ALERT Fraud 2000

By Stephen Markson, a director of Forensic Systems Group and Craig Malcolm, managing partner of Forensic Accounting & Investigative Services

Regardless of whether the new millennium starts on January 1, 2000 or 2001, its advent will provide abundant opportunities for new and almost undetectable fraud schemes rising from the resulting disruption many predict will come about from the Y2K threat. And, while financial losses arising from potential “Y2K fraud” could prove substantial for the business community and government, the insurance industry faces the most significant risk consequences.

In fact, most frauds abetted by the so-called computer systems’ “millennium bug” will already be done deeds before the turn of the century. Fortunately, analysis of the characteristics of “fraud 2000” suggests strategic initiatives that can help to detect and prevent fraud as well as mitigating direct and indirect losses.

Contrary to popular belief, computer systems problems with the year 2000 were not caused by a need of computer programmers to store dates with six characters instead of eight to save storage space in primitive computers. A system to encode and decode a particular date using only three characters of information can last for over 45,000 years!

Rather, the date format decision was prompted by familiarity of the visual representation of dates with two-digit years. As time passed and the volume of data stored this way increased dramatically, the cost of changing data and systems became an unpleasant thought in the minds of information technology managers. Why not let some other manager take it out of their budget?

Fortunately, now that we have run out of time, software development costs have come down considerably. However, the cost of converting the old data to fit new systems is still prohibitive in most cases. The least expensive thing to do would be to abandon the old data which unfortunately would also mean shutting an important window on the past.

We need this “window” to discover and quantify the potential for fraud. In some instances, the window may be partially ajar, but the cost of opening it wide enough to mine the old data properly may be greater than the value of the fraud committed, account imbalance or whatever anomaly is being investigated.

Millennium fraud and insurance

In addition to a year 2000 conversion closing the window on a past fraud, there is the potential of fraud being masqueraded as a Y2K problem. Like the blame which is heaped on the conveniently “recently departed employee” or a popular problem-child for all ails such as El Nin, Y2K has the potential of becoming the next whipping-horse for everything that goes wrong.

If a fraud is successfully disguised as a Y2K problem, whether intentionally or inadvertently, it could be covered by a Y2K insurance policy even though the policy excludes employee dishonesty. Furthermore, the exclusion may even inhibit the search for fraud! This affects underwriters directly and stands to hurt brokerages indirectly through worsening claim ratios.

As a result, both underwriters and brokerages are vulnerable to internal fraud.

Underwriters also have some of the oldest, largest and most complex systems and therefore some of the most extensive Y2K conversion programs. This, coupled with the high incidence of fraud in large companies (62% in 1966 and 57% in 1997 according to the annual KPMG survey), raises additional cause for concern.

And, while smaller brokerages will be less concerned with internal fraud risk related to their own Y2K compliance efforts, they should be aware of problems in dealing with the systems of underwriters and other business support service providers. For instance, a typical case is highlighted in the “post-dated cheque lapping scheme” outlined below:

The red flags of Fraud 2000 are a combination of characteristics of Y2K compliance efforts/conversions and business operational/accounting procedures. If a brokerage uses post-dated cheques to collect premiums and its Y2K conversion (or its underwriters’) will obscure past post-dated cheque payments, then both the brokerage and underwriter are vulnerable to a simple lapping scheme using these cheques.

If Y2K conversion implies losing (electronic) details of sales transactions and/or bank deposit activity then it can become too onerous to manually sift through bank statements and sales slips to find cash flow irregularities which could be caused by cheque/cash lapping schemes or other employee defalcations.

If Y2K conversion entails losing or obscuring return/exchange data, inventory transactions, related sales and supplier accounting information, then the ability to investigate unusual inventory shrinkages, high returns/low sales, item substitution and supplier exchange anomalies is significantly hindered.

Detection and prevention

Watch for the red flags of fraud 2000: Y2K conversions that close the window on past information coupled with anomalies in business operations. Test for anomalies before conversion.

If these or similar anomalies are found then a more detailed fraud 2000 audit may be warranted.

Review your Y2K conversion plan with regard to fraud 2000 and fraud in general.

Open the window to the past by archiving old data in a format that can be mined in the future.

Review and test your new Y2K-compliant systems for fraud accessibility.

Implement anti-fraud measures in your Y2K-compliant systems

Develop a systems evolution plan and review it at regular intervals. Beware of system changes or enhancements that may provide the event necessary to close and restart or expand a fraud such as a lapping scheme.

Fraud beyond 2000

As systems become more advanced, as electronic commerce spreads, and with a major influx of new financial systems resulting from Year 2000 conversions, the opportunities for fraud are multiplying. Furthermore, the fraud incidences are also becoming more complex and difficult to detect and qualify. As such it is likely that fraud is going to become more difficult to prevent without pro-active intervention now.

Deployment of fraud detection, prevention and mitigation strategies and systems prior to Year 2000 conversions can not only alleviate some of these risks, but can provide a sound basis for fraud elimination in the new millennium as part of an integrated systems evolution plan.-