THIS POST IS CONTINUED FROM PART 29, BELOW---
All inherent schemes have two aspects: the entity structure and the fraudulent action. The first step is building the fraud scenarios within the audit scope. The second is building the audit response to the identified fraud scenarios.
Fraud audit approach generally starts with the entity structure and then focuses on the action
Component of the fraud scenario.
Fraud scenarios involving vendors, customers, and employees tend to use a false entity structure to commit the fraudulent activity. Within each category, there will be permutations that will affect the fraud auditing testing procedures.
The most common false entities are:----
• The entity was created by the perpetrator, vendors, or customers. Vendors and customers are either legally created or exist in name only. When the entity exists in name only, the entity verification procedures will detect the false entity. For legally created entities, the fraud auditing testing procedure should link the incorporation date to first business date. As a guide, when the entity incorporation date is within 90 days of first business transaction date, that is a red flag of a false entity or a favored entity.
• The perpetrator assumes the identity of a real entity such as a vendor, customer, or employee. Therefore, the address or telephone number within the company master file for the entity should not match the address or telephone number of the entity verification procedures. A caveat exists in the passthrough fraud scheme where one of the perpetrators is employed at the real source of the goods or services, so it is possible to obtain a match of records.
When the entity is determined to be a real entity, there are generally three possible outcomes:---
• Favorite entity status indicates the entity is real, but there might be a real or perceived conflict. If there is a conflict, the fraud scenario would be dependent on the nature of the account, or else there is no fraud scenario occurring.
• The fraud scenario links to a real entity, whereby a decision tree would aid in the determination of the type of scenarios occurring.
• No fraud scenario is occurring. When the entity is established as a real entity, a decision tree can direct the auditor to the inherent scheme structure for the applicable core business system.
From a fraud audit perspective, here are some shell company schemes used to commit internal embezzlement.
• False Billing: The payment for goods or services not delivered or provided.
• Pass Through: The payment for goods or services that are provided. In this scheme, a real vendor provides goods or services to a shell company, which in turn provides the goods or services to your organization with a markup on price (the only function the front company provides is a pass through of the goods or services).
There are three variations caused by the employment location of the perpetrator. The scheme can be committed solely by an internal employee, an internal employee in collusion with a sales person from the real supplier, or directed by a customer involving cost reimbursable contracts.
Fraud concealment involves the strategies used by the perpetrator of the fraud scenario to conceal the true intent of the transaction.
Common concealment strategies are:--
false documents, false representations, false approvals, avoiding or circumventing control levels, internal control inhibitors, blocking the access to information, geographic distance between documents and controls, and both real and perceived pressure.
An important aspect of fraud concealment pertains to the level of sophistication used by the perpetrator.
Inherent fraud schemes aren’t thought of in terms of complexity; rather, it is the level of sophistication used to conceal the fraud that is the focus for the fraud auditor. On its most simplistic level, without a concealment strategy, the inherent fraud scheme would be visible.
The second steep is building the data profile for the fraud scenario.
Fraud is a billion-dollar business and it is increasing every year. The PwC global economic crime survey suggests that more than 41% organizations experienced economic crime
Traditional methods of data analysis have long been used to detect fraud. They require complex and time-consuming investigations that deal with different domains of knowledge like financial, economics, business practices and law.
Fraud often consists of many instances or incidents involving repeated transgressions using the same method. Fraud instances can be similar in content and appearance but usually are not identical.
Internet transactions have recently raised big concerns, with some research showing that internet transaction fraud is 12 times higher than in-store fraud.
Fraud that involves cell phones, insurance claims, tax return claims, credit card transactions etc. represent significant problems for governments and businesses, but yet detecting and preventing fraud is not a simple task.
Fraud is an adaptive crime, so it needs special methods of intelligent data analysis to detect and prevent it.
Techniques used for fraud detection fall into two primary classes: statistical techniques and artificial intelligence.Examples of statistical data analysis techniques are:----
Data preprocessing techniques for detection, validation, error correction, and filling up of missing or incorrect data.
Calculation of various statistical parameters such as averages, quantiles, performance metrics, probability distributions, and so on. For example, the averages may include average length of call, average number of calls per month and average delays in bill payment.
Models and probability distributions of various business activities either in terms of various parameters or probability distributions.
Computing user profiles.
Time-series analysis of time-dependent data.
Clustering and classification to find patterns and associations among groups of data.
Matching algorithms to detect anomalies in the behavior of transactions or users as compared to previously known models and profiles. Techniques are also needed to eliminate false alarms, estimate risks, and predict future of current transactions or users.
Some forensic accountants specialize in forensic analytics which is the procurement and analysis of electronic data to reconstruct, detect, or otherwise support a claim of financial fraud. The main steps in forensic analytics are (a) data collection, (b) data preparation, (c) data analysis, and (d) reporting.
For example, forensic analytics may be used to review an employee's purchasing card activity to assess whether any of the purchases were diverted or divertible for personal use.
Forensic analytics might be used to review the invoicing activity for a vendor to identify fictitious vendors, and these techniques might also be used by a franchisor to detect fraudulent or erroneous sales reports by the franchisee in a franchising environment.
