Criminals CAST A Wider NET
On June 11, 2014, thousands of South Korean police launched a nationwide manhunt and raided a religious compound. Their target was a fugitive billionaire and leading religious figure, Yoo Byung-eun, wanted as part of an investigation into embezzlement and tax fraud. Yoo Byung-eun is believed to be the owner of a ferry that sank in April 2014, killing almost 300 people, and authorities suspect that rampant corruption led to lax safety standards aboard that ferry.
While police forces tried to gain entrance to the compound, almost 200 members of the religious community rallied against the raid, as rain fell in the complex outside of Anseong city. Some members even hoisted a banner saying “We’ll protect Yoo Byung-eun even if 100,000 church members are all arrested,” while forming a blockade in front of the compound’s entrance. By the next day, however, 9,000 police officers had stormed the compound in search of Yoo Byung-eun.
This might sound like an extreme case, but it’s just another day at the office in the world of white collar crime, with new allegations of widespread corruption, embezzlement, money laundering, and fraud surfacing almost daily. According to the 2014 Economic Crime Survey by PwC, more than one in three organizations are impacted by economic crime. Additionally, companies that experience bribery and corruption more frequently reported economic losses of more than $5 million, the survey says.
In addition, the 2014 Report to the Nations on Occupational Fraud and Abuse, by the Association of Certified Fraud Examiners, estimates global fraud at $3.7 trillion.
“The financial costs and collateral damage caused by incidences of bribery and corruption—especially in the light of the penalties imposed by governments through increasingly aggressive anticorruption enforcement—can be significant,” the PwC survey explains. And the C-suite is taking notice as 53 percent of the more than 5,000 PwC survey respondents reported that they are concerned about the effect of economic crime, such as bribery and corruption, on their business.
Shortly after former Ukrainian President Viktor Yanukovych fled the country and his office in the spring of 2014, the authorities began looking into Mistral, a trading firm for management consulting and research that did millions of dollars’ worth of deals before going out of business. But when the police attempted to go to Mistral’s Kiev office, all they found was a hole in the ground where the foundation of an apartment complex was being built. The company had seemingly vanished.
After a deeper look—into the numbers, not the hole—authorities say Mistral may never have existed in the first place and that it may be one of numerous phantom firms suspected of stealing $11 billion of Ukraine’s tax revenue over the past three years. These phantom firms were fake companies used by legitimate businesses to reduce their tax bills. According to recent estimates, some 1,700 legitimate businesses were involved in the scam and were flushed out by identifying 100 to 120 phantom firms and tracking who was involved in their business deals.
The authorities have launched approximately 30 investigations to take down the phantom firms and locate the missing funds. However, it won’t be an easy task, as many of the country’s former tax officials were part of the scheme, giving the phantom firms immense power to avoid scrutiny in a country that is rife with corruption.
While the investigations are ongoing, Ukraine’s economy is being held together with the help of an International Monetary Fund loan package and pledged aid from the United States and other countries. But its ability to bounce back from the brink of economic disaster balances on whether it can make strides in overhauling corruption throughout the nation.
The problem is a global one. More than one in four people reported having paid a bribe in the last 12 months when interacting with key public institutions and services, according to the 2013 Global Corruption Barometer by Transparency International. The report’s findings are based on a survey of more than 114,000 people in 107 different countries and addresses people’s direct experiences with bribery.
Eight services were evaluated by the report, and among them, the police and the judiciary are seen as the two most bribery-prone. “An estimated 31 percent of people who came into contact with the police report having paid a bribe,” the report said. Bribery rates of the police were highest in the Democratic Republic of the Congo, Ghana, Indonesia, Kenya, Liberia, Nigeria, and Sierra Leone with 75 percent or more of respondents from these countries admitting that they had bribed the police at least once in the past year. Additionally, a majority of people around the world believe that their government is ineffective at fighting corruption, and that corruption in their country is getting worse.
Corruption has always been and remains a major focus of the U.S. Department of Justice’s (DOJ) Criminal Division, says former Acting U.S. Assistant Attorney General David O’Neil. “When corruption takes hold, American companies are harmed; it also harms the countries where it’s taking place—those countries are less safe, their governments are less committed to the rule of law, and they become breeding grounds for other types of crimes,” he explains.
