Upload
michael-heron
View
158
Download
1
Tags:
Embed Size (px)
DESCRIPTION
An overview of an equity funding scandal from the early days of computing,
Citation preview
+
Equity Funding of AmericaComputer Law and EthicsMichael Heron
+Introduction
Crime – crime never changes. To paraphrase the opening sequence to the Fallout games.
While computers have enabled an awful lot of crime, very little of it is truly new. People trespassed before computers. People made illegal copies of things before computers.
Even things like ‘rights management’ were in place long ago. Map makers used to include identifying ‘mistakes’ to help police
copyright infringement.
What computers have mostly done is increase the scope and scale of crime.
+Waves of Computer Crime
1960s Hacking began as exploration and problem solving. Specialised fraud Blackmail
1970S Privacy violations Salami slicing Phone phreaking Distribution of illegal materials.
+Waves of Computer Crime
1980s Software piracy Copyright violations Viruses More phreaking Commercialisation of illicit material distribution
1990s IP spoofing FTP abuse Phantom nodes Protocol flaws
+Waves of Computer Crime
2000s Automated hacking Desktop forgery International industrial espionage Transnational organised crime Terrorism
2010s ???
As computers evolve, so too does the sophistication of crimes committed.
+Early types of computer crimes - Damage Root access to a computer offers large scale access to the
underlying system. Who watches the watchers?
Real risk when employees are terminated. Hard to keep an angry sysadmin in line.
One of the reasons why IT employees are often escorted from the premises as soon as they are dismissed. Limits the danger of retaliation. But doesn’t eliminate it entirely.
Systems can be highly tailored.
Systems can be full of valuable data.
Some types of computer damage cannot be repaired.
+Blackmail
Value of data often more than the value of computers. And the software on which they run.
Blackmail with computers often involves holding data ransom. For example, one of the programmers working on Concorde
demanded £250,000 for the backups of the test data he destroyed.
Data can be costly or impossible to replace.
Nothing new in the crime, only new in the details. And the ease with which it can be done.
+Fraud
Small scale fraud commonly involves very specific, very personal adjustments to computer code. Slicing fractions of pennies off of thousands of transactions
and siphoning them off into another account. A programmer coding an accounting system that ignores
withdrawals on a specific set of accounts. A programmer writing a program that scans for ‘dead’
accounts and then transfers the money elsewhere.
Losses usually too small for a large company to worry about. Most banks have a threshold at which they say ‘We expect
to lose this amount to fraud every year’ Too costly for zero tolerance.
+Equity Funding Corporation of America
The Equity Funding Company of America (EFCA) was responsible for one of the largest corporate frauds in American History. Something like an Enron of the 1970s Dramatized in the BBC Horizon programme ‘the billion
dollar bubble’
Functioned through investing in mutual funds. Put money in a mutual fund.
A collective pot of money produced by investors clubbing together.
This pot is then invested in a portfolio of stock managed by a mutual fund company.
+Equity Funding Corporation
The company took out life insurance policies which paid out if a person died. The premiums for this are paid annually.
The company borrowed against the mutual fund to pay the annual premiums.
After ten years, the fund ‘matures’ and gives out the accumulated incresed value. This is used to pay back the loans that were taken out
against the fund.
+Equity Funding Company
Mutual Fund
Life InsuranceLoan
Paym
en
t on
Death
An
nu
al P
rem
ium
s
Loans to pay prem
iums
Borro
w a
gain
st s
tock
Investment
Pay Back Loan after 10 years
Value after 10 yearsPROFIT
+So far, so good
The company started to expand by taking over new companies. And they had a huge sales force.
The acquisitions cost lots of money. Which were funded largely through Equity Funding’s stock
price. New companies were bought with stock in EFCA
To keep the value up, generating yearly earnings growth was important. This would allow for more acquisitions and more wealth.
+But then…
A problem with their mainframe meant they couldn’t extract yearly revenue details for 1964. Oh no. The annual report was not going to be ready on time.
During the delay, the company co-founded (Stanley Goldblum) came up with an idea to use a creative accounting method to ‘temporarily’ increase sales figures. He directed the company CFO to make fictitious ‘advance’
entries with regards to income. Essentially saying ‘Here’s money we’ll be getting in the
future, now’
+Escalation
Now he needed to find real money to back up those ‘sales’ In order to pass the audit required by the Securities and
Exchange Commission.
Then came the idea… Let’s take out real insurance policies on fictional people. Originally done by a handful of trusted employees doing
overtime.
The process worked through the value of ‘reinsurance’ A company sells a portion of its policies to another company.
This creates instant cash flow. It also mitigates against future catastrophes.
