Abstract :
Outsourcing non-core business activities to third parties is a world wide trend these days. However while doing so, organizations often incur risks that may put the entire business operations at stake either immediately or a time later.
Thus special care is needed while stepping into any kind of outsourcing arrangement with a service provider.
By Nikhil Parulkar
Full article is as below:
A blog dedicated to the anti-fraud community towards creating awareness and preventing Fraud and all related fields and activities
Sunday, December 5, 2010
Monday, November 29, 2010
Babu asked bribe for Delhi posting: Bedi
AHMEDABAD: After Ratan Tata revealed how he had refused to pay bribe when he wanted to start an airline service, it was Kiran Bedi's turn to expose a similar case. She recounted a bribe demand by a government official in return for a desirable post in Delhi police at the IIM-A campus on Sunday.
Attending the B-school's annual event Confluence 2010, Bedi disclosed that a government official holding an important position at that time asked for Rs 6 lakh if she wanted a posting in Delhi as her tenure in Mizoram had ended in 1992.
"I refused to pay the amount and asked them to print the money themselves and take it. Because of this, they kept me waiting for nine months and did not assign me any duty after which they finally posted me in Tihar Jail," she said.
Bedi shared these experiences related to corruption while speaking at the valedictory function of IIM-A's business school summit. However, she refrained from sharing the name or identity of the official who demanded the bribe. She said the biggest corruption scams in the country are handiworks of corporates.
"Corporates are corrupting the government" she said, adding, "It is my sincere request that the institute undertakes research to find out why these young talented and educated officers are getting into corruption." According to her, another research must be conducted to find out why these talented bureaucrats corrode and why don't they speak up about corruption before their retirement.
Referring to other issues, which need to be researched she said, "So many engineers are getting into administrative services. Is not it waste of all the skills they learnt as engineers? We need to find out who are better managers; people from arts background or people from the science background."
Source: The Times of India; November 29, 2010
Attending the B-school's annual event Confluence 2010, Bedi disclosed that a government official holding an important position at that time asked for Rs 6 lakh if she wanted a posting in Delhi as her tenure in Mizoram had ended in 1992.
"I refused to pay the amount and asked them to print the money themselves and take it. Because of this, they kept me waiting for nine months and did not assign me any duty after which they finally posted me in Tihar Jail," she said.
Bedi shared these experiences related to corruption while speaking at the valedictory function of IIM-A's business school summit. However, she refrained from sharing the name or identity of the official who demanded the bribe. She said the biggest corruption scams in the country are handiworks of corporates.
"Corporates are corrupting the government" she said, adding, "It is my sincere request that the institute undertakes research to find out why these young talented and educated officers are getting into corruption." According to her, another research must be conducted to find out why these talented bureaucrats corrode and why don't they speak up about corruption before their retirement.
Referring to other issues, which need to be researched she said, "So many engineers are getting into administrative services. Is not it waste of all the skills they learnt as engineers? We need to find out who are better managers; people from arts background or people from the science background."
Source: The Times of India; November 29, 2010
Wednesday, November 24, 2010
Conducting a forensic investigation post the incident reporting
Abstract:
Fraud is a prevalent and a pervasive incident, and the investigation needs to be thorough and fair. Good investigators are those who seek facts with a substantial degree of independence. It is also critical that good investigators imbibe values of thoroughness and objectivity while conducting an investigation; such investigators are likely to have more credibility and their findings are more likely to be accepted as fair & unbiased.
Full Article Link is as below:
http://searchsecurity.techtarget.in/tip/Investigate-fraud-with-these-best-practices
Fraud is a prevalent and a pervasive incident, and the investigation needs to be thorough and fair. Good investigators are those who seek facts with a substantial degree of independence. It is also critical that good investigators imbibe values of thoroughness and objectivity while conducting an investigation; such investigators are likely to have more credibility and their findings are more likely to be accepted as fair & unbiased.
Full Article Link is as below:
http://searchsecurity.techtarget.in/tip/Investigate-fraud-with-these-best-practices
Tuesday, October 5, 2010
ON GUARD:- ‘Wipro fraud probe hints at involvement of multiple officials’
PROBE COMMITTEE TO SUBMIT REPORT BY MONTH-END
EARLY investigations into the embezzlement reported at Wipro, earlier this year, hint at the involvement of multiple officials and units within the company’s financial department, people familiar with the ongoing probe told ET. Last week, Wipro said it will file its annual report with the US Securities and Exchange Commission for the yearended March 2010 more than a month after the scheduled September 30 deadline, as it awaits the investigations to be completed.
Audit firm Ernst & Young, apart from an internal probe committee led by Narayanan Vaghul, former chairman of ICICI and an independent director with the country’s third-biggest software exporter will submit their reports to the company’s board later this month, according to persons with knowledge of the developments.
“The embezzlement has been happening over three years. It cannot be carried out in isolation. The objective of investigations is to identify the process improvements and even fix accountability,” one of the persons told ET, requesting anonymity. He added that it was still too early to draw conclusions, since the investigation is expected to be completed by October-end only.
The fraud came to light in December last year after a banker to the firm alerted Wipro about an overdraft. An employee working with Wipro’s ‘controllership’ division, within the finance department, had embezzled about $4 million by exploiting the exclusivity of access to the company’s banking accounts. Wipro declined to offer any comments, as the company is in a silent period ahead of its second quarter results later this month. An Ernst & Young spokeswoman did not respond to a query sent by ET.
As reported by ET in February this year, a Wipro staff embezzled crores of rupees over the past three years, sending the country’s thirdlargest software exporter scrambling to tighten internal controls in the finance division, where the incident took place. The employee had been working with the company for the past three years in the ‘controllership’ division, within the finance department. This cell is responsible for keeping the company’s financial books and also has powers to authorise payments whenever needed. The employee siphoned off the company’s money to his personal savings accounts in multiple transactions, worth anywhere between 1 lakh and 1.2 crore, and used the money to acquire jewellery, apart from making other investments, including buying land.
Apart from investigating how the processes were tweaked to carry out the embezzlement, E&Y, along with the internal auditors, is also examining if there were more departments and people involved in the incident. For instance, while the controller ship unit, where the embezzlement happened, is responsible for authorising payments, such requests are processed by Wipro’s payments-processing department called Wividus.
However, Suresh C Senapaty, CFO of Wipro, had denied involvement of more than one Wipro staffer in this embezzlement. “Our investigations have revealed that only this employee was involved, and nobody else in the team had any clue,” Mr Senapaty had said. Wipro has since disbanded the controllership unit and even introduced several changes.
“Already, no cheque payments are being made by Wipro to any vendor, especially after the embezzlement was reported. There could be more changes after the recommendations are accepted,” another person familiar with the developments told ET.
Among other changes being examined is the rotation of staff handling sensitive functions within the finance department.
In a statement issued last week, Wipro said it has already recovered all of the embezzled money.
“Wipro, together with its audit committee, conducted an investigation to determine, among other things, the materiality of the amounts embezzled and to assess the design and implementation of internal control processes. Based on its review of the facts discovered during its investigation, Wipro believes that the amounts embezzled were not material,” the company said in a statement issued on October 2.
Wipro brought Ernst & Young to minutely verify the audited accounts that were earlier certified by the company’s statutory auditor BSR — an audit arm of KPMG. Both E&Y and KPMG are part of the Big Four accounting firms that typically audit large companies such as Wipro.
Among other measures being considered, employees working in sensitive functions within the finance department may be rotated more frequently. Currently, employees in such functions spend around three years before a transfer. Going forward, Wipro also plans to make it mandatory for employees working in the finance division and elsewhere to sign an undertaking about sharing of passwords and any unauthorised transactions.
CHECKS & BALANCES
Wipro said last week, it has already recovered all of the embezzled money
As a precautionary measure, employees working in sensitive functions within finance dept may be rotated more frequently
Wipro also plans to make it mandatory for staff working in finance dept to sign an undertaking about sharing of passwords and any unauthorised transactions.
Source: The Economic Times; dt. 05.10.10
EARLY investigations into the embezzlement reported at Wipro, earlier this year, hint at the involvement of multiple officials and units within the company’s financial department, people familiar with the ongoing probe told ET. Last week, Wipro said it will file its annual report with the US Securities and Exchange Commission for the yearended March 2010 more than a month after the scheduled September 30 deadline, as it awaits the investigations to be completed.
Audit firm Ernst & Young, apart from an internal probe committee led by Narayanan Vaghul, former chairman of ICICI and an independent director with the country’s third-biggest software exporter will submit their reports to the company’s board later this month, according to persons with knowledge of the developments.
“The embezzlement has been happening over three years. It cannot be carried out in isolation. The objective of investigations is to identify the process improvements and even fix accountability,” one of the persons told ET, requesting anonymity. He added that it was still too early to draw conclusions, since the investigation is expected to be completed by October-end only.
The fraud came to light in December last year after a banker to the firm alerted Wipro about an overdraft. An employee working with Wipro’s ‘controllership’ division, within the finance department, had embezzled about $4 million by exploiting the exclusivity of access to the company’s banking accounts. Wipro declined to offer any comments, as the company is in a silent period ahead of its second quarter results later this month. An Ernst & Young spokeswoman did not respond to a query sent by ET.
As reported by ET in February this year, a Wipro staff embezzled crores of rupees over the past three years, sending the country’s thirdlargest software exporter scrambling to tighten internal controls in the finance division, where the incident took place. The employee had been working with the company for the past three years in the ‘controllership’ division, within the finance department. This cell is responsible for keeping the company’s financial books and also has powers to authorise payments whenever needed. The employee siphoned off the company’s money to his personal savings accounts in multiple transactions, worth anywhere between 1 lakh and 1.2 crore, and used the money to acquire jewellery, apart from making other investments, including buying land.
Apart from investigating how the processes were tweaked to carry out the embezzlement, E&Y, along with the internal auditors, is also examining if there were more departments and people involved in the incident. For instance, while the controller ship unit, where the embezzlement happened, is responsible for authorising payments, such requests are processed by Wipro’s payments-processing department called Wividus.
However, Suresh C Senapaty, CFO of Wipro, had denied involvement of more than one Wipro staffer in this embezzlement. “Our investigations have revealed that only this employee was involved, and nobody else in the team had any clue,” Mr Senapaty had said. Wipro has since disbanded the controllership unit and even introduced several changes.
“Already, no cheque payments are being made by Wipro to any vendor, especially after the embezzlement was reported. There could be more changes after the recommendations are accepted,” another person familiar with the developments told ET.
Among other changes being examined is the rotation of staff handling sensitive functions within the finance department.
In a statement issued last week, Wipro said it has already recovered all of the embezzled money.
“Wipro, together with its audit committee, conducted an investigation to determine, among other things, the materiality of the amounts embezzled and to assess the design and implementation of internal control processes. Based on its review of the facts discovered during its investigation, Wipro believes that the amounts embezzled were not material,” the company said in a statement issued on October 2.
Wipro brought Ernst & Young to minutely verify the audited accounts that were earlier certified by the company’s statutory auditor BSR — an audit arm of KPMG. Both E&Y and KPMG are part of the Big Four accounting firms that typically audit large companies such as Wipro.
Among other measures being considered, employees working in sensitive functions within the finance department may be rotated more frequently. Currently, employees in such functions spend around three years before a transfer. Going forward, Wipro also plans to make it mandatory for employees working in the finance division and elsewhere to sign an undertaking about sharing of passwords and any unauthorised transactions.
CHECKS & BALANCES
Wipro said last week, it has already recovered all of the embezzled money
As a precautionary measure, employees working in sensitive functions within finance dept may be rotated more frequently
Wipro also plans to make it mandatory for staff working in finance dept to sign an undertaking about sharing of passwords and any unauthorised transactions.
Source: The Economic Times; dt. 05.10.10
Tuesday, September 28, 2010
'Another US recession likely'
NEW YORK: University professor Nouriel Roubini said there's a high probability of another recession in the US, with Japan's outlook anemic, underscoring risks to the global recovery.
China, the world's fastest-growing major economy, may face greater headwinds should there be weak growth in the US and Europe, Roubini said in Kuala Lumpur on Monday, where he is attending a conference. "Second-quarter GDP figures for the US are likely to be revised lower after June real-estate numbers," he added.
Austerity measures to cut debt in advanced nations are hurting consumer and business confidence and households in some of the largest economies are holding back spending. "Emerging economies may have to get used to relying on domestic demand in a period of subdued growth for developed countries," Roubini said. "We know the H2 of the year is going to be worse than the first half of the year because of the tailwinds to growth from the fiscal stimulus turning into austerity," he said.
Source: - The Times of India
China, the world's fastest-growing major economy, may face greater headwinds should there be weak growth in the US and Europe, Roubini said in Kuala Lumpur on Monday, where he is attending a conference. "Second-quarter GDP figures for the US are likely to be revised lower after June real-estate numbers," he added.
Austerity measures to cut debt in advanced nations are hurting consumer and business confidence and households in some of the largest economies are holding back spending. "Emerging economies may have to get used to relying on domestic demand in a period of subdued growth for developed countries," Roubini said. "We know the H2 of the year is going to be worse than the first half of the year because of the tailwinds to growth from the fiscal stimulus turning into austerity," he said.
Source: - The Times of India
Wednesday, September 22, 2010
Vatican Bank head in money laundering probe
ROME: The head of the Vatican bank is under investigation for suspected money laundering and police have frozen 23 million euros ($30.21 million) of its funds, Italian judicial sources said on Tuesday. Neither Ettore Gotti Tedeschi, who has been at the helm of the bank for a year, nor the Vatican spokesman would comment immediately on the case, which involves alleged violations of European Union money laundering regulations.
The sources said Gotti Tedeschi and another executive of the Institute for Religious Works (IOR), as the bank is officially known, had been put under investigation by Rome magistrates Nello Rossi and Stefano Fava. The sources said Italy's financial police had preventively frozen 23 million euros of the IOR's funds in an account in an Italian bank in Rome.
