Defending Against the Threat of
Insider Financial Crime
© 2010 FrontLine Security (Vol 5, No 2)

Businesses of all types and sizes face the risk of insider fraud. This can be for corrupt personal gain, criminal or terrorist extortion or combinations of these. Responsible and successful organizations anticipate and take measures to mitigate such risk. For instance, one must realize that organized crime is first and foremost a business. As such, it has objectives, a management structure, financial performance goals, and metrics. Given this framework, anticipation and mitigation demand that you think like a predator. As a security expert, enlist your business acumen to reason through how to target your own employer. Internal fraud and fraud defense are daily occurrences, and many losses occur even without a crime boss or terrorist calling the shots behind the scenes. Examples abound.

Case Study:
An Avoidable Loss

In the school of hard knocks, audio ­product giant Koss’s chief executive paid $4.5 million for an employee’s three-month shopping spree before learning not to exempt his financial executive from oversight. She had diverted these millions out of Koss’s business account to pay her personal American Express bill. Following a tip from American Express, Chief ­Executive Michael Koss discovered his $200,000-a-year employee’s misdeeds on entering her office and seeing credit card bills for shoes and dresses on the corporate American Express bill. For more details, see the Wall Street Journal (23 December 2009).

Case Study:
Proper Diligence or Overkill?

The Defense Finance and Accounting Service (DFAS), a government agency, recently told 39 employees they could not work there because their background investigations revealed a chronic pattern of financial or personal irresponsibility. The terminations and suspensions are new, but the background investigation criteria date back to 2005. Meanwhile, an attorney is already opining that it is unusual to relieve employees over their financial records. Details are available via Federal News Radio (7 July 2010) on this issue.

Fraud Risk:
How to Attack

From an attacker’s point of view, which ­target would give you more anxiety: Koss Corporation, or DFAS? Keep these cases in mind as we proceed with a business look at recruiting an insider to carry out financial crimes.

Both employers have rules to limit opportunities for insiders (employees in positions of trust) to misappropriate funds. But either the rules were either not enforced or only selectively. Then again, maybe enforcement varied depending on relative position in the hierarchy. If so, the safest positions to occupy for a financial trust betrayer would appear to be at the top or bottom.

Why the extremes? People in the executive ranks are accustomed to more discretionary time and authority than average employees. Their big paychecks often come with a huge sense of entitlement and behaviours that intimidate corporate sentinels (the security practitioners, auditors, and others charged with defending the institution). Even when executives do not openly intimidate, they defend their autonomy and balk at being questioned. Employers assume that executives represent substantial value, therefore, they receive deferential insulation from ordinary rules designed to keep the base impulses of ordinary employees in check.

Employees at the opposite end of the hierarchy also enjoy surprising freedom of manoeuver. People at the bottom get ignored. Their value to the organization is modest, so they appear interchangeable. Often, they can enter a gathering of chief executives to refill water pitchers or adjust a thermostat without even being noticed. They become invisible non-persons. Should they happen to be caught doing something irregular, they are likely to escape notice. Inertia leads employers to dismiss the misdeed as a harmless faux pas by someone who does not know any better. Often, the effort necessary to follow up on an infraction committed by someone ‘so lowly’ seems out of proportion with more pressing business at hand. Besides, harassing this person looks bad to the union or media. It takes on the appearance of bullying, assuring negative public relations consequences.

Though admittedly an unfair question, as a crime boss, which of the two would you recruit?

Like any general manager with profit-and-loss responsibility, a crime boss has to make such tough decisions. Consider:

  • Who has the access necessary to further your objectives?
  • Who is less of a risk to you?
  • Who is easier for you to manage or control?
  • Who is more accessible to recruit?
  • Who will offer you the better return?

The executive at the top has the better access and more freedom to manoeuver. However, seniority in executive ranks comes with knowledge and ego. That means the executive may have connections that can offer immunity or are even with competing criminal elements that offer a more lucrative business deal.

Executives also possess negotiating skills. You could find yourself dealing with one who drives a hard bargain and then renegotiates at the first hint of gaining the upper hand. The executive could be so ­narcissistic as to resist your guidance about discretion, making this person difficult to control. Recruiting may be another problem. You may not be able to get close to this executive without drawing undue attention. Remember that you want a way to meet discreetly while protecting yourself later by denying any association. Important people have staffs and audit trails that are easy to examine – once someone decides there is a reason to.

As for return, for all the effort it takes to get close to the executive for an assessment and recruitment pitch, is it worth it? ­Perhaps, if the executive is venal, competent, and discreet. More realistically, though, expect no more than two out of three of those qualities. Note, too, that most executives have a limited shelf life. Few stay at the top more than five years. The rest may need to accept rotational assignments, ­lateral moves, or promotions that remove them from your orbit, making them a stranded asset.

