profile of a fraudster from a
committed in South Africa, India and indicate a bias in the results, as once-off
cultural perspective. To examine national
Canada was Operations, with large transaction fraud may go undiscovered.
differences in fraud patterns, we analyzed
numbers of cases of fraud committed The time frame for multiple frauds tended
the results from six countries where 20 or
in Finance and Procurement, as well as to be one to five years within all countries.
more fraudsters were reported: Germany,
the Executive office in the UK, Germany In this time frame there was an average
the UK, Czech Republic, South Africa, India
and Czech Republic. Similarly, Finance, total cost to the victim organization of
and Canada.
Operations, and the executive suite US$50,000-$200,000 in all countries
In general, the variables regarding the were among the three most common except for South Africa, Canada and the
profile of fraudsters we investigated departments for fraudsters to work in UK, where it was higher.
were broadly similar across the different among the six countries. The level of
Misappropriation of assets was the most
countries. Most fraudsters tend to be seniority seems to have a mixed impact
common type of fraud in all countries by
36-45 years old in India, Canada, South on the incidence of fraud. In the UK,
a large margin, of which embezzlement,
Africa and Germany, and 46-55 years old in Canada, Germany and Czech Republic,
procurement and payroll fraud were
Czech Republic and the UK. The majority of the majority of fraudsters were executive
frequently employed. Revenue or assets
fraudsters in all countries had completed directors. There may be less internal
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 21
gained, fraudulent financial reporting collaborators. In the six countries, the with dismissal being the highest reported
and expenses or liabilities appeared in most common motivations were greed consequence to the fraudster. Criminal
moderate to large amounts in all countries. and personal financial gain. The results litigation is often avoided by companies
Whether the fraudsters were collaborating also showed that personal financial that fear the publicity, even though
with others or working alone varied from a difficulty was a common motive for fraud reporting offenders to the police can
91-9 split in Czech Republic to a 48-52 split in Canada, Czech Republic and Germany be a very strong deterrent. In Germany,
in Canada. This implies that fraudsters in , whereas offenders in India, Czech there was a lower amount of reputational
Canada, more than in other countries, try Republic and South Africa tended to risk to the organization than in the other
to avoid the risks of having an accomplice. seize an opportunity for fraud rather than countries.
planning in advance.
In the majority of the six countries the Need for nuance
collaborators were a mixed group, except Detection and consequences By comparing various aspects of fraud in
for the UK and Canada. In the UK the In the most frequently cited facilitator of Czech Republic, Germany, the UK, South
highest number of collaborators were fraud was weak internal control, which Africa, India and Canada, we see that
with internal staff whereas in Canada the was common in all countries. Additionally, although their national characteristics
highest number of collaborators were with reckless dishonesty regardless of are similar, there are some significant
external parties. For Germany, UK and controls was most frequently cited in all differences that may be due to variations
South Africa the second highest number countries except for Germany. Collusion in culture. As a result, it might be
of collaborators were with external circumventing good controls was seen worthwhile for international companies
parties, whereas for Czech Republic and as a facilitator of fraud in all six countries to adapt their fraud risk management
Canada the second highest number of except Germany. In all countries, except programs to conditions in different
collaborators were with external parties. for in Germany and Canada, there was countries. For example, whistle-blowing
For Germany, UK and South Africa the a significant amount of fraud that was may not prove to be effective in cultures
second highest number of collaborators detected through formal whistle-blowing. where revealing information about others
were with external parties, whereas for Germany, Czech Republic, India and Canada is seen as a negative trait. Similarly, it
Czech Republic and Canada the second did however, have a considerable number may prove beneficial to focus deterrence
highest number of collaborators was with of anonymous, informal tip-offs. Other efforts equally between management
internal parties. The results showed that common forms included management and staff in India, and more specifically on
for Canada the ratio between internal review, as well as internal and external executive directors in Germany. In the UK,
collaborators and external collaborators audit, which are known as more proactive the focus might best be divided equally
were the same. The ratio of all-male, methods of fraud detection and lead to between the Executive office and Finance.
mixed and all female collaborators was lower losses as a result. By tailoring anti-fraud efforts to different
also similar across countries except in cultures, organizations might improve their
In general, the consequences of fraud
Germany and India where there were efforts to deter and detect crimes.
were similar among the six countries
no instances reported of all-female
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
22 Global profiles
of the fraudster
Theory of
relativity
How the profile of a fraudster is affected by
the moral context
In this theme we consider whether emerge. In all four countries (or regions 50 percent in China, 33 percent in CIS
the ethical context in which a fraudster in the case of the CIS and West Africa), and none in West Africa.
commits offences or other misconduct elements of bribery and corruption in the
affects the profile of the fraudster. frauds investigated related to the global The inverse relationship between the two
The moral turpitude of the perpetrator average of 33 percent, as follows: the US factors in the table below (the higher the
of financial and commercial crimes is (24 percent), China (48 percent), CIS (64 element of corruption in the frauds, the
greater when such criminal acts coincide percent) and West Africa (67 percent). lower the level of regulation) suggests
with, or are facilitated by, bribery and that the institutionalizing of ethical values,
Regulation incorporated, say, into a regulatory
corruption. Bribery and corruption
Our survey was not designed to framework, may well affect the profile of
thus has an effect on the fraudster’s
measure actual moral standards, but a fraudster. This may be the case at least
profile. We asked whether elements of
instead we asked whether (in the with regard to the propensity towards
corruption were present in the frauds
instances of corruption and bribery being introducing corruption into fraudulent
analyzed in this report and, for 14 percent
present in the frauds observed in the four acts. “Investment is linked to the strength
of the fraudsters who said there was a
countries under discussion) the frauds of financial institutions and the quality
substantial element of corruption in their
that were tainted by corruption took of governance. Having a company code
responses to this question, we found
place in a highly regulated environment. of conduct to set ethical standards and
that bribery and corruption were the
We found that 50 percent of the promote a culture of clean business is not
offences committed.
