Sometimes professional negligence by auditors or accountants allow fraud to be carried out. Even if these professionals could not stop the initial criminal acts, sometimes, their carelessness allows further acts of fraud to be carried out.
In relation to fraud, readers may also wish to refer to the blog -
http://professionalnegligencesg.blogspot.com/
which covers issues and cases relating to professional negligence of all professions.
Contributions of reports of any ongoing lawsuits are welcome.
Wednesday, April 15, 2009
Wednesday, April 8, 2009
Fraud prevention - division of duties
To prevent fraud, auditors and management consultants recommend divisions of duties or a system of checks and balances.
This means that as far as possible, no one person is in charge of a sensitive or important function. For example, a cheque book should not be left in the hands of an employee who has power to decide on payment who is the cheque signatory as well.
Another common example is found in the financial industry in relation to traders - allowing one person to be in charge of trading as well as back room operations (the paperwork involved in the trades). This is of course similar to the Barings Bank situation.
This means that as far as possible, no one person is in charge of a sensitive or important function. For example, a cheque book should not be left in the hands of an employee who has power to decide on payment who is the cheque signatory as well.
Another common example is found in the financial industry in relation to traders - allowing one person to be in charge of trading as well as back room operations (the paperwork involved in the trades). This is of course similar to the Barings Bank situation.
Saturday, April 4, 2009
Forged cheques
Many cases of corporate fraud involve the use of forged cheques by company insiders. For example, an employee who is in charge of the company cheque book, may take a few cheques and forge the authorised signatory's signature to draw cheques payable to himself or his accomplices.
What is the legal position? Case law requires banks to know their customer's signatures. Therefore, a forged cheque is not valid and any withdrawal is not authorised. The bank would have to refund the monies drawn out.
However, banks have often reacted through using contract clauses in their agreements with their customers, to shift some of the risk to the latter. Customers may be required to take reasonable care of the cheques. More common is the clause that deems the regular statements of accounts sent to the customer as conclusive within a certain time period (usually 14 days). In other words, after 14 days, if the customer does not query the statement, all reported withdrawals will be deemed valid.
For corporate customers, case law has held such clauses to be valid. For individual customers, perhaps such clauses may be invalid under the Unfair Contract Terms Act, but this is highly arguable.
What is the legal position? Case law requires banks to know their customer's signatures. Therefore, a forged cheque is not valid and any withdrawal is not authorised. The bank would have to refund the monies drawn out.
However, banks have often reacted through using contract clauses in their agreements with their customers, to shift some of the risk to the latter. Customers may be required to take reasonable care of the cheques. More common is the clause that deems the regular statements of accounts sent to the customer as conclusive within a certain time period (usually 14 days). In other words, after 14 days, if the customer does not query the statement, all reported withdrawals will be deemed valid.
For corporate customers, case law has held such clauses to be valid. For individual customers, perhaps such clauses may be invalid under the Unfair Contract Terms Act, but this is highly arguable.
Friday, April 3, 2009
The trial of Shi Ming Yi
The Ren Ci Hospital charity has been in the spotlight these past few weeks as the trial of its former chief executive officer, Shi Ming Yi (whose real name is Goh Kah Heng) has just begun in the Subordinate Courts.
He faces charges of criminal breach of trust of $50,000 which was allegedly used to renovate the apartment of a 3rd party, and disguising this as a loan to a Buddhist centre. Other charges relate to allegedly making false statements to the Commissioner of Charities which regulates Ren Ci.
Basically, from the investigation point of view of fraud, offences can be divided up into 2 types - the initial offences and the cover up offences. The initital offences are committed for previouslyreasons, eg, to inflate profits artificially, or to dress up the balance sheet. The cover up offences are meant to prevent detection by other parties such as auditors, other employees of the company, etc. Often, the offences might include forgery of documents, and making false statements to regulators (as in this case).
He faces charges of criminal breach of trust of $50,000 which was allegedly used to renovate the apartment of a 3rd party, and disguising this as a loan to a Buddhist centre. Other charges relate to allegedly making false statements to the Commissioner of Charities which regulates Ren Ci.
Basically, from the investigation point of view of fraud, offences can be divided up into 2 types - the initial offences and the cover up offences. The initital offences are committed for previouslyreasons, eg, to inflate profits artificially, or to dress up the balance sheet. The cover up offences are meant to prevent detection by other parties such as auditors, other employees of the company, etc. Often, the offences might include forgery of documents, and making false statements to regulators (as in this case).
Computer crime - obstructing use of computer
Section 7 deals with obstructing the use of a computer in short. The section in full covers a person who
(a) interferes with, or interrupts or obstructs the lawful use of, a computer; or
(a) interferes with, or interrupts or obstructs the lawful use of, a computer; or
- (b) impedes or prevents access to, or impairs the usefulness or effectiveness of, any program or data stored in a computer.
Punishment includes a fine of up to $10,000 and/or jail time of up to 3 years, with enhanced punishment for repeat offenders
Where damage is caused (as defined in section 2), then jail of up to 7 years and/or a fine of up to $50,000 may be imposed.
l
Computer crime - forensics
Computer forensics refers to the use of computer contents and data for litigation (or lawsuit) purposes. There are strict rules to follow to ensure that the contents or data are not compromised as they will be used as evidence often to establish civil or criminal liability of the defendant or accused.