Fraud management is a knowledge-intensive activity. The main AI techniques used for fraud management include:----
Data mining to classify, cluster, and segment the data and automatically find associations and rules in the data that may signify interesting patterns, including those related to fraud.
Expert systems to encode expertise for detecting fraud in the form of rules.
Pattern recognition to detect approximate classes, clusters, or patterns of suspicious behavior either automatically (unsupervised) or to match given inputs.
Machine learning techniques to automatically identify characteristics of fraud.
Neural networks that can learn suspicious patterns from samples and used later to detect them.
Other techniques such as link analysis, Bayesian networks, decision theory, land sequence matching are also used for fraud detection.
The machine learning and artificial intelligence solutions may be classified into two categories: 'supervised' and 'unsupervised' learning. These methods seek for accounts, customers, suppliers, etc. that behave 'unusually' in order to output suspicion scores, rules or visual anomalies, depending on the method.
Whether supervised or unsupervised methods are used, note that the output gives us only an indication of fraud likelihood. No stand alone statistical analysis can assure that a particular object is a fraudulent one.
It can only indicate that this object is more likely to be fraudulent than other objects.
In supervised learning, a random sub-sample of all records is taken and manually classified as either 'fraudulent' or 'non-fraudulent'. Relatively rare events such as fraud may need to be over sampled to get a big enough sample size.
These manually classified records are then used to train a supervised machine learning algorithm. After building a model using this training data, the algorithm should be able to classify new records as either fraudulent or non-fraudulent.
Supervised neural networks, fuzzy neural nets, and combinations of neural nets and rules, have been extensively explored and used for detecting fraud in mobile phone networks and financial statement fraud.
Bayesian learning neural network is implemented for credit card fraud detection, telecommunications fraud, auto claim fraud detection, and medical insurance fraud.
Hybrid knowledge/statistical-based systems, where expert knowledge is integrated with statistical power, use a series of data mining techniques for the purpose of detecting cellular clone fraud. Specifically, a rule-learning program to uncover indicators of fraudulent behaviour from a large database of customer transactions is implemented.
In banking, fraud can involve using stolen credit cards, forging checks, misleading accounting practices, etc. In insurance, 30% of claims contain some form of fraud, resulting in approximately 13% of insurance payout dollars.
Fraud can range from exaggerated losses to deliberately causing an accident for the payout. With all the different methods of fraud, finding it becomes harder still.
Data mining and statistics help to anticipate and quickly detect fraud and take immediate action to minimize costs. Through the use of sophisticated data mining tools, millions of transactions can be searched to spot patterns and detect fraudulent transactions.
Fraud concealment sophistication should be rated on both the perpetrator’s ability to hide the transaction and the auditor’s ability to detect the transaction. To aid in the determination of a level of sophistication applicable to a concealment strategy, a rating scale of low, medium, and high is used.
There is a correlation between fraud detection and the sophistication of the concealment strategy. When the perpetrator’s concealment strategy is more sophisticated than the audit methodology, the fraud goes undetected.
However, in addition to audit methodology, the auditor has the fraud detection tool of awareness. Fraud is revealed when the audit detection is as sophisticated as the concealment strategy, thereby resulting in a directly proportional relationship
Fraud Audit Plan: Detection of Shell Companies The process of detecting shell corporations is a two-step process. The first step is the data mining, which is designed to locate vendors that are consistent with the data profile of a shell corporation or transactions that are indicative of a shell corporation.
The second step is performing audit procedures, which are designed to pierce the concealment strategy or reveal the truth. The data mining strategy is a two-fold process. The first step is to understand the impact the sophistication of the concealment strategy has on the data mining process.
Using sophisticated data mining tools such as decision trees (Boosting trees, Classification trees, CHAID and Random Forests), machine learning, association rules, cluster analysis and neural networks , predictive models can be generated to estimate things such as probability of fraudulent behavior or the dollar amount of fraud.
These predictive models help to focus resources in the most efficient manner to prevent or recuperate fraud losses.
Chi-square automatic interaction detection (CHAID) is a decision tree technique, based on adjusted significance testing (Bonferroni testing). In statistics, the Holm–Bonferroni method (also called the Holm method or Bonferroni-Holm method) is used to counteract the problem of multiple comparisons. It is intended to control the familywise error rate and offers a simple test uniformly more powerful than the Bonferroni correction. It is one of the earliest usages of stepwise algorithms in simultaneous inference.
CHAID can be used for prediction (in a similar fashion to regression analysis, this version of CHAID being originally known as XAID) as well as classification, and for detection of interaction between variables.. In practice, CHAID is often used in the context of direct marketing to select groups of consumers and predict how their responses to some variables affect other variables, although other early applications were in the field of medical and psychiatric research.
Like other decision trees, CHAID's advantages are that its output is highly visual and easy to interpret. Because it uses multiway splits by default, it needs rather large sample sizes to work effectively, since with small sample sizes the respondent groups can quickly become too small for reliable analysis.
One important advantage of CHAID over alternatives such as multiple regression is that it is non-parametric.