investigated cases in the US occurred just about fraud deterrence, it’s a long-
When looking globally for environmental in a highly regulated environment, term growth imperative,” says Ditty.
factors that would explain the presence
of bribery and corruption, we found no Region
clear trend. But when we compared Global US China CIS West Africa
the cases investigated by KPMG
member firms in the US, China, the
Commonwealth of Independent States
Element of
corruption in frauds 33% 24% 48% 64% 67%
(CIS, the former Soviet Union) and West
Africa, more definite trends seemed to
Level of regulation
38% 50% 50% 33% 0%
Source: Global profiles of a fraudster, KPMG International, 2013.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 23
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
24 Global profiles
of the fraudster
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 25
Environmental Region
We then tested the same attribute
Global US China CIS West Africa
of the fraudster we observed in the
four countries against environmental
factors more closely related to the
Corporate
competition 23% 25% 43% 33% 25%
29% 0% 50% 39% 33%
victim organization. We considered the Market
following factors which are known to be competition
sensitive to ethical and moral contexts,
corporate competitiveness, market
competitiveness and unlimited authority
Aggressive sales
environment 31% 25% 43% 28% 8%
of the fraudster. The results in the chart
to the right show the incidence of these
Wanting to hide
bad news 22% 25% 7% 11% 8%
three environmental factors in the cases
of fraud that included corruption.
Unlimited
Authority 40% 50% 36% 33% 17%
Source: Global profiles of a fraudster, KPMG International, 2013.
The results suggest that there is
an inverse relationship between profiles and some environmental factors Values and norms
the environment of corporate that can affect the ethical context of the Given the fact that there is no single,
competitiveness and the prevalence fraudster. However, the links do not seem unchanging profile of a fraudster, we are
of corruption in the fraudsters’ profiles to be found everywhere and in some skeptical that the trend identified above
with reference to CIS and West Africa, countries they may not be present at all. (between the propensity to introduce
whereas for the US and China there We further considered the cases from corruption into fraudulent actions and the
is a direct relationship. The indicators a personal, non-environmental, point regulated environments observed in the US,
around an environment of market of view. In this regard we considered China, CIS and West Africa) will consistently
competitiveness are the same as for whether the fraudsters conveyed a stand the test of time.
corporate competitiveness except sense of superiority, which is not an
For now, in some countries, it seems that
for the US where we note an inverse environmental factor (see below).
fraud varies depending on the intensity of the
relationship. And there appears to
No clear pattern emerges. It seems different drivers in time and place. It seems
be an inverse relationship between
probable that the sense of superiority that the impulses created by institutionalized
environments of unlimited authority and
is a personal attribute of the values and norms shape the profile of the
the prevalence of corrupt propensities
fraudsters surveyed, rather than an fraudster and that the lack of consistency
in the fraudster’s profiles. At a global
environmental attribute that could shape regarding time and place highlights the
level, we found that 40 percent of the
the profile itself. fluidity of the fraudster’s profile.
fraudsters profiled that had introduced
elements of corruption in their frauds,
Region
had done so in an environment of
unlimited authority. US China CIS West Africa
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
26 Global profiles
of the fraudster
Conclusion
There is perhaps a need to emphasize the following key points gained from the insights
of KPMG firms’ Investigations leaders in the work they have performed and the trends
they foresee:
1
Increasing vulnerability to outside threats by “hacktivists” turning their
attention to financial gain in conjunction with criminal organizations, armed
with technology, seeking both operations disruption and financial gain.
2
insiders inter se and outsiders which, together with the impact of the point
directly above, requires organizations to extend their defending effort
against fraudsters’ attention and threat beyond the organization’s internal
control and systems.
Corruption and bribery, not a unique event anymore, but more prevalent
3
during the execution of other white collar crimes, becoming a persistent and
established part of the contemporary fraudster’s profile, improving the ability
of fraudsters to create collusive relationships which have a relative higher
financial impact on victims than when fraudsters act on their own.
4
innovation, new accounting systems, increasing connectedness of the world
in cyber space and a paperless transactions environment create opportunities
for people with the necessary criminal motivation and rationale to apply the
required capabilities necessary to gain criminally from these changes.
And while some things will surely change, and we are concerned with the invisibility
of the cyber fraudster, one must not forget the typical fraudster may likely remain the
tenured, trusted employee. The one you may never have suspected….right in front of
your eyes, remaining unnoticed. Forewarned is forearmed.
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Global profiles
of the fraudster 27
Acknowledgements
We would like to acknowledge the following
individuals for their assistance:
Elizabeth Cain Lissa Mitchell
Nigel Holloway Ron Plesco
Alecia Hope Kajen Subramoney
Victoria Malloy Tracey Walker
Theresa Mayer Estelle Wickham
© 2013 KPMG International Cooperative (“KPMG International”). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.
Contact us
Grant Jamieson
AsPAC Region Forensic Leader
T: +85 221402804
E: grant.jamieson@kpmg.com
kpmg.com/fraudster
kpmg.com/socialmedia kpmg.com/app
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual
or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is
accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information
without appropriate professional advice after a thorough examination of the particular situation.
© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of
independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any
authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have
any such authority to obligate or bind any member firm. All rights reserved.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.
Designed by Evalueserve.
Publication name: Global profiles of the fraudster
Publication number: 130686
Publication date: November 2013