Two recent transfers from an IOR account in the Italian bank were deemed suspicious by financial police and blocked. One was a transfer of 20 million euros to a German branch of a U.S. bank and another of 3 million euros to an Italian bank. Gotti Tedeschi, a devout Catholic who has taught financial ethics at the Catholic University of Milan, is a close adviser to Treasury Minister Giulio Tremonti. He is currently also head of an Italian unit of the Spanish Banco Santander, according to its website, and serves on the board of several major Italian banks.
The IOR principally manages funds for the Vatican and religious institutions around the world, such as charity organisations and religious ordes of priests and nuns. It was involved in a worldwide scandal in 1982 when it was embroiled in the fraudulent bankruptcy of Banco Ambrosiano, then Italy's largest private bank. The IOR held a small stake in Ambrosiano, whose president Roberto Calvi was found hanged under London's Blackfriars Bridge the same year. Several investigations failed to determine whether Calvi, known as God's Banker, had been killed or committed suicide. At the time the IOR was headed by American Archbishop Paul Marcinkus, who died in Arizona in 2006. The Vatican denied any responsibility for the collapse of Banco Ambrosiano but made what it called a "goodwill payment" of $250 million to Ambrosiano creditors.
Source: The Times of India, Sept 21,2010
The sources said Gotti Tedeschi and another executive of the Institute for Religious Works (IOR), as the bank is officially known, had been put under investigation by Rome magistrates Nello Rossi and Stefano Fava. The sources said Italy's financial police had preventively frozen 23 million euros of the IOR's funds in an account in an Italian bank in Rome.
Two recent transfers from an IOR account in the Italian bank were deemed suspicious by financial police and blocked. One was a transfer of 20 million euros to a German branch of a U.S. bank and another of 3 million euros to an Italian bank. Gotti Tedeschi, a devout Catholic who has taught financial ethics at the Catholic University of Milan, is a close adviser to Treasury Minister Giulio Tremonti. He is currently also head of an Italian unit of the Spanish Banco Santander, according to its website, and serves on the board of several major Italian banks.
The IOR principally manages funds for the Vatican and religious institutions around the world, such as charity organisations and religious ordes of priests and nuns. It was involved in a worldwide scandal in 1982 when it was embroiled in the fraudulent bankruptcy of Banco Ambrosiano, then Italy's largest private bank. The IOR held a small stake in Ambrosiano, whose president Roberto Calvi was found hanged under London's Blackfriars Bridge the same year. Several investigations failed to determine whether Calvi, known as God's Banker, had been killed or committed suicide. At the time the IOR was headed by American Archbishop Paul Marcinkus, who died in Arizona in 2006. The Vatican denied any responsibility for the collapse of Banco Ambrosiano but made what it called a "goodwill payment" of $250 million to Ambrosiano creditors.
Source: The Times of India, Sept 21,2010
Tuesday, September 14, 2010
Violence against whistleblowers in India prompts calls for laws to protect them
IN NAYAKANPETTAI, INDIA When police found Vaidyalingam Balasubramanyam's body dumped beside a road in this southern Indian village recently, his family said that telling the truth had cost him his life. The hand-loom weaver turned whistleblower had been fighting corruption in the local weavers' cooperative for the past three years.
"We suspect some people kidnapped him, forced open his mouth to pour in poison or pesticide and threw him out of a moving vehicle," said his son Shanmugan Vel, 25 , as he sat on the floor next to his father's framed, garlanded photograph at his home in the sari-weaving district of Kancheepuram, in Tamil Nadu state. "My father spent all his time investigating the office files for corrupt practices. He sent dozens of complaints to the top officials and leaders."
His father had been warned of the risks he was running, Vel said, but had responded that the documents "contained the explosive truth that will clean up the system."
Eleven people have been killed or found dead in mysterious circumstances in India this year after exposing corruption in schools and public utilities, illegal mining and unauthorized water and electricity hookups, according to activist groups.
Hundreds of others have been attacked, threatened or harassed for similar crusades. In July, about 500 whistleblowers marched in New Delhi to protest the deaths and demand effective anti-corruption and whistleblower-protection legislation in a country where graft is more the norm than the exception.
The demand for such a law began six years ago after a national outcry over the killing of a 30-year-old engineer who had exposed a corruption scandal in highway construction.
Last month, the Indian government finally introduced landmark draft legislation - titled the Public Interest Disclosure and Protection to Persons Making the Disclosures Bill - that proposes a system for dealing with corruption allegations and a three-year jail term for officials who disclose whistleblowers' identities.
"It has been felt that the persons who report the corruption or willful misuse of power or willful misuse of discretion, which causes demonstrable loss to the government . . . need statutory protection," said Prithviraj Chavan, minister of state for personnel, public grievances and pensions, while introducing the bill.
Despite recent rapid economic growth, the expansion of the middle class and the spread of education and mass media, India was ranked 84th out of 180 countries last year in the annual corruption perception survey conducted by the global watchdog Transparency International. Of the various Indian departments analyzed, the police force emerged as the biggest offenders.
Since 2005, anti-corruption crusaders have used a law mandating the right to information to access official files and expose malfeasance. Balasubramanyam had collected hundreds of official documents indicating that a single family held a monopoly over the cooperative management, according to Vel, who showed a reporter photocopies of the documents. The files also showed evidence of embezzlement.
"Due to heavy rainfall last year, the government sent compensation money to hand-loom weavers. But I did not get any of it, even though the records in the cooperative showed that all the weavers had been paid," said Sukha Lingam, 40, a weaver in Nayakanpettai. "The managers ate up all the money meant for the poor."
Balasubramanyan always carried with him a yellow cloth bag containing files he had accessed. The bag is now missing. The police registered a case of "suspicious death" after his killing and sent his body for examination.
Analysts say public intolerance of corruption has grown in recent years, spurring the push for stronger laws to combat it - but also inviting violent reprisals.
"For many decades, Indians kept saying, 'What can we do?' But now corruption has reached a level that it is difficult to look the other way," said Sumaira Abdulaali, a member of the Movement Against Intimidation, Threat and Revenge against Activists, an independent coalition. "When illegal activities take place on such a major scale, then we can be certain that the entire system of politicians, officials, police and criminals are mixed up in it."
Many activists say, however, that the new whistleblower bill is still inadequate. It covers only the government bureaucracy and not the military or the corporate sector. It is silent on those exposing corrupt politicians. The bill empowers a body called the Central Vigilance Commission to investigate cases, but the government is not bound to follow its recommendations. It also says anonymous complaints will not be accepted.
"It is just a showpiece legislation," said Arvind Kejriwal, head of Parivartan, a New Delhi-based group that campaigns for transparency. "The entire emphasis of the bill is in keeping the name of the whistleblower a secret. That is the last concern of the people who blow the whistle. What they want is swift, guaranteed investigation and action on their complaint so that they are not vulnerable to physical threats and professional harassment."
The ministry has invited activists to comment on the draft legislation by the end of September.
Last month, the Delhi High Court ordered the government to pay compensation to Mahendra Kumar Tyagi, 65, who was harassed at work for complaining against his bosses' corrupt activities in the state-owned oil company. For 10 years, Tyagi said, nobody spoke to him at the office and he received no promotion.
"I was made an outcast and a prisoner in my office cubicle. It was like slow poisoning," Tyagi recalled.
Last month's court order hailed him as "courageous."
"I have been vindicated," he said. "But at what cost? I ruined my life, my health and my peace of mind. Today I tell my son, 'Don't be honest. You will get nothing but trouble. In India, the honest are punished, the corrupt are rewarded.' "
Source: The Washington Post, By Rama Lakshmi, Dt. September 11, 2010
"We suspect some people kidnapped him, forced open his mouth to pour in poison or pesticide and threw him out of a moving vehicle," said his son Shanmugan Vel, 25 , as he sat on the floor next to his father's framed, garlanded photograph at his home in the sari-weaving district of Kancheepuram, in Tamil Nadu state. "My father spent all his time investigating the office files for corrupt practices. He sent dozens of complaints to the top officials and leaders."
His father had been warned of the risks he was running, Vel said, but had responded that the documents "contained the explosive truth that will clean up the system."
Eleven people have been killed or found dead in mysterious circumstances in India this year after exposing corruption in schools and public utilities, illegal mining and unauthorized water and electricity hookups, according to activist groups.
Hundreds of others have been attacked, threatened or harassed for similar crusades. In July, about 500 whistleblowers marched in New Delhi to protest the deaths and demand effective anti-corruption and whistleblower-protection legislation in a country where graft is more the norm than the exception.
The demand for such a law began six years ago after a national outcry over the killing of a 30-year-old engineer who had exposed a corruption scandal in highway construction.
Last month, the Indian government finally introduced landmark draft legislation - titled the Public Interest Disclosure and Protection to Persons Making the Disclosures Bill - that proposes a system for dealing with corruption allegations and a three-year jail term for officials who disclose whistleblowers' identities.
"It has been felt that the persons who report the corruption or willful misuse of power or willful misuse of discretion, which causes demonstrable loss to the government . . . need statutory protection," said Prithviraj Chavan, minister of state for personnel, public grievances and pensions, while introducing the bill.
Despite recent rapid economic growth, the expansion of the middle class and the spread of education and mass media, India was ranked 84th out of 180 countries last year in the annual corruption perception survey conducted by the global watchdog Transparency International. Of the various Indian departments analyzed, the police force emerged as the biggest offenders.
Since 2005, anti-corruption crusaders have used a law mandating the right to information to access official files and expose malfeasance. Balasubramanyam had collected hundreds of official documents indicating that a single family held a monopoly over the cooperative management, according to Vel, who showed a reporter photocopies of the documents. The files also showed evidence of embezzlement.
"Due to heavy rainfall last year, the government sent compensation money to hand-loom weavers. But I did not get any of it, even though the records in the cooperative showed that all the weavers had been paid," said Sukha Lingam, 40, a weaver in Nayakanpettai. "The managers ate up all the money meant for the poor."
Balasubramanyan always carried with him a yellow cloth bag containing files he had accessed. The bag is now missing. The police registered a case of "suspicious death" after his killing and sent his body for examination.
Analysts say public intolerance of corruption has grown in recent years, spurring the push for stronger laws to combat it - but also inviting violent reprisals.
"For many decades, Indians kept saying, 'What can we do?' But now corruption has reached a level that it is difficult to look the other way," said Sumaira Abdulaali, a member of the Movement Against Intimidation, Threat and Revenge against Activists, an independent coalition. "When illegal activities take place on such a major scale, then we can be certain that the entire system of politicians, officials, police and criminals are mixed up in it."
Many activists say, however, that the new whistleblower bill is still inadequate. It covers only the government bureaucracy and not the military or the corporate sector. It is silent on those exposing corrupt politicians. The bill empowers a body called the Central Vigilance Commission to investigate cases, but the government is not bound to follow its recommendations. It also says anonymous complaints will not be accepted.
"It is just a showpiece legislation," said Arvind Kejriwal, head of Parivartan, a New Delhi-based group that campaigns for transparency. "The entire emphasis of the bill is in keeping the name of the whistleblower a secret. That is the last concern of the people who blow the whistle. What they want is swift, guaranteed investigation and action on their complaint so that they are not vulnerable to physical threats and professional harassment."
The ministry has invited activists to comment on the draft legislation by the end of September.
Last month, the Delhi High Court ordered the government to pay compensation to Mahendra Kumar Tyagi, 65, who was harassed at work for complaining against his bosses' corrupt activities in the state-owned oil company. For 10 years, Tyagi said, nobody spoke to him at the office and he received no promotion.
"I was made an outcast and a prisoner in my office cubicle. It was like slow poisoning," Tyagi recalled.
Last month's court order hailed him as "courageous."
"I have been vindicated," he said. "But at what cost? I ruined my life, my health and my peace of mind. Today I tell my son, 'Don't be honest. You will get nothing but trouble. In India, the honest are punished, the corrupt are rewarded.' "
Source: The Washington Post, By Rama Lakshmi, Dt. September 11, 2010
Tuesday, September 7, 2010
Attack on China whistleblower shows risk of unveiling corruption, fraud
China whistleblower Fang Zhouzi was mugged after his criticism of a Chinese hospital. 'I’ve had threatening phone calls and e-mails before, but this was the first time I have been attacked,' he says.
Beijing
A bungled attack on a whistleblower famous for his exposés of fraud and pseudoscience has drawn fresh attention to the vexed issues of academic dishonesty and popular gullibility in China.
Fang Zhouzi, a popular science writer and blogger, was assaulted by two men as he walked to his Beijing home Sunday evening; one sprayed a chemical in his face, the other beat him with a hammer. He was only slightly injured and was released from hospital later Sunday night.
“I’ve had threatening phone calls and e-mails before, but this was the first time I have been attacked,” Mr. Fang said in a telephone interview.
The anticorruption activist has been involved recently in a number of high profile cases, most notably questioning a claim by a former president of Microsoft China that he had earned his PhD from the prestigious California Institute of Technology.
Tang Jun, who had listed his degree as an achievement in a book recounting his success in business, later acknowledged that his PhD actually came from Pacific Western University in California. That institution was a diploma mill that sold academic credentials and required no classroom instruction, according to a 2004 report by the US Government Accountability Office.
In a number of recent blog posts, Fang also poured skepticism on celebrity Taoist sage Li Yi, who claims extraordinary feats of prowess and counts pop stars and business luminaries among his disciples. Mr. Li stepped down from his public positions Saturday, in the wake of accusations against him of rape and tax evasion.
Who attacked Fang?
Fang’s lawyer, Peng Jian, said he thought the attack was most likely ordered by a private hospital in Zhengzhou, the capital of Henan Province, which specializes in a controversial operation on the nervous system to control urinary incontinence.
A Chinese journalist who had written an article raising doubts about the operation’s efficacy was assaulted last June. Fang, in a blog posted three weeks ago, cited an article in a US magazine criticizing the operation. A court in Zhengzhou is due later this month to hear a malpractice suit brought by Mr. Peng against the hospital on behalf of a group of patients claiming the operation did them more harm than good.