Random forests or random decision forests are an ensemble learning method for classification, regression and other tasks, that operate by constructing a multitude of decision trees at training time and outputting the class that is the mode of the classes (classification) or mean prediction (regression) of the individual trees. Random decision forests correct for decision trees' habit of overfitting to their training set.
Decision tree learning uses a decision tree as a predictive model which maps observations about an item (represented in the branches) to conclusions about the item's target value (represented in the leaves). It is one of the predictive modelling approaches used in statistics, data mining and machine learning.
Tree models where the target variable can take a finite set of values are called classification trees; in these tree structures, leaves represent class labels and branches represent conjunctions of features that lead to those class labels.
Decision trees where the target variable can take continuous values (typically real numbers) are called regression trees. In decision analysis, a decision tree can be used to visually and explicitly represent decisions and decision making. In data mining, a decision tree describes data (but the resulting classification tree can be an input for decision making).
Gradient boosting is a machine learning technique for regression and classification problems, which produces a prediction model in the form of an ensemble of weak prediction models, typically decision trees. It builds the model in a stage-wise fashion like other boosting methods do, and it generalizes them by allowing optimization of an arbitrary differentiable loss function.
OOPS , I MUST GET BACK TO THE LOWEST COMMON DENOMINATOR LEVEL.
LEST I BECOME McWOLF !
FINANCIAL FRAUD COULD NEVER BE DETECTED IN INDIA BECAUSE WE HAD "RAGADKE KHAINI MOONH MEIN DHAAL " INVESTIGATORS
One Goan Catholic Chief Officer from Bandra was studying for his masters from home.
He went for a walk along the seashore at daybreak and found the BOMBAY FLOATING LIGHT ( a small ship lighthouse painted red ) aground—as the previous night there was a storm and the floating light ship broke her moorings .
Lot of funda flooded through his brain—as he was studying SHIP MASTERs BUSINESS .
He ran , brought a stout rope , swam , risked his life , put a line on the firmly aground lightship and the shore
Then he ran to the nearest police station and CLAIMED SALVAGE. He declared himself as the SALVOR.
The legal significance of salvage is that a successful salvor is entitled to a reward, which is a proportion of the total value of the ship and its cargo. In this case it was just a small light ship.
The PANDU police inspector was half asleep with KHAINI in his mouth . He pounced on him, gave him a few blows with his lathi and locked him up
If this had happened in USA our Bandra guy would have got a few thousand dollars at the least .
Below: Let me dedicate a song to this guy from BANDRA --
after all , the poor guy had run into the police station brimming with optimism, panting heavily , fully drenched , covered in mud, pant torn at the bottom , with his balls keeping KV ( keen vilgilence )
KAUN MAANGTHA --
SANDRA FROM BANDRA MAANGTHA
The notion of “fraud” implies an intention on the part of some party or individual presumably planning to commit fraud. From the perspective of the target of that attempt, it is usually less important whether or not intentional fraud has occurred, or some erroneous information was introduced into the credit system or process evaluating insurance claims etc.
So from the perspective of the credit, retail, insurance, or similar business the issue is rather whether or not a transaction that will be associated with loss has occurred or is about to occur, if a claim can be subrogated, rejected, or funds recovered somehow, etc.
While the techniques briefly outlined here are often discussed under the topic of “fraud detection”, other terms are also frequently used to describe this class of data mining (or predictive modeling; see below) application, as “opportunities for recovery”, “anomaly detection”, or using similar terminology.
From the (predictive) modeling or data mining perspective, the distinction between “intentional fraud” vs. “opportunities for recovery” or “reducing loss” is also mostly irrelevant, other than that the specific perspective of how losses occur may guide the search for relevant predictors (and databases where to find relevant information).
For example, intentional fraud may be associated with unusually “normal” data patterns as intentional fraud usually aims to stay undetected – and thus hide as an average/common transaction; other opportunities for recovery of loss (other than intentional fraud), however, may simply involve the detection of duplicate claims or transactions, the identification of typical opportunities for subrogation of insurance claims, correctly predicting when consumers are accumulating too much debt, and so on.
In practice, the fraud detection analyses and systems based on data mining and predictive modeling techniques serve as the method for further improving the fraud detection system in place, and their effectiveness will be judged against the default rules created by experts. This also means that the final deployment method of the fraud detection system, e.g., in an automated scoring solution, needs to accommodate both sophisticated rules and possibly complex data mining models.
Text mining methods are increasingly used in conjunction with all available numeric data to improve fraud detection systems (e.g., predictive models). The motivation simply is to align all information that can be associated with a record of interest (insurance claim, purchase, credit application), and to use that information to improve the predictive accuracy of the fraud detection system.
Basically, the approaches described here are applicable in the same way when used in conjunction with text mining methods, except that the respective unstructured text sources would first have to be pre-processed and "numericized" so that they can be included in the data analysis (predictive modeling) activities.
Basically, the approaches described here are applicable in the same way when used in conjunction with text mining methods, except that the respective unstructured text sources would first have to be pre-processed and "numericized" so that they can be included in the data analysis (predictive modeling) activities.
