Author: Mark Polino

Bank robber, Willie Sutton is often credited as saying: “I rob banks because that’s where the money is.” Sutton stole as much as $2 million. Even with inflation, Edward Rostohar makes Willie Sutton look small-time, and Rostohar only robbed one bank.

Technically, it was a credit union, but we are talking about a lot of money, $40 million to be precise. Edward Rostohar is listed in news reports as alternately a manager or the CEO of CBS Employees Credit Union. The Justice Department press release lists him as a manager, but CEO seems more likely given the time and amounts involved here.

Rostohar also had special knowledge, prior to his job with CBS Employees Credit Union, Rostohar served as an examiner at the National Credit Union Administration (NCUA), a federal agency that regulates credit unions. What makes this fraud special is not the amount, but how long it lasted.

Rostohar began embezzling in 2000. He was finally caught in March 2019. Over almost 20 years Rostohar managed to steal $40 million. He used his position to make online payments to himself, sometimes forging the signature of another employee. He directed funds to shell companies he controlled and paid personal credit cards with credit union funds. Importantly, Rostohar used his experience as an examiner to hide his fraudulent transactions.

The money was spent on gambling, on failed business ventures designed to earn back the money, and on a lavish lifestyle including houses, private jet flights, and a $5k/week allowance for his wife. His business ventures included a coffee shop in Reno that seems to have used more cash than it generated.

Rostohar was caught when an employee stumbled upon a $35k check to Rostohar and with a little digging, found $3.8 paid to the CEO that year alone. Rostohar eventually pled guilty.

It gets worse. The credit union only had assets of about $21 million when the fraud was discovered and they’ve now been sued for $40 million. The losses generated by Rostohar were so bad that the credit union was forced to liquidate and be absorbed by another credit union.

In the interest of transparency, let’s acknowledge that sometimes prosecutors and news reporters get overzealous. Buried in the LA Times version is that Rostohar actually stole about $25 million, but given the length of this fraud, the interest on those funds would have pushed the cash available to the credit union to $40 million. Know that if you commit fraud, the size of it will be exaggerated, and not in your favor.

This was still garden variety payment fraud at the top. Payments were made to the fraudster or their designates. While steps were taken to hide the payments, a simple search of payments to the CEO ultimately uncovered the fraud. But when we look at the Association of Certified Fraud Examiners’ annual report to the nations and see that the average fraud lasts 12 months, realize that this fraud lasted 20 times that.

Twenty years is a long time and $40 million is a lot of money, all from a small credit union outside of LA.

Wirecard is a challenging fraud to explain. It’s a German fraud exposed by a British journalist, and it’s got some fuzzy parts, but I’m going to try.

Wirecard was a payment company. I saw it described as PayPal for Europe, but it was more than that. It seems to be a bit of PayPal, a bit of Venmo, that sort of thing. This fraud also comes with a movie if you want more. The documentary Skandal! is now on Netflix and it covers the Wirecard fraud.

Wirecard started off in 1999 in Munich, and almost went broke. In 2002 it made, Marcus Braun, a former KPMG consultant, its CEO. The company originally focused on payments for companies frequently turned down by traditional finance like gambling and porn sites. In 2005 Wirecard merged with Electronic Business Systems. This is important because it gave them a listing on the Frankfurt Stock Exchange. There’s nothing inherently wrong with this approach, but it avoids the scrutiny of an IPO. Wirecard used its publicly traded status to raise money including one round worth €500 million.

A year later Wirecard bought the e-bank XCOM. This is important because it gave them access to the Visa and Mastercard networks. With this Wirecard set out to become a global payment giant ultimately becoming the card processor for Aldi, Lidl, & several airlines. Wirecard also purchased a large number of Asian payment processors, many of them at alleged inflated values. Multiple articles describe the company’s structure as complex, making it difficult to compare to something like a traditional bank or traditional payment processor.

As it grew Wirecard acquired a prepaid card business from Citibank giving it a U.S. presence and at one point it held informal talks to merge with Deutsche Bank.

Critics kept nipping at Wirecard over its financial reporting, revenue determination, and perceived cash discrepancies. The responses from the company were aggressive, primarily a mix of deflection, legal threats, and smear tactics. The Financial Times took on Wirecard in 2015. A whistleblower dropped allegations in 2018. Core allegations included “roundtripping”, passing money through a 3rd party and bringing it back as revenue, recognizing money held for 3rd parties as revenue, and fraudulent financial statement filings.