More to be done on fraud in China
Last year the Ministry of Education urged universities to weed out plagiarists from their faculties. This meant reporting plagiarists, denying them research funding, sacking them, and possibly suing them. The measures were designed to “keep the academic field clean,” an official said at the time.
New scandals this year however, including plagiarism accusations against an internationally respected political science scholar Wang Hui and the dismissal of a top professor of energy and power studies found guilty of over 30 cases of plagiarism, led the state-owned “China Daily” to editorialize last month that “it is by now evident that the nation needs better regulations to counter the practice in academia.”
"The government is not doing enough," agrees Fang.
Academia is not the only field to be plagued by plagiarism, nor the only one reluctant to face up to it. Last January, Sang Yuzhu, the winner of China’s highest photography award, was stripped of his medal and his post in the Chinese Photographers’ Association when it was shown he had submitted other photographers’ work to the competition.
The CPA did not acknowledge the plagiarism, however. Officially he was accused only of “joint collaboration” with the two other photographers, in violation of competition rules.
Source: The Christian Science Monitor
Beijing
A bungled attack on a whistleblower famous for his exposés of fraud and pseudoscience has drawn fresh attention to the vexed issues of academic dishonesty and popular gullibility in China.
Fang Zhouzi, a popular science writer and blogger, was assaulted by two men as he walked to his Beijing home Sunday evening; one sprayed a chemical in his face, the other beat him with a hammer. He was only slightly injured and was released from hospital later Sunday night.
“I’ve had threatening phone calls and e-mails before, but this was the first time I have been attacked,” Mr. Fang said in a telephone interview.
The anticorruption activist has been involved recently in a number of high profile cases, most notably questioning a claim by a former president of Microsoft China that he had earned his PhD from the prestigious California Institute of Technology.
Tang Jun, who had listed his degree as an achievement in a book recounting his success in business, later acknowledged that his PhD actually came from Pacific Western University in California. That institution was a diploma mill that sold academic credentials and required no classroom instruction, according to a 2004 report by the US Government Accountability Office.
In a number of recent blog posts, Fang also poured skepticism on celebrity Taoist sage Li Yi, who claims extraordinary feats of prowess and counts pop stars and business luminaries among his disciples. Mr. Li stepped down from his public positions Saturday, in the wake of accusations against him of rape and tax evasion.
Who attacked Fang?
Fang’s lawyer, Peng Jian, said he thought the attack was most likely ordered by a private hospital in Zhengzhou, the capital of Henan Province, which specializes in a controversial operation on the nervous system to control urinary incontinence.
A Chinese journalist who had written an article raising doubts about the operation’s efficacy was assaulted last June. Fang, in a blog posted three weeks ago, cited an article in a US magazine criticizing the operation. A court in Zhengzhou is due later this month to hear a malpractice suit brought by Mr. Peng against the hospital on behalf of a group of patients claiming the operation did them more harm than good.
More to be done on fraud in China
Last year the Ministry of Education urged universities to weed out plagiarists from their faculties. This meant reporting plagiarists, denying them research funding, sacking them, and possibly suing them. The measures were designed to “keep the academic field clean,” an official said at the time.
New scandals this year however, including plagiarism accusations against an internationally respected political science scholar Wang Hui and the dismissal of a top professor of energy and power studies found guilty of over 30 cases of plagiarism, led the state-owned “China Daily” to editorialize last month that “it is by now evident that the nation needs better regulations to counter the practice in academia.”
"The government is not doing enough," agrees Fang.
Academia is not the only field to be plagued by plagiarism, nor the only one reluctant to face up to it. Last January, Sang Yuzhu, the winner of China’s highest photography award, was stripped of his medal and his post in the Chinese Photographers’ Association when it was shown he had submitted other photographers’ work to the competition.
The CPA did not acknowledge the plagiarism, however. Officially he was accused only of “joint collaboration” with the two other photographers, in violation of competition rules.
Source: The Christian Science Monitor
Retail fraud management is need of the hour
India, for the fourth time in five years, has been ranked as the most attractive country for retail investment among 30 emerging markets, according to the Eighth Annual Global Retail Development Index (GRDI) 2009 by A T Kearney. Retail accounts for a significant portion of the country’s GDP, with organised retail accounting for around 5% of the total retail market. Organised retail is expected to grow at a CAGR of 20–30% over the next few years.
However, with rapid growth in the sector, the associated perils and issues are also coming to the forefront. The shrinkage or fraud in retail is a key issue that is becoming a cause of concern for Indian retailers. Shrinkage is the “loss in inventory on account of a combination of employee theft, shoplifting, vendor fraud and administrative error.”
According to the Global Retail Theft Barometer (GRTB) 2009, India recorded a shrinkage of 3.2% of the total size of the country's retail industry (including the unorganised sector), amounting to about $2.6 billion. This is very high compared to other global markets like the US (1.6%), the UK (1.4%), and China (1.1%). In India, customer theft contributed around 44.7% of shrinkage losses, employee theft contributed 23.7%, as compared with 8.4% by suppliers/vendors, while administrative errors accounted for the rest.
In India, thefts are typically targeted on small and easily-concealed, expensive and branded items that have considerable popular appeal and are easily re–sellable such as electronic games, DVDs, iPods/MP3 players, clothing, cosmetics, perfumes and alcohol. The designer garments topped the list of things stolen in 2009.
In the past, it has been observed that hypermarkets, departmental stores and books & music formats experience high inventory losses because of the size of their products and product value. In mom-and-pop stores, the owners do not feel the impact as it is believed that manning the store themselves is vigilant enough. In large-format stores, however, it is difficult to check as wares are spread out.
Various categories of fraud constitute a major component of the shrinkage. Among the factors responsible for shrinkage losses, employees and vendors are critical factors that need to be managed by retailers. Employees may resort to direct theft, under invoicing in collusion with customers, stealing cash, etc., whereas vendors can under-deliver in terms of number, size or quality of items as against the bill invoice.
The growing motivation among employees to lead a luxurious life, high reliance on skilled resources, thereby leading to weaker internal controls, and overdependence on existing systems and processes give rise to increased risk of fraud in retail sector. While marketing fraud, inventory theft and return fraud (observed in product exchanges) are common instances of fraud in the sector, other frauds such as cash skimming and skim and fall also exist.
With potential risks and marked instances of fraud and theft, it is imperative for retail companies to:
a. Adopt robust internal controls backed by strong data analytics to mitigate key fraud risks and to raise red flags at early stages.
b. Devise a whistle blower policy allowing employees, customers and vendors to report malpractices directly to the management.
c. Determine policies pertaining to prevention, detection and investigation of frauds and to have action plans defined for conducting investigation if an incident occurs.
d. Set up dedicated team–internal/external–to handle stock checks at each of the stores periodically.
e. Collate an end-to-end study of material movement from source to destination, including counter checks and cross tallying.
With rising challenges in the sector, the key to success is staying competitive without compromising on the quality of services. Cost effectiveness is necessary to achieve this, and it is here where an effective fraud risk management will help companies to identify potential leakage points and opportunities to save
Source: Arpinder Singh, Partner & National Leader & Anurag Kashyap, Associate Director - Fraud, Investigation and Dispute Services, E&Y published in Economic Times dt. Sept 7, 2010
However, with rapid growth in the sector, the associated perils and issues are also coming to the forefront. The shrinkage or fraud in retail is a key issue that is becoming a cause of concern for Indian retailers. Shrinkage is the “loss in inventory on account of a combination of employee theft, shoplifting, vendor fraud and administrative error.”
According to the Global Retail Theft Barometer (GRTB) 2009, India recorded a shrinkage of 3.2% of the total size of the country's retail industry (including the unorganised sector), amounting to about $2.6 billion. This is very high compared to other global markets like the US (1.6%), the UK (1.4%), and China (1.1%). In India, customer theft contributed around 44.7% of shrinkage losses, employee theft contributed 23.7%, as compared with 8.4% by suppliers/vendors, while administrative errors accounted for the rest.
In India, thefts are typically targeted on small and easily-concealed, expensive and branded items that have considerable popular appeal and are easily re–sellable such as electronic games, DVDs, iPods/MP3 players, clothing, cosmetics, perfumes and alcohol. The designer garments topped the list of things stolen in 2009.
In the past, it has been observed that hypermarkets, departmental stores and books & music formats experience high inventory losses because of the size of their products and product value. In mom-and-pop stores, the owners do not feel the impact as it is believed that manning the store themselves is vigilant enough. In large-format stores, however, it is difficult to check as wares are spread out.
Various categories of fraud constitute a major component of the shrinkage. Among the factors responsible for shrinkage losses, employees and vendors are critical factors that need to be managed by retailers. Employees may resort to direct theft, under invoicing in collusion with customers, stealing cash, etc., whereas vendors can under-deliver in terms of number, size or quality of items as against the bill invoice.
The growing motivation among employees to lead a luxurious life, high reliance on skilled resources, thereby leading to weaker internal controls, and overdependence on existing systems and processes give rise to increased risk of fraud in retail sector. While marketing fraud, inventory theft and return fraud (observed in product exchanges) are common instances of fraud in the sector, other frauds such as cash skimming and skim and fall also exist.
With potential risks and marked instances of fraud and theft, it is imperative for retail companies to:
a. Adopt robust internal controls backed by strong data analytics to mitigate key fraud risks and to raise red flags at early stages.
b. Devise a whistle blower policy allowing employees, customers and vendors to report malpractices directly to the management.
c. Determine policies pertaining to prevention, detection and investigation of frauds and to have action plans defined for conducting investigation if an incident occurs.
d. Set up dedicated team–internal/external–to handle stock checks at each of the stores periodically.
e. Collate an end-to-end study of material movement from source to destination, including counter checks and cross tallying.
With rising challenges in the sector, the key to success is staying competitive without compromising on the quality of services. Cost effectiveness is necessary to achieve this, and it is here where an effective fraud risk management will help companies to identify potential leakage points and opportunities to save
Source: Arpinder Singh, Partner & National Leader & Anurag Kashyap, Associate Director - Fraud, Investigation and Dispute Services, E&Y published in Economic Times dt. Sept 7, 2010
Monday, August 30, 2010
Undisclosed Stanford Loans Prove Fraud, Examiner Says
Stanford International Bank Ltd.’s $1.7 billion in undisclosed loans to its owner, indicted financier R. Allen Stanford, are proof of the bank’s involvement in fraud, an examiner said in a U.S. court trial in Houston.
“There’s a complete disconnect between what the bank is saying, that it has fully liquid, short-term, fully monetized assets, and the fact a third of these assets are loans to the shareholder,” fraud accountant Mark Berenblut said today.
Berenblut, testifying for a second day in a civil trial over whether Lloyd’s of London Underwriters will have to cover Stanford’s legal defense costs, said there was a gap between the claimed assets and what Stanford International Bank had on hand when regulators seized it.
“That money went somewhere, and very likely to the primary shareholder,” said Berenblut, who was asked to testify by Lloyd’s.
Lloyd’s is arguing that Stanford’s companies’ alleged criminal conduct voids the directors’ and officers’ they bought.
Berenblut said his examination showed two large loan balances on Stanford International Bank’s books -- one for $1.7 billion to Stanford himself and another for $1.8 billion to Stanford-related companies. The examiner testified both items should have been disclosed to investors and were not.
Accounting Entries
Stanford’s lawyers have repeatedly claimed Berenblut is misinterpreting the accounting entries. They say the two loan balances refer to the same money, because Stanford claims he assumed personal responsibility for loans the bank made to the related companies, which then recorded the funds on their balance sheets as capital contributions from Stanford.
“You’re making the assumption that whoever recorded it did it wrongly,” Berenblut said today, when asked about the two balances by Kirk Kennedy, one of Stanford’s lawyers.
Robert S. Bennett, another attorney for Stanford, challenged Berenblut’s testimony that many parts of the bank’s financial records included “fictitious information.”
“Have you seen any direct communications from Allen Stanford to Kuhrt, Lopez, Davis or Holt that you consider to be fictitious information?” Bennett asked, referring to Stanford’s co-defendants.
“No,” Berenblut replied.
Antiguan Bank
Investors bought more than $7 billion in certificates of deposit from the Antiguan bank, which Stanford controlled as sole shareholder until the U.S. Securities and Exchange Commission sued the financier in February 2009, and seized his businesses.
Stanford and three other executives were indicted by a federal grand jury in Houston in June 2009 on charges they had run fraud scheme centered on the certificates of deposit. They pleaded not guilty.
Investors were told the bank’s portfolio consisted of conservative, highly liquid investments that offered above- market returns.
Forensic accountant Alan Westheimer, who was hired by comptroller Mark Kuhrt and chief accountant Gilbert Lopez to examine Stanford’s financial statements, testified today that Berenblut was wrong that there were separate loans outstanding to Allen Stanford and to the related companies.
‘One Basket’
“There’s one basket, not two,” Westheimer said. “And there’s a number of documents that support that conclusion.”
U.S. District Judge Nancy Atlas told the lawyers she was less concerned with the number of loans to Allen Stanford than that the size and nature of them weren’t disclosed.
“It wasn’t consistent with the investment promotional materials for the CDs,” she said.
The Stanford defendants claim they can’t afford to hire defense lawyers without the Lloyd’s proceeds because their assets were frozen by court order when the SEC filed suit.
Lloyd’s last year rejected the executives’ pleas for coverage under the $100 million worth of insurance bought by the business after Stanford Group Cos. Chief Financial Officer James M. Davis pleaded guilty to charges he aided in the scheme.
Atlas today said she would admit into evidence part of Davis’s plea agreement with prosecutors.
”I am really only accepting Davis’s statements against his own conduct,” not what he says about others he claims were involved in the scheme, she said.
The trial, now in its third day, will continue tomorrow.
The case is Laura Pendergest-Holt v. Certain Underwriters at Lloyd’s of London, 4:09-cv-03712, U.S. District Court, Southern District of Texas (Houston).