Data Mining Strategy-- There is a direct correlation between the degree of sophistication of the concealment strategy and the number of transactions meeting the data profile requirements. Highly sophisticated concealment strategies tend to have a larger number of transactions required, whereas data mining routines that search for direct matches use a smaller number of transactions.
The characteristics of the relationship between the number of fraudulent transactions and the sophistication level of the concealment strategy are listed below:--
• Low sophistication of concealment – Direct matches of the fraudulent entity structure to another entity structure.
Entity identifying information links to the perpetrator’s known identifying information; for example, a specific street address.
– Fraudulent activity is linked to one or a few entity structures.
– Data mining routine searches key on data matching.
– Overall sample size is determined by the
number of transactions that match the data profile; the sample size can range from zero to a large number.
• Medium sophistication of concealment – Direct matching routines are less effective. Data
interpretation skills are more crucial.
– Filtering techniques like drill-down analysis are effective in reducing the number of transactions fitting the data profile, thus allowing data interpretation to be more effective.
– Entity identifying information relates to some aspect of the perpetrator’s known identifying information; for example, a zip code location versus a physical street address.
– Sample selection relies on data interpretation skills and scenario-specific data mining routines.
– Sample size tends to be judgmentally determined versus the use of all transactions meeting the matching criteria.
• High sophistication concealment
– Direct matches seldom occur.
– Fraudulent activity might be linked to multiple entities or smaller-dollar transactions.
– Entity identifying information has no relationship with the perpetrator’s known identifying information.
Entity identifying information might relate to a mailbox service or an out-of-area address that has a mail-back feature.
– Sample selection relies on data interpretation skills.
– The population for deriving a sample is larger because the selection criterion identifies all transactions in a group versus a specific transaction.
– Sample size tends to be judgmentally determined versus the use of all transactions meeting the matching criteria.
Building the Data Profile-- There are no absolutes; however, there is a lot of hard work.
• Name: Shell companies often have non-descriptive names. One search method is to look for names with a limited number of constants. Obviously, this variable will be affected based on where in the world the search is performed. In the United States, they use five constants. They strip out the “Inc.,” spaces, vowels, or special symbols and then count the alpha string.
• Mailing Address: There are two approaches: First, search for known mailbox services. Second, strip out all alpha, spaces and special symbols and search for duplicate numeric strings in the vendor database or between payroll and vendor databases. In searching for duplicate numeric strings the zip code field should be linked to street number to minimize false positives.
• Country, City, State and Postal Code: One belief is that the shell corporation would be within a radius of the corporation or within the state to avoid crossing state OR country lines. This is
more likely with low to medium sophistication perpetrators than high sophistication ones.
• Telephone Number: Shell corporations often use mobile lines when no physical office exists. Also, when searching for pass through fraud schemes, a duplicate telephone number search is an effective tool, especially when the pass through is associated with an existing supplier.
• Create Date: There are statistics regarding the duration that fraud schemes occur without detection. The creation date can be used to filter out vendors less likely to be shell corporations. Second, they search for a correlation between first invoice date and the creation date.
• Bank Routing Number: Payments are transferred either by wire or address. The routing number can be used to correlate to prospective individuals. The theory is simple; the perpetrator is smart enough not to use his personal bank account, but would use the same bank for his shell corporation bank account.
• Bank Account Number: The search is for duplicate bank account numbers in the master file or between payroll and vendor master file.
• Vendor Invoice Number: The invoice number pattern is one the most critical data fields for the data mining plan. The reason is simple: the perpetrator creates the number. The pattern and frequency analysis is critical in the search for false billing schemes. The low sophistication scheme will most likely have a sequential pattern of invoice numbers. For the pass through scheme, the invoice number pattern will depend on whether the pass through entity has one or a few customers.
• Vendor Invoice Date: Search for unusual patterns within the date—i.e., all dates are weekend dates, all dates are the same day of the week, or all days have the same number day.
• Vendor Invoice Amount: Correlates to the management position of the perpetrator, the individual’s personal risk tolerance, control levels, and whether the scheme is a false billing scheme or a pass through billing scheme.
Entity Verification Procedures--
The four entity verification procedures are: physical presence, legal creation, business capacity testing, and reference checking. The first step in entity verification is to determine that the control procedures were adhered to in recording the entity into the business system.
Identification of the names associated with establishing an entity structure is needed to be performed for comparison purposes in future fraud audit procedures.
The intent is not control testing, but the gathering of information to establish a basis for entity verification.
The order of verification is: testing legal existence, verifying physical existence, testing business capacity, and reference checking. The first three procedures can generally be performed in a covert manner; however, reference checking tends to be overt, and so the procedure is generally performed last.
Verify Legal Existence—
• All entities have a legal government registration. Employees have birth records and corporations have registration requirements with an applicable government office. The first step is to establish whether the entity is legally created, and then gather identifying information that can eventually be linked to other pertinent information. Names of registrars; officers’ addresses; and dates related to entity creation, dissolutions, or changes tend to be the critical information gathered.
• Customers and vendors that are not incorporated might have filed a DBA (doing business as ) certificate. The lack of a DBA certificate is typically a red flag. Such a certificate can provide the name of a small business owner, although it is not uncommon for small business owners not to file a certificate.
