MSA Investigations Blog

Technical Surveillance Today

Posted by Stephen Heskett on Mon, Jun 01, 2015 @ 03:18 PM


MSA Investigations recently developed some informative material regarding the theft of confidential information which you can read about here: 6 Ways to Protect Against Confidential Information Theft.

Social Media Trolls, Your Time has Come

Posted by John Maguire on Fri, Apr 03, 2015 @ 09:00 AM


Curt Schilling was one of the most unpopular baseball players of the last few decades. Due to his success and outspoken beliefs he garnered some animosity throughout the sports world. As part of the 2004 Boston Red Sox he broke the hearts of New York Yankee fans by pitching perhaps his most memorable game in which his ankle was so injured that blood soaked through his sock. The game became known as "the bloody sock” game. Two of Mr. Schilling’s Twitter followers referred to the bloody sock last month, but in a more sinister subtext. After Mr. Schilling posted a congratulatory tweet to his daughter, Gabby, for making the softball team at Salve Regina University, Adam Nagel and Sean McDonald replied with sexually violent and vulgar tweets. Even though the two men used their Twitter handles to disguise their true identity, Mr. Schilling was able to identify them and subsequently publicized their names. The men were either fired or suspended from their jobs, they are being investigated by their respective colleges for misconduct and the police are exploring the possibility of filing criminal charges.

Our next internet troll stooped to even lower levels, making crude remarks about 13 year-old Little League baseball phenom, Mo’ne Davis. Ms. Davis rose to stardom during the summer of 2014 and even appeared on the cover of Sports Illustrated. The Disney Channel recently announced that the network intends to air made-for-tv movie depicting her life and accomplishments. In response to Disney’s announcement a baseball player, Joey Casselberry, publicly aired his displeasure with Mo’ne Davis’ success by using an inflammatory, insulting word to describe her. He was consequently removed from the baseball team, despite being forgiven by Ms. Davis.

Internet trolls are not limited to the United States. In England a 15 year-old boy was arrested for allegedly making racist remarks toward Danny Welbeck, a star soccer player for Arsenal. While racism has plagued European soccer through the decades, it wasn’t until recently that such drastic measures have been made to stamp it out of the game. Stadium security cameras are used to hone in on “fans” chanting racist words or throwing objects onto the field. Various degrees of punishment are doled out in relation to the crime. Additionally, social media investigations are used to identify trolls on the internet spewing hate. The 15 year-old is due back in court in mid-April.

Athletes are not the only targets of Internet abuse. Ashley Judd, an actress, has come under fire recently from trolls watching the Men’s NCAA Basketball Tournament. Ms. Judd, an unapologetic Kentucky Wildcat fan, has been a favorite among cameramen filming games featuring the university. Unfortunately, she paid more than the price of admission for attending the game. One of her tweets reads “when I express a stout opinion during #MarchMadness I am called a whore, c---, threatened with sexual violence. Not okay.” Ms. Judd is committed to fighting back and pressing charges against those producing the sexist, violent tweets. Social media investigating is the key element in providing her justice.

For more information please contact MSA Investigations.

John Maguire is the author and an Investigative Analyst at MSA Investigations.

SEC Approves FINRA’s Updates to Background Investigation Rule

Posted by Melissa Rodriguez on Wed, Feb 11, 2015 @ 04:29 PM

describe the image

The Securities and Exchange Commission ("SEC") has approved a Financial Industry Regulatory Authority, Inc. ("FINRA") proposal that requires brokerages to strengthen the background reviews they conduct on new hires. Under the new requirement, firms must adopt written procedures to verify the accuracy and completeness of a broker's registration information on Form U4. The document is the foundation of the broker profiles contained on FINRA's BrokerCheck database which investors can review before hiring a financial adviser. Firms already are expected to review job applicants; however, the new rule makes the requirement more stringent by forcing them to conduct a search of public records.

The new FINRA Rule 3110(e) streamlines and clarifies members' obligations relating to background investigations of registered persons and adds a requirement to adopt written procedures to verify the information in an applicant's Form U4, including the requirement to conduct a public records search. The new rule, which replaces NASD Rule 3010(e)(Qualifications Investigated), becomes effective July 1, 2015.

Under the new rule, members must investigate the good character, business reputation, qualifications and experience of an applicant before applying to register that applicant. Firms must also establish and implement written procedures for completing the Form U4 verification process, including a "national public records search," no later than 30 days after filing an initial or transfer Form U4.

The investigation and verification requirements are intended to be complementary, not duplicative of each other, although FINRA expects many firms will conduct both processes concurrently using some of the same information before filing the Form U4. In fact, FINRA encourages the completion of the verification process before filing the Form U4. Firms will incur a Late Disclosure Fee if a disclosure event should have been reported on the initial or transfer Form U4, regardless of whether the verification process is completed within the 30 day window. In instances where the verification process cannot be timely completed  (e.g., fingerprints are illegible and must be resubmitted), the procedures should provide for completion of the verification process as soon as possible with documentation for the basis for the delay.