Wirecard denied everything. They were audited by EY and insisted they were financially sound. Despite the lingering allegations, they managed to wring €900 million out of venture firm Softbank. KPMG was brought in to do a special audit. Wirecard claimed €1.9 billion in cash in a pair of bank accounts in the Philipines. KPMG indicated in their audit that they were unable to verify much of Wirecard’s revenue. Additionally EY and KPMG were unable to confirm the €1.9 billion in the Philippine banks,

Several months later CEO Braun resigned and Wirecard admitted that the €1.9 billion probably did not exist. This became a giant scandal in Germany. Wirecard was Germany’s answer to a global Silicon Valley firm. It was as if Germany’s Google or Apple was a fraud.

My take, based solely on external reports, is that Wirecard, as an organization, liked the edge. They liked to take shortcuts. The company started on the edge with businesses that were marginalized, like gambling and porn sites. Wirecard then backed into being public with an acquisition instead of going through the due diligence of a public offering. They then bought their way on the Visa and Mastercard network. None of these things in isolation are wrong, but they do seem to show a pattern of shortcuts.

The actual frauds appear to be primarily financial statement and revenue recognition frauds. Namely:

• Acquiring firms and showing their revenue as organic growth instead of acquired. There was no reporting analogous to same-store sales to indicate how the core business was doing. Acquisitions were shown as sales growth.
• Round Tripping – passing payments through third-party processors and bringing the funds back into the business as revenue to inflate financial statement revenues.
• Roughly half of Wirecard’s business was outsourced. They had licensing arrangements with payment processors in countries where they didn’t operate, but they recognized the revenue of those providers as their own.
• Cash held in escrow accounts and managed by trustees was reported as Wirecard cash.

This really looks like started as a tone-at-top problem. A lot of people, possibly including EY, looked the other way. People wanted Wirecard to succeed. It was a source of national pride. Wirecard was also, big, and complex, even dense in scope. It was also mean when it wanted to be. Braun was a charismatic CEO who dressed and acted like Steve jobs. Wirecard also had deep roots in a lot of politicians. Everybody was encouraged to look the other way.

As The Economist notes: “Neither equity analysts, asset managers, auditors nor regulators come out of the story well…everyone with influence over the firm, from board members to auditors and regulators, seems to have been complacent. In a darker version of events, the actions of some may have been complicit, even criminal.”

Ultimately Braun’s case is going to trial. Former Wirecard COO Jan Marsalek disappeared around the time of Braun’s resignation and is a fugitive from justice. He is believed to be hiding in Belarus.

Just to throw a twist into this story, this New Yorker article claims that at its core the Wirecard fraud was not a financial fraud, but was instead a massive money laundering operation primarily benefiting Russian oligarchs. It’s not a crazy theory.

We’ve seen plenty of cases of good people gone bad. Not all fraud at the top starts that way. Carlos Ghosn was by all accounts a great CEO. Tom Girardi was a great lawyer. Temptation can happen to anyone, but if you start by hiring people more likely to commit crimes, you’ll get more crimes. As a suggestion, maybe do a background check for people with financial access.

Prior to starting this series, we talked about Bonnie Sweeten. Bonnie claimed that she and her daughter had been kidnapped. In fact, Bonnie was at Disney World living it up with her daughter using cash and identity stolen from a co-worker. Bonnie got jail time. After getting out of jail, Bonnie got a job at a law firm and was convicted of stealing more than $600k from her employer and family members. Unsurprisingly this led to more jail time. After 8 years, she was released and a friend gave her another opportunity, this time as a bookkeeper of all things. Sweeten promptly forged checks and made fraudulent purchases on the company credit card.

We talked about Angela Phan who was hired as an accountant off of Craig’s list, worked one day, and stole $15k over 18 months using her 1 paycheck. There’s no indication of previous fraud in the news story, but maybe hiring accountants off of Craig’s list isn’t ideal.

Finally, we have today’s story, Business Rapper, Crypto Rapper, alias Razzlekhan, and self-described Crocodile of Wall Street, Heather Morgan. Heather and her husband Ilya Lichtenstein have been accused of trying to launder $4.6 billion in Bitcoin stolen via a 2016 hack of Bitfinex. Note that the pair is not accused of committing the hack, just trying to launder the money. They also weren’t very good at it.