• Small businesses might not be registered in the state matching the address. While small businesses are required to file as a foreign corporation doing business in the state matching the address, not all small business owners are savvy enough about these requirements, especially in regard to their tax descriptive information. Therefore, a national-level search for legal registrations might be required.
• When an entity is a member of a trade association, a business’s membership provides evidence that the entity is a real one. This verification might also be a useful test for incorporated business. One reason small business owners join a trade association is the opportunity to purchase insurance in a group plan. It should be noted that the absence of membership should not be considered as evidence of a false entity.
• Use Internet search companies, such as Lexus Nexus, which gathers public record information that is made accessible to clients. A search of a company on Lexus Nexus can find out if any public records exist on the company and what type of records they are.
Verify Physical Existence--
• Telephone Verification: By contacting the entity, you verify physical existence by the mere fact of the call being answered. Then it becomes a question of how the call is answered. How the call is answered is part of the evidence associated with the audit judgment of whether the entity is real or false.
By calling, the possible outcomes are: the telephone is disconnected; someone answers in the name of a different entity; or someone answers in the name of the entity in question. Interview skills are the critical skill to ensure the success of the procedure.
Here a few practical tips:--
− Use a telephone in the area code of the company you are auditing. Area codes from out of the area might create a suspicion about why you are calling.
− Be prepared to provide an explanation as to why you are calling. Possible explanations are updating records, resolving internal problems, or trying to find original documents that have been misplaced. Try not to raise suspicion at this stage of the audit.
− Have the documents readily available to ask questions or provide answers.
− Avoid calling multiple times; a second telephone call raises suspicions.
− Remember that the entity you are calling might have Caller ID. Therefore, do not indicate that
you are someone other than the person associated with the number identified.
− The manner in which a call is answered must be consistent with the anticipated business size.
Does their business volume correlate with the audited company usage?
• Internet search engines, like Google can determine what physical structure is located at the known address, and whether the address is consistent with the entity structure. Often, the created entity scheme will use a personal residence address. Remember that many small businesses operate from the owner’s personal residence, so, in this case, reference checking might be preferred in order to reveal that the entity does not conduct business.
• By visiting the site, it can be determined what physical structure is located at the known address, and whether the address is consistent with the entity structure. Private detectives often will perform the procedure for a nominal charge, so the use of one might be useful for verifying entities that are not located in your geographic area.
• Public records can determine whether a government or business recognizes the entity as a real entity and if the address is recognized by other entities. A legal instrument filed by banks securing a loan indicates that the bank believes the entity is real.
• The IRS website can provide federal identification verification, which will determine whether the federal identification number or Social Security number matches the name associated with the ID number. In many parts of the world, corporations will have a VAT number, which can be confirmed with a government ministry.
• The Internet has extensive databases and search engines to gather information. At the simplest level, Google is an excellent starting point. At the advanced level, there are research companies that have made an art of navigating the Internet.
Business Capacity Test--
• Proof of Insurance: Real companies tend to have insurance. For example, companies with employees have workers’ compensation insurance. The fraud testing procedure would consist of a request of the certificate of insurance. Fortunately, such a request is a normal control procedure in many companies, but for fraud audit purposes, the need is to examine the certificate to take note of the date of coverage and types of coverage.
• Employees: A company telephone directory provides evidence that the company has employees.
By calling the company, you are often referred to the company telephone directory when you do not know an employee’s extension.
• UCC Filings: A public record filed by a bank or a financing company can indicate a lien has been filed against the described asset. It also indicates that the bank recognizes the entity as a real one.
• Shipping documents, such as a billing of lading indicates the source of the shipment, therefore
• Websites: If a company has a website, does such a site provide matching information about the
businesses and services offered?
• Professional Associations: Is the entity recognized by a trade association? Such organizations can also provide useful information on trade practice and trends, which in turn can be used to corroborate representations made by individuals.
• Competitors: Contact competitors to establish that the entity conducts business consistent with the goods and services described on the invoice.
Competitors may also provide other information regarding ownership and business conflicts.
• Media searches: Information published regarding the entity might provide names, services, and legal actions regarding it. Advertisements by the entity would suggest the existence of the entity and describe the type of services provided by it.
Red Flags Defined---
A fraud red flag is an observable event that links to a fraud concealment strategy that is associated with a fraud scenario. Red flags are used by management to build fraud detection controls and by the auditor in the context of conducting an audit as an alert to the possibility of fraudulent activity.
For the red flag to be an effective audit tool, the event must be observable and must be incorporated into the fraud audit program. Red flags by their nature cause an increased sensitivity to the likelihood of a fraud scenario occurring.
Not all red flags have the same weight with regard to fraud susceptibility. The weight of a fraud red flag correlates to the predictability of a fraud occurrence. Therefore, the auditor needs to interpret the importance of the red flag to the fraud scenario and be able to arrive at a conclusion regarding the occurrence of the fraud scenario.
There are four categories of red flags: data, documents, internal controls, and behavior. The categories are intended to aid the auditor in identifying the red flags in an orderly fashion, whereb, the auditor should not view the process as a right or wrong exercise, but instead know that certain items can occur in multiple categories.