While law enforcement is focused on global corruption, lawyers are taking note of it as well. In the United States, most of this focus has been on the DOJ’s cases involving the Foreign Corrupt Practices Act (FCPA).
“A lot of the DOJ’s concerns in many cases seem to be saying that the biggest problems are failure of due diligence pre-acquisition and post-acquisition,” explains American Bar Association’s White Collar Crime Committee Chair David Rosenfield. This can lead to the discovery that companies are “not doing the necessary due diligence that would have turned up potential bribery issues,” adds Rosenfield, counsel at Herrick, Feinstein LLP in Manhattan.
One example of a recent case involves Avon, the door-to-door cosmetics company, which recently announced that it would pay $135 million to settle federal probes into whether it engaged in bribery in China. Avon was among the first companies to obtain a license to sell products directly to consumers in China after the country removed a ban on the practice in 2006. By mid-2006, Avon had hired more than 114,000 salespeople in China and viewed the potential market at $1 billion.
The company began looking into allegations of improper payments in China during 2008 after a whistleblower submitted a letter to the company’s former CEO Andrea Jung. Avon then released information that the internal investigation expanded to countries beyond China. It also disclosed that it had spent at least $344 million on its own investigation.
The large legal costs of Avon’s probe attracted the attention of the federal government, which then led to an external investigation and the penalty to settle criminal and civil claims that the company violated the FCPA.
O’Neil says that he anticipates the DOJ will continue to focus on prosecuting corruption. “I think corruption is now, and is going to continue to be, an area where you see a lot of activity in the department and one I think should be of concern to corporations,” he explains. “Our enforcement efforts send a very loud message that you’ve really got to have robust and effective compliance programs in place.”
Another area of concern in white collar crime for the DOJ is bank integrity. “Financial institutions, banks especially, play a critical role in protecting our financial system and our economy from illicit financial threats,” O’Neil explains. “And banks play a gatekeeper role to guard against those types of influences entering the U.S. financial system.”
To help safeguard the banking system, the DOJ expects those in the financial system to meet their Bank Secrecy Act obligations. Passed in 1970, the act requires U.S. financial institutions to assist government agencies in detecting and preventing money laundering. “Specifically, the act requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000, and report suspicious activity that might signify money laundering, tax evasion, or other criminal activities,” according to the Financial Crimes Enforcement Network of the U.S. Department of the Treasury.
When financial institutions don’t follow these rules, the DOJ “will prosecute institutions and individuals,” O’Neil says. And the size of the institution does not matter when the DOJ is planning to prosecute, U.S. Attorney General Eric Holder said in a video message earlier this year. “I intend to reaffirm the principle that no individual or entity that does harm to our economy is ever above the law,” Holder explained. “There is no such thing as ‘too big to jail.’”
While the Bank Secrecy Act might focus on the U.S. financial system, additional measures address financial issues in the world economy. After the terrorist attacks on 9-11, President George W. Bush signed an executive order that gave the secretary of treasury and secretary of state additional powers to go after the finances of terrorist groups. These powers expanded the scope of potential targets from terrorists themselves to the financial facilitators and instruments of the financial infrastructure associated with them, says Juan Zarate, a senior adviser at the Center for Strategic and International Studies (CSIS) and author of Treasury’s War: The Unleashing of a New Era of Financial Warfare.
The United States expanded on these powers in the Patriot Act with the International Money Laundering Abatement and Financial Terrorism Act of 2001. This requires the financial service industry to report potential money laundering transactions to the authorities and to identify ownership of transactions and those receiving the transactions, the source of the funds within an account at the institution, and information sharing guidelines between nation-states about money laundering and suspicious activity.
These powers have allowed the U.S. Treasury Department to declare almost any bank in the world a “primary money laundering concern,” Zarate explains, casting suspicion on the financial activities of the bank to the point where the global market will not conduct business with it anymore.