To satisfy the "national public records search" requirement, firms should search "reasonably available" public records, including general information such as an individual's name and address (e.g., by checking a valid state-issued driver's license or government-issued passport); criminal records; bankruptcy records; civil litigations and judgments; liens; and business records. The potential burden to firms of a comprehensive verification is compounded by the ambiguous language regarding the scope of records that may need to be searched. The scope and complexity of of the public records requirement depends on the definition of “reasonably available,” “public records” and “national public records search.” The rule, however, does not provide a definition for any of these key terms. In its 19b-4 filing with the SEC, FINRA, defines the term “public records” in a footnote as including:

[R]ecords [that] include, but not limited to: general information, such as name and address of  individuals; criminal records; bankruptcy records, civil litigations and judgments; liens and  business records.

Firms may conduct the records search in a variety of ways, including through the use of credit reports, reputable public databases, or utilizing the services of third-party provider, such as a background screening or investigative company, that can provide companies with a comprehensive assortment of background screening services. To the extent it is not practical to verify all of the information in Form U4, a firm should document what information could not be verified and the reason therefore. While the public records search requirement does not extend to foreign jurisdictions, firms may find it necessary to search records in a foreign jurisdiction as part of their verification process (to the extent consistent with applicable law). FINRA also notes that firms must make their own determination about whether an applicant's consent on a Form U4 complies with the laws of any particular jurisdiction regarding consent to obtain investigative consumer reports.

For information on our background screening and investigative due diligence services, please contact MSA Investigations today.

Melissa Rodriguez is a Senior Investigative Analyst at MSA Investigations.

Image Credit:

Tags: investigations, due diligence investigations, background checks, FINRA, public record search, background research, BrokerCheck

European Banks Announce Increased Cyber-Security Measures

Posted by Daniel Gorry on Wed, Dec 10, 2014 @ 01:31 PM

euro resized 600
On September 23rd, 2014 the British Banker’s Association – a trade association representing 250 banks and financial institutions in the UK – announced the imminent launch of a new alert service designed to combat cybercriminals who target financial institutions.  The new Financial Crime Alerts Service (FCAS) is the result of BBA’s partnership with technology consulting firm BAE Systems Applied Intelligence, and will employ real-time intelligence pooled from 12 governmental and private agencies – including the National Crime Agency (UK’s version of the FBI) – in order to address fraud, financial crime, and other violations. Anthony Browne, Chief Executive of the BBA, expressed plans to have FCAS operational by early 2015, and Donald Toon, Director of the Economic Crime Command at the National Crime Agency, voiced strong support for the BBA initiative by stressing the ever-increasing need for collaboration between the private sector and law enforcement in order to reduce the impact of economic crime.

The BBA announcement comes on the heels of recent infiltrations into major retailers like Target and large financial institutions - all of which have resulted in massive financial costs for companies and their customers. A number of these large-scale infiltrations have been confidently assumed to be the work of Russian and Ukrainian hackers who are incentivized to target large Western entities by an increasingly hostile Russian government.  Recent cyber-assaults on U.S.-based financial institutions, in particular, demonstrate the exceedingly sophisticated nature of these attacks, which in conjunction with technical indicators extracted from the banks’ computers, has helped to implicate the involvement of some foreign government in data theft. One specific incident of recent cyber-infiltration involved the  exploitation of a software flaw colloquially referred to as “zero-day vulnerability,” because it involves manipulating a previously unknown vulnerability in a computer application in such a short time frame that programmers have zero days to forge a patch to fix the flaw. The hackers were then able to careen through the institution’s elaborate security measures and managed to steal vast troves of sensitive user data.

Though no technical details were released in the announcement of FCAS, it is understood that the system will dispatch alerts concerning money laundering, cyber-crime, fraud, emerging trends, and even terrorist financing. FCAS will also build on an existing partnership that BBA shares with the National Crime Agency, which Anthony Browne claims has prevented at least £100 million through information sharing. FCAS is also not the only cyber-security initiative announced this year, as the Bank of England unveiled a program called CBEST, which serves as a bank-wide security audit by replicating known cyber-attacks on the bank’s own defenses, but it lacks the real-time warning system. On an even more grand scale, the European Police Office signed a Memorandum of Understanding with the European Banking Federation – which represents 4,500 financial institutions on the continent – with the intent of vastly expanding cooperation between law enforcement and the financial sector.