For example, a vendor invoice number can be a data category red flag observed through the use of data mining or a document category red flag observed through the application of audit testing procedures.
In addition to the four categories of red flags already mentioned, there are also two other types of red flags:---trigger red flags and awareness red flags.
With the trigger red flag, the event is sufficient enough to require the auditor to perform fraud audit procedures to determine if creditable evidence exists to suggest that the fraud scenario is occurring.
As a guideline, there should be no more than five trigger red flags per category, and preferably only three trigger red flags per category.
To the contrary, with awareness red flags, the event is not sufficient to require the auditor to perform fraud audit procedures. However, the totality of all the awareness red flags will require an auditor’s judgment on the need to perform fraud audit procedures.
While both might lead to the performance of fraud audit procedures, the underlying reasons differ. As a guideline for internal control audits, a red flag that links to a fraud scenario via a key control is denoted as a trigger red flag, whereas, a red flag that links to a fraud scenario via non-key controls is denoted as an awareness red flag.
A trigger red flag is similar to the traditional audit use of red flags, whereby when an internal control is not working, it “triggers” a red flag. The use of trigger and awareness red flags will change in fraud audits or specific point analysis, whereas the link is directly associated with concealment strategy and the elements of the fraud scenario.
The Economic Secretary to the Treasury has vowed that the UK Government will crack down on money laundering practices, after several of the UK's biggest banks were accused of processing money from a Russian scam, believed to involve up to $80bn (£65bn).
HSBC, the Royal Bank of Scotland, Barclays and Coutts had waved through hundreds of millions of pounds of transactions linked to a major scam in Russia. Much of the money is believed to be linked to organised crime and corrupt officials, who were seeking to “clean” their cash so that it could be spent without suspicion.
The process involved using a series of front companies in the UK, which allow the actual owners behind them to remain a secret. The companies conducted fake business deals between themselves then sued each other in courts in Moldova, demanding the repayment of hundreds of millions of pounds of loans.
21 shell companies with hidden owners were set up in the UK, Cyprus and New Zealand. One company would then create a fake “loan” to another company, and a Russian firm would guarantee the loan.
The shell companies would then default on the fake “loan,” and a corrupt Moldovan judge would “authenticate” the fake debt, ordering the Russian debtor to make the repayment into a Moldovan court bank account.
The Russian debtor could then get the money out of the country and launder it through a host of banks throughout the world—usually going first via Trasta Komercbanka in Latvia.
This cash then ended up in accounts at 732 banks, including giants like HSBC, Bank of China, Credit Suisse, Deutsche Bank, Citibank, and Royal Bank of Scotland..
Britain’s HSBC received $545 million.
When you look at the US banking system and US financial markets, the level of scrutiny and the types of activities that are monitored, there is surveillance on every activity of the economy.
Maturing economies such as India will benefit significantly from being able to model and evaluate some of the approaches of some of these more sophisticated economies have had to put into place. This is the reason why I put lot of US stuff in this SHELL series.
We need to write a new set of rules.
Whether it is a suspicious activity report, that a retail or consumer bank is generating because of some behaviour of an individual, whether it is some sort of structuring activity that a bank is picking up through the form of analysing deposits, or whether it is the cash movement from account to account, these all have electronic monitoring on top of them.
Because of what you have experienced here in the form of currency take back and now the country being forced into a position where it has to rely upon a variety of electronic tools like electronic wallets and utilities.
The types of enforcement and compliance opportunities become much much higher. The pain of adopting that type of monitoring system is quite apparent in that most of the population is not used to that. But if Indians cant—who can ?
The use of public WiFi is now growing in India. In the past, there have been instances that unsecured WiFi have been misused by criminal elements.
Digitization of Indian economy will cause increase in cyber crimes and online banking frauds.
It is very hard for the average individual to determine which hotspot to connect with. Some of them look legitimate, many of them are not, and are designed to steal highly valuable data.
The consumer has to be extremely cautious and well educated, and that's a big question, as we are talking about tens and millions of people who have to understand it is not okay to click on one hotspot versus the other.
At the same point, it is a good responsibility of the government to be able to provide it to people who could not afford it. But, it is a double-edged sword. The users have to be educated and trained in using Wifi.
Money laundering is a very vast and complex topic, which requires a flexible and thoroughgoing
political response to it.
Money laundering is a criminal offence aimed at presenting wealth of illicit origin or the portion of wealth that has been illegally acquired or concealed from the purview of tax and other authorities, as legitimate, through the use of methods that obscure the identity of the ultimate beneficiary and the source of the ill-gotten profits
Money laundering is the process of transforming the profits of crime and corruption into ostensibly 'legitimate' assets.
In a number of legal and regulatory systems, however, the term money laundering has become conflated with other forms of financial and business crime, and is sometimes used more generally to include misuse of the financial system (involving things such as securities, digital currencies, credit cards, and traditional currency), including terrorism financing and evasion of international sanctions.
Most anti-money laundering laws openly conflate money laundering (which is concerned with source of funds) with terrorism financing (which is concerned with destination of funds) when regulating the financial system.