The criminal case is U.S. v. Stanford, 09-cr-00342, U.S. District Court, Southern District of Texas (Houston). The SEC case is Securities and Exchange Commission v. Stanford International Bank, 09-cv-00298, U.S. District Court, Northern District of Texas (Dallas).
Source: Laurel Brubaker Calkins in Houston at laurel@calkins.us.com & Andrew M. Harris in Chicago at aharris16@bloomberg.net.
“There’s a complete disconnect between what the bank is saying, that it has fully liquid, short-term, fully monetized assets, and the fact a third of these assets are loans to the shareholder,” fraud accountant Mark Berenblut said today.
Berenblut, testifying for a second day in a civil trial over whether Lloyd’s of London Underwriters will have to cover Stanford’s legal defense costs, said there was a gap between the claimed assets and what Stanford International Bank had on hand when regulators seized it.
“That money went somewhere, and very likely to the primary shareholder,” said Berenblut, who was asked to testify by Lloyd’s.
Lloyd’s is arguing that Stanford’s companies’ alleged criminal conduct voids the directors’ and officers’ they bought.
Berenblut said his examination showed two large loan balances on Stanford International Bank’s books -- one for $1.7 billion to Stanford himself and another for $1.8 billion to Stanford-related companies. The examiner testified both items should have been disclosed to investors and were not.
Accounting Entries
Stanford’s lawyers have repeatedly claimed Berenblut is misinterpreting the accounting entries. They say the two loan balances refer to the same money, because Stanford claims he assumed personal responsibility for loans the bank made to the related companies, which then recorded the funds on their balance sheets as capital contributions from Stanford.
“You’re making the assumption that whoever recorded it did it wrongly,” Berenblut said today, when asked about the two balances by Kirk Kennedy, one of Stanford’s lawyers.
Robert S. Bennett, another attorney for Stanford, challenged Berenblut’s testimony that many parts of the bank’s financial records included “fictitious information.”
“Have you seen any direct communications from Allen Stanford to Kuhrt, Lopez, Davis or Holt that you consider to be fictitious information?” Bennett asked, referring to Stanford’s co-defendants.
“No,” Berenblut replied.
Antiguan Bank
Investors bought more than $7 billion in certificates of deposit from the Antiguan bank, which Stanford controlled as sole shareholder until the U.S. Securities and Exchange Commission sued the financier in February 2009, and seized his businesses.
Stanford and three other executives were indicted by a federal grand jury in Houston in June 2009 on charges they had run fraud scheme centered on the certificates of deposit. They pleaded not guilty.
Investors were told the bank’s portfolio consisted of conservative, highly liquid investments that offered above- market returns.
Forensic accountant Alan Westheimer, who was hired by comptroller Mark Kuhrt and chief accountant Gilbert Lopez to examine Stanford’s financial statements, testified today that Berenblut was wrong that there were separate loans outstanding to Allen Stanford and to the related companies.
‘One Basket’
“There’s one basket, not two,” Westheimer said. “And there’s a number of documents that support that conclusion.”
U.S. District Judge Nancy Atlas told the lawyers she was less concerned with the number of loans to Allen Stanford than that the size and nature of them weren’t disclosed.
“It wasn’t consistent with the investment promotional materials for the CDs,” she said.
The Stanford defendants claim they can’t afford to hire defense lawyers without the Lloyd’s proceeds because their assets were frozen by court order when the SEC filed suit.
Lloyd’s last year rejected the executives’ pleas for coverage under the $100 million worth of insurance bought by the business after Stanford Group Cos. Chief Financial Officer James M. Davis pleaded guilty to charges he aided in the scheme.
Atlas today said she would admit into evidence part of Davis’s plea agreement with prosecutors.
”I am really only accepting Davis’s statements against his own conduct,” not what he says about others he claims were involved in the scheme, she said.
The trial, now in its third day, will continue tomorrow.
The case is Laura Pendergest-Holt v. Certain Underwriters at Lloyd’s of London, 4:09-cv-03712, U.S. District Court, Southern District of Texas (Houston).
The criminal case is U.S. v. Stanford, 09-cr-00342, U.S. District Court, Southern District of Texas (Houston). The SEC case is Securities and Exchange Commission v. Stanford International Bank, 09-cv-00298, U.S. District Court, Northern District of Texas (Dallas).
Source: Laurel Brubaker Calkins in Houston at laurel@calkins.us.com & Andrew M. Harris in Chicago at aharris16@bloomberg.net.
Wednesday, August 11, 2010
Medicare's private eyes let fraud cases get cold
By RICARDO ALONSO-ZALDIVAR (AP)
WASHINGTON — They don't seem that interested in hot pursuit. It took private sleuths hired by Medicare an average of six months last year to refer fraud cases to law enforcement.
According to congressional investigators, the exact average was 178 days. By that time, many cases go cold, making it difficult to catch perpetrators, much less recover money for taxpayers.
A recent inspector general report also raised questions about the contractors, who play an important role in Medicare's overall effort to combat fraud.
Out of $835 million in questionable Medicare payments identified by private contractors in 2007, the government was only able to recover some $55 million, or about 7 percent, the report found.
Medicare overpayments — they can be anything from a billing error to a flagrant scam — totaled more than $36 billion in 2009, according to the Obama administration.
President Barack Obama has set a high priority on battling health care fraud and waste, hoping for savings to help pay for the new law covering millions now uninsured.
Medicare's private eyes don't seem to be helping much.
Sen. Charles Grassley, R-Iowa, questions whether taxpayers are getting good value from for-hire fraud busters. His office, which is investigating the contracting program, obtained Medicare data for the last four years on how long it took to refer cases to federal agents.
"Medicare is already a pay-and-chase system when it comes to fraud, waste and abuse," said Grassley. "Providers are paid first, then questioned if there's a problem. Add to that mix contractors who sit on cases of ongoing fraud when they should be referring them to law enforcement, and you have a recipe for disaster."
As ranking Republican on the Senate panel that oversees Medicare, Grassley is trying to find out why it takes the contractors so long, and how much the government is currently paying the companies. In 2005, taxpayers paid them $102 million.
At least seven private companies Medicare calls "Program Safeguard Contractors" are working to detect fraud, part of a program that dates to the late 1990s. They oversee specific areas of jurisdiction, and some have more than one contract with Medicare.
The contractors investigate allegations of wrongdoing, acting as scouts for the government's criminal investigators. And they're also supposed to conduct "proactive" analysis to spot emerging fraud trends. For instance, they can use sophisticated computer models to scan millions of Medicare records for suspicious patterns to identify dishonest providers.
In practice, their performance has been uneven. The contractors have widely different track records. One identified $266 million in overpayments in 2007, while another found just $2.5 million, the Health and Human Services inspector general said in May.
Earlier, the inspector general found gaping differences in the number of new cases the contractors generate for law enforcement. Some had hundreds of cases, while others were in the single digits. Most were doing a poor job at spotting new fraud trends, with "minimal results from proactive data analysis," the inspector general concluded.
The Obama administration says it's aware of the problem and is close to completing a reorganization of the contractors, to consolidate their work, define their jurisdictions more clearly, and help them coordinate better with claims processors and law enforcement.
The private sleuths will now be called "Zone Program Integrity Contractors" — or ZPICs for short.
"By using these new contractors that can review claims across multiple providers and benefit categories, we will be better able to identify cases of waste, fraud or abuse," said Medicare spokesman Peter Ashkenaz. "And, we will be better able to monitor both the ZPICs' overpayment and collection efforts to make sure that they are performing their own oversight responsibilities."
In fairness to the contractors, the low collection rate may not just be their fault. Investigators say that when Medicare notifies a provider about a disputed payment, the fraudulent ones often just close up shop and move on.
Copyright © 2010 The Associated Press. All rights reserved.
WASHINGTON — They don't seem that interested in hot pursuit. It took private sleuths hired by Medicare an average of six months last year to refer fraud cases to law enforcement.
According to congressional investigators, the exact average was 178 days. By that time, many cases go cold, making it difficult to catch perpetrators, much less recover money for taxpayers.
A recent inspector general report also raised questions about the contractors, who play an important role in Medicare's overall effort to combat fraud.
Out of $835 million in questionable Medicare payments identified by private contractors in 2007, the government was only able to recover some $55 million, or about 7 percent, the report found.
Medicare overpayments — they can be anything from a billing error to a flagrant scam — totaled more than $36 billion in 2009, according to the Obama administration.
President Barack Obama has set a high priority on battling health care fraud and waste, hoping for savings to help pay for the new law covering millions now uninsured.
Medicare's private eyes don't seem to be helping much.
Sen. Charles Grassley, R-Iowa, questions whether taxpayers are getting good value from for-hire fraud busters. His office, which is investigating the contracting program, obtained Medicare data for the last four years on how long it took to refer cases to federal agents.
"Medicare is already a pay-and-chase system when it comes to fraud, waste and abuse," said Grassley. "Providers are paid first, then questioned if there's a problem. Add to that mix contractors who sit on cases of ongoing fraud when they should be referring them to law enforcement, and you have a recipe for disaster."
As ranking Republican on the Senate panel that oversees Medicare, Grassley is trying to find out why it takes the contractors so long, and how much the government is currently paying the companies. In 2005, taxpayers paid them $102 million.
At least seven private companies Medicare calls "Program Safeguard Contractors" are working to detect fraud, part of a program that dates to the late 1990s. They oversee specific areas of jurisdiction, and some have more than one contract with Medicare.
The contractors investigate allegations of wrongdoing, acting as scouts for the government's criminal investigators. And they're also supposed to conduct "proactive" analysis to spot emerging fraud trends. For instance, they can use sophisticated computer models to scan millions of Medicare records for suspicious patterns to identify dishonest providers.
In practice, their performance has been uneven. The contractors have widely different track records. One identified $266 million in overpayments in 2007, while another found just $2.5 million, the Health and Human Services inspector general said in May.
Earlier, the inspector general found gaping differences in the number of new cases the contractors generate for law enforcement. Some had hundreds of cases, while others were in the single digits. Most were doing a poor job at spotting new fraud trends, with "minimal results from proactive data analysis," the inspector general concluded.
The Obama administration says it's aware of the problem and is close to completing a reorganization of the contractors, to consolidate their work, define their jurisdictions more clearly, and help them coordinate better with claims processors and law enforcement.
The private sleuths will now be called "Zone Program Integrity Contractors" — or ZPICs for short.
"By using these new contractors that can review claims across multiple providers and benefit categories, we will be better able to identify cases of waste, fraud or abuse," said Medicare spokesman Peter Ashkenaz. "And, we will be better able to monitor both the ZPICs' overpayment and collection efforts to make sure that they are performing their own oversight responsibilities."
In fairness to the contractors, the low collection rate may not just be their fault. Investigators say that when Medicare notifies a provider about a disputed payment, the fraudulent ones often just close up shop and move on.
Copyright © 2010 The Associated Press. All rights reserved.
Sunday, August 1, 2010
Hack makes ATMs spew out cash
July 30, 2010
A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.
The attacks successfully targeted standalone ATMs, but they could potentially be used against the ATMs operated by mainstream banks.
Criminals have long known that ATMs aren't tamperproof.
There are many types of attacks in use today, ranging from sophisticated to foolhardy: installing fake card readers to steal card numbers, hiding tiny surveillance cameras to capture PIN codes, covering the dispensing slot to intercept money and even hauling the ATMs away with trucks in the hopes of cracking them open later.
Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online. These were standalone machines, the type seen in front of convenience stores, rather than the ones in bank branches.
His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines.
He showed off his results at the Black Hat conference in Las Vegas, an annual gathering devoted to exposing the latest computer-security vulnerabilities.
His attacks have wide implications because they affect multiple types of ATMs and exploit weaknesses in software and security measures that are used throughout the industry.
His talk was one of the conference's most widely anticipated, as it had been pulled a year ago over concerns that fixes for the ATMs would not be in place in time. He used the extra year to craft more dangerous attacks.
Jack, who works as director of security research for Seattle-based IOActive, showed in a theatrical demonstration two ways he can get ATMs to spit out money.
Jack found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each. Then he compared the keys he got to pictures of other keys, found on the internet.
He used his key to unlock a compartment in the ATM that had standard USB slots. He then inserted a program he had written into one of them, commanding the ATM to dump its vaults.
Jack also hacked into ATMs by exploiting weaknesses in the way ATM makers communicate with the machines over the internet. Jack said the problem was that outsiders were permitted to bypass the need for a password. He didn't go into much more detail because he said the goal of his talk "isn't to teach everybody how to hack ATMs. It's to raise the issue and have ATM manufacturers be proactive about implementing fixes".
The remote style of attack is more dangerous because an attacker doesn't need to open up the ATMs.
It allows an attacker to gain full control of the ATMs. Besides ordering it to spit out money, attackers can silently harvest account data from anyone who uses the machines. It also affects more than just the standalone ATMs vulnerable to the physical attack; the method could potentially be used against the kinds of ATMs used by mainstream banks.
Jack said he didn't think he'd be able to break the ATMs when he first started probing them.
"My reaction was, 'This is the game-over vulnerability right here,'" he said of the remote hack. "Every ATM I've looked at, I've been able to find a flaw in. It's a scary thing."
Kurt Baumgartner, a senior security researcher with anti-virus software maker Kaspersky Lab, called the demonstration a "thrill" to watch and said it was important to improving the security of machines that can each hold tens of thousands of dollars in cash. However, he said he does not think it will result in widespread attacks because banks don't use the standalone systems and Jack did not release his attack code.
Jack would not identify the ATM makers. He put stickers over the ATM makers' names on the two machines used in his demonstration. But the audience, which burst into applause when he made the machines spit out money, could see from the screen prompts on the ATM that one of the machines was made by Tranax Technologies, based in Hayward, California. Tranax did not respond to email messages from The Associated Press.
Triton Systems, of Long Beach, confirmed that one of its ATMs was used in the demonstration. It said Jack alerted the company to the problems and that Triton now had a software update in place that prevents unauthorised software from running on its ATMs.