The ultimate goal of all these initiatives is to encourage people to invest in European banking institutions by allaying fears of economic havoc that could result from cyber-crime. As tensions with Russia continue to worsen, it would be wise for U.S.-based financial institutions and law enforcement agencies to increase levels of cooperation, not just in the aftermath of an attack, but in order to prevent them from happening altogether. Otherwise, investors may feel that European cyber-security measures make for such an overwhelming advantage that the U.S. financial sector – which makes up 7.9% of the overall economy – may suffer dramatically. In order to preemptively counteract capital flight to Europe, J.P. Morgan CEO Jamie Dimon announced in an annual shareholder’s letter that the bank would boost annual spending on cybersecurity by 25-percent to approximately $250 million by the end of this year. However, there is little that a solitary private institution can do in the face of a coordinated assault by a major state power like the Russian government.

To this end, the Securities Industry and Financial Markets Association (SIFMA) hired ex-NSA director Gen. Keith Alexander to facilitate the formation of a joint law enforcement and private sector “cyber war council” of sorts. Former U.S. Secretary of Homeland Security Michael  Chertoff, and his consulting firm the Chertoff Group, were subsequently acquired by Gen.  Alexander to assist in the recruitment of at least eight U.S. agencies including the Treasury Department, the National Security Agency, and the Department of Homeland Security. Additionally, Senators Diane Feinstein (D-CA) and Saxby Chambliss (R-GA) successfully sponsored a piece of bipartisan legislation – called the Cybersecurity Information Sharing Act – approved by the Senate Intelligence Committee, which will insulate financial institutions from liabilities incurred through sharing cybersecurity information.

Camden Fine, president of the Independent Community Bankers of America, voiced serious questions as to whether the FDIC can absorb the momentous costs of increasingly disastrous cyber-attacks in an email to Bloomberg News, and added “It is like watching a train wreck in the making and there is nothing you can do to stop it.” Mr. Fine’s concerns are not without merit as the largest U.S. institutional banks  hold a combined $4.9 trillion in assets, but are exposed to an approximate total of $210.2 trillion in derivatives, which is a number 14 times the size of the U.S. annual GDP. The calamitous consequences of a cyber-attack, which sets off that much damage in the way of systemic risk, are horrifyingly unfathomable, especially considering the heavily integrated global economy we enjoy. Never before has the need for cooperation between law enforcement and the private sector been more vital, as cyber-attacks become an ever more relevant existential threat to the world’s economic stability.

For more information please contact MSA Investigations.

Daniel Gorry is the author of this blog post.

Image Courtesy of SC Magazine.

Tags: Cyber-Security; Investigations

Social Media Background Checks: A Weapon in the War on Terror

Posted by Daniel Gorry on Mon, Oct 20, 2014 @ 10:00 AM

terror resized 600

In the few final moments of a new 55-minute video released by ISIS – which now claims the title “Islamic State” – one of the terrorist group’s fighters stands before an assortment of men digging a large pit in the desert. The jihadist begins speaking in a classical dialect of Arabic before switching to fluent English, and reveals that the men digging behind him are captured Syrian Army personnel from the 17th Division military base outside the city of Raqqa. The ISIS fighter proclaims that the prisoners are “digging their own graves in the very place where they were stationed,” and mere moments later the unidentified spokesperson is joined by a group of militants who all summarily execute the supposed Syrian Army POW’s.

This video – titled “Flames of War” – is the most recent piece in a series of propaganda videos released by ISIS in the wake of its explosive emergence as the dominant armed-jihadist movement, following the outbreak of the Syrian Civil War. Each video displays some grotesque war crime perpetrated by members of ISIS, most often a taped execution of anywhere between one to hundreds of people at a time, but they are all merely a fraction of propagandist content that ISIS has released in an unprecedented social media blitz.

The propaganda released by ISIS differs drastically from the formal statements released by former al-Qaeda chief Osama bin Laden, which had been filmed in Pakistani caves with grainy resolution. ISIS exploits the open sharing networks that social media services provide as a way of attracting the attention of foreign-born recruits, as ISIS relies heavily on fighters not native to Syria or Iraq to bolster its ranks. Their gruesome video content – typically recorded in high-definition - is often uploaded to sites such as YouTube or LiveLeak, and similarly disturbing images are disseminated through Twitter, Facebook, and Instagram. Not all of ISIS’s propaganda is of a violent nature, an increasing number of images display jihadists sitting in American-supplied armored vehicles which were captured by retreating Iraqi Army troops. Occasionally the group even releases pictures reminiscent of native internet culture – albeit with a corrupted nature - such as cats posed with AK-47’s.

ISIS’s social media oriented marketing blitz has successfully attracted more than 15,000 foreign fighters from over 80 countries, according to a CIA source for CNN, which constitutes nearly half of the Defense Department’s estimate of 31,500 total ISIS personnel. Approximately 2,000 of those fighters are believed to be of Western origin, most notoriously the militant named Jihadi John – leader of a terrorist cell which has been nicknamed “The Beatles” – who is the black-clad figure responsible for the taped beheadings of James Foley, Steven Sotloff, David Haines and an unknown Syrian soldier.

