Whilst we work on a number of high profile cases, not all are in the public eye. We often work covertly, under the radar. Case examples below are anonymised to maintain strict client confidentiality.
Fraud Investigation Cases
Uncovering a CEO-perpetrated fraud that deliberately caused his business to fail
A bank suffered a £45 million loss when its client, a large transport and logistics company, collapsed. The bank had been financing receivables, which turned out to have been fabricated (i.e. ‘thin air invoicing’) by the company’s Chief Financial Officer in collusion with its Chief Executive Officer, who was the company’s principal shareholder. The motive for the fraud was an upcoming divorce, which would have meant the CEO’s wife obtaining half of his known assets including a large and valuable shareholding in the company. The CEO’s ‘cunning plan’ was to siphon funds out of the company, such that it would eventually go bust thereby leaving his wife massively short-changed. The mechanism for siphoning money out of the company was to divert funds into a secret bank account by paying, out of the company’s main bank account, for non-existent computer equipment and services and, rather cleverly, by instructing suppliers of trucks, trailers and diesel to pay rebates into that secret bank account rather than one of the company’s regular accounts. This scheme was unknown to all of the company’s staff (other than the CEO and the CFO) and it was never discovered by the company’s external auditors. In due course, when the company’s cash ran out, it nosedived into liquidation, leaving its bankers, its staff and all of its other creditors, unpaid. Interestingly, the liquidators also failed to suspect, let alone to detect, the massive fraud. Our investigators, intrigued as to why a well established, and previously successful, company would fail, when its very similar competitors remained profitable, smelled a rat and started digging. Experience had shown us that diversion of income was a possibility in this sort of business where rebates are routinely provided by suppliers. Of all the methods of hiding fraud, diversion of income is by far the best… in that it almost always remains undetected by external auditors. By digitising and indexing all of the company’s financial records and then searching them, using words and phrases composed by our investigators, we found ‘the needle in the haystack’, locating the secret bank account that, although it was in the company’s name, was held in a different bank, in a different county, to the company’s accounts held with its principal bankers. Our discovery resulted in the bank recovering £30 million, as well as all of the investigation and legal costs, from the assets that had been siphoned away by the CEO and the CFO.
Systems engineer abuses his 'superuser' status but we discover and recover more than he stole
A bank’s principal systems engineer, who had been granted ‘superuser’ access rights to the bank’s systems, accessed those systems at each month-end to credit his own bank accounts with funds that he debited to the bank’s foreign exchange profit and loss account. Any bank’s FX P&L account is a marvellous source of funds that can be stolen. The reason that it is such a good source is that it is in the nature of a ‘slush fund’ that can’t readily be checked or reconciled. It suffers from what auditors refer to as “complete loss of audit trail” because, each month end, it shows the aggregate impact of all of the profits and losses that arise from the revaluation of every asset and liability that is held, in the bank's books, in currencies other than that bank’s base currency (i.e. GBP in British banks, USD in American banks, etc.). That aggregation of multiple, often small, profits and losses, which are driven by the month-to-month variations in exchange rates, results in profit or loss movements that few people can predict, recompute or audit. Fortunately, in this case, one of the bank’s astute young lady financial controllers started asking questions and realised that she was being fobbed off with evasive answers by the systems engineer. Becoming ever more suspicious, she informed her boss, who called in our investigators. It didn’t take us long to find out the ‘Who, What, When, Where, Why and How’ of this case. That led to us recovering over 8 million Euros in funds from the perpetrator. Interestingly, that was over 2 million Euros more than the bank had lost. Such 'over-recoveries' are not uncommon in fraud cases, where, under English law, victims may choose to recover assets that have been purchased with the stolen funds if those assets are more valuable than the stolen funds themselves. In this instance, the perpetrator had invested, rather wisely, in real estate, gemstones, and in other appreciating assets. He was jailed for eight years.
Finding the true perpetrator when £8m was stolen from a bank client's investment account
An employee of a bank’s prestigious Private Banking Division generated a fraudulent funds transfer instruction, stealing £8 million from a client’s investment account and sending it to an account in Andorra, from which no funds were ever recovered. After four months of fruitless investigation, the bank’s own investigation team called us in to help. At that point, they had narrowed it down a little, but still had over 180 suspect employees! The prime suspect was the young lady who had keyed in the fraudulent funds transfer but nobody had been able to find the paper authorisation slip which she said had been in her IN tray, along with many others. Either there had been no such authorising document, or she, or another person, had removed the paper slip after she had keyed in the funds transfer. Either way, the perpetrator was almost certainly still on the payroll and still at large in the building. We were called in on a Thursday afternoon. By the Saturday afternoon we were pretty sure we had identified the perpetrator. This rapid result was achieved by indexing all of the emails of all of the employees and searching for all occurrences of the word “Andorra”. Unsurprisingly, whereas almost all of those employees had never used the word, one employee’s emails showed multiple occurrences of it. Deploying our associated surveillance firm, Mondrago Investigations, by Sunday afternoon we had established that the employee was a suspected drug dealer who Mondrago had come across - and followed - before. It took us no time at all to confront the man and establish that he had lost a drug shipment, and had then been ‘leant upon’, by his organised crime bosses. They had so seriously threatened him that he had seen only one way out: to steal the funds to pay for the missing shipment. It seems that the gang had showed him that they meant business by setting fire to his top of the range Audi Q7, telling him that, if he didn’t come up with the cash: “next time you will be in it”. He had recovered the cost of his toasted Q7 from his insurers of course! Disappointingly, but unsurprisingly, we never were able to recover the missing £8 million, so the bank had to absorb the loss, having already reimbursed its client. What we did achieve, though, was clearing the innocent young lady keyboard operator, who the bank would have otherwise fired, and ridding the bank of the true perpetrator, who might well have done the same thing again. We subsequently provided training, in advanced investigative techniques, to the bank’s in-house investigation team.