Bob Douglas, Triton's vice-president of engineering, said customers could buy ATMs with unique keys but generally do not, preferring to have a master key for cost and convenience.
"Imagine if you have an estate of several thousand ATMs and you want to access 20 or so of them in one day," he wrote in an email to the AP. "It would be a logistical nightmare to have all the right keys at just the right place at just the right time."
Other ATM manufacturers contacted by the AP also did not respond to messages.
Jack said the manufacturers whose machines he studied were deploying software fixes for both vulnerabilities, but added that the prevalence of remote-management software broadly opened up ATMs to hacker attacks.
Source: Sydney Morning Herald
Saturday, July 31, 2010
Satyam accounts restatement is Rs 50-cr windfall for audit firms
Mahindra Satyam may end up paying a huge fee for restatement of its book of accounts that were allegedly fudged by its former Chairman Mr B. Ramalinga Raju.
Indications are that the Hyderabad-based company will shell out close to Rs 60 crore by September when the accounts are expected to be restated.
“If you include the forensic accounting and all other payments the company has to make for the restatement, the outgo will easily be ‘north of Rs 50 crore'. With every round of delay, the costs are going up,” a top official in the know told Business Line.
Days after Mr Raju confessed to fudging the Satyam accounts, a Government-nominated board had appointed auditing firms KPMG and Deloitte to help clear the mess.
Audit issues
Due to a host of reasons ranging from the complexity of the fraud to the unavailability of key documents, the restatement has fallen behind schedule three times already with the concomitant affect of pushing up the overall costs.
The company's outgo goes up given that most audit firms charge on a man-hour basis, sources said.
Mr Vineet Nayyar, Chairman of Mahindra Satyam, referred to this at a recent press conference, when he said that the Satyam accounts restatement is “costing the company a fortune”. However, he did not provide further details
A spokesperson for KPMG said, “We do not comment on client matters.” His counterpart at Deloitte said it was now the statutory auditor for the Mahindra Satyam accounts and no longer associated with the process of account restatement.
So, how do industry watchers view this development?
“If the company is paying over Rs 50 crore for restating its accounts, just imagine what could potentially be the size of the fraud itself. I think that it is detrimental to shareholder interests,” Mr Uttam Prakash Agarwal, former President of the Institute of Chartered Accountants of India, said.
The positive part, according to him, is that it sends a message to the corporate world that cost of investing in compliance cannot be substituted with anything else
In all fairness to the audit firms, the Satyam challenge was something unparallel in accounting frauds. During the course of the process, the two accounting firms had dredged almost two terabytes of data from laptops and personal computers at Satyam. Since this information is much more than what could have been warehoused anywhere in India, it was moved to the UK till lab facilities could be created here, a recent news report said.
Source: The Hindu Business Line; By Adith Charlie, dt: July 30
Indications are that the Hyderabad-based company will shell out close to Rs 60 crore by September when the accounts are expected to be restated.
“If you include the forensic accounting and all other payments the company has to make for the restatement, the outgo will easily be ‘north of Rs 50 crore'. With every round of delay, the costs are going up,” a top official in the know told Business Line.
Days after Mr Raju confessed to fudging the Satyam accounts, a Government-nominated board had appointed auditing firms KPMG and Deloitte to help clear the mess.
Audit issues
Due to a host of reasons ranging from the complexity of the fraud to the unavailability of key documents, the restatement has fallen behind schedule three times already with the concomitant affect of pushing up the overall costs.
The company's outgo goes up given that most audit firms charge on a man-hour basis, sources said.
Mr Vineet Nayyar, Chairman of Mahindra Satyam, referred to this at a recent press conference, when he said that the Satyam accounts restatement is “costing the company a fortune”. However, he did not provide further details
A spokesperson for KPMG said, “We do not comment on client matters.” His counterpart at Deloitte said it was now the statutory auditor for the Mahindra Satyam accounts and no longer associated with the process of account restatement.
So, how do industry watchers view this development?
“If the company is paying over Rs 50 crore for restating its accounts, just imagine what could potentially be the size of the fraud itself. I think that it is detrimental to shareholder interests,” Mr Uttam Prakash Agarwal, former President of the Institute of Chartered Accountants of India, said.
The positive part, according to him, is that it sends a message to the corporate world that cost of investing in compliance cannot be substituted with anything else
In all fairness to the audit firms, the Satyam challenge was something unparallel in accounting frauds. During the course of the process, the two accounting firms had dredged almost two terabytes of data from laptops and personal computers at Satyam. Since this information is much more than what could have been warehoused anywhere in India, it was moved to the UK till lab facilities could be created here, a recent news report said.
Source: The Hindu Business Line; By Adith Charlie, dt: July 30
Thursday, July 29, 2010
Indian-American woman pleads guilty in $34 million fraud case
WASHINGTON: An Indian-American woman executive has pleaded guilty to defrauding her company of $34 million to pay for her "irrational" buying sprees and faces up to 20 years in jail on conviction.
46-year-old Sujata Sachdeva, a former Vice President of finance at Koss Corporation, pleaded guilty to all the six counts of wire fraud, for which she was charged early this year, before a Milwaukee court in Wisconsin on Tuesday.
"Ms Sachdeva recognises the harm she has caused to her employers, the company shareholders, her colleagues and her friends, but she most regrets the pain and public embarrassment she has caused to her husband, Ramesh, and their two young children," her attorney Mike Hart said.
Reading out a statement with Sachdeva standing besides him outside the Milwaukee court, Hart said she has cooperated with federal prosecutors to recover as much of the merchandise as possible to pay restitution to Koss Corporation, a headphone manufacturer.
Sachdeva has begun to address the issues that led to her conduct and accepts full responsibility for her actions, and hopes for a fair and just result, Hart said.
Facing five to 20 years of imprisonment, if convicted, Sachdeva remains free on bond pending sentencing, which is scheduled for October 22.
According to the indictment, Sachdeva authorised numerous wire transfers of funds from bank accounts maintained by Koss to pay for her American Express credit card bills.
In addition, Sachdeva used money from Koss' bank accounts to fund numerous cashier's checks, which she also used to pay her personal expenses.
Sachdeva used the money she fraudulently obtained from Koss to purchase personal items including women's clothing, furs, purses, shoes, jewellery, automobiles, china, statues, and other household furnishings.
Sachdeva also used the money to pay for hotels, airline tickets and other travel expenses for her and others; to pay for renovations and improvements to her home; and to compensate individuals providing personal services to her and her family, the indictment alleged.
According to the indictment, Sachdeva sought to conceal her fraud by directing other Koss employees to make numerous fraudulent entries in Koss' books and records to make it appear that Sachdeva's fraudulent transfers were legitimate business transactions.
Source: The Times Of India; 29.07.10
46-year-old Sujata Sachdeva, a former Vice President of finance at Koss Corporation, pleaded guilty to all the six counts of wire fraud, for which she was charged early this year, before a Milwaukee court in Wisconsin on Tuesday.
"Ms Sachdeva recognises the harm she has caused to her employers, the company shareholders, her colleagues and her friends, but she most regrets the pain and public embarrassment she has caused to her husband, Ramesh, and their two young children," her attorney Mike Hart said.
Reading out a statement with Sachdeva standing besides him outside the Milwaukee court, Hart said she has cooperated with federal prosecutors to recover as much of the merchandise as possible to pay restitution to Koss Corporation, a headphone manufacturer.
Sachdeva has begun to address the issues that led to her conduct and accepts full responsibility for her actions, and hopes for a fair and just result, Hart said.
Facing five to 20 years of imprisonment, if convicted, Sachdeva remains free on bond pending sentencing, which is scheduled for October 22.
According to the indictment, Sachdeva authorised numerous wire transfers of funds from bank accounts maintained by Koss to pay for her American Express credit card bills.
In addition, Sachdeva used money from Koss' bank accounts to fund numerous cashier's checks, which she also used to pay her personal expenses.
Sachdeva used the money she fraudulently obtained from Koss to purchase personal items including women's clothing, furs, purses, shoes, jewellery, automobiles, china, statues, and other household furnishings.
Sachdeva also used the money to pay for hotels, airline tickets and other travel expenses for her and others; to pay for renovations and improvements to her home; and to compensate individuals providing personal services to her and her family, the indictment alleged.
According to the indictment, Sachdeva sought to conceal her fraud by directing other Koss employees to make numerous fraudulent entries in Koss' books and records to make it appear that Sachdeva's fraudulent transfers were legitimate business transactions.
Source: The Times Of India; 29.07.10
Thursday, July 22, 2010
SEBI makes cell ban in dealing rooms official
MUMBAI: Most mutual funds have barred use of mobile phones in their dealing rooms to prevent front-running, though regulations didn’t require them
to do so until recently.
Last week, the Securities and Exchange Board of India (Sebi) made this ban official on the heels of its recent order, which pulled up an equities dealer at HDFC Asset Management for leaking information of its planned trades to a few other investors.
In a communication to mutual funds, the market regulator, in addition to the ban on mobile phone usage in dealing rooms, also asked asset management companies (AMCs) to record telephone calls from or into dealing rooms. Also, recorded calls by dealers should be regularly monitored by its compliance department, Sebi said.
Mutual fund officials said the practice of front-running is unlikely to cede, following the new rules by Sebi, as most AMCs already have such systems in place. “It doesn’t say anything more than what we are already doing,” said a top official with a private mutual fund.
Mutual fund officials said more steps are already in place to check front-running than what are mentioned in the circular. These include having restrictions on the rates at which dealers can place the ‘buy’ or ‘sell’ order in a day and checks on any changes in their lifestyles.
“If a dealer suddenly manages to buy a house in a plush locality or even a luxury car, then, we step up our vigilance. Similarly, we look if any particular broker talks more to a particular dealer than the fund manager...These are leads for us,” said the chief investment officer with a private mutual fund.
In a mutual fund, the practice of front-running harms unitholders, as it increases the cost of share purchases or reduces the realisations from share sale, thereby depressing returns.
Some mutual fund officials and brokers said Sebi’s emphasis to tackle front-running only in the dealing rooms is misplaced. “The focus is more on the small fish (dealers), while big sharks (some fund managers and market operators) have been let off the hook,” said a fund manager with a bank-owned mutual fund. “The profits made by the dealer (HDFC AMC) and his associates are paltry compared with what is being made outside the dealing room,” he said.
The three investors, who placed orders in the same set of stocks just before those were traded by dealer Nilesh Kapadia on HDFC AMC’s behalf, made combined profits of about `2 crore in four months, according to the Sebi order on June 17.
Brokers said fund managers, who usually buy or sell shares ahead of their employers, escape the regulatory radar by spreading their trades across various brokers. “Fund managers ensure that there is no pattern in the way any person or broker, who has been assigned to buy shares on their behalf, has done the trade,” said a broker, who is familiar with such trades. “There is no way that the regulator can catch them in the existing regulatory situation,” he said.
Source: The Economic Times
to do so until recently.
Last week, the Securities and Exchange Board of India (Sebi) made this ban official on the heels of its recent order, which pulled up an equities dealer at HDFC Asset Management for leaking information of its planned trades to a few other investors.
In a communication to mutual funds, the market regulator, in addition to the ban on mobile phone usage in dealing rooms, also asked asset management companies (AMCs) to record telephone calls from or into dealing rooms. Also, recorded calls by dealers should be regularly monitored by its compliance department, Sebi said.
Mutual fund officials said the practice of front-running is unlikely to cede, following the new rules by Sebi, as most AMCs already have such systems in place. “It doesn’t say anything more than what we are already doing,” said a top official with a private mutual fund.
Mutual fund officials said more steps are already in place to check front-running than what are mentioned in the circular. These include having restrictions on the rates at which dealers can place the ‘buy’ or ‘sell’ order in a day and checks on any changes in their lifestyles.
“If a dealer suddenly manages to buy a house in a plush locality or even a luxury car, then, we step up our vigilance. Similarly, we look if any particular broker talks more to a particular dealer than the fund manager...These are leads for us,” said the chief investment officer with a private mutual fund.
In a mutual fund, the practice of front-running harms unitholders, as it increases the cost of share purchases or reduces the realisations from share sale, thereby depressing returns.
Some mutual fund officials and brokers said Sebi’s emphasis to tackle front-running only in the dealing rooms is misplaced. “The focus is more on the small fish (dealers), while big sharks (some fund managers and market operators) have been let off the hook,” said a fund manager with a bank-owned mutual fund. “The profits made by the dealer (HDFC AMC) and his associates are paltry compared with what is being made outside the dealing room,” he said.
The three investors, who placed orders in the same set of stocks just before those were traded by dealer Nilesh Kapadia on HDFC AMC’s behalf, made combined profits of about `2 crore in four months, according to the Sebi order on June 17.
Brokers said fund managers, who usually buy or sell shares ahead of their employers, escape the regulatory radar by spreading their trades across various brokers. “Fund managers ensure that there is no pattern in the way any person or broker, who has been assigned to buy shares on their behalf, has done the trade,” said a broker, who is familiar with such trades. “There is no way that the regulator can catch them in the existing regulatory situation,” he said.
Source: The Economic Times
Monday, July 12, 2010
ICAI for compulsory Outsourcing of Internal Audit functions
Accounting regulator the Institute of Chartered Accountants of India (ICAI) has asked the government to make outsourcing of internal audit functions mandatory for companies to prevent a Satyam-like fraud from happening again.
The suggestion is part of the recommendations by a high-powered committee of ICAI to the Corporate Affairs Ministry in the aftermath of a Rs 10,000-crore scam in Satyam Computer and is intended to strengthen the internal audit system of companies.
"We have recommended that internal audit should be outsourced rather than in-house because internal audit in-house is always dependent on the management of the company. Internal audit from outside will always be better, and then it should be given to chartered accountants," ICAI President Amarjit Chopra told PTI.
The role of internal auditors came under scanner after Satyam Computer founder B Ramalinga Raju confessed to having cooked the books of the company for years. The IT firm's internal audit head S Prabhakar Gupta was arrested for his alleged role in the multi-crore fraud.