Despite being implemented in 2001, these powers weren’t fully recognized until 2005 when they were used against North Korea, according to Zarate. The United States has had sanctions in place against North Korea, limiting trade with the country since the Korean War. Despite the sanctions, however, North Korea wasn’t isolated financially from the rest of the world because it was doing business through the Banco Delta Asia in Macau. In turn, that bank was doing business with other banks in the global economy, which was a concern for the United States because North Korea engages in money laundering, counterfeiting, and drug trafficking, Zarate writes.
After a series of unsuccessful talks on North Korea’s nuclear program, the Treasury Department issued a proposed rule 3.11, similar to an indictment, against Banco Delta Asia for lack of money laundering controls. This action blacklisted the bank and shut it out of the U.S. financial system, which because of its global interconnectedness essentially shut the North Koreans out of the international financial system. No one, including the Bank of China, wanted to be caught doing business with the North Koreans for fear that the United States would impose a similar action on them as well.
After a few weeks, the blacklisting brought the North Koreans back to the negotiating table and the rule 3.11 was lifted. The success with this strategy created the foundation for the financial sanctions against Iran, which is currently in talks with international leaders about making changes to its nuclear programs to lift those sanctions.
In the 1990s, Chinese nationals were hired to work in American territories—such as Guam and American Samoa. The U.S. government issued these employees Social Security cards that began with the numbers 586. When the workers finished their jobs, they returned to China.
Criminals purchased more than 20,000 of the “586” cards and then found buyers for them throughout the United States. One of these buyers was New Jersey resident Sang-Hyun “Jimmy” Park. Seeing the potential to abuse the system, Park worked with a group of conspirators to sell the “586” cards for a fee, promising to help customers use the cards to get other forms of identification, including driver’s licenses. Park even actively advertised for customers, recruiting participants by placing ads in Korean language newspapers that promised “easy credit and easy money.”
Once customers were engaged and new identities established using the fraudulent Social Security cards, Park helped them establish credit through various means. One method included adding a new identity to an existing credit card account whose owner had excellent credit. The owners of the legitimate accounts were paid a fee for this service. After the customers had built a line of good credit, Park helped them obtain their own credit card and open a bank account.
“With valid credentials and high credit scores, the 586 card owners could open credit accounts everywhere—banks, retail stores, car dealerships—the sky was the limit,” said FBI Special Agent Theresa Fanelli in a press release about the scheme. And the scammers took advantage of this. They proceeded to use their new credit cards excessively, charging as much as $30,000 a month.
When the monthly bill came, the scammers then made online or telephone payments using accounts that had no money behind them. They did this with the knowledge that the banks and retail outlets could take days to discover the payments were bogus, during which they could charge even more items to the credit card.
The FBI began investigating Park and his conspirators in 2008 after a Bergen County, New Jersey, Police Department detective investigating the murder of a Korean family found multiple sets of driver’s licenses and identities at the crime scene. The detective suspected the family was engaged in identity fraud and tipped off the FBI, which went on to arrest 54 individuals involved in the scheme, including Park.
Park admitted to defrauding numerous companies out of millions and was sentenced to 12 years in prison earlier this spring. After he serves his sentence, he will be deported to South Korea.
While Park’s ring focuses on using identity theft to steal cash and consumer goods, the FBI and the Internal Revenue Service (IRS) have noted a significant increase in the use of stolen identities to commit tax refund fraud. In 2011, the IRS conducted 276 identity theft investigations, which tripled to approximately 900 in 2012 and is expected to continue to grow. Additionally, for the 2011 tax year, the IRS reported approximately 1.1 million suspicious tax returns, which resulted in the issuance of more than $3.6 billion fraudulent refunds.
While average individuals are the normal targets of such schemes, public figures, such as U.S. Attorney General Eric Holder and corporate executives, are increasingly being targeted.
In the scheme, an individual fills out a federal tax return online with stolen identity information and phony wage and tax withholding figures. The individual then informs the IRS how to provide the refund—a check mailed to a certain address, a direct deposit into an account he or she controls, or a deposit onto a debit card in his or her possession.
One person usually handles this in a simple scheme, but there have been more sophisticated operations recently—like Park’s—where a number of individuals play different roles. Various members of the group steal identity information, file returns online, and collect the refund.