Various companies claim expertise in this area. I have no personal knowledge of anyone of them.
For additional information about computer forensics, I have adopted, with permission, information from Adriot Data Recovery Centre as at 1 April 2009 (http://www.adrc.com/forensic_investigation.html). The portion in blue below is taken straight from the webpage.
Various companies claim expertise in this area. I have no personal knowledge of anyone of them.
For additional information about computer forensics, I have adopted, with permission, information from Adriot Data Recovery Centre as at 1 April 2009 (http://www.adrc.com/forensic_investigation.html). The portion in blue below is taken straight from the webpage.
What is Computer Forensics?
Specialized and scientific techniques and methodologies which are used to acquire and analyze computers, computer networks and storage media in order to discover evidence related to fraud, crime or unauthorized activities.
"Who needs or who uses Computer Forensic Services?
Mostly, companies may engage in computer forensics investigation when they suspect a breach in data security or illegal activities in a network or computer system, for instance, employees' activities such as internet abuse or porno, unauthorized disclosure or intentional deletion of sensitive or confidential information, industrial espionage or computer fraud.
Whether you are looking for digital evidence in a law suit, or determining exactly what an employee has been up to, ADRC is well equipped with Certified Computer Forensic Experts who know how to secure and document digital evidence with full audit trail suitable for court submission.
One should not attempt to do the investigation without proper techniques and expertise. Evidence could be easily destroyed or altered by just booting up the suspected computer with a quick browse."
Thursday, April 2, 2009
Computer crime - unauthorised modification of computer contents
Section 5 covers unauthorised modication of the contents of any computer. Even if no financial loss or real harm is caused, the offence is committed.
For example, if a website is hacked into and the webpages are changed as a joke, the crime will have been completed.
The normal punishment is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both. There are enhanced punishments for repeat offenders. Finally, if any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
It could be argued that anyone hacks into a computer will have modified without authorisation some part the computer contents, and therefore will have committed an offence under section 5 as well. However, in order to ensure that the basic offence of hacking under section 3 is not rendered redundant, section 5 should be interpreted to refer to significant modification of computer contents.
For example, if a website is hacked into and the webpages are changed as a joke, the crime will have been completed.
The normal punishment is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both. There are enhanced punishments for repeat offenders. Finally, if any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
It could be argued that anyone hacks into a computer will have modified without authorisation some part the computer contents, and therefore will have committed an offence under section 5 as well. However, in order to ensure that the basic offence of hacking under section 3 is not rendered redundant, section 5 should be interpreted to refer to significant modification of computer contents.
Computer crime - unauthorised use or interception
Section 6 of the Computer Misuse Act covers
Unauthorised interception of computer services is committed when a person "intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electro-magnetic, acoustic, mechanical or other device." The wording here is very wide and even reading the screen of someone else's computer by capturing the electro-magnetic impulses transmited through the airwaves (relying on what is sometimes called the Tempest effect) would be considered an offence.
Again, the keyword here is the fact that the acts here must be unauthorised. Punishment here is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both. If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
- unauthorised use and
- unauthorised interception of computer services.
Unauthorised interception of computer services is committed when a person "intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electro-magnetic, acoustic, mechanical or other device." The wording here is very wide and even reading the screen of someone else's computer by capturing the electro-magnetic impulses transmited through the airwaves (relying on what is sometimes called the Tempest effect) would be considered an offence.
Again, the keyword here is the fact that the acts here must be unauthorised. Punishment here is a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 5 years or to both. If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
Wednesday, April 1, 2009
The Computer Misuse Act - application to foreign acts
The Computer Misuse Act makes it clear that it applies to acts done outside Singapore. In lawyers' jargon, it has extra-territorial application.
Under section 11, the Act applies if either or both of the following occur -
a) the person involved was in Singapore at the time of committing the offences, or
b) the computer, program or data was in Singapore when the offence is committed. The nationality of the person is irrelevant.
For example, if someone in Singapore hacks into a foreign computer, then by virtue of section 11, the Act applies. Also, if someone outside Singapore hacks into a local computer system, the Act will also apply. The Singapore authorities will then have to obtain the assistance of foreign authorities to arrest the person outside Singapore and arrange for him to be brought to Singapore (or extradited) to fact trial here.
Under section 11, the Act applies if either or both of the following occur -
a) the person involved was in Singapore at the time of committing the offences, or
b) the computer, program or data was in Singapore when the offence is committed. The nationality of the person is irrelevant.
For example, if someone in Singapore hacks into a foreign computer, then by virtue of section 11, the Act applies. Also, if someone outside Singapore hacks into a local computer system, the Act will also apply. The Singapore authorities will then have to obtain the assistance of foreign authorities to arrest the person outside Singapore and arrange for him to be brought to Singapore (or extradited) to fact trial here.
Future posts- ideas welcome
If readers have any ideas about any topics for future posts, please do not hesitate to add a comment which will trigger an email to me.
In the meantime, I still have several topics to cover in future blogs including corruption, remedies against fraudsters eg Mareva injunctions, etc.
In the meantime, I still have several topics to cover in future blogs including corruption, remedies against fraudsters eg Mareva injunctions, etc.
Subscribe to:
Posts (Atom)