The US government estimates that somewhere between 20 to 30 American citizens are currently fighting in Syria with an assortment of armed groups. The most infamous former member of these American-born fighters is 22-year old Florida native Moner Mohammad Abu-Salha, who was last seen expressing his desire to ascend to heaven in a video posted by al-Qaeda’s primary Syrian affiliate Jabhat al-Nusra. The video is considered evidence that Abu-Salha became the first American to conduct a suicide attack in the Syrian Civil War on May 25th, 2014.

As useful as social media has become in ISIS’s efforts to recruit fanatical fighters, the digital platforms exploited by the terrorist group serve as a double-edged sword in that it has never been easier to identify terrorist operatives. For example, the prime suspect believed to be Jihadi John is an amateur rapper from London named Abdel-Majed Abdel Bary, an assertion that MI6 has corroborated with Bary’s incendiary pro-ISIS posts across social media platforms – predominately Facebook - in the lead up to his flight to Syria.

Accordingly, it has never been more imperative for employers to incorporate social media research as a component of background screenings and investigative due diligence on potential employees – especially as the likelihood of jihadists returning to their Western homes inevitably increases.

In addition to the actual fighters participating in ISIS’s combat operations, the group has attracted a massive internet following of supporters who create propaganda materials without the direction of official ISIS members. This fanclub of sorts provides the militant group with a steady stream of sophisticated graphics, translates Arabic messages into Western languages for dissemination amongst a larger audience, and increases the spread of ISIS’s social media branding initiatives by creating and sharing hashtags. Employers with screening programs aimed at conducting social media research are more likely to detect whether their employees are members of any social media groups providing branding and reputational support to armed extremist groups.

The consequences awaiting those American citizens who provide these propaganda materials via social media face is unclear. Boston pharmacist Tarek Mehanna is currently awaiting the chance to appeal before the Supreme Court after having been sentenced to 17.5 years for translating and disseminating al-Qaeda propaganda online, which he did independently of the terrorist organization’s direction as he had failed to find their militant training camp during a two week sojourn in Yemen. Mehanna’s legal defense – which has received support from the ACLU – is that his actions are no different from that of a journalist or an academic researcher who merely exercises their first amendment rights, but virtually identical activities to Mehanna’s were cited by the Obama administration as evidence for why it was lawful to assassinate Anwar al-Awlaki and two other US citizens during a drone strike in Yemen.

Needless to say, no employer wants to become tangled up in the increasingly muddled legal mess that results from having employed either a jihadist fighter or their propaganda-providing allies on social media. A thorough background investigation that incorporates social media focused due diligence is more vital and relevant than ever, and will only continue to serve as invaluable information for any organization.

Photo Courtesy of Business Insider

For more information please contact MSA Investigations.

Daniel Gorry is the author and an Investigative Assistant at MSA Investigations.

Tags: background checks, Social Media

Erasing the Money Trail via Layering

Posted by John Maguire on Mon, Sep 15, 2014 @ 10:00 AM

dope 090109 laundering resized 600

There are three steps that each criminal takes in order to successfully launder his or her money. First, the schemer must go through the placement process. This is the point in which the dirty money is introduced to the financial system; for instance, a bank deposit. The second step in the process is the structuring of the tainted funds so that it is difficult to ascertain the  point of placement, commonly called layering. More on this to follow. Finally, integration is the conversion of the illegally obtained funds into legitimate assets, i.e. real estate, art, diamonds, etc.

The focus of this blog is the middle stage in the laundering process or better known as layering. Layering is probably the most complicated step in the money laundering process because it consists of multiple transactions and money movements between accounts. It is designed to befuddle investigators researching the trail of illicit funds. The reselling of high valued goods, buying and selling stocks and bonds, and converting account holdings into money instruments are a few other examples of layering.

However, wiring funds to and from different institutions and jurisdictions may be the most common method of layering. Although, banks have many controls in place to trace funds and prevent wires from transferring to certain suspicious accounts, wires are still a fast and easy way for launderers to move their money. Structuring is a highly popular form of layering. It is the processing of financial transactions just under the threshold which jurisdictions set for reporting purposes. These thresholds vary depending on the jurisdiction.

Criminals regularly probe the regulatory landscape for new and undetectable ways to hide their money. Broker-dealers are vulnerable to money laundering due to the high volume of trades conducted and the variety of financial products offered to clients. Wash trading and spoofing are two methods of layering in a broker-dealer setting. Wash trading consists of the launderer using illicit funds and taking a long position in one stock and a short position in that same stock, usually at a different broker-dealer. Aside from the cost of the trades, the launderer normally breaks even and receives a clean check once the position closes. Spoofing is the practice of placing limit orders and cancelling them just before the stock reaches the strike price. The cancellation would have an adverse effect on the stock and the launderer could place an order to benefit.