We find a bank's processes at fault when a firm of solicitors falls victim to a fraud that cleared out its principal bank account
A firm of conveyancing solicitors fell victim to a ‘Push Payment Fraud’ which completely cleared out their client bank account. The fraud was perpetrated at a month-end when the account was holding over £8 million that would shortly be needed to settle five property purchases for their clients. The funds were transferred out, as a series of £99,000 ‘faster payments’, into over twenty destination accounts in the bank’s own branches. The law firm went out of business as a result of the massive loss of its clients’ funds. The firm’s bank had only managed to recover a tiny portion of the stolen funds because those funds had so rapidly bounced through the twenty ‘mule accounts’ en route overseas. Second Sight was called in to try to recover funds for the Solicitors Compensation Fund which had ultimately picked up the compensation bill. We established that employees of the bank had colluded with external fraudsters. They had identified the firm as one of a series of vulnerable customers, ensuring that the targeted account would be hit on a day that it contained a large amount of money that was shortly to be paid out. The employees had also set up the mule accounts, many of which had months before been flagged, as suspect money laundering accounts, by other bank staff… but all of those accounts had, nonetheless, been left open and therefore available for fraudulent use. The firm’s client account was particularly vulnerable because it had been set up, on the advice of the bank, under single control even though the bank’s customer funds transfer system had the functionality to allow dual control. The bank’s principal defence was that it had sent frequent generic fraud warnings to all of its customers. We established that the bank had been even further at fault because, when the firm’s employee, and her boss (one of the partners) tried to contact their ’Business Banker’, while the fraud was being perpetrated, they were repeatedly told that he was: “out at lunch”. Having established what had happened, and also having amassed sufficient evidence that showed who had colluded in the fraud, we wrote an Expert Witness Report that was heavily critical of the bank’s behaviour. Our Report also disclosed that the bank had inappropriately recommended that the firm should operate its client account on a single-control, rather than on a dual-control, basis. The bank had also failed to notice that the firm had never before used ‘faster payments’, nor had the bank closed the many accounts that its own Compliance team had already flagged as suspicious, and through which the stolen funds were transferred. It had also failed to react to the obviously suspicious series of near-identical outgoing payments and had provided no adequate ‘real time’ assistance while the outgoing transfers were being processed. Finally, its plodding behaviour had resulted in the recovery of no more than a tiny percentage of the stolen funds. On delivery of our Expert Report, the bank capitulated and reimbursed the Compensation Fund. Several years later, we were contacted about an almost identical case, involving the same High Street bank, the same modus operandi and similar employee collusion. Unsurprisingly, we produced another Expert Report which had the same successful outcome for the victim.
Fraud Management and Business Repair Cases
A Consumer Credit business, that claimed to have “virtually no fraud losses at all”, was going bust… because of fraud.
A Consumer Credit business that was routinely reporting: “negligible fraud losses” was going ever deeper into the red because of what it believed to be: “unavoidable credit losses”. Head Office was getting ready to shut it down and lay off over a thousand employees. We suspected that some of the losses, that were being classified as simple credit losses (i.e. where the customer intended to pay off the loan but later found himself unable to do that) were probably FRAUD losses. A deep dive involving a close examination of a large sample of those “credit losses” showed that not some but most of them really were fraud losses. The plain reality was that many of the customers had lied in order to get loans that they had little or no prospect of servicing… or where they hadn’t ever had the slightest intention of repaying the loan. We referred to those two scenarios as ‘Soft Fraud’ (where the customer has “an intention to deceive but not to deprive”)… and ‘Hard Fraud’ (where the customer has “both an intention to deceive and to deprive”). We designed a comprehensive array of fraud prevention and detection measures that we were confident would yield a very high Return on Investment (‘ROI’). We usually only recommend measures that will yield an ROI of 7:1 or better. We rarely suggest a zero tolerance of fraud to any consumer business. That simply doesn’t work because it chokes off good customer business as well as bad. In this case, those new measures were spectacularly effective. The business started preventing fraud without turning away good business. It started managing far more aggressively than it ever before had those fraud cases that managed to evade its preventive and detective defences. In short, it started managing its loan portfolios infinitely more effectively than it ever had before. The recurring losses, that would soon have resulted in the business being closed down, became recurring substantial profits.