In 2016 119,754 bitcoins were stolen from Bitfinex. At the time they were valued at $71 million. Bitcoin has gone up since then, hence the $4.6 billion valuation now. 94,636 of those Bitcoins have been recovered from the original wallet they were moved to after the heist. Morgan and Lichtenstein are accused of using fictitious identities, multiple accounts, chain hopping, and other techniques to hide the source of the bitcoin, with withdrawals made via Bitcoin ATM. Lichtenstein’s cloud storage account was found to have decryption keys to virtual currency addresses directly tied to the attack.

Lichtenstein is being held without bail while Morgan is free on a $1 million bond and confined to house arrest. But this isn’t a story about crypto laundering. The story is that Heather Morgan now has a new job, while under house arrest, working for an unnamed New York tech firm “in the role of growth marketing and business development specialist.”

Yes, she made a bit of a name for herself with some cringe-worthy rap, but hiring someone on house arrest gives new meaning to working from home. I know it’s a weird job market out there, but you would think with the great resignation and mass tech layoffs, surely there are better options.

If you’re hiring folks into financial roles, do a background check. Actually, do a background check anyway. Lots of non-financial roles carry a risk of fraud or loss including jobs like warehouse work. Plus today’s marketing intern could become tomorrow’s event planner overseeing hundreds of thousands of dollars of marketing spend. Apply due diligence in hiring and don’t buy trouble.

While trolling the internet, I found an article, now deleted, with the headline “JP Morgan Chase Acquires Frank.” “Oh no!”, I thought, “My friend Frank Vukovits has sold his soul! I hope he got a lot of money!” I kept digging and found an article titled “JP Morgan says Frank was a Fraud“. Clearly, they weren’t talking about Frank Vukovits. He is many things, but fraud is not one of them. He’s also not the type of guy to sell his soul.

Frank was a website that was designed primarily to help students complete student loan applications. It was started by Charlie Javice now 30, based on her struggles to properly complete paperwork. Also part of the Frank team was Olivier Amar,

JP Morgan Chase paid $175 million to purchase Frank in 2021. The theory was simple. Frank purported to have more than 4.25 million college students as users. JP Morgan Chase wanted an opportunity to market their financial products to these college users. It seemed like a win-win until it wasn’t.

There are a pair of lawsuits now with Javice claiming that JP Morgan Chase fired her to avoid an upcoming $20 million payout. She also claims she objected to JP Morgan Chase marketing to these users and that student privacy concerns may prohibit marketing to many of these accounts.

JP Morgan Chase disagrees. JP Morgan argues that they hired a consultant to perform due diligence and the consultant was okay with a list of 4.25 million users. Post-acquisition JP Morgan asked for a list of 400k users to test the market and only 103 users from that list even clicked through to JP Morgan. This abysmal 0.026% click-through rate led JP Morgan to dig deeper into what was going on. Mostly they dug into Frank emails, which became JP Morgan Chase emails post-acquisition and now passed through JP Morgan servers.

The emails showed that before the acquistion Frank didn’t have full information on 4.25 million users, only about 300k users. Much of the rest of their data was incomplete. As a result, Javice decided to make up 4.25 million users based on what little data they had. She went to Frank’s head of engineering to make up user and email records and he refused. That doesn’t happen enough so good for him. “The Director of Engineering questioned whether creating and using such a data set was legal, but Javice tried to assure the engineer by claiming that this was perfectly acceptable in an investment situation and she did not believe that anyone would end up in an “orange jumpsuit” over this project.”

If your boss uses the phrase “orange jumpsuit” you should look for a new job. Javice then turned to a data science professor to generate synthetic data. Discussions like this one highlighted by Matt Levine are particularly damning:

“Regarding creating physical addresses, the Data Science Professor wrote to Javice, “I can’t seem to find addresses in my raw files . . . . Should I attempt to fabricate them?” Javice responded “I just wouldn’t want the street to not exist in the state.” Later, the Data Science Professor determined that “‘real addresses’ may not be doable,” and Javice responded “If we can’t do real addresses what[’]s the best we can do for that?” …

Javice was particularly concerned with the email addresses, asking the Data Science Professor “will the fake emails look real with an eye check or better to use unique ID?” He responded “[t]hey will look fake,” at which point Javice agreed to use a “unique ID” instead.”