Cuckoo smurfing is another form of layering. This technique requires the work of an “insider” at a money remitter, an innocent bank customer and a transfer of funds. The “insider” receives an order to send money to an overseas account. The account information of the beneficiary is supplied to the launderer by the “insider.” The initial “clean” funds being sent are redirected into the launderer's account giving he or she a legit source of cash and the illicit money provided by the launderer is deposited into the innocent beneficiary’s account. Cuckoo smurfing has been predominantly a European practice, however, U.S. regulators have seen an increase in third party deposits in recent years.

As newer, faster and easier ways to transfer money are introduced, criminals will be looking for loopholes to exploit them. Venmo is one such product. It is a mobile app which allows peers to transfer funds freely among each other in amounts up to $2,999.99 per week. There have already been issues with these payment systems however, there are ways to prevent launderers and other criminals from exploiting systems and their users. Knowing your customer is paramount in any anti-money laundering initiative. The more information gathered and verified by these pay sites, the easier it is to identify a culprit.

For more information please contact MSA Investigations.

Tags: Fraud, investigator, laundering

The Latest Major Network Security Breaches: USIS and UPS

Posted by Neil Moran on Tue, Sep 02, 2014 @ 07:00 AM

Cybersecurity image resized 600

It was recently reported that U.S. Investigation Services (USIS), a major provider of background checks for the U.S. Government, experienced a network compromise.  Details surrounding this compromise, such as the method used and the data affected, have not been released.  Suffice it to say, given the nature of the work conducted by the USIS, the potential for a compromise of extremely sensitive data, remains high. Similarly, the UPS Store, the shipping and business service retailer, recently disclosed that 51 of its stores in 24 states experienced a data breach caused by a malware. In the UPS breach, additional information was available about the type of data compromised, in this instance, customer credit card data.   In the UPS case, we are still awaiting answers about how the malware infection occurred.

While the investigation is ongoing in both of these matters, we are left to make assumptions as to how these compromises succeeded. What can be learned, even before the findings are made public, is the importance of an active and dynamic network security program for both private and public entities.  The reality is that motivation for compromising network systems varies from hacker group to hacker group.  For some the motivation is monetary, for others it is political (backed by a nation state), and for others it is activism.  Regardless of the motive, it becomes clear that all companies and government agencies are potential targets. 

Although we don’t yet know how the USIS and UPS Store compromises succeeded, based on recent trends it was most likely a combination of end-user action and the ability of hackers to take advantage of network security vulnerabilities.  On the end-user action side, we must continue to remind our network users to employ the utmost care in opening e-mail attachments or clicking on links embedded in e-mail messages.  Preventing most network intrusions and data breaches, starts with educating the end-user.  However, because we don’t live in a perfect world and when mistakes do occur, security vulnerabilities should be proactively identified and remediated through penetration testing, IT security audits, and regular vulnerability scans.

MSA Investigations cyber-security professionals work with clients to analyze IT networks, perform penetration testing, and  develop incident response plans to protect private information from both external and internal threats.

For more information contact MSA Investigations.


Photo Credit:

Tags: cyber security, network security, cyber attacks, Penetration Testing, USIS, UPS

Form I-9 Audits: What Employers Should Know

Posted by John Maguire on Mon, Aug 18, 2014 @ 05:18 PM

At the moment, Form I-9 compliance is a hot-button issue in the United States. Immigration and Customs Enforcement (ICE) has recently increased its I-9 audits, which means more employers are being fined for improper filings. A Form I-9 is a mandatory document for employees to complete prior to working for money in the U.S. It was mandated as part of the Immigration Reform and Control Act of 1986 and with the introduction of the Internet, E-Verify has become a vital part of ensuring the identity of potential employees. E-Verify uses a Form I-9 to verify an individual's identity and employment eligibility with information retained by the Department of Homeland Security (DHS) and Social Security Administration (SSA).

Filing a Form I-9 is a simple process. However, filing incomplete forms or bypassing the submission altogether, carries some stiff penalties. Here are some consequences of Form I-9 violations:

 untitled resized 600

1) Civil Fines


  • Companies can be fined as low as $110 and as much as $1,100 for failing to comply with Form I-9 requirements. Knowingly hiring a person unauthorized to work in the United States can range from $375 up to $16,000 in civil penalties. Committing document fraud can be punishable in fines ranging from $375 to $6,500. Unlawfully discriminating against an authorized worker can cost a company at least $375 and up to $16,000. Finally, asking an employee for an indemnity bond can be fineable by $1,100 or a full refund of the bond's value. 


2) Criminal Penalties


  • If convicted of hiring, recruiting or referring unauthorized aliens a company would have to pay at least $3,000 or the individuals deemed responsible could face up to six months in prison. 


3) Debarment from Government Contracts


  • Depending on the security clearance or government agency employing the offending company, a government contract could be lost due to Form I-9 violations. 


4) Restitution


  • A company guilty of discriminating against an individual in connection with I-9s, could either be forced to remit back pay to the employee or mandated to hire the individual.