Some countries define money laundering as obfuscating sources of money, either intentionally or by merely using financial systems or services that do not identify or track sources or destinations.
Other countries define money laundering to include money from activity that would have been a crime in that country, even if it was legal where the actual conduct occurred.
There has been some criticism of anti-money laundering laws with some commentators saying that this broad brush of applying money laundering to incidental, extraterritorial, or simply privacy-seeking behaviors is like a financial thought crime.
Money laundering is first seen with individuals hiding wealth from the state to avoid taxation or confiscation or a combination of both.
One of the enduring methods has been the use of parallel banking or Informal value transfer systems such as hawala that allowed people to move money out of the country avoiding state scrutiny.
Law enforcers normally have to prove an individual is guilty to get a conviction.
But with money laundering laws, money can be confiscated and it is up to the individual to prove that the source of funds is legitimate if they want the funds back. This makes it much easier for law enforcement agencies and provides for much lower burdens of proof.
The Group of Seven (G7) nations used the Financial Action Task Force on Money Laundering to put pressure on governments around the world to increase surveillance and monitoring of financial transactions and share this information between countries.
Starting in 2002, governments around the world upgraded money laundering laws and surveillance and monitoring systems of financial transactions. Anti money laundering regulations have become a much larger burden for financial institutions and enforcement has stepped up significantly. During 2011–2015 a number of major banks faced ever-increasing fines for breaches of money laundering regulations.
This included HSBC, which was fined $1.9 billion in December 2012, and BNP Paribas, which was fined $8.9 billion in July 2014 by the US government. Many countries introduced or strengthened border controls on the amount of cash that can be carried and introduced central transaction reporting systems where all financial institutions have to report all financial transactions electronically. For example, in 2006, Australia set up the AUSTRAC system and required the reporting of all financial transactions.
Australian Transaction Reports and Analysis Centre (AUSTRAC) is an Australian government financial intelligence agency set up to combat money laundering, organised crime, tax evasion, welfare fraud and terrorism. AUSTRAC was established in 1989 under the Financial Transaction Reports Act 1988 and continued in existence under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
Certain classes of financial services are required to be reported to AUSTRAC, in particular bank cash transactions (i.e., notes and coins) of A$10,000 or more, as well as suspicious transactions and all international transfers. The information that AUSTRAC collects is available for use by law enforcement, revenue, regulatory, security and other agencies.
"Reporting entities" are required to report transactions to AUSTRAC. Transactions which must be reported include:----------
cash transactions of A$10,000 or more, or foreign currency of that value,
international funds transfer instructions, either into or out of Australia, of any amount, and
suspicious transactions of any kind, being transactions the dealer may reasonably suspect of being part of tax evasion or crime, or might assist in a prosecution.
Australia's cash controls require travelers to report to AUSTRAC when they carry $10,000 or more (or equivalent in a foreign currency) of cash (or equivalent) into or out of Australia, which can be done on forms available from the Border Force at airports and sea ports.
The Border Force attempts to detect evasion of this requirement. Airlines are not liable for what their passengers carry. Cross-border movement of bearer negotiable instruments of any amount must also be reported if requested by a Border Force or police officer.
It's an offence under the Act for anyone to split a transaction into two or more parts with a dominant purpose of avoiding the reporting rules and thresholds.
Certain classes of transactions are exempt, or may be exempted on application. For example, established customers transacting amounts typical of their lawful business, such as for payroll, or retail or vending machine takings, etc.
Motor vehicle traders are specifically not eligible for exemption, as are boats, farm machinery and aircraft traders.
Under the Freedom of Information Act 1982, any person can access records held by AUSTRAC, subject to certain exemptions
Entities which are required to report transactions to AUSTRAC are called "reporting entities", which are specified in the AML/CTF Act.
These entities deal in cash, bullion and financial transactions, and include:-----
banks and similar financial institutions, such as building societies
insurance companies and intermediaries
securities dealers, such as stock brokers
unit trust managers and trustees (but cash management trusts transacting only by cheque or similar are exempt)
travelers cheque or money order issuers
cash carriers and payroll preparation businesses
bookmakers, including totalisator agencies
solicitors, acting on their own behalf (e.g., their trust fund, or originated mortgages)
Reporting entities must identify their customers using the 100 point check system. Accounts may only be opened, but can only be operated (i.e., withdrawals made) by an identified customer; an unidentified customer is blocked from making withdrawals.
Generally identification can be transferred from one account to another, so that for instance a person once identified does not need to produce documents again when opening a second account at the same institution.
For banks and similar reporting entities, identification requirements are determined by a risk-based approach, which may differ for each reporting entity.
It's an offence to open or operate an account with a reporting entity under a false name, punishable by a fine or up to 2 years imprisonment.
The 100 point check is a personal identification system adopted by the Australian Government to combat financial transaction fraud by individuals and companies, enacted by the Financial Transactions Reports Act (1988) (FTR Act), which gave rise to the Australian Transaction Reports and Analysis Centre (AUSTRAC).
The 100 point system applies to individuals opening new financial accounts in Australia, including bank accounts or betting accounts. Points are allocated to the types of documentary proof of identity that the person can produce, and they must have at least 100 points of identification to be able to operate an account. The system now also applies to the establishment of a number of official identity documents, such as an Australian passport and driving licence..