While Javice was fabricating 4.25 records to fool the due diligence consultant, Olivier Amar was purchasing 4.5 million student records from a marketing firm. At some point they were going to have to give JP Morgan Chase something resembling real college students. Those records were still short email addresses for about 2.5 million users so Amar turned to the same data science professor and third party to help find the relevant email addresses or generate them synthetically…er make them up. This explains the abysmal response rate to JP Morgan Chase’s email test. This was essentially a spam list with half the emails made up.

As the lawsuits continue, JP Morgan Chase has since shut down the Frank website. Is this fraud? No one has been convicted of anything, but the emails say Frank the website was willing to sell its soul for $175 million.

We talked last week about Tom Girardi, his pop star-wannabe wife, and skinny dipping into the law firm’s trust fund to pay expenses. This ultimately led to the collapse of Girardi Keese. But while all that was going on, it is alleged that the CFO of Girardi Keese, Christopher Kamon, was running his own side fraud at the law firm.

Kamon was creative enough to use a variety of frauds at Girardi Keese. It is alleged that Kamon created and paid false vendors (co-conspirators) and received millions in kickbacks from them. He is believed to have paid legitimate vendors with Girardi funds to perform renovations to his personal residence, purchase expensive sports cars, and travel the world. Finally, Kamon appears to have misused at least one company credit card for personal items.

Kamon would also transfer money from the firm trust fund to operating accounts at Girardi’s request as part of a separate scheme. Consequently, Kamon’s stolen money came from both firm and client funds.

And then there was the “escort” as she’s referred to in the indictment. There’s often a salacious side to frauds like this. Meet Nicole Rokita:

“According to Rokita, she met Ramon around 2017 through an online dating website, seekingarrangements.com, which connects affluent, older men with younger women.”

Rokita wanted a sugar daddy and she found one in Kamon. He bought her clothes, jewelry, an even a Tesla. He took her on trips around the world and paid her an allowance of $20k a month. He even managed to get her added to the firm’s health insurance. Kamon directed Rokita to form a company and Girardi Keese paid that company with the payments coded as “legal marketing”. Girardi Keese paid Rokita as much as $360k for her “work”.

Rokita is important to this story because she gives us a possible glimpse into why Kamon did it. We talked last week that Tom Girardi was the only partner. He controlled the firm. When Rokita and Kamon were together, Kamon put everything on his corporate American Express card. “According to Rokita, when asked how KAMON could charge extensive personal expenses on GK’s AMEX, KAMON claimed that because he could not be a partner at GK, but did so much work for the firm, Girardi allowed him to use the GK AMEX on personal expenses.”

Aha! We have a motive! It is the classic case of feeling underappreciated and therefore under-compensated. It’s the feeling that “If I’m not going to be paid what I’m worth, I’ll take what I’m worth!”. Kamon knew he couldn’t be a partner so figured out how to compensate himself like a partner. Ultimately Kamon is accused of taking as much as $10 million via his multiple schemes.

We’ve talked about tone at the top before. We’ve talked about fraud at the top before. It’s the most expensive type of fraud by a large margin. I’m not sure how corrupt you have to be to have fraud within a fraud in what appears to be an otherwise legitimate and successful firm.

Tom Girardi was a pillar of California law. Girardi won the case that inspired the movie “Erin Brokovich”. His firm, Girardi Keese, dealt primarily in toxic torts. These included cases like tainted water, plane crashes, cancer from hormone therapies, etc. Toxic torts can be big, complicated, and hard to win. If Girardi Keese won, their clients could get a huge payout, and the firm would get as much as 40% of the total. Tom Girardi was the only partner.

However, these are contingency cases. Girardi Keese might put out a large amount of money in expenses for experts, testing, etc., and wait years for a win. If they lost, they would get nothing and be stuck with the expenses.

Tom Girardi was a law celebrity. He was picked by California Governor Gavin Newsom to be part of a panel tasked with filling state judgeships. He had a trophy wife, a wannabe pop singer named Erika Jayne. The two of them appeared on Bravo’s Real Housewives of Beverly Hills. There were a pair of ex-wives as well. By all accounts, Girardi was also rich. He had a Pasadena estate, exotic cars, you know, the works. At one point, divorce filings revealed his income to be around $263,000 a month.