Companies being audited by ICE should comply with all requests for documentation. Showing good will can have a beneficial impact on the ultimate sentence. The Office of the Chief Hearing Officer (OCAHO) is the government agency which adjudicates  I-9 cases. The administrative law judge (ALJ) decides whether or not the fines levied by ICE are fair. In
certain instances, the ALJ may feel the amount is excesive and adjust the total.  In other instances where a violator shows blatant disregard for the guidelines, a harsher fine or even possible jail time are considerations. OCAHO can, also, deem the fine to be fair and take no further action.

In early 2014, a New York restaurant was found negligent in filing nearly 300 I-9s and assessed a fine of $264,605. The ensuing OCAHO hearing found that the fines levied by ICE
were, in fact, too harsh and they were reduced to $88,700. This reduction was in consideration of the restaurant's financial condition. The ALJ recognized the fine was almost 50 percent of the restaurant's total income in 2011 and could have caused its demise. Fines were imposed due to the serious nature of the violations, which, in some cases, was a  total disregard for filing I-9s.

It is imperative for businesses to be current on all I-9 rules and regulations. ICE audits have increased in the last several years and the fines for each violation keeps pace with inflation. In 2008, USCIS adjusted the value of fines due to Form I-9 violations to be more in line with inflation. These fines could rise in the coming years, as could the number of audits performed by ICE. 


For more information please contact MSA Investigations.


Tags: Form I-9 audits, OCAHO, fines

Due Diligence: What You Should Know About Your Business Partner

Posted by Melissa Rodriguez on Mon, Aug 11, 2014 @ 08:00 AM


For many companies operating in international jurisdictions, conducting due diligence on international business partners has become a standard business practice. However, while the need to “know” their foreign counterparts is clear, there is no regulatory guidance specifying a minimum level of due diligence to be conducted. This lack of guidance can make it tempting for companies to take a corner-cutting approach to critical work that must be done properly. A company’s decision to conduct the minimum level of due diligence is almost never in the company’s best long-tern interests. A more systematic investigation on potential international business partners should involve collection of information from the business partner, verifying that information, and following up on identified “red flags” during the course of the investigation.

The U.S. Foreign Corrupt Practices Act (FCPA), the U.K. Bribery Act and increased global compliance regulations require that companies have adequate procedures in place that are designed to address third party corruption risk. Due diligence in regard to FCPA compliance requires that a company evaluate the risks involved in doing business prior to establishing a relationship and if, in facrt, a relationship is formed, an ongoing process of periodically evaluating the association to find links between current business relationships overseas and ties to a foreign official or illegal activities linked to corruption.

Companies wanting to evaluate their business partners for FCPA compliance should consider taking the following steps in their probe of a potential international business partner:

  1. Require the potential business partner to disclose information on a questionnaire
  2. Verify the information provided and independently identify adverse information
  3. Perform additional due diligence on any “red flags” identified in the process


Companies should create a questionnaire that, at the very minimum, contains the following components:

- Identifying information for the company – such as, address, registration and contact information

- Ownership and management details, including beneficial owners, as well as identifying  background on these individuals, such as, date of birth, current address, educational and employment history, and business affiliations.

- Disclosure of any bankruptcy, civil, criminal and regulatory matters.


Once the questionnaire is completed, companies should conduct an assessment to determine the level of risk presented by each business partner. A number of factors should be considered, including the type of relationship, corruption risk associated with the jurisdiction, interaction with government officials, compliance regime, and known adverse information about the business partner.

Effective international business partner due diligence requires companies to gather meaningful information and assess potential risks. International online public records can be sparse and unreliable; instead, local resources may be required for record retrieval and for human source inquiries regarding the reputation and background of the subject at hand. Companies should strongly consider hiring an independent firm to conduct background research to benefit from access to sources otherwise not available. A professional's expertise and knowledge of the jurisdiction would greatly lower the risk of overlooking critical information and provide credibility to the information gathered during the investigative process.

A more systematic investigation on potential international business partners will significantly contribute to a better informed decision and allows the company to evaluate all of its costs, benefits, and risks. MSA Investigations’ due diligence practice is committed to assisting clients in understanding the risks associated with a potential business partner by providing crucial information and intelligence.

Melissa Rodriguez is a Senior Investigative Analyst at MSA Investigations.

Photo Credit:

Tags: investigations, Due Diligence, background research

[UPDATE 2] Massive CityTime Fraud: Red Flags Were Ignored (Part 2)

Posted by MSA Investigations on Thu, Jul 17, 2014 @ 08:00 AM

This is Part 2 of 2 of a mini-series on the epic fraud committed right under the noses of the public and the City of New YorkRead Part 1 here.


UPDATE (July 17, 2014):

On July 15, 2014, Svetlana Mazer, Mark Mazer’s wife, was convicted for obstruction of justice.  The court sentenced Svetlana Mazer to three years of probation and ordered her to complete 200 hours of community service. 