The use of technology is contributing to the increase in tax refund fraud, says Bryan P. Smith, a unit chief of the FBI’s Financial Institution Fraud Unit. “The ongoing advancements in technology have provided criminals seeking to acquire and sell electronically stored personal identifying information with new and expanded platforms capable of exploiting system vulnerabilities with a reduced chance of detection,” Smith explains.
In turn, with the increasing amount of personal identifying information stored within various companies and other entities, there’s an increased risk of identity theft. This is especially worrisome for homeland security, as revenue collected through tax refund fraud can be used for purposes beyond lining an individual’s pocket.
“When organized crime groups and fraudsters gain access to this information, it is no longer just to run up credit card debt or access a bank account, but to fully utilize the capabilities of the compromised identities,” Smith says. This includes using funds for criminal activity, including drug trafficking, money laundering, public corruption, and terrorism.
Along with tax refund fraud, the FBI has also identified instances of identity theft being used by groups for a broad spectrum of violations. These include mortgage fraud, investment fraud, healthcare fraud, public corruption, organized crime, drug trafficking, and others, Smith explains.
And the FBI doesn’t see the trend going away anytime soon. “Identity thieves are increasingly seeking ways to compromise systems to acquire large volumes of personally identifiable information and financial data, which can easily be sold on illicit Web sites and underground forums,” Smith says. “The more sophisticated cyber-related identity theft schemes will likely increase as perpetrators are able to acquire massive amounts of stolen personally identifiable information in a matter of minutes.”
With the rise in identity theft, the question is how does this impact the business world? Identity theft seems to be an individual issue. Someone steals someone’s identity and uses that identity to make fraudulent charges, or create false documents, impacting the victim personally. But looking at the bigger picture, identity theft also hurts business, says Cynthia Hetherington, president of the Hetherington Group, a consulting, publishing, and training firm focused on intelligence, security, and investigations.
When someone’s identity is stolen, it’s a theft of time against that person, explains Hetherington, who is also the chair of ASIS International’s Economic Crime Council. But because the institution is responsible for covering the costs of the crime, “the crime actually happens against the institutions; banks and financial institutions, when we talk about identity theft, they’re also the victims.”
Banks and financial institutions are responsible for covering the cost of any fraudulent charges. This results in vast amounts of damage that banks are forced to write off because it is difficult to locate the criminal accountable for most fraudulent charges. Also, in some cases it is cheaper for the bank to absorb the cost instead of implementing a full investigation.
Fraud like this causes “hundreds of thousands of dollars in damage, and the banks are absorbing it, which means overall the price of everything goes up,” Hetherington says. The banks are going to say, “Well the cost of fraud is very expensive, so we will raise our rates,” to cover these costs, she adds.
Additionally, when personally identifiable information is stolen from companies to engage in identity theft, it can cause brand damage that’s extremely difficult to recover from. The most recent example of this is the data breach that occurred within Target’s system, compromising the credit and debit card information of 40 million customers along with the personally identifiable information of 70 million other customers.
“Neiman Marcus, Target, all of these stores that had themselves basically beaten up and raked over the coals. Their reputations are sullied,” Hetherington explains. In turn, this brand damage makes customers cautious about whether or not they want to shop at these particular stores because their payment information wasn’t secured.
“Once your company gets publicly embarrassed in such a fashion, your sales are going to drop,” Hetherington says. “And it’s going to be a massive issue.”
When it comes to compliance for businesses, the law is still developing on how companies will be held accountable for data breaches that compromise customer information within their networks. However, it’s an area that the DOJ is paying close attention to.
“I think the recent breaches have really brought home to everybody how vulnerable a company’s computer systems can be to cybercriminals,” O’Neil explains. “And I think security officials really need to heed that warning, not only for the direct consequences of the breach but to make sure that they are complying with the legal standards that will develop over the next several years.”
O’Neil says that he sees the law developing through individual lawsuits, regulatory actions, and through the need to obtain cyber insurance coverage to address data breaches. “All of those things coming together are going to rapidly define what the legal standards and the due diligence requirements for a company in this area are,” he explains.
“The traditional areas of risk for compliance and security officers are well established—money laundering, anticorruption, and fraud in other forms,” O’Neil says. “Security officials and compliance officials are going to rapidly need to turn their focus to cyber and to information security in the same way and with the same kind of focus.”