It’s easy to pick on the trophy wife, so we’ll do that for a minute. Erika Jane was by her own admission expensive. She waited tables in the bar of a restaurant that Giardi co-owned and that’s where she met Tom. In her memoir, Pretty Mess, Erika wrote, “There was nothing more I could buy”. So she decided to be a pop star, with some success. She even had a song and video named ‘XXpen$ive’. Just a note, these aren’t work friendly. You’re on your own if you click those links. It’s also apparently expensive to try to become a pop star. But just as Erika decided to hang up her risque videos, Real Houswives came calling and she had to keep up.

In addition to an expensive wife, Tom Girardi had also been borrowing money. Large contingency cases can take time and cost a lot. As his finances deteriorated, Girardi borrowed from firms that would fund lawsuits, at interest rates as high as 20%. That’s not exactly mafia rates, but it is credit card level. Girardi is also accused of pledging the same collateral to multiple lenders. Finally, there are allegations that loan funds were going to Erika Jayne’s career.

Somewhere along the way, it all went wrong. It’s clear that money is missing, as much as $100 million. It’s also clear that as much as $10 million was stolen in a separate but related fraud we will cover next week. (This story keeps on giving.) Tom may have overspent on his trophy wife and his lifestyle during a period when he was not winning enough cases. It could be as simple as that, too much going out and not enough coming in. Still, it seems clear that Girardi did one of the few things that will bring scorn, even from other lawyers, he moved money from his trust account to his operating account. When he did that, he stole funds set aside to pay plaintiffs.

The first public hiccup came in 2014 when about two dozen women filed suit alleging their payout from a cancer lawsuit did not match up. Girardi borrowed money and settled the lawsuit. The debt suits kept piling up and they were publicity nightmares. Orphaned Indonesian children in a settlement with Boeing over an airplane crash didn’t get their money. There was a worker with burns over 50% of his body from a pipeline explosion. He didn’t get his money. Girardi’s second wife even showed back up wondering why her $10k a month payments had stopped.

Ultimately, Girardi was forced to admit he was broke. The money was gone. Effectively Girardi Reese had morphed into a Ponzi scheme. Once money left the trust account, old cases were paid with new money and borrowed money. There is no way to fix that cycle without putting money back in.

My wife used to be a title agent. The firm she worked for handled the cash and conducted real estate closings. They also had a trust account that worked the same way. It doesn’t take many pending house sales in the $200k-400k range to carry a couple of million dollars in a trust account, and that’s for a small firm. Girardi was big. The trust account had to have been a tempting target, but stealing from Indonesian children orphaned in a plane crash is next-level bad.

Where were the accountants in this you ask? Why didn’t Girardi Reese’s CFO raise the red flag or publicly quit in protest when money moved from the trust account to an operating account? Tune in next week to find out.

Sometimes, if something illegal becomes popular enough, it becomes legal. Alcohol was illegal during prohibition. One could argue its prevalence led to making it legal again. Uber (paid ridesharing without a taxi license) was also illegal until it became so popular that cities eventually had to make it legal. Marijuana seems to be headed that way. Maybe that’s what Greensill was going for here, but they never got there.

Greensill Capital was a leader in supply chain finance. They would factor accounts receivable, paying the company at a discount and collecting the full amount from the customer. Greensill then repackaged these receivables into notes, some of which were insured by credit insurers. Then it would sell the notes, often to Credit Suisse. Factoring receivables is extremely common in certain industries. There’s nothing special or illegal here, yet.

At some point, Greensill’s lending took a left turn. One of Greensill’s clients, Bluestone, digs up metallurgical coal which is used to make steel. Bluestone wanted to get paid faster so it reached an agreement with Greensill for up to $785 million in receivables financing. (A separate smaller agreement brought the total to $850 million.)