Larisa Medzon, mother to Svetlana, was convicted for structuring transactions to evade reporting.  Medzon was sentenced to six months of home confinement, three years of probation, and ordered to complete 200 hours of community service.

Anna Makovetskaya, Mark Mazer’s distant cousin, was convicted for conspiracy to defraud the United States.  Makovetskaya was sentenced to three years of probation and ordered to complete 200 hours of community service.


UPDATE (April 29, 2014): 

On April 28, 2014 Mark Mazer, Gerard Denault, and Dimitry Aronshtein were each sentenced to 20 years in prison and ordered to forfeit $40 million in cash and property.

Co-conspirators, Svetlana Mazer, Mark Mazer’s wife; her mother Larisa Medzon; and Anna Makovetskaya, Mark Mazer’s distant cousin, all pleaded guilty on June 19, 2013 and their adjournment for sentencing is slated for June 24, 2014.

Carl Bell reportedly co-operated with investigators and pleaded guilty on June 14, 2011.  His sentencing records are sealed.

Victor Natanzon also reportedly co-operated with investigators and pleaded guilty on February 8, 2011.  No sentencing information is currently available.

Scott Berger, co-conspirator and defendant in the case, died of an apparent heart attack on December 19, 2010.


As discussed in Part 1, this $700 million scandal could not have been possible if it were not for a few key players and their ability to influence, authorize, and conceal illegal activities. Once these individuals laid the groundwork to defraud the City they began recruiting others to aid in the scheme.

The Schemes

According to court documents, around 2003, Gerard Denault (SAIC’s Program Manager on the CityTime project) and Carl Bell (SAIC's Chief Systems Engineer in New York City) recommended that SAIC (the lead project developer on the CityTime project) hire TechnoDyne LLC, wholly owned by Reddy and Padma Allen (CEO and CFO respectively) as a subcontractor to assist in the CityTime project.  In turn, the Allens agreed to pay Denault and Bell each $5 for every hour worked by a CityTime consultant hired by or through TechnoDyne, and thus these kickbacks created an incentive for the perpetrators to increase the project labor as much as possible.

fed court mark mazer citytime

Mark Mazer

Perhaps as a method to create another layer of concealment, around 2005, Mark Mazer (a third party consultant and subject matter expert on the CityTime Project) and Denault, among others, caused the Allens and TechnoDyne to hire D.A. Solutions, Inc. as a sub-subcontractor on the CityTime project. The owner of D.A. Solutions was Dimitry Aronshtein, Mark Mazer’s uncle. This familial relationship was apparently not disclosed to project officials. 

The following year, Mazer and Denault, among others, caused the Allens and TechnoDyne to hire yet another sub-subcontractor, Prime View, Inc., whose owner was Victor Natanzon.  Both of these sub-subcontractors agreed to pay kickbacks to Mazer.  Initially, Natanzon agreed to pay Mazer 80 percent of Prime View’s profits on CityTime.  Perhaps not satisfied with this deal, over time, Mazer demanded an even larger share of the profits. 

With these two sub-subcontractors in place and with illegal proceeds flowing into Mazer's and the Allen's pockets, prosecutors allege that Mazer and the Allens agreed to pay Denault an additional $2 for every hour billed by D.A. Solutions and Prime View.

Around 2005 and 2006, Mazer and Denault, among others, used their influence to recommend an amendment to SAIC’s CityTime contract, in which the City agreed to change the agreement from a “fixed price” contract, which SAIC would bear “the responsibility of absorbing cost overruns,” to a “fixed price level of effort” contract, “so that the City, and not SAIC, would largely become responsible for future cost overruns.”

According to court documents, after the contract amendment, the co-conspirators allegedly upped the ante and significantly increased the staffing on the project. In 2005, less than 150 consultants worked on the project.  In 2007, the number of consultants increased to more than 300; most of them hired by TechnoDyne. This hiring spree occurred in spite of an internal memo by Denault that indicated that the program "was staffed adequately to meet both current and projected contract needs.”

Based on interviews with former employees, investigators claim that the scheme also extended to fraudulent time sheets and ghost employees.  In one interview, a former employee claims to have witnessed time sheets, which were submitted to the City for billing, that were fraudulently completed for work conducted, when in fact the consultant in question was on vacation or had been already terminated. The same former employee alleged that when he/she was notified of his/her termination, Aronshtein, owner of D.A. Solutions forced the employee to sign two weeks' of new time sheets in order to receive severance pay.  Investigators believe these blank time sheets with the employee's signature would subsequently be completed and submitted, following the employees' termination, for work that had not actually occurred.  Mazer and a colleague, Scott Berger, purportedly acted as supervisors and knowingly approved these fraudulent time sheets.

fed court citytime

Gerard Denault

The Concealment

Prosecutors allege that conspirators withdrew cash through ATM transactions at multiple banks for amounts under the threshold for which a currency transaction report needs to be completed, avoiding possible anti-money laundering detection; transferred their illegal proceeds to foreign banks in India and Latvia; and deposited kickbacks to shell companies formed by the perpetrators and their family.  Prosecutors accused Mazer's wife and his mother of forming some of these shell companies that received kickbacks to add layers of complexity to the fraud and to further conceal Mark Mazer's involvement.