Interestingly, Satyam's internal audit team was given recognition of commitment award by the US-based Institute of Internal Auditors in 2006.
Chopra further said that since internal audit is the first check-post for any accounting fraud, due care should be taken to ensure it is conducted by the right people and independently.
"We already have 17 internal audit standards and we have asked the Government to make these standards mandatory for internal audits, whether through Sebi or through company law, so that there is standardisation of internal audit procedures," Chopra said.
The standards are benchmarks for internal auditors and are aimed at ensuring standardisation, independence and more consistency in the functioning.
They also differentiate auditor's responsibilities when it comes to complying with the law and regulations that have direct impact on financial statements as well as significant effect on the functioning of the company.
Source: Business India; July 8,2010; By Press Trust of India, New Delhi
The suggestion is part of the recommendations by a high-powered committee of ICAI to the Corporate Affairs Ministry in the aftermath of a Rs 10,000-crore scam in Satyam Computer and is intended to strengthen the internal audit system of companies.
"We have recommended that internal audit should be outsourced rather than in-house because internal audit in-house is always dependent on the management of the company. Internal audit from outside will always be better, and then it should be given to chartered accountants," ICAI President Amarjit Chopra told PTI.
The role of internal auditors came under scanner after Satyam Computer founder B Ramalinga Raju confessed to having cooked the books of the company for years. The IT firm's internal audit head S Prabhakar Gupta was arrested for his alleged role in the multi-crore fraud.
Interestingly, Satyam's internal audit team was given recognition of commitment award by the US-based Institute of Internal Auditors in 2006.
Chopra further said that since internal audit is the first check-post for any accounting fraud, due care should be taken to ensure it is conducted by the right people and independently.
"We already have 17 internal audit standards and we have asked the Government to make these standards mandatory for internal audits, whether through Sebi or through company law, so that there is standardisation of internal audit procedures," Chopra said.
The standards are benchmarks for internal auditors and are aimed at ensuring standardisation, independence and more consistency in the functioning.
They also differentiate auditor's responsibilities when it comes to complying with the law and regulations that have direct impact on financial statements as well as significant effect on the functioning of the company.
Source: Business India; July 8,2010; By Press Trust of India, New Delhi
Tuesday, July 6, 2010
Raise the bar on corporate governance
THERE IS A NEED TO EXPAND THE NET & IMPROVE IMPLEMENTATION OF GOVERNANCE NORMS
MONISH CHATRATH Executive Director,Mazars
THE START OF THIS CENTURY WAS MARKED by an emphasis on corporate governance,thanks largely to a string of collapses of several high profile companies.The world of business was shocked with both the scale and age of unethical and illegal operations.Consequently,the need for adoption of good corporate governance principles has not only got reinforced,but inevitably and inextricably,efforts to this end have gathered momentum every time a new corporate scandal came to light.And India is no exception to this phenomenon.
Events last year involving Satyam Computer Systems have prompted several questions and various forms of introspections on corporate governance practices,as well as brought focus on aspects relating to discipline exercised by the dominant shareholder,accountability of the management,role of the auditors (external and internal),functioning of the board and audit committee and also the value of ethical conduct in business.The spotlight is now firmly on key aspects of the governance framework,with particular emphasis on the audit and finance functions which have a legal,moral and ethical responsibility to identify and disclose aspects of a promoter-driven agenda that have the potential to impact the interests of other stakeholders adversely.
Although corporate governance is the legal framework,the ethical framework and the moral framework within which business decisions are taken;the focus in India continues to be largely around the legal framework.Since there is no dearth of legislation relating to corporate governance,it is the latter two aspects that need more focus in India.The challenge for policymakers in India is to reach an appropriate balance of legislative and regulatory reform,taking into consideration international best practices that augur well with the growth climate in India,while also fostering greater enterprise and enhancing competitiveness in a manner that can stimulate further investments.
While some of the current laws and regulations in India are possibly amongst the best in the world,there are several others which are somewhat archaic.India also needs greater focus and more proactive,yet a simplified monitoring and enforcement framework to ensure effective levels of compliance with regulations.Undoubtedly unless there is a genuine intention within an organisation to incorporate compliance in principle as opposed to compliance in legal form into corporate strategy and operations,regulations will only have a limited effect.
In business ethics,what was good is becoming bad and what was considered bad is now good.Standards for corporate governance that have worked for decades are looking old fashioned or immoral while other practices that raised questions are now becoming totally acceptable.Debates,discussions and reviews on corporate governance have predominantly focused on large,listed and high profile companies with dispersed shareholdings and there is an impending need to expand the net,in recognition of the impact of issues relating to financial transparency,the role of access to outside capital and conflict resolution,to non-listed and family controlled companies.These today are considered a crucial component of the growth engine for the Indian economy.
While analysing corporate governance in PSUs,the consideration that often come up relate to the perceptions on the over-regulation of state-owned units in India,which on one hand are accountable to various authorities under several regulations including Parliament,Comptroller and Auditor General of India,Central Vigilance Commission and the Right to Information Act and on the other are susceptible to bureaucratic hurdles.
Good governance has been further augmented in the past few years by a rise in the recognition of CSR.This is based on an understanding of the expectations that our communities have regarding the social contract that organisations have with communities.This may include public reporting,openness to input,access points for complaints about services or tips regarding illegal actions of employees.
Corporate governance and CSR are both extremely important to an organisation.But it is not a natural thing to separate the two.If an organisation has a well formed governance programme in place,the same would possibly also take care of most of the social issues.Organisations are increasingly focusing on the impact of their business activity on society and in doing so many have created CSR programmes to balance their operations.Taking responsibility for its impact on society means in the first instance that an organisation takes accountability for its actions and the effect of the same on particular interests groups within the society.
In todays globalised,interconnected and competitive world,the way that environmental,social and corporate governance issues are managed is a part of the organisations overall management philosophy to compete successfully.Organisations that perform better with regard to these issues can increase shareholder value by properly managing risks,anticipating regulatory action or accessing new markets while at the same time contributing to the sustainable development of the societies in which they operate.
Sustainable value also emanates from an organisations ability to adhere with a corporate culture of conscience and consciousness,transparency and openness,fairness and accountability,propriety and equity.Certain combinations of governance mechanism may work for certain periods of time.Change,however,will inevitably occur.
Development of norms and guidelines are an important first step in a serious effort to improve corporate governance.The bigger challenge in India,however,lies in the proper implementation of those rules at the ground level.More needs to be done to ensure adequate corporate governance in the average Indian company.Further,even the most prudent norms can be hoodwinked in a system plagued with widespread corruption.
Nevertheless,with the successful turnaround of Satyam with the commendable and active support of the government which itself took swift and planned action,at the same time exercising considered restrain wherever required instead and with industry organisations and chambers of commerce themselves pushing for an improved corporate governance system,the future of corporate governance in India promises to be distinctly better than the past.
(Views are personal).
MONISH CHATRATH Executive Director,Mazars
THE START OF THIS CENTURY WAS MARKED by an emphasis on corporate governance,thanks largely to a string of collapses of several high profile companies.The world of business was shocked with both the scale and age of unethical and illegal operations.Consequently,the need for adoption of good corporate governance principles has not only got reinforced,but inevitably and inextricably,efforts to this end have gathered momentum every time a new corporate scandal came to light.And India is no exception to this phenomenon.
Events last year involving Satyam Computer Systems have prompted several questions and various forms of introspections on corporate governance practices,as well as brought focus on aspects relating to discipline exercised by the dominant shareholder,accountability of the management,role of the auditors (external and internal),functioning of the board and audit committee and also the value of ethical conduct in business.The spotlight is now firmly on key aspects of the governance framework,with particular emphasis on the audit and finance functions which have a legal,moral and ethical responsibility to identify and disclose aspects of a promoter-driven agenda that have the potential to impact the interests of other stakeholders adversely.
Although corporate governance is the legal framework,the ethical framework and the moral framework within which business decisions are taken;the focus in India continues to be largely around the legal framework.Since there is no dearth of legislation relating to corporate governance,it is the latter two aspects that need more focus in India.The challenge for policymakers in India is to reach an appropriate balance of legislative and regulatory reform,taking into consideration international best practices that augur well with the growth climate in India,while also fostering greater enterprise and enhancing competitiveness in a manner that can stimulate further investments.
While some of the current laws and regulations in India are possibly amongst the best in the world,there are several others which are somewhat archaic.India also needs greater focus and more proactive,yet a simplified monitoring and enforcement framework to ensure effective levels of compliance with regulations.Undoubtedly unless there is a genuine intention within an organisation to incorporate compliance in principle as opposed to compliance in legal form into corporate strategy and operations,regulations will only have a limited effect.
In business ethics,what was good is becoming bad and what was considered bad is now good.Standards for corporate governance that have worked for decades are looking old fashioned or immoral while other practices that raised questions are now becoming totally acceptable.Debates,discussions and reviews on corporate governance have predominantly focused on large,listed and high profile companies with dispersed shareholdings and there is an impending need to expand the net,in recognition of the impact of issues relating to financial transparency,the role of access to outside capital and conflict resolution,to non-listed and family controlled companies.These today are considered a crucial component of the growth engine for the Indian economy.
While analysing corporate governance in PSUs,the consideration that often come up relate to the perceptions on the over-regulation of state-owned units in India,which on one hand are accountable to various authorities under several regulations including Parliament,Comptroller and Auditor General of India,Central Vigilance Commission and the Right to Information Act and on the other are susceptible to bureaucratic hurdles.
Good governance has been further augmented in the past few years by a rise in the recognition of CSR.This is based on an understanding of the expectations that our communities have regarding the social contract that organisations have with communities.This may include public reporting,openness to input,access points for complaints about services or tips regarding illegal actions of employees.
Corporate governance and CSR are both extremely important to an organisation.But it is not a natural thing to separate the two.If an organisation has a well formed governance programme in place,the same would possibly also take care of most of the social issues.Organisations are increasingly focusing on the impact of their business activity on society and in doing so many have created CSR programmes to balance their operations.Taking responsibility for its impact on society means in the first instance that an organisation takes accountability for its actions and the effect of the same on particular interests groups within the society.
In todays globalised,interconnected and competitive world,the way that environmental,social and corporate governance issues are managed is a part of the organisations overall management philosophy to compete successfully.Organisations that perform better with regard to these issues can increase shareholder value by properly managing risks,anticipating regulatory action or accessing new markets while at the same time contributing to the sustainable development of the societies in which they operate.
Sustainable value also emanates from an organisations ability to adhere with a corporate culture of conscience and consciousness,transparency and openness,fairness and accountability,propriety and equity.Certain combinations of governance mechanism may work for certain periods of time.Change,however,will inevitably occur.
Development of norms and guidelines are an important first step in a serious effort to improve corporate governance.The bigger challenge in India,however,lies in the proper implementation of those rules at the ground level.More needs to be done to ensure adequate corporate governance in the average Indian company.Further,even the most prudent norms can be hoodwinked in a system plagued with widespread corruption.
Nevertheless,with the successful turnaround of Satyam with the commendable and active support of the government which itself took swift and planned action,at the same time exercising considered restrain wherever required instead and with industry organisations and chambers of commerce themselves pushing for an improved corporate governance system,the future of corporate governance in India promises to be distinctly better than the past.
(Views are personal).
Monday, June 28, 2010
Ex-Brocade CEO sentenced for fraud
LOS ANGELES: A US judge sentenced the former chief executive of Brocade Communications Systems Inc to 18 months in prison for securities fraud, and ordered him to pay a $15 million fine, said Jack Gillund, a spokesman for the US Attorney's Office.
Gregory Reyes was found guilty in March of securities fraud, after becoming one of the highest profile executives to be accused of illegal stock options backdating.
The sentence that US District Judge Charles R Breyer imposed on Reyes in San Francisco was similar to one handed down in the former executive's first trial in 2007.
That conviction was overturned by the US Court of Appeals for the Ninth Circuit, over prosecutorial misconduct. The appeals court ruled that prosecutors made a false assertion of material fact to the jury during closing arguments.
But US prosecutors re-tried Reyes, resulting in a conviction and a win for the government, which has struggled to secure convictions in backdating cases.
Backdating is the practice of retroactively pricing option grants on days a company's stock price was low, to lock in financial gains. The practice in effect increases the value of the options, but is not illegal if properly accounted for.
Prosecutors said that Reyes engaged in illegal backdating to reward insiders and mislead investors, and to pad his own pocket from the scheme.
Reyes had originally been given a 21-month prison term and a fine of $15 million. The backdating of stock option grants became a major issue in 2007, with more than 170 companies either investigated by US authorities or conducting internal inquiries into possible manipulation of stock-option grant dates.
Source: TOI, 28.06.10
Gregory Reyes was found guilty in March of securities fraud, after becoming one of the highest profile executives to be accused of illegal stock options backdating.
The sentence that US District Judge Charles R Breyer imposed on Reyes in San Francisco was similar to one handed down in the former executive's first trial in 2007.
That conviction was overturned by the US Court of Appeals for the Ninth Circuit, over prosecutorial misconduct. The appeals court ruled that prosecutors made a false assertion of material fact to the jury during closing arguments.
But US prosecutors re-tried Reyes, resulting in a conviction and a win for the government, which has struggled to secure convictions in backdating cases.
Backdating is the practice of retroactively pricing option grants on days a company's stock price was low, to lock in financial gains. The practice in effect increases the value of the options, but is not illegal if properly accounted for.
Prosecutors said that Reyes engaged in illegal backdating to reward insiders and mislead investors, and to pad his own pocket from the scheme.
Reyes had originally been given a 21-month prison term and a fine of $15 million. The backdating of stock option grants became a major issue in 2007, with more than 170 companies either investigated by US authorities or conducting internal inquiries into possible manipulation of stock-option grant dates.
Source: TOI, 28.06.10
Sunday, May 30, 2010
US sees 78 bank failures in 2010
NEW YORK: With five more US banks biting the dust this week, a whopping 78 entities have folded up their businesses so far this year.
