In the recently released feature documentary, Chasing Madoff, Harry Markopolos, the lead investigator who helped uncover the infamous $65 billion Bernie Madoff Ponzi scheme, said it took him five minutes to figure it out.
If it were only that easy for all organizations to identify fraud and reduce their costs and exposure to risk.
Are organizations doing everything they can to defend against fraud? How are they reacting to demands for increased corporate accountability and transparency from regulators, government and customers?
With the Madoff case and seemingly never-ending news coverage of fraud or financial mismanagement, it's a little depressing. But all is not lost.
Leading organizations are shifting from static risk controls to a transparent, flexible and agile analytical approach to managing operations and finance – making themselves less of a target from both outsiders and insiders.
I recently talked to Harry about fraud, risk management, analytics and the upcoming IBM Financial Services Summit (September 27, 2011 in New York City) where he will be the keynote speaker.
Harry is currently an independent financial fraud investigator who continues to shake things up on Wall Street. He’s also the best-selling author of No One Would Listen.
Can you talk about the analytical approach you took to uncover the Madoff fraud?
Fraud schemes are simple when you look at them in the rearview mirror – what is complex is the concealment. Typically they are simple schemes, easily identified IF you know what to look for. I solved this case mathematically. Some rely more heavily on traditional investigation techniques like forensic linguistics. I use a little bit of this along with forensic accounting and mathematics and modeled the numbers using statistical techniques – and the numbers just didn't add up.
Through the entire process from discovery to Madoff's incarceration, what were the biggest takeaways from this experience?
Risk tends to get ignored. Risk managers are often overpowered by marketing or ignored by executives. Risk managers are even referred to as “business prevention officers.” Marketing points to revenue potential and risk management has the unenviable position of pointing out the negatives. A lot of this happened in the Madoff case. Sadly, there were a lot of red flags. Two examples:
· There was $1 billion of the options he needed to buy each month in existence but he was pretending to manage $7 to $65 billion in assets during the time period. That's 7 to 65 times larger than the actual amount in the market, which is why he could not be doing what he said. For the price of a Wall Street Journal subscription anyone could have seen this was a dead giveaway. It was the simplest clue of all. Anyone marketing Madoff ended up with egg on their face, which is why you can't be too quick to dismiss risk officers.
· Madoff told investors that he was trying to mimic the S&P Index, but there was only a 6 percent similarity in performance. If he was trying to replicate it, then it would have looked like it or been much closer to 95 percent or higher in similarity. So, you didn't need to be a statistician – doing math on the back of a cocktail napkin could have exposed that.
Why, despite most fraud schemes being simple, are they so hard to identify?
Fraudsters take great steps to conceal them. They always come up with rationale. They have their own copies of the industry’s due diligence checklists and are well prepared for questions that risk officers ask from these. For instance, if you're speaking with someone and they are not directly answering your questions, then you need to be diligent and dig in further. You can't settle for half answers or quarter answers. If you don't get an answer, then it's a red flag.
Organizations need to be transparent and open with you. Just remember that bad guys know about checklists – you can't have static risk management and due diligence checklists. Fraudsters are smart individuals and they are going to develop work-arounds to mislead you. You need to be prepared to go off the checklist at the first hint that something is wrong, verify the information given in each response and try to catch them in the lie. Expand the scope and really dig in and assume that if they lied then fraud is likely present.
What is the best way for organizations to protect themselves against fraud – internal and external?
Look for outliers – things that perform way above or much more consistently than similar organizations or products. In early 2002 you could see there was one telecommunications firm that had financial performance above and beyond everyone else (WorldCom). In the late 1990's, there was an energy firm who significantly outgrew the S&P index and all competitors (Enron). There were some plausible explanations about why they were performing better, but no one really dug in and checked for fraud. They just assumed genius.
One could maybe say that Apple fits this significant outperform model, but unlike WorldCom and Enron, there is tangible evidence of genius in their product development and strategy to support the results. Risk officers need to start assuming fraud until genius is proven.
How do organizations today find a balance between transparency, efficiency and accountability?
Accountability starts at the top – from the board of directors to the CEO to his/her direct reports. If the CEO is a bad egg, then that is going to cascade throughout the organization. Take the CEO of Tyco for example, who was crooked and hired other bad eggs that would support and conceal his efforts.
Basic foundation of the market is that it rewards transactions and not performance. Is there a way to shift the tenants so traders actually create value?
If you're working with an organization doing a transaction, then you need to understand the math behind it, the pricing and all aspects of the transaction. You can't take Wall Street's word for anything. Always ask to see their spreadsheets and if they don't provide them, then run, and don't walk, to exits. You need to be on your toes with Wall Street. They are not charitable institutions. They put you at a terrible disadvantage unless you understand every aspect of the transaction; and I recommend modeling that out yourself to at least 4 decimal points. And if you can’t model the transaction out yourself then be sure you avoid the deal.
Is there anyway a company can incent a longer term view vs. short term profitability view?
That's the Holy Grail of compensation schemes that the head of HR and CEOs are struggling with. It's clear we reward the wrong type of behavior. Everything is based on short term profitability and hitting quarterly revenue targets. And, as we learned in the recent financial crisis, that view can land you in a whole world of trouble.
You are speaking at the upcoming IBM Financial Services Summit, what are a few takeaways that attendees will receive from your discussion?
Most people check nothing. Due diligence is much talked about, but little practiced. By operationalizing constant checks and questions and instituting a dedication to transparency in financials, organizations can make themselves less of a target for fraudsters, both internal and external.
Is there a financial benefit to companies who take that route?
If you are more transparent and better at risk management, you are a less risky company and that will drive the stock price higher. In the long term, shareholders and stakeholders will be rewarded by having a firm grasp of risk.
· To learn more about the IBM Financial Services summit or to register, click here
· Learn more about IBM's Finance Integrated Risk Management solution
· Read about how you can discover Opportunities for Effective Fraud Detection and Prevention