Top Trends in Fraud & FCPA Risk Mitigation, as Told by a 28-year FBI Veteran

October 2017

You can learn a lot about risk mitigation at the FBI’s New York City office. Just ask BDO’s Neil Moran, who spent 28 years there as a special agent and an undercover coordinator and supervisory special agent working on a variety of criminal cases relating to fraud and bribery, international money laundering and organized crime. We sat down with him to discuss his top takeaways from working at the FBI, best practices for mitigating FCPA-related risks and more.

Can you explain more about your area of expertise and how your experience at the FBI has prepared you for your current work at BDO?

Much of my passion for investigations developed from my experience serving as a special agent, an undercover coordinator and a supervisory special agent at the FBI’s New York City office for more than 28 years. During my time there, I was involved in a wide variety of criminal investigations including cases related to fraud and international money laundering, organized crime, federal civil rights violations and more. My experience in both domestic and global cases developed and enhanced my ability to recognize the common red flags of corruption and fraud in an organization, and the many ways they can proliferate through several levels and departments. In addition, I had the opportunity to develop a deep working knowledge of many anti-corruption government regulations and business compliance best practices.

My work today with the BDO Global Forensics team is, in many respects, similar to my work at the FBI: We conduct corporate internal investigations on corruption and fraud-related cases, including securities fraud and the misappropriation of funds, among others. Our clients include law firms, nonprofits and financial and educational institutions—privately held and publicly traded companies representing several industries globally.

What are some of the most common cases of corporate fraud that you’ve seen, and what are some of the warning signs companies should look out for?

While many variations of fraud exist, the most common cases usually fall into one of three main categories: asset misappropriation, corruption or financial reporting fraud. Asset misappropriation, the most common type of corporate fraud, occurs when employees steal or misuse company assets. Corruption includes activities ranging from bribery to excessive gift-giving to kickbacks and collusion or bid rigging during the pre-and post-procurement stages. Finally, financial reporting fraud occurs when a company misrepresents key financial data to deceive investors, often to portray itself in a more favorable light.

One example of an asset misappropriation case I’ve worked on involved payroll fraud, wherein an individual had managed to embezzle over $5 million largely through the creation of “ghost employees.” In this type of fraud, a dishonest employee adds “ghost employees”—employees who do not actually work for the company—to the company’s payroll. The fraud initiator then collects expenses and/or the wages paid to the ghost, often, and in this instance, automatically via the payroll system. Warning signs that this may be occurring include duplicate account numbers, addresses or social security numbers; employees who are not withholding any type of tax; and/or identical bank accounts with direct deposits under different employee names.

In general, warning signs of financial reporting fraud range from missing documents to excess purchases to inventory shortages. More specifically, heavy reliance on related party transactions, large shipments at the quarter and year-end and highly (but unnecessarily) complex transactions can all be red flags.

What makes companies especially vulnerable to fraud or corruption?

Every organization is vulnerable to fraud in a different way. However, what makes organizations across the board vulnerable is oftentimes a lack of accountability, proper internal anti-corruption controls or both. I have been involved in many investigations wherein top-level executives or employees at companies participate in corrupt practices because there is no one there to stop them—or are too afraid of losing their jobs to take action. In other words, no accountability exists for the employee committing the fraud, and/or no protection mechanisms exist for those who are aware of it. There is often a remarkable change in employee demeanor the minute we come onto the scene and explain that we are there to conduct an investigation.

Other organizations do have internal controls, but are simply disorganized. The procedures in place are vague and/or conflicting, and there is no real sense of an overall comprehensive framework by which employees can abide. Because protocols can be so disorganized, training is often lacking, and employees do not truly understand the serious nature of a violation. Add to this the external pressures to meet certain business or personal goals, and it’s easy to be tempted into committing a corrupt or fraudulent act.

Another interesting observation that I have found after working many investigations is that many small and mid-sized companies—many of which experience little-to-no turnover and maintain mostly long-term employees—feel somewhat immune to the possibility of fraud taking down their firm. I cannot count the number of occasions when I have had senior management tell me, “Fraud doesn’t happen in our company—we trust our employees and have good and honest people.” While that might very much be the case, it’s important that all companies, regardless of size, exude caution when dealing with fraud risks.

What are some best practices for mitigating FCPA-related and fraud risks for companies operating internationally—especially in countries where bribery is often part of securing business?

Curbing corruption in developing countries is often very challenging, since the business practices are often very different from those in the U.S., and corruption can be deeply rooted in the culture. These challenges make it especially critical for companies entering foreign markets to proactively conduct due diligence, closely monitor third-party relationships, train employees on anti-corruption and FCPA compliance, and implement internal controls and governance structures that make recognizing and reporting corrupt practices straightforward, as well as mandatory. In addition to these measures, companies must also proactively keep up with new regulatory changes and hold their employees, joint venture partners, distributors and/or agents accountable.

What are the common trends you see in fraud prevention and detection?

Recent technological advancements have played a critical role in helping companies with fraud prevention. Data analytics especially has helped companies spot irregular data patterns and situational anomalies that could be a sign of fraud or corruption at work. Through the automation of many of these processes, organizations can detect early fraud warning signals, perform repeatable tests and stop misconduct before it grows out of control.

Nevertheless, the use of data analytics comes with many challenges and risks as well—including the reliance on poor data quality and extensive data volumes, which can strain existing data analysis infrastructure not equipped to handle large amounts of data. Data security, including integrity and confidentiality, is another important factor to consider. Finally, the presence of personnel with the skills and training required to perform the analysis, interpret the results and suggest potential areas of improvement is a necessity. Despite its challenges, however, using data analytics to help identify red flags in a timely and effective manner is well worth the effort and an imperative for companies looking to mitigate fraud risk overall.

How can BDO help?

Our knowledgeable professionals have feet on the streets in more than 150 countries—working to best serve our clients with customized solutions that address their specific issues. BDO’s Global Forensics Practice can help build a comprehensive compliance framework, use state-of-the-art technology to test transactions, identify unusual patterns and anomalies and locate fraud. We’re well versed in international and local regulations, with relationships spanning across sectors to ensure our clients are well positioned to deter and detect fraud and corruption.

About Neil Moran
Neil Moran is a managing director in BDO’s Global Forensics practice with more than 40 years of experience in the private sector and the FBI. In 1993, he was awarded the FBI Shield of Bravery and the FBI Star by the Director of the FBI.

Neil’s extensive investigative FBI experience, along with his experience testifying before state and federal grand juries and in U.S. District Court and New York State criminal court, enables him to be a trusted partner to corporate clients and the legal community on a variety of corruption and fraud-related matters.

For more information, please contact him at [email protected].

Nina Gross
DC Practice Leader
Managing Director
Neil Moran
Managing Director