"Reporting entities" are required to identify their customers using the 100 point check system. Accounts may be opened, but can only be operated (i.e. withdrawals made) by an identified customer; and an unidentified customer is blocked from making withdrawals. Generally, identification can be transferred from one account to another, so that for instance a person once identified does not need to produce documents again when opening a second account at the same institution.
An issue for many Australian organisations is the capture of credit card primary account numbers (PANs), referred to below under the 25 Points section as Credit Card or EFTPOS Card. This practice is not compliant with the Payment Card Industry Data Security Standard and must be removed from all 100 point check forms.
Below: JEWS ARE SHOCKED !
Money laundering facilitates corruption and can destabilize the economies of susceptible countries.
IDI AMIN KICKED OUT INDIANS BECAUSE THEY WERE DESTABILISING UGANDAs ECONOMY
Ashkenazi Jews from Russia and Lithuania settled in Rhodesia after the area had been colonized by the British, and became active in the trading industry.
These JEWS destabilized the econoy by sucking out the wealth and siphoning it our using SHELL companies.
Before WW2 German Jew homosexuals ran away from Jew Hitler and settled down here.
For little money they could get any amount of black men with huge dongs to hump their quivering ( with lust ) assholes
President Robert Mugabe of Zimbabwe , who has been ruling for 37 years , drove away this anal sex receiving German homosexuals.
In 1995, Mugabe, a hero, thundered: “Homosexuals are worse than dogs and pigs; dogs and pigs will never engage in homosexual madness; even insects won’t do it.”
Immediately the Zionist Jews started and endless campaign for regime change
Mugabe blasted American President Barack Obama accusing him of wanting to impose gay rights in Zimbabwe. “Then we have this American President, Obama, born of an African father, who is saying we will not give you aid if you don’t embrace homosexuality,” Mugabe said, while addressing a rally.
“We ask, was he born out of homosexuality?
Mugabe said: “Never, never, never will we support homosexuality in Zimbabwe. Archbishop Tutu said it is nice to be gay, yet he has a wife, he should have begun by getting himself a man for a woman. When you are a bishop and cannot interpret the Bible, you should resign and give it to those who can. We will not compromise our tradition and tolerate homosexuality.”
Zimbabwe's President Robert Mugabe has rejected calls from the UN to implement gay rights in his country. Speaking at the United Nations General Assembly meeting, he said that upholding human rights is the obligation of all member states, but vehemently rejected the imposition of what he called "new rights" for gay marriage that have been advocated elsewhere in the world.
"We equally reject attempts to prescribe new rights that are contrary to our norms, values, traditions and beliefs. We are not gays. Cooperation and respect for each other will advance the cause of human rights worldwide. Confrontation, vilification and double standards will not,"
Peter Roebuck needed a good BUTT humping .
He was a hardcore homosexual ( anal receiving ) who would throw the MANNEQUIN CHALLENGE ( Syrian white helmets fame ) whenever he got caught.
"He took his pants off and pinned me down from behind. He held me down with his left hand and holding his penis with his right hand, he put his whole body weight on top of me. He forcibly tried to kiss me, instead he was biting me on my right cheek. I tried to push him over to stop. I was in shock. While pushing off he grabbed my genital parts, that's when I realised he ejaculated all over my stomach.”
Let me quote Wiki-
QUOTE: In 1999, while working as a commentator in South Africa, Roebuck met three cricketers, all aged 19, and offered to coach them, inviting them to live at his home in England. He warned them beforehand that he would use corporal punishment if they failed to obey his "house rules". He caned all three men on their (clothed) buttocks at different times for misbehaviour and in 2001 was given a suspended jail sentence after pleading guilty to three charges of common assault. He told the court, "Obviously I misjudged the mood and that was my mistake and my responsibility and I accept that." Henk Lindeque, one of Roebuck’s victims, said, "The problem was not so much that he caned us but wanted to examine the marks. That’s when I decided to get out of his house." Roebuck arrived in Cape Town, South Africa, on 7 November 2011 to report on a Test Match between South Africa and Australia for The Sydney Morning Herald and the Australian Broadcasting Corporation (ABC). He was staying at the Southern Sun Hotel in Newlands, Cape Town, on 12 November, when the South African Police Service entered the hotel, claiming to desire to speak to him about an alleged sexual assault on a 26-year-old Zimbabwean man. The man had alleged that Roebuck had "groomed" him through Facebook, asking him to "bring [a] stick in case I need to beat you" once they had arranged to meet. At their claimed meeting Roebuck allegedly pinned the man to a hotel bed and sexually assaulted him, leaving him feeling suicidal.After requesting that he be allowed to go to his room to change his clothes, Roebuck called the ABC's Jim Maxwell in his hotel room and asked him to find him a lawyer and to then come to his hotel room.At 9.15pm, Roebuck died after jumping from the sixth floor of the Southern Sun Hotel. UNQUOTE
THIS POST IS NOW CONTINUED TO PART 31 , BELOW--
CAPT AJIT VADAKAYIL