The worker at the bottom, by contrast, starts to look more attractive to the crime boss if he can find one with the right access. For instance, if the need is for plundering coffers or laundering funds through the targeted business, then you need a worker involved in financial services or automated funds transfers. Overcome this hurdle, though, and this recruitment looks more appealing. Why? This individual is going to be younger, less sophisticated, more malleable, and less possessed of the knowledge and resources most likely to backfire on you.

Use your own junior minions to find a candidate through shared acquaintances who can make introductions without ­necessarily going through six degrees of separation. Shared hobbies or high school connections may be all it takes. Failing that, Facebook or other social networking sites are more likely to help you here than they would for an executive.

As for return, it takes a modest investment and little risk for the crime boss to try this and other lowly employees until finding the best producer with prospects for remaining or advancing in the targeted business. Play your cards well, and this becomes a bonanza for you.

Back on Defense:
What to Look For

All recruited insiders give themselves away at some point. Interpersonal deception ­theory calls this ‘leakage’ – the result of the stress in maintaining the deception necessary for fraud. In any case, what purpose do ill-gotten gains serve if they remain indefinitely hidden or unused? This modern day manifestation of what Thorstein Veblen termed ‘conspicuous consumption’ becomes the defender’s ally. It supplies observable clues.

What types of activity might provide hints of criminal activity?

An executive may invest misappropriated profits in a vacation home, a day ­trading account, a side business, costly holiday trips, or even expensive schools for children. Where will the lowly employee most likely splurge? It will often be on his or her car.

Indeed, even sophisticated insiders, like CIA traitor Aldrich Ames, should have given themselves away to anyone paying attention. How else could a mid-level government employee like Ames possibly afford the burdens of a costly divorce, a demanding Colombian mistress, and drive a Jaguar on his government salary? (Ames briefly considered robbing a bank before deciding he was better suited to selling out the CIA.) So what keeps co-workers from spotting and acting on obvious indicators that something is awry?

Curse of the Indelicate Obvious
Turn back to the case of the finance agency that actually started insisting its workers demonstrate financial responsibility as a condition of employment. As a crime boss, this would worry you. It could lead back to your own people and their shared associations. Now, as a defender, imagine the expression of moral outrage your union steward displays at the gall you must have to deny employment to financial risks like this one.

Next, imagine the accusations of discrimination you will encounter if, on seeing a prospective new hire with ‘sleeves’ (full arm tattoos sometimes seen on hard core prison convicts), you advise against issuing an offer of employment. From your perspective, a good way to avoid risk is to avoid hiring people who trigger your ­concern that poor judgment may cause them treat your workplace as a platform for self expression instead of a place of business. Finally, your own personnel system is unlikely to support barring employment because someone saw the Facebook entry of a job applicant where the latter boasted about ripping off his previous employer and threatening his last boss. Why?

This is the curse of the indelicate obvious. In other words, political correctness, fear of defamation suits, or narrow view of individual roles to the point of forgetting to look out for the employer’s larger interests all converge to limit your acting on the indelicate obvious – the glaring indicators before your eyes that tell you something is seriously wrong.

Just as a trust betrayer is the crime boss’ agent, warning signs, tips, and keen observation can serve as your equivalent of a confidential informant. Like other intelligence, however, you must realize that there are times when you need not compromise your sources. This does not mean that you deny yourself their yield. Instead, you use the intelligence to spur further investigation.

Never break the law or violate your own policies in your zeal to interdict insider misdeeds, but never ignore warning signs. Instead, use what you learn to guide your next move. Expand your due diligence until you find corroboration that your employer will accept. Even if you lack investigative resources to unleash, you can always interview the hostile insider and create an opportunity for self-incrimination. Often, all it takes is just asking open-ended questions until the individual admits wrongdoing. Interviewing skills can make all the difference. The Wicklander Zulawski interviewing technique ( is particularly useful, as it predisposes the deceptive interviewee to confess, without being accusatory or confrontational.

New Trend:
Insider Attacks without People

Finally, keep an eye on developing trends that a good crime boss might embrace to lower risk and cost; the best are often disguised as the most innocuous.

Bud Miller, Executive Director of the Coupon Information Corporation, pointed out that coupon fraud of 39 to 50 cents per coupon can quickly amount to tens of millions of dollars in undeserved profits, to the financial distress of the companies redeeming coupons for products never sold. In times of economic downturn, Miller observed, “It’s going to get worse before it gets better.” Moreover, a good sign that a fraud technique is gaining traction is that seasoned fraud perpetrators and rank amateurs alike are applying it. When it comes to the latter, as Miller noted, it becomes a case of ‘disorganized crime’ whose consequences can be equally costly.

The abiding lessons? Stay watchful. Neglect indelicate, yet obvious, warning signs at your own peril.

Nick Catrantzos is an associate with Efficient Research Solutions, a consultancy specializing in economic crimes. He also manages security for a large public steward of critical infrastructure. A master’s alumnus of the Center for Homeland Defense and Security of the Naval Postgraduate School, he received the outstanding thesis award for his insider threat study in 2009. He can be reached via
© FrontLine Security 2010