If Bluestone had $15 million in new receivables, Greensill would buy it for say $14.9 million and eventually collect the $15 million from the customer. Greensill did some of that, but it also created a new form called Future Receivables or prospective receivables. In traditional factoring, you can only buy receivables that exist. Greensill was looking to lend on receivables that didn’t yet exist, sometimes from customers that weren’t yet customers. As Matt Levine described it:

“Greensill basically gave Bluestone a payday loan for a job Bluestone hadn’t yet applied for. “

This started as lending ahead of receivables, something like “How much do you think Customer A will buy next quarter? $10 million, we’ll lend on that now.” This is lending against an estimated future receivable for an actual customer. It then moved into lending on non-receivables from non-customers. Essentially Greensill would say, “Is Company X a customer? No? Well if they were a customer, how much would they spend? $20 million, great, we’ll loan $20 million based on that.” The not-yet-a-customer was called an Account Debtor.

If you take out a loan, someone expects it to be paid back. With factoring, the customer pays back a loan by paying their bill. The receivable is collateral, a claim against future cash. But if you make up a receivable for someone who isn’t a customer, there’s no cash to pay the loan. It’s just an unsecured loan. As a result, Bluestone had to keep rolling over these loans and paying interest.

At some point, Greensill needed to pay on those Credit Suisse notes and went to Bluestone for more cash. Bluestone argued that this was really long-term financing and they had a reasonable expectation that they could continue to roll over their loans without paying additional cash. Bluestone had no idea Greeensill was selling notes.

The fraud here really goes against Credit Suisse. They thought they were buying short-term loans secured by receivables from a large, operating, entity. In reality, Greensill sold them long-term unsecured loans with no plan for payback except hope for future payment. Hope is not a strategy.

Bluestone isn’t off the hook here either. They allege that both they and Greensill knew that this was long-term financing, yet Bluestone carried it on its books as short-term receivables. After the mess came out, Grant Thorton was hired to get to the bottom of it. Again, Matt Levine makes this real:

I do not envy Grant Thornton. Their job right now is pretty much going around to companies, presenting them with invoices, and getting laughed out of the room: “That’s not our invoice, we’ve never even heard of Liberty Commodities or Greensill, get outta here.” And then they go back to Greensill with their findings and get laughed out of the room again: “Of course it’s not their invoice, they were just a potential customer, how could you be so naive?” And then Grant Thornton has to tentatively ask, “Well, okay, but then who is going to pay this invoice?” And then there is a long awkward silence.

Credit Suisse could be on the hook for as much as $10 billion.

There are messy side stories here including conflicts of interest between Greensill and steel companies, Greensill’s connections to the British government, and the fact that the majority owner of Bluestone is Jim Justice. At the time of this story, Justice was the governor of West Virginia. But frauds are often messy. We’re all for new financial products and creative financing options, but not if they are deceptive.

We’re back to a fraud at the top, but again with a couple of twists.

Swisher Hygiene was a sanitation company. They sold cleaning supplies and chemicals for restaurants and other businesses. Essentially a lot of kitchen and bathroom cleaning. In 2010 the company went public on the Toronto Stock Exchange via a reverse takeover.

Almost immediately, Swisher’s CFO Michael Kipp engaged in a scheme to smooth earnings. Commonly called Cookie Jar Accounting or Cookie Jar Reserves, this scheme seeks to manipulate earnings to meet a specific target like net income or EPS. It is often used to smooth earnings and consistently meet earning requirements. In a typical scheme companies pad reserves in good years and deplete them in down years to present a smoother earnings line.

The problem with Cookie Jar Accounting is there can be a fine line between a legitimate adjustment of reserves and fraud. Reserves typically require some form of judgment which is why they are ripe for manipulation. It is not uncommon to see companies fined by the SEC for violations related to reserves without those violations resulting in fraud charges.

Assisting Kipp was Joanne Viard, a CPA and the Director of External Reporting. Kipp was also in line for an $88k bonus if the company hit earnings targets. So far, this sounds like straightforward financial statement fraud. The financial statements are alleged to have been manipulated by as much as $96 million over several years.

The first unusual piece here is how they got caught. Swisher’s Controller pushed back on a suspicious request. From the Justice Department’s report:

“The accounting fraud scheme began to unravel when Swisher’s then Controller pushed back on making a fraudulent entry during the year-end close. The Controller wrote in an email, “I’ll run it by BDO [Swisher’s auditors] so we’re on the same page,” to which Defendant Kipp responded, “You’ll run it by me since I’m the chief accounting officer. I’m out of patience with this.” Later, Kipp fired the Controller for his persistent refusal to book the fraudulent entry. Swisher’s Audit Committee learned of the Controller’s allegations and promptly commissioned an independent internal investigation.”