+Escalation
So The company created fake insurance policies. They then sold these faked policies as legitimate policies to
insurance companies. They then used the income to pay a portion of the fake
policies premiums. Making the sales seem credible to the auditors.
This created cash flow out of nowhere. And also hugely jacked up the stock price for the EFCA
As of yet, this isn’t a computer crime.
+Enter the Mainframe
Making up fake accounts had become too time consuming. Time to introduce a computer.
At the time, auditors couldn’t audit computer systems. Too specialised. No auditing meant that program code never went
examined. This meant that the computer could be used to streamline
the process of defrauding the reinsurance companies.
Goldblum paid a programmer to write a program that created fake policies. Access to the program was restricted based on a secret
password.
+Scale of the Crime
This automation led to EFCA having $425M of life insurance policies on their books in 1968. With $100M in mutual funds sold.
From 1969 to 1973: 64k faked accounts were created. Reported revenues of $1.8B
Every so often, a few policies would be ‘killed off’ Brining that money in from the reinsurers.
Plans were afoot to automate even that. Killing off fake policy holders at a statistically appropriate
rate.
+Whistleblowers
It eventually came to light after an ex-employee blew the whistle. Ronal Secrist.
Securities analysts Ray Dirks also came forward with evidence. And was later rewarded with insider trading charges being
filed against him. He was eventually acquitted by the Supreme Court.
Fraud was unsustainable. Eventually they would have had to be insuring the whole
country.
+Crime and Punishment
Goldblum and 18 others pleaded guilty to taking part in the fraud.
Three others were convicted in a 1975 trial.
Goldblum served jail time for his part in the fraud.
He never learned his lesson. At the age of 72, he was arrested for submitting false
information to obtain a $150k loan.
Crime remains one of the most significant in terms of scale. Computers serve a role in managing scale.
+Fooling the Auditors
One night, an auditor left an unlocked briefcase.
An EFCA executive, in full sight of others, opened the case and got access to the confidential audit plan. This allowed EFCA to have plans in place to deal with audit
requests.
One auditor wished to send out policy confirmations to a sample of policyholders.
ECFA did the clerical work for the auditor. Letters were instead addressed to branch managers and
agents of ECFA, who filled out the information for the fictional policyholders.
+Why Did Nobody Notice?
Auditor responsibilities fell to the State Audit Office. Responsible for identifying if businesses are acting according
to the law.
Auditors responsible for checking inputs and outputs. Sales of insurance policies Money coming in Reported earnings
However, auditors couldn’t audit everything. Accountants did not have the specialised knowledge required
to audit systems. IBM protected proprietary secrets, and were the ones
producing the mainframes used to perpetuate the fraud.
+Auditing Around a Company
Equity Funding Corporation of America
INP
UTS
OU
TP
UTS
examine
examine
AUDITORS
+Auditing Through a Company
Equity Funding Corporation of America
INP
UTS
OU
TP
UTS
examine
examine
examineAUDITORS
+Why did it happen?
Unchecked greed and territorialism of managers.
A lack of ethics and professional standards amongst management and involved employees.
The philosophy of the management.
The independence of the auditors and their inability to audit computer systems.
Lack of effective oversight by the auditors. Letting the company do some of the work? Come on, guys.
+Why did it happen?
The fraud was a massive scheme. Concocted by management. Supported by dozens of employees.
Each of which knew or suspected that something was going on.
Why did no-one report until so late into the scandal?
The management were intent at becoming a huge conglomerate at all costs. Without worrying about the risks of these activities.
Rampant territorialism drove much of the acquisitions.
+Auditors
The auditors compromised their professional independence during the investigations. One was earning $130k to $150k, because they were contracted by
EFCA and were the largest quiet.
A second auditor was given shares in the funding, which he kept under his wife’s former name until they were cashed in 1967.
Another auditor received a loan of $2,000 from the company.
All three auditors were later found guilty of fraudulent activities.
Some auditors were at least partially complicit in the incident.
Allowing for the company to take a direct hand in auditing violated accountability.
+Class Exercise
In groups of 3-4 Imagine yourself in a similar kind of company in the
modern day. How would you use computers to perpetuate economic
fraud? Outline a company structure, significant individuals who
would be involves, risks and points of weakness.
You’ll get some time to come up with this plan, and then: Swap your plans with another group Try to identify how you’d effectively audit their system.
Identify skillsets needed Identify weakness in your auditing. Identify ‘human factors’
+Conclusion
This is not a new or especially novel crime. It was in no way sophisticated, or only possible because of
computers.
There was no grand plan behind it all. And no escape route – escalation was mandatory because
of the pyramidal nature of the acquisitions.
Crimes committed nowadays are usually far more organised and significant. We have a better idea of what people might do and how we
should counter it as a society. That doesn’t mean that fraud is dead, of course.