In total, between 2003 and 2010, TechnoDyne allegedly received at least $450 million in connection with the CityTime project. Sub-subcontractors, D.A. Solutions and Prime View reportedly received $55 million between 2005 and 2010 and $20 million between 2006 and 2010 respectively. Prosecutors stated, "virtually the entirety of the well over $600 million that the City paid to SAIC on the CityTime Project was tainted, directly or indirectly, by fraud."

Denault is reported to have received $9 million in kickbacks and Bell $5 million. Dimitry Aronshtein of D.A. Solutions and Victor Natanzon of Prime View allegedly paid Mark Mazer $25 million in kickbacks.

Red Flags

So how was this fraud allowed to continue for nearly seven years, even when the original budget for the project ballooned to an absurd number? Perhaps performing some very basic due diligence and exercising tighter internal controls may have uncovered the scheme sooner. 

According to court documents, D.A. Solution's revenue from the CityTime Project represented almost 100 percent of the company's income and Prime View's portion totaled 75 percent, after they were hired and up until the scheme unraveled.

News outlets reported that in 1994, Mark Mazer was investigated by the FBI while working at City’s Administration of Children’s Services division after millions of dollars went missing in the division he supervised. The media claimed that foster-care checks were being issued without proper supporting documents and approximately $2 million went missing. Mazer was never charged; however, he was barred from the room that wrote the checks and his salary was lowered from $43,925 to $34,537.

In 1995 and 1996, allegations against Mazer were made for sexual harassment. The victims eventually received payment from the City.  Mazer was again under investigation when two city laptops were stolen in 1998, though he was not charged. The media also reported that he was arrested on petty larceny charges in 1999, though the case is sealed.

SAIC, a Fortune 500 company and a major government contractor, receives billions of dollars in revenue from its contracts, so how did they allow TechnoDyne to be hired as their major subcontractor for this project?  Court documents show that upon Denault's recommendation and denial of any conflict of interest, TechnoDyne did not have to undergo any competitive bidding process to win the contract and was retained as a "sole source" contractor.

In one damning piece of evidence, according to court documents, in 2005 SAIC received a whistle blower complaint alleging that subcontractor TechnoDyne was receiving an inordinate amount of work from SAIC on the CityTime project and claimed contract mismanagement and allegations of Denault receiving kickbacks. Despite SAIC's internal investigation, TechnoDyne continued to reap a large amount of the work, about 74 percent of the overall total paid to SAIC for the CityTime project, compared to 14 percent to all the other subcontractors and vendors combined.

City officials are also partly responsible for ignoring the warning signs  According to published media, during Bill Thompson's tenure in office as city comptroller from 2002 to 2009, he failed to audit the CityTime program despite the program's growing costs.  Instead, on seven ocassions he authorized amendments to the program's contract allowing the program to use more and more of the taxpayers' money.

In July 2008, the OPA internally audited the program and discovered several instances where consultants had been collecting paychecks weeks after they had been terminated, costing taxpayers $145,000.  According to news articles, Thompson's office was aware of the OPA audit and had been requested to investigate further.  However, no further action was taken until 2010, when Thompson was succeeded as city comptroller by John Liu.  As discussed in Part 1 of this series, the subsequent audit found that the program was mismanaged.


alg reddy padma allen split jpg

Reddy and Padma Allen


Eventually, the scheme was discovered in June of 2010, when a former consultant on the CityTime project came forward and informed the City's Department of Investigation that the consultant was being paid by D.A. Solutions rather than SAIC and TechnoDyne. DOI then learned that D.A. Solutions did not have contractual rights to receive payment for the CityTime project, which led to several interviews with other former consultants and eventually revealed the fraudulent time sheet scheme.

On November 22, 2013, Mazer, Denault, and Aronshtein were convicted for their involvment in the fraud, as have all of the defendants that have been charged in the CityTime scandal. The Allens have fled to their native India, where, with the $39 million it is believed that they embezzled, will be quite comfortable as fugitives. News articles report that at their sentencing in March 2014, both Mazer and Denault will face life in prison.

Although SAIC paid back $500 million this was a huge embarrassment for the City and officials.  A project meant to create efficiency and prevent waste and fraud turned into a decade long debacle resulting in one of the largest fraud cases in New York history.  One can only hope that the City has learned from its mistakes and will conduct its own due diligence to prevent future recurrences.


To learn about MSA Investigations' fraud investigation, monitorship, and due diligence capabilities, contact us today.

Photo Credits: NY Daily News

Tags: Fraud, CityTime, Due Diligence