Mirroring the financial woes faced by the American banking industry, an average of 15banks are going bankrupt every month.
Recently, the Federal Deposit Insurance Corporation (FDIC), which insures deposits at over 8,000 American banks warned of more failures in the coming months.
Authorities shut down five entities on May 28. They are Bank of Florida -- Southwest; Bank of Florida -- Southeast; Bank of Florida-- Tampa Bay, Sun West Bank and Granite Community Bank.
These failures are expected to cost the FDIC as much as USD 317 million.
The three Florida-based banks were owned by Bank of Florida Corporation.
In the first three months of 2010, the number of 'problem' banks climbed to 775, the highest in nearly 17 years. The same stood at just 702 at the end of 2009.
This month alone, 14 banks have gone out of business. The count of collapses are anticipated to rise in the wake of high unemployment levels, which is resulting in increased defaults at banks.
Last year, a whopping 140 banks in the US went belly up.
"There will be more failures, to be sure. The banking system still has many problems to work through and we cannot ignore the possibility of more financial market volatility," FDIC chairperson Sheila C Bair said recently.
Source: The Times of India, 30.05.10
Mirroring the financial woes faced by the American banking industry, an average of 15banks are going bankrupt every month.
Recently, the Federal Deposit Insurance Corporation (FDIC), which insures deposits at over 8,000 American banks warned of more failures in the coming months.
Authorities shut down five entities on May 28. They are Bank of Florida -- Southwest; Bank of Florida -- Southeast; Bank of Florida-- Tampa Bay, Sun West Bank and Granite Community Bank.
These failures are expected to cost the FDIC as much as USD 317 million.
The three Florida-based banks were owned by Bank of Florida Corporation.
In the first three months of 2010, the number of 'problem' banks climbed to 775, the highest in nearly 17 years. The same stood at just 702 at the end of 2009.
This month alone, 14 banks have gone out of business. The count of collapses are anticipated to rise in the wake of high unemployment levels, which is resulting in increased defaults at banks.
Last year, a whopping 140 banks in the US went belly up.
"There will be more failures, to be sure. The banking system still has many problems to work through and we cannot ignore the possibility of more financial market volatility," FDIC chairperson Sheila C Bair said recently.
Source: The Times of India, 30.05.10
Monday, April 26, 2010
Make phone banking more secure: RBI -
NEW DELHI: Banks will have to soon put in place an additional authentication cover for their credit and debit card customers transacting over phone, or get penalized.
Taking forward its efforts to tackle identity frauds in non-branch banking transactions, the Reserve Bank has asked all the banks operating in the country to put in place by next year a system where credit and debit card customers would need to provide an additional password for IVR (interactive voice response) transactions.
IVR transactions are done over phone, wherein customers dial bank's customer care number and are prompted by a recorded voice to dial designated digits for different kinds of transactions such as balance enquiry, bill payment etc.
The customers would now need to key-in an additional password on their phone, besides prevalent details like card number, date of birth, card issue or expiry date and in some cases a telephonic password. As RBI has also noted, there has been a stupendous rise in banking transactions through channels other than traditional branch banking.
Source : Times Of India
Taking forward its efforts to tackle identity frauds in non-branch banking transactions, the Reserve Bank has asked all the banks operating in the country to put in place by next year a system where credit and debit card customers would need to provide an additional password for IVR (interactive voice response) transactions.
IVR transactions are done over phone, wherein customers dial bank's customer care number and are prompted by a recorded voice to dial designated digits for different kinds of transactions such as balance enquiry, bill payment etc.
The customers would now need to key-in an additional password on their phone, besides prevalent details like card number, date of birth, card issue or expiry date and in some cases a telephonic password. As RBI has also noted, there has been a stupendous rise in banking transactions through channels other than traditional branch banking.
Source : Times Of India
Saturday, April 24, 2010
IMP UPDATE : RBI Guidelines - Prohibiting alterations / corrections on cheques
Dear All,
Please go through the attached Notice/ Circular post the communication from RBI for Banks on Guidelines to follow in case of alterations on cheques. This will get implemented from July 01, 2010.
As per RBI Circular - DPSS.CO.CHD.No. 1832/01.07.05/2009-10 dated 22nd February 2010
Prohibiting alterations / corrections on cheques :
No changes / corrections should be carried out on the cheques (other than for date validation purposes, if required). For any change in the payee’s name, courtesy amount (amount in figures) or legal amount (amount in words), etc., fresh cheque forms should be used by customers. This would help banks to identify and control fraudulent alterations.
In view of the above guidelines, with effect from July 01, 2010 no alterations in cheque will be allowed (even if signature is made at the place of alteration on cheque). These kinds of altered cheques will not be honored by Bank.
Source : Reserve Bank Of India
Please go through the attached Notice/ Circular post the communication from RBI for Banks on Guidelines to follow in case of alterations on cheques. This will get implemented from July 01, 2010.
As per RBI Circular - DPSS.CO.CHD.No. 1832/01.07.05/2009-10 dated 22nd February 2010
Prohibiting alterations / corrections on cheques :
No changes / corrections should be carried out on the cheques (other than for date validation purposes, if required). For any change in the payee’s name, courtesy amount (amount in figures) or legal amount (amount in words), etc., fresh cheque forms should be used by customers. This would help banks to identify and control fraudulent alterations.
In view of the above guidelines, with effect from July 01, 2010 no alterations in cheque will be allowed (even if signature is made at the place of alteration on cheque). These kinds of altered cheques will not be honored by Bank.
Source : Reserve Bank Of India
Friday, April 23, 2010
Monday, March 1, 2010
How to Avoid Hiring a Bad Egg
As you begin recruiting and interviewing employees, you'll obviously be drawn to certain candidates because of their experience, educational background and personality. While it's easy to make a decision based on what you see in front of you, it's wise to consider what may be hidden from view, too.
Small businesses, unfortunately, are particularly vulnerable to embezzlement and other kinds of employee theft because they lack the checks and balances of big corporations. One report by the Association of Certified Fraud Examiners found that the median loss for small firms with fewer than one hundred employees was $190,000. The most common schemes? Employees fraudulently writing company checks, skimming revenues and processing phony invoices.
You can increase your chances of avoiding problems— and spotting dishonesty— by beefing up your hiring practices. Here's how to do it.
• Use a formal job application. Take a page from corporate America's book and supply job candidates with an application that requests full name, address, education, employment record (with years) and references. An application that includes all of this information can give you a clearer picture of someone's background than, say, a resume that he or she provides. Also, it's wise to state on the application that supplying false information can lead to dismissal. Documentation can help protect you in the event of an employee lawsuit.
• Ask tough questions. Carefully review the application, and during the in-person interview, ask probing questions, especially about gaps in employment. A candidate may certainly have any number of innocent explanations (such as attending school, reevaluating his or her career or caring for a child or other family member), but gaps between jobs can indicate an inability to hold down a position, a sudden dismissal or, at worst, a prison stay. Arrange for others at your company (or a trusted advisor, if you're a solo entrepreneur) to meet the person as well; getting a second or third opinion to confirm your impressions will help you make more solid hiring decisions.
• Call former employers and check references. Often, former bosses don't want to provide too much negative information, for fear that they could be sued for defamation. At the least, you should be able to verify the person's employment history and salary history. The best question to ask a former employer is simply, "Is this person eligible for rehire?" If the answer is no, that's a definite red flag.
• Perform a background check. Preemployment checks can screen out applicants who may be unfit (or dangerous) for your workplace because of a criminal record. Some states may require that employers in certain industries— say, child care or health care— conduct background checks. A background check also can confirm the accuracy of information that the candidate provided on the application. While a background check isn't necessary for all employees, it's smart to conduct one on a job candidate who will have access to sensitive data or your company's finances. The Fair Credit Reporting Act, which sets standards for employment screening, requires that you get consent from a potential employee before conducting a background check. Check the FTC's website to make sure you are in compliance. Also, you don't want to run afoul of state or federal laws concerning the kinds of information an employer uses to make employment decisions. If you do perform a background check, ask a business owner or your attorney for a referral to a reputable firm.
• Invite a potential hire for a paid tryout. You can learn a lot about potential employees, including how well they fit into your small business environment, by inviting them to work on a test project or spending a trial run in your office. A tryout may be a particularly good way to test an applicant's technical skills— say, a proficiency with a type of software— and may reveal far more than a reference or background check.
Source :- The Wall Street Journal, By Colleen Debaise
Small businesses, unfortunately, are particularly vulnerable to embezzlement and other kinds of employee theft because they lack the checks and balances of big corporations. One report by the Association of Certified Fraud Examiners found that the median loss for small firms with fewer than one hundred employees was $190,000. The most common schemes? Employees fraudulently writing company checks, skimming revenues and processing phony invoices.
You can increase your chances of avoiding problems— and spotting dishonesty— by beefing up your hiring practices. Here's how to do it.
• Use a formal job application. Take a page from corporate America's book and supply job candidates with an application that requests full name, address, education, employment record (with years) and references. An application that includes all of this information can give you a clearer picture of someone's background than, say, a resume that he or she provides. Also, it's wise to state on the application that supplying false information can lead to dismissal. Documentation can help protect you in the event of an employee lawsuit.
• Ask tough questions. Carefully review the application, and during the in-person interview, ask probing questions, especially about gaps in employment. A candidate may certainly have any number of innocent explanations (such as attending school, reevaluating his or her career or caring for a child or other family member), but gaps between jobs can indicate an inability to hold down a position, a sudden dismissal or, at worst, a prison stay. Arrange for others at your company (or a trusted advisor, if you're a solo entrepreneur) to meet the person as well; getting a second or third opinion to confirm your impressions will help you make more solid hiring decisions.
• Call former employers and check references. Often, former bosses don't want to provide too much negative information, for fear that they could be sued for defamation. At the least, you should be able to verify the person's employment history and salary history. The best question to ask a former employer is simply, "Is this person eligible for rehire?" If the answer is no, that's a definite red flag.
• Perform a background check. Preemployment checks can screen out applicants who may be unfit (or dangerous) for your workplace because of a criminal record. Some states may require that employers in certain industries— say, child care or health care— conduct background checks. A background check also can confirm the accuracy of information that the candidate provided on the application. While a background check isn't necessary for all employees, it's smart to conduct one on a job candidate who will have access to sensitive data or your company's finances. The Fair Credit Reporting Act, which sets standards for employment screening, requires that you get consent from a potential employee before conducting a background check. Check the FTC's website to make sure you are in compliance. Also, you don't want to run afoul of state or federal laws concerning the kinds of information an employer uses to make employment decisions. If you do perform a background check, ask a business owner or your attorney for a referral to a reputable firm.
• Invite a potential hire for a paid tryout. You can learn a lot about potential employees, including how well they fit into your small business environment, by inviting them to work on a test project or spending a trial run in your office. A tryout may be a particularly good way to test an applicant's technical skills— say, a proficiency with a type of software— and may reveal far more than a reference or background check.
Source :- The Wall Street Journal, By Colleen Debaise
Tuesday, February 23, 2010
Customer Vs. Bank: Who is Liable for Fraud Losses?
Comerica/EMI Case Raises Key Questions About Responsibility, Security
At first, this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks.
Now this story shapes up as a significant test case for the banking industry, raising several key questions that must be answered about fraud and responsibility.
"It will establish who is liable in the U.S. - the bank or the customer - for fraud losses that result from phishing," says Tom Wills, Senior Analyst, Security, Fraud & Compliance, Javelin Strategy & Research.
The Basics
The lawsuit, filed by EMI in a Michigan circuit court, alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. In January 2009, an EMI employee opened and clicked on links within a phishing email that purported to be from Comerica. The email duped the employee into believing the bank needed to update its banking software. Subsequently, more than $550,000 was stolen from the company's bank accounts and sent overseas.
EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures. The bank says its online security methods were reasonable "because they were in general used by other similarly situated customers of other banks." Now that this case is in the courts, observers say, several important questions will be debated re: trust, responsibility and security.
Among them:
#1: How Much Trust is Lost?
Clearly, Comerica has lost EMI's trust, but how much further can this costly loss of confidence spread among banking customers - even at other institutions? "Cases like this, when they hit the courts and the press, work at a macro level to erode the trust of all banks by all customers, even affecting those institutions with good anti-phishing programs in place," says Javelin's Wills. "It will make it that much harder for all banks to migrate their customer base to the highly cost-effective (from an operational standpoint) online channel."
Anytime a company incurs a data breach that compromises personal information, the organization risks having its customers walk away for good. "That's why it's so important that, before an incident occurs, a company take proactive steps to implement a reasonable security program," says Alysa Hutnik, a lawyer at Kelley Drye & Warren, a Washington DC-based law firm that specializes in post-incident response. "Even after a breach, if a company handles the issue responsibly, those efforts can earn back trust bit by bit. But here, where a customer is out of pocket hundreds of thousands of dollars as a result of a breach and was compelled to file a lawsuit to redress the issue, yes, the trust is likely lost."
Because trust is so fundamental to banking institutions, they have to draw a distinct line, says Avivah Litan, an analyst at Gartner. "Either banks explicitly and visibly warn their customers that banking with them is not safe and that [customers] are held liable for hacking into their accounts through online banking," she says. "Or they assume liability."
#2: Is a Bank Liable For Phishing?
Should a bank be held liable for a customer's employee falling for a phishing email that supposedly represents the bank? The EMI/Comerica case highlights several hotly debated issues.
On the plaintiff's side, the employee's vulnerability to the phishing attack raises the core question of 'What is sufficient training?,' says attorney Hutnik. Most employees have been warned about phishing attempts, but even the most robust training does not protect against occasional human error. Does this training need to occur more frequently, or is it a matter of customizing the training to the evolving and specific types of phishing attempts? If a company is going to be responsible under the law for employees' vulnerability to phishing attempts, Hutnik says, that's a pretty good incentive to increase training.
Can a bank be held liable? Some security experts say emphatically 'No.' "The bank clearly could have made better decisions on how to update security information," says Branden Williams, Director of VeriSign's PCI Practice. "But judging by the timelines, they may have been ahead of their time with offering multi-factor authentication for online business banking."
