Investigations Flashcards
What Characteristics and common techniques are used to hide assests?
Must be
Liquid
Untraceable
Secure and accessable
Put in someone elses name
Pay down debt
Transfer to tax haven
Buy insurance products
What is a blockchain?
Contains users cryptographic address. Can be used to ID patterns of criminal activities. Does NOT have ID info
Digital wallet: companies do have personal ID information.
Reports.
Follow up/ recommendations. What should i put in the report?
ID aspects that remain outstanding
What action is necessary or recommended.
Might include recommendations related to the organizational procedures and controls.
What is a fraud examination?
A process of resolving allegations of fraud from begining to end.
Obtain evidence
Reporting
Testifying to findings
Assisting in fraud detection and prevention
Fraud Examination methodology.
Assume litigation will follow
ACT ONLY ON PREDICATION.
Fraud theory approach for analysing data
Analyse available data
Create hypothesis
Test hypothesis
Redefine and amend the hypothesis.
What should a fraud plan include?
GOALS of the investigation
Determine the SCOPE
TIME FRAME of investigation.
Meta data definition.
Data about data
Challenges of cloud forensics?
Lack of information accessibility
Lack of data control.
Conclusions in report writing should be?
Self-evident- if not onvious clerify in report
GDPR meaning and what it does.
General Data Protection Regulation:
Protects personal info/data of banks doing buisness in the European Unions
Boolean operators
Advanced search operators
Put in quotes
Example “ money laundering”.
To get better results
Online public database: Where should a CFE start?
With a past address
Use internet archives/past page look ups
Electronic payments can help ID?
Assests suspect purchased
Locations of the suspects assets
Location of suspects residence and buisnesses.
Cities and countries suspect does buisness
Correspondent banking
Big bank does buisness with little bank in another country ans vise versa.
Can handle eachothers transactions.
Must have ownwrship details, known agents, must be licensed and have anti money laundering policies.
Direct method in tracing
Direct from books and records to analyze transactions.
Ie: credit cards, loans, bank records.
What is the single most important resource available for tracing?
Bank records are the single most inportant financial source available for tracing
What is Tracing?
Search for evidence regarding the ID and disposition of property.
Fraud vic who wants tracing for recovery of criminal proceeds
Trace to see if suspect can pay back funds
Judgement creditor- to ID suspects assets.
Types of evidence
Testimonial: statements.
Digital: anything digital, pictures, videos
Documentary: records that prove or disprove. Records.
Fraud facts: consent in writing, court order, bank records
What to do to prepare for an interview
Consider legal or admin issues specific to all jurisdictions involved.
What are the five type of interview questions?
Introductory: get the suspect to commit to assist
Informational: questions should be closed or leading
Assesment: observe verbal and non verbal responses.
Admission: get a confession
Closing: confirm facts.
Dealing with difficult situations. Im too busy. I dont remember
Too busy: interview will be short, already here, not hard, I need your help.
I don’t remember: remain silent while person deliberating or pose narrower questions.
Rules on volital interviews
Always have two detectives and make the interview a surprise.
Hypothetical questions best bc leas threatening
Calibrating/ norming
Assessment questions
The process of observing behavior before asking critical questions
Assessment: ask suspect to agree w/ matters that go against the principals of most honest people. Truthful answer one way, untruthful answer differently
Verbal clues. Also known as?
Change is speech Cough clear throat Repeat question Complain about environment I swear to God Feeble attempts at humor CLUSTERS
Non verbal clues
Change in posture Hand gestures increase or decrease Hands over mouth Play with pencil or clothing Fleeing position
Admission seeking objective and purpose
Designed to obtain a legal admission of wrong doing.
Purpose to distinguish innocent from potential guilty
Obtain valid confession
Get suspect to sign a written statement of acknowledging the facts.
General rules for conducting admission seeking interviews. When to conduct
Only conduct when there is sufficient PRIVACY and when time is NOT a factor.
Do not express disgust or outrage
Project compassion, understanding and sympothy.
OFFER MORALLY ACCEPTABLE REASONS FOR BEHAVIOR.
Steps in admission seeking interview…what to avoid. What to do when stating a denial.