Pushback like this that leads to identifying fraud is pretty unusual.

The second unusual piece is that I was doing some ERP consulting there at the time the fraud was identified. We were pretty deep in the weeds so it wasn’t clear at first what was going on. Imagine the largest conference room in your organization stuffed with accountants and auditors all billing at the highest hourly rate you’ve ever seen. They are there before you arrive in the morning and still there when you leave at night. Fraud is expensive, and the clean-up after fraud is expensive as well.

I saw some pretty messy parts at Swisher around bank reconciliation and some fixed asset policies, but we were focused on fixing processes, not reserve accounting.

Ultimately Kipp and Viard pled guilty and the US assets of Swisher Hygiene were sold to competitor Ecolab.

Per the Association of Certified Fraud Examiner’s annual report, having an option for whistle-blowing, a hotline, website, something is the number one way fraud is ultimately caught. We saw this with the $8 million fraud at ING and All the Queen’s horses. It was ultimately a big piece of Enron’s unraveling as well. At Swisher, we had fraud at the top and collusion. That’s enough clout to bypass a lot of controls, but someone still took their fiduciary responsibility seriously and did their job.

That is always the hard part about fraud at the top. If you see it, expect to lose your job, either because your report it, or because the fraud ultimately brings down the company. There is a pretty good argument that if you think you see fraud at the top, go get another job.

Part of a control environment in any operation with easily moved goods is loss prevention. Amazon warehouses are full of things people want and Amazon has loss prevention roles in the company. From August 2020 to March 2022 Kayricka Wortham was an Operations Manager at an Amazon warehouse in Smyrna, Georgia. In her position, Wortham could approve new vendors and approve vendor payments.

Demetrius Hines was a Loss Prevention Multi-Site Lead at Amazon. He also worked at the Smyrna warehouse and at other company sites. In his position, Hines was:

“responsible for preventing loss, monitoring security risks, and protecting people, products, and information at Amazon.”

Wortham led this scheme and would provide fraudulent vendor setup information to her subordinates and then approve the vendor setup. She and others, including Hines, submitted fake invoices to for payment by Amazon in amounts exceeding $10 million. They received payments totaling $9.4 million.

Hines was a roadblock and Wortham overcame this roadblock by recruiting him into the scheme. The typical wisdom is that collusion is really hard to find and stop. This is a great example of why. A key control, Hines, was coopted into the scheme. But they were still caught.

There were also red flags, primarily people living beyond their means.. Wortham was driving a $200k+ Lamborghini Urus and Hines had multiple cars, a $70k Rolex and diamond jewelry. Also an ops manager might have setup info about the occasional vendor, but it seems like this was a large number of vendors.

There are a couple of interesting pieces in here. First, $10 million is a lot to steal in 18 months. Kevin Lee Co stole $4.8 million over 7 years from Holt. Nathan Mueller stole $8 million in 4 years. $10 million in 18 months is a lot.

Second there is no information across multiple articles on how the fraudsters were caught, just boilerplate language about the Secret Service being involved. I’m speculating that a $10 million expense increase over 18 months triggered a deeper look and ultimately a criminal investigation.

How do you catch fraud like this? Collusion was involved to override preventive controls so it gets harder and we many need to fall back on detective controls and analytics. For example, budget analysis, trend analysis, Benford analysis on invoice/payment amounts, and anomaly detection could all be part of the process.

Public and Private firms aren’t the only organizations with control problems. Government has problems too. The Transportation and Security Organization’s last audit was 2016 and there were issues. The issues identified were pretty common and a lot of businesses have them too.

KPMG performed a financial statement audit and an audit of select general IT controls (GITC). What did they find?

• A number of items related to control of assets including assets not listed, missing asset IDs, etc.
• Ineffective controls over the AR estimates.
• Control issues related to HR & Payroll, especially around various approvals.
• Journal entry approval problems with the year end suspense clearing.
• Strong passwords were not consistently enforced.
• Access Certification was not performed annually as required.
• System access was not timely removed for terminated and/or separated personnel.

This is pretty typical stuff. Access Certification in particular is often done via Excel and email and it’s a miserable process. Fixing this with a certification tool is actually pretty easy. System access not removed in a timely manner is another very common problem. Access Certification serves as a backstop for this, but a good identity governance application solves this in a preventative way.