Williams quotes an old saying: "I'll open the door for you, but only you can walk through it." Comerica did open the door with its security updates, he says, but a simple training issue would have prevented the employee from walking through that door. "Companies that become complacent with security become easy targets."
#3: What is 'Reasonable Security?'
In this case, was the bank's two-factor security token technology an unreasonable safeguard based on the information available at the time it was implemented by the company? Discovery and expert testimony on this point will be critical, says Hutnik. So too, will the surrounding facts on what information the bank provided to its customers about giving personal information online, or in response to an email alert, leading up to and after it transitioned away from the digital certificate security process.
Hutnik sees a third key issue, which is often a gap in many companies: What measures were in place to detect unauthorized, unusual activity involving this customer account, and did the bank act quickly enough in response to such detection? "All companies could benefit from evaluating and assessing how they compare the issues raised in this case against their own information security programs," she says.
David Navetta, a lawyer at the Information Law Group, a Colorado-based law firm, says one of the issues that will be key in this case is whether the bank has a legal duty to prevent these types of phishing attacks. And if so, whether the security measures it took were "reasonable" under the law. To the extent a bank has a general duty to protect client accounts, does that duty extend to preventing (or reducing the risk of) its customers from being duped by social engineering attacks such as phishing? "That will be the threshold legal question, and I don't know what the answer will ultimately be," he says.
Another point that Navetta says will be considered is "Reasonableness." Under the law for purposes of negligence, a defendant can avoid liability even if a plaintiff suffered harm, as long as the defendant did not breach its duty of care. "In this context, if the bank's security measures where 'reasonable' under the law, it would not be liable," Navetta says. "I think the fact that the bank used two-factor authentication will help its cause in this respect," he says. On the other hand, he adds, "Many security professionals I have spoken to/read have indicated that a phishing attack was a known weakness, or at least a theoretical weakness, of two-factor authentication."
Regulators Were 'Asleep at the Wheel'
While EMI and Comerica argue over liability, Gartner's Litan says the nation's legislators and banking regulators bear the bulk of the blame for such breaches. "It's their job to set the rules for soundness and safety of the U.S. banking system, and to enforce that the banks execute those rules," she says. "They are negligent here - in not passing legislation that protects business accounts (as Reg E protects consumer accounts) and in not enforcing security measures at the banks, as set forth by the FFIEC strong authentication guidance," Litan says.
Litan also has strong words for bank examiners. "Frankly, they are also asleep at the wheel," she says. "And the banks are taking advantage of the current legislative and regulatory environment by not proactively securing business accounts."
No matter the outcome, this case will set a precedent, predicts Rohyt Belani, CEO of the Intrepidus Group, a New York City-based security firm. Banks and other e-commerce providers need to take some of the responsibility to help their customers mitigate the risk associated with phishing attacks - especially those that exploit the institution's brands. "Just posting information about phishing on the login page doesn't cut it," Belani says. "I believe banks need to work on enhancing their authentication mechanisms, changing the way they communicate with their clients (not embedding active links, etc.), and educating the customers using techniques that are proven to reduce susceptibility.
"Banks should view it as a wake-up call and work on mitigating phishing attacks."
Source: Bankinfo Security; By Linda McGlasson, Managing Editor
At first, this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks.
Now this story shapes up as a significant test case for the banking industry, raising several key questions that must be answered about fraud and responsibility.
"It will establish who is liable in the U.S. - the bank or the customer - for fraud losses that result from phishing," says Tom Wills, Senior Analyst, Security, Fraud & Compliance, Javelin Strategy & Research.
The Basics
The lawsuit, filed by EMI in a Michigan circuit court, alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. In January 2009, an EMI employee opened and clicked on links within a phishing email that purported to be from Comerica. The email duped the employee into believing the bank needed to update its banking software. Subsequently, more than $550,000 was stolen from the company's bank accounts and sent overseas.
EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures. The bank says its online security methods were reasonable "because they were in general used by other similarly situated customers of other banks." Now that this case is in the courts, observers say, several important questions will be debated re: trust, responsibility and security.
Among them:
#1: How Much Trust is Lost?
Clearly, Comerica has lost EMI's trust, but how much further can this costly loss of confidence spread among banking customers - even at other institutions? "Cases like this, when they hit the courts and the press, work at a macro level to erode the trust of all banks by all customers, even affecting those institutions with good anti-phishing programs in place," says Javelin's Wills. "It will make it that much harder for all banks to migrate their customer base to the highly cost-effective (from an operational standpoint) online channel."
Anytime a company incurs a data breach that compromises personal information, the organization risks having its customers walk away for good. "That's why it's so important that, before an incident occurs, a company take proactive steps to implement a reasonable security program," says Alysa Hutnik, a lawyer at Kelley Drye & Warren, a Washington DC-based law firm that specializes in post-incident response. "Even after a breach, if a company handles the issue responsibly, those efforts can earn back trust bit by bit. But here, where a customer is out of pocket hundreds of thousands of dollars as a result of a breach and was compelled to file a lawsuit to redress the issue, yes, the trust is likely lost."
Because trust is so fundamental to banking institutions, they have to draw a distinct line, says Avivah Litan, an analyst at Gartner. "Either banks explicitly and visibly warn their customers that banking with them is not safe and that [customers] are held liable for hacking into their accounts through online banking," she says. "Or they assume liability."
#2: Is a Bank Liable For Phishing?
Should a bank be held liable for a customer's employee falling for a phishing email that supposedly represents the bank? The EMI/Comerica case highlights several hotly debated issues.
On the plaintiff's side, the employee's vulnerability to the phishing attack raises the core question of 'What is sufficient training?,' says attorney Hutnik. Most employees have been warned about phishing attempts, but even the most robust training does not protect against occasional human error. Does this training need to occur more frequently, or is it a matter of customizing the training to the evolving and specific types of phishing attempts? If a company is going to be responsible under the law for employees' vulnerability to phishing attempts, Hutnik says, that's a pretty good incentive to increase training.
Can a bank be held liable? Some security experts say emphatically 'No.' "The bank clearly could have made better decisions on how to update security information," says Branden Williams, Director of VeriSign's PCI Practice. "But judging by the timelines, they may have been ahead of their time with offering multi-factor authentication for online business banking."
Williams quotes an old saying: "I'll open the door for you, but only you can walk through it." Comerica did open the door with its security updates, he says, but a simple training issue would have prevented the employee from walking through that door. "Companies that become complacent with security become easy targets."
#3: What is 'Reasonable Security?'
In this case, was the bank's two-factor security token technology an unreasonable safeguard based on the information available at the time it was implemented by the company? Discovery and expert testimony on this point will be critical, says Hutnik. So too, will the surrounding facts on what information the bank provided to its customers about giving personal information online, or in response to an email alert, leading up to and after it transitioned away from the digital certificate security process.
Hutnik sees a third key issue, which is often a gap in many companies: What measures were in place to detect unauthorized, unusual activity involving this customer account, and did the bank act quickly enough in response to such detection? "All companies could benefit from evaluating and assessing how they compare the issues raised in this case against their own information security programs," she says.
David Navetta, a lawyer at the Information Law Group, a Colorado-based law firm, says one of the issues that will be key in this case is whether the bank has a legal duty to prevent these types of phishing attacks. And if so, whether the security measures it took were "reasonable" under the law. To the extent a bank has a general duty to protect client accounts, does that duty extend to preventing (or reducing the risk of) its customers from being duped by social engineering attacks such as phishing? "That will be the threshold legal question, and I don't know what the answer will ultimately be," he says.
Another point that Navetta says will be considered is "Reasonableness." Under the law for purposes of negligence, a defendant can avoid liability even if a plaintiff suffered harm, as long as the defendant did not breach its duty of care. "In this context, if the bank's security measures where 'reasonable' under the law, it would not be liable," Navetta says. "I think the fact that the bank used two-factor authentication will help its cause in this respect," he says. On the other hand, he adds, "Many security professionals I have spoken to/read have indicated that a phishing attack was a known weakness, or at least a theoretical weakness, of two-factor authentication."
Regulators Were 'Asleep at the Wheel'
While EMI and Comerica argue over liability, Gartner's Litan says the nation's legislators and banking regulators bear the bulk of the blame for such breaches. "It's their job to set the rules for soundness and safety of the U.S. banking system, and to enforce that the banks execute those rules," she says. "They are negligent here - in not passing legislation that protects business accounts (as Reg E protects consumer accounts) and in not enforcing security measures at the banks, as set forth by the FFIEC strong authentication guidance," Litan says.
Litan also has strong words for bank examiners. "Frankly, they are also asleep at the wheel," she says. "And the banks are taking advantage of the current legislative and regulatory environment by not proactively securing business accounts."
No matter the outcome, this case will set a precedent, predicts Rohyt Belani, CEO of the Intrepidus Group, a New York City-based security firm. Banks and other e-commerce providers need to take some of the responsibility to help their customers mitigate the risk associated with phishing attacks - especially those that exploit the institution's brands. "Just posting information about phishing on the login page doesn't cut it," Belani says. "I believe banks need to work on enhancing their authentication mechanisms, changing the way they communicate with their clients (not embedding active links, etc.), and educating the customers using techniques that are proven to reduce susceptibility.
"Banks should view it as a wake-up call and work on mitigating phishing attacks."
Source: Bankinfo Security; By Linda McGlasson, Managing Editor
Monday, February 22, 2010
‘Whistle-blower policy the best way to check frauds’
FINANCIAL EXPRESS:
As corporate India debates ways and means to strengthen the corporate governance framework for the listed companies, post the Satyam scandal, an international expert says a whistle blower policy is the best way to prevent corporate frauds from blowing up. The rider: it should be implemented in spirit, and not just in form.
“Whistle blower policy is the best way to check corporate frauds,” says Marc Duchevet, global head for governance risk & internal control, Mazars. Mazars is one of the world’s largest audit firms with a turnover of more than $1.2 billion and 12,500 professionals in over 55 countries. Duchavet also made the point that in any organisation, where fraud develops with management collusion, there will be at least one good, solid whistle blower. "In addition, there will be several others who will be able to smell the rat that is feeding on the business and who would be in a position to raise a red flag”.
On a tour to India recently, he was charitable enough to accept that it is the fear of possible abuse which may have held back corporate India from implementing the policy with zeal. “Often there is discomfort among the management over the confidentiality and requisite protection offered to such a whistle blower under the policy. Fear of abuse of such a framework by people out to settle scores or working on a personal vendetta keeps management from implementing the policy,” he said.
Whistle blower policies have become a matter of concern in the corporate sector. An area of concern, the Mazar expert said, is that once the implementation of the policy starts, there is no choice but to address "all the incidents that come to your attention".
According to him, experience shows that corporate India does indeed recognise the value of good governance. There are, of course, a large number of corporations that believe that there is a direct relationship between business governance and business valuation.
To the extent this consideration is applied by drivers of corporate governance in the right spirit, this is an positive sign. But where emphasis is on mere paper disclosure, it is a concern. International companies are focusing on key areas like risk management, values and ethics and internal control. These three go together.
The truly best or effective monitoring does not come from the number of bodies exercising oversight. Rather, it comes from those who are willing to accept full accountability and are duly empowered to take necessary punitive action.
Though the government moved fast to protect investor interests after the Satyam promoters’ frauds came into light in 2008, India’s image as a favourite investment destination was hurt. This led experts to question the effectiveness of the section 49 of Sebi’s listing guidelines in protecting investor interest.
Significantly, it is still not mandatory for listed companies here to implement the whistle blower policy. However, some companies like ONGC and GAIL India have adopted it on a voluntary basis. But, the government is seriously considering making it mandatory for the PSUs.
Source: The Financial Express
As corporate India debates ways and means to strengthen the corporate governance framework for the listed companies, post the Satyam scandal, an international expert says a whistle blower policy is the best way to prevent corporate frauds from blowing up. The rider: it should be implemented in spirit, and not just in form.
“Whistle blower policy is the best way to check corporate frauds,” says Marc Duchevet, global head for governance risk & internal control, Mazars. Mazars is one of the world’s largest audit firms with a turnover of more than $1.2 billion and 12,500 professionals in over 55 countries. Duchavet also made the point that in any organisation, where fraud develops with management collusion, there will be at least one good, solid whistle blower. "In addition, there will be several others who will be able to smell the rat that is feeding on the business and who would be in a position to raise a red flag”.
On a tour to India recently, he was charitable enough to accept that it is the fear of possible abuse which may have held back corporate India from implementing the policy with zeal. “Often there is discomfort among the management over the confidentiality and requisite protection offered to such a whistle blower under the policy. Fear of abuse of such a framework by people out to settle scores or working on a personal vendetta keeps management from implementing the policy,” he said.
Whistle blower policies have become a matter of concern in the corporate sector. An area of concern, the Mazar expert said, is that once the implementation of the policy starts, there is no choice but to address "all the incidents that come to your attention".
According to him, experience shows that corporate India does indeed recognise the value of good governance. There are, of course, a large number of corporations that believe that there is a direct relationship between business governance and business valuation.
To the extent this consideration is applied by drivers of corporate governance in the right spirit, this is an positive sign. But where emphasis is on mere paper disclosure, it is a concern. International companies are focusing on key areas like risk management, values and ethics and internal control. These three go together.
The truly best or effective monitoring does not come from the number of bodies exercising oversight. Rather, it comes from those who are willing to accept full accountability and are duly empowered to take necessary punitive action.
Though the government moved fast to protect investor interests after the Satyam promoters’ frauds came into light in 2008, India’s image as a favourite investment destination was hurt. This led experts to question the effectiveness of the section 49 of Sebi’s listing guidelines in protecting investor interest.
Significantly, it is still not mandatory for listed companies here to implement the whistle blower policy. However, some companies like ONGC and GAIL India have adopted it on a voluntary basis. But, the government is seriously considering making it mandatory for the PSUs.
Source: The Financial Express
Subscribe to:
Posts (Atom)