Make direct accusation in form of a statement. Repeat the accusation. INTERUPT DENIALS
AVOID EMOTIVE WORDS SUCH AS STEAL, FRAUD OR CRIME
can show some evidence. Observe suspects reaction.
Altruism?
The action was for the benefit of others.
For the kids? Help my family
Diffuse alibis by?
Display physical evidence
Discuss witness statements
Prior deceptions
MAKE SUSPECT CHOOSE BETWEEN ONE OF TWO CHOICES, both imply guilt.
Get verbal confession. Confirm general details before pressing for specifics.
What info to obtain during verbal confession
Intent Motive When/if crime was terminated Others involved Physical evidence/ get suspect to provide it Is ANYTHING LEFT
Natural vs non natural numbers.
Natural: not ordered in a particular numbering scheme. NOT HUMAN GENERATED.
NON-natural designed systematically: IE phone numbers. Bendords law cannot be applied.
Natural present some digits more than others.
1: 30.1%
2: 17.6%
3: 12.5 % and contines to lower.
ZERO: is most likely the second digit 18%
Structured data va unstructured data
Structured: found in data bases, columns consisting of recognizable or predictable structers.
UNstructured: data not found in traditional spreadsheets IE: email or social media activity. Key words.
What is textual analytics.
Extractinv usable info from unstructured data from social media text messages.
KEY WORDS FROM FRAUD TRIANGLE.
Fraud Triangle
Pressure: deadline, quota, problem, concern
Opportunity: over ride, write off
Rationalization: reasonable, deserve
Visual analytics
LINK analysis: charts with lines showing data from multi sources to track movement of Money.
Discover patterns, trends, relationships, communications. Direct or indirect relationships.
Effective when investigations are of money laundering ir ficticious vendors.
Robotic process automation?
Technology that emulates a humen to execute buisness processes.
TAKES THE PLACE OF THE HUMAN
Predictive analytics
Used to build a mathematical model to predict future events or outcomea.
Artificial intelligence
Computer systems that can perform human like tasks.
Examine large amount of data using sophisticated tecniques go beyond traditional data analysis.
Advanced data analytics. Surpervised vs non supervised. Deep learning
Supervised: humans identify patterns
Unsupervised: a program ID’s patterns on its own. Also Machine learning.
Deep learning: multi step learning in real time with multi programs at the same time.
Benfords law
Numbers that follow a predictable pattern.
Indirect approch to tracing: two methods.
Assest method: net worth, buy houses, toys, boats
Expenditures: sources of income: vacations, clothes.
CIRCUMSTANTIAL.
Data analysis queries regarding accounts payables. What quieries can i run to verify $?
Summerize large invoices by amount, vender,
Review recurring monthly expenses and compare to posted/paid invoices.
Reconcile check registers
Verify vedor tax forms
Audit paid invoices for manual comparison.
Planning phase. Build a profile of potential frauds… why? When?
When: no known suspects
Why: find where fraud could occur.
To maximize the potential success of detexting fraud through data analysis.
Understand existing fraud risks.
Build profile of potential frauds by ID’ing the risk areas, type of fraud.
Resulting in exposure to those frauds
Data/ core analysis software capabilities.
Sorting: how want to view data. IE: receipt number, check number, etc.
Joining files: to see if same shows on all files
Correlation: one goes up, other goes up
Duplicate search:
Gap test: see if missing items in sequences.
What to do in preparation phase at the beginning of an investigation.
ID relevant data
Obtain data
Verify data
Cleanse ans normalize data
Data analysis process: three phases. For unknown suspects
Planning: build a profile of potential frauds
PREPERATION: cleanse and normalize data/ convert data IE: time zones, currency,
Correct known errors/ special characteristics
TESTING: run test. Address faulse positives.
LAST: Post analysis
Internal vs external sources.
Internal may be all thats available (accounting and buisness records, copies of cancelled checks, employee personel files)
External sorcea: locating assets
Licating people
Ownership of assets
Lifestyle
What is available in Regulatory Securities Records. As an investor what would i want to know about the company.
Corporate financial statements ID of officers or directors ID of significant owners Registrant of properties and businesses Descriptions of securities for sale Interest to investors History of the buisness
What is pretexting
Impersonating someone else or making misleading statments to obtain info.
