Insider Fraud and Sabotage

Insider Fraud and Sabotage: Comprehensive Study Notes

Insider Fraud

• Definition and Scope: This chapter focuses on sophisticated criminals, particularly those who seek financial gain through internal fraud.

• Perpetrators: Insider fraud can be perpetrated by a wide range of employees, including managers and even board members.

• Factors Contributing to Fraud:

  • A permissive organizational environment.

  • Misplaced trust by management.

  • Inadequate internal controls, or existing controls that are not properly enforced.

• Types of Insider Fraud Schemes:

  • Rogue Employee Acting Alone: An individual employee perpetrating fraud independently.

  • Internal Criminal Enterprise: Insiders conspiring with other insiders to commit fraud.

  • External Recruitment: Insiders being recruited by outside organized crime groups.

  • Infiltration by Organized Crime: Outside organized criminal elements gaining employment within an organization specifically to obtain insider access and commit fraud.

• Impact of Management Involvement:

  • Fraud crimes involving management-level employees consistently result in higher average losses compared to those by lower-level employees.

  • CERT Insider Threat Cases (2012): Two cases involving management-level insiders resulted in thefts ranging from $250,000$ to over $48$ million.

  • ACFE 2016 Global Fraud Study Findings:

    • Origin of Schemes: Most fraud schemes originated in the accounting department ($16.6\%$), followed by operations, sales, upper management, customer service, purchasing, and finance.

    • Correlation with Authority: The perpetrator's level of authority was strongly correlated with the size of the fraud.

    • Median Losses: The median loss by an executive was $703,000$, which was $4$ times higher than losses caused by managers and $11$ times higher than those by regular employees.

    • Recruitment and System Bypass: Management-level employees often recruit lower-level employees, leveraging their combined knowledge of the organization's systems, controls, and procedures to bypass security checkpoints and evade scrutiny.

Case Study: Jerome Kerviel – Insider Acting Alone

• Background: Jerome Kerviel obtained a master's degree in finance in $2000$. He started in an entry-level compliance position at Societe Generale, where he gained extensive knowledge of the bank's compliance controls, alerts, and thresholds between $2000$ and $2005$.

• Fraud Mechanics: Promoted to junior trader in $2005$, Kerviel spent $3$ years conducting thousands of fictitious, unauthorized, and noncompliant transactions. He skillfully avoided the internal system triggers and alerts designed to notify management of such activities.

• Detection: In $2008$, a compliance auditor investigating a large transaction uncovered years of accumulated trading risk orchestrated by Kerviel.

• Consequences:

  • Kerviel was fired and charged with attempted fraud, abuse of confidence, and illegal access to computers.

  • The damages to Societe Generale totaled approximately $7$ billion.

  • Kerviel was convicted and sentenced to $3$ years in prison (serving $5$ months) and initially ordered to pay $6.9$ billion in restitution, later reduced to $1$ million.

CERT Insider Threat Study (U.S. Financial Services Sector - 2012)

• **