打击州福利计划中的内部舞弊

In the two years since the advent of the COVID-19 pandemic, news headlines have been awash with sensational stories about international crime gangs and con artists who stole billions of dollars in government relief money. But while these stories captured the public’s attention, another type of fraudster was plying their trade in state benefit agencies across the U.S. — the internal fraudster.

自2019新冠疫情以来的两年里，新闻头条充斥着关于国际犯罪团伙和骗子窃取数十亿美元政府救济金的耸人听闻的故事。但是，尽管这些故事吸引了公众的注意，另一类舞弊者正在美国各地的州福利机构中进行交易——内部舞弊者。

Take Brandi Hawkins, a contractor in Michigan’s state unemployment insurance office. She pleaded guilty to defrauding the agency of $3.8 million in pandemic aid by entering numerous false claims into the state’s employment insurance agency system, often using stolen identities. Hawkins accepted bribes in return for releasing payments on more than 700 claims to external accomplices. (See “State Contractor Pleads Guilty in $3 million Unemployment Fraud Scheme,” U.S. Department of Justice (DOJ), June 30, 2021.) And, Reyes De La Cruz III, who was employed in the Washington State Employment Security Department as an intake agent, filed fraudulent claims paid out to debit cards, impersonated claimants and accepted bribes in exchange for engineering benefit payments for friends, family and acquaintances. (See “Former Employment Security Department employee indicted for filing false claims and demanding kickbacks,” U.S. DOJ, Sept. 24, 2021.) These examples may have filled U.S.DOJ press releases but not the big national headlines. In the case of state benefit programs, internal fraud is the threat few are talking about.

以密歇根州失业保险办公室的承包商布兰迪·霍金斯为例。她承认通过在该州就业保险机构系统中输入大量虚假申请，经常使用被盗身份，骗取了该机构380万美元的流行病援助。霍金斯接受了贿赂作为回报，他向外部同伙支付了700多项索赔的款项。（见“州承包商在300万美元舞弊阴谋计划中认罪”，美国司法部(DOJ) ，2021 6月30日。）此外，雷耶斯·德拉克鲁兹三世（Reyes De La Cruz III）受雇于华盛顿州就业保障部(Washington State Employment Security Department) 担任招生代理，他提交了支付给借记卡的舞弊性索赔，冒充索赔人并接受贿赂，以换取朋友、家人和熟人的工程福利金。（参见“前就业保障部员工因提交虚假索赔和索要回扣而被起诉”，美国司法部，2021 9月24日。）这些例子可能充斥着美国司法部的新闻稿，但并没有成为全国性的头条新闻。就国家福利计划而言，内部舞弊是很少有人谈论的威胁。

Indeed, fraud against government agencies was big business during the pandemic with the U.S. Department of Labor estimating in September 2021 that about $87.3 billion in unemployment insurance (UI) had gone to fraudulent payments. (See “DOL-IG Oversight of the Unemployment Insurance Program,” U.S. Department of Labor Office of the Inspector General, Jan. 3, 2022.) The U.S. Secret Service reported in December 2021 that fraudsters had stolen almost $100 billion of the $5 trillion in pandemic stimulus funds distributed to the states by the U.S. government. (See “Criminals have stolen nearly $100 billion in Covid relief funds, Secret Service says,” by Eamon Javers and Scott Zamost, CNBC, Dec. 21, 2021, and “ Where $5 Trillion in Pandemic Stimulus Money Went,” by Alicia Parlapiano, Deborah B. Solomon, Madeleine Ngo and Stacy Cowley, The New York Times, March 11, 2022.) These reported losses are staggering on their own if we’re only considering the external frauds, but taken with possible losses from internal fraud, we might only be seeing the tip of the iceberg.

事实上，在疫情期间，针对政府机构的舞弊是一个大问题，美国劳工部在2021年9月估计，大约873亿美元的失业保险（UI）用于舞弊性支付。（参见“失业保险计划的DOL-IG监督”，美国劳工部监察长办公室，2022年1月3日。）2021年12月，美国特勤局报告称，舞弊者窃取了美国政府向各州发放的5万亿美元流行病刺激资金中的近1000亿美元。（参见2021年12月21日CNBC的埃蒙·贾沃斯和斯科特·萨莫斯的《犯罪分子偷走了近1000亿美元的新冠肺炎救济资金》，以及2022年3月11日《纽约时报》的艾丽西亚·帕拉皮亚诺、黛博拉·B·所罗门、马德琳·非政府组织和斯泰西·考利的《5万亿美元大流行刺激资金流向何方》）如果我们只考虑外部舞弊，这些报告的损失是惊人的，但考虑到内部舞弊可能造成的损失，我们可能只看到了冰山一角。

Organizations often focus on the threat of external actors. It’s easier to make sense of a bad actor from outside the organization than it is to understand trusted employees or colleagues as bad actors. Organization leaders often wear rose-colored glasses, preferring an optimistic view of the people they entrust to carry out the day-to-day tasks of essential state business. While it’s understandable to think the best of employees, this view hinders meaningful actions to prevent, detect and mitigate internal threats.

组织经常关注外部行为者的威胁。从组织外部理解一个坏角色要比把信任的员工或同事理解为坏角色容易得多。组织领导人经常戴着玫瑰色的眼镜，更喜欢以乐观的态度看待他们委托执行基本国务日常任务的人。虽然认为员工最好是可以理解的，但这种观点阻碍了预防、检测和缓解内部威胁的有意义的行动。

State benefit programs are just as vulnerable to internal threats as any other organization. No matter how strong the controls and processes or how “good” the people are, there’s no such thing as zero internal fraud risk. The pandemic and the influx of government aid disbursed to state benefit programs intensified the risk factors that can lead to internal fraud. Those risk factors included:

州福利计划和其他组织一样容易受到内部威胁。无论控制和流程有多强大，员工有多“优秀”，都不存在零内部舞弊风险。这种流行病和政府向国家福利计划提供的大量援助加剧了可能导致内部舞弊的风险因素。这些风险因素包括：

1.New programs rolled out overnight, such as the Pandemic Unemployment Assistance (PUA) program.

一夜之间推出了新的计划，如流行病失业援助（PUA）计划。

2. An unprecedented number of UI claims and states relying on legacy systems too outdated to withstand the onslaught.

前所未有的大量用户界面声明和状态依赖于过时的遗留系统，无法承受冲击。

3. Benefit programs outsourced to contractors/vendors, such as leveraging contractors for surge support to accommodate the overnight increase in claims. In some cases, states relied on these contractors to verify work quality or adherence to controls.

外包给承包商/供应商的福利计划，例如利用承包商提供激增支持，以适应夜间索赔的增加。在某些情况下，各州依靠这些承包商来验证工作质量或是否遵守控制措施。

4. Swift adjustment to controls, processes and the way states interacted with claimants as a result of the pandemic. This meant changing processes to accommodate the quick shift to remote work, implementing overrides for key controls to expedite claims or shifting to all-digital interaction with claimants when previously in-person interaction was the norm.

迅速调整控制措施、程序以及国家因大流行而与索赔人互动的方式。这意味着改变流程以适应远程工作的快速转移，实施关键控制的覆盖以加快索赔，或者在以前亲自互动是常态的情况下，转向与索赔人的全数字互动。

How do all of these factors come together to impact internal fraud? We can use Dr. Donald Cressey’s Fraud Triangle to better understand how the confluence of factors described above heightened the risk of internal fraud. The three components of the triangle — perceived unshareable financial need (often expanded to mean “pressure”), perceived opportunity and rationalization — are the conditions necessary for fraudulent behavior. (See ACFE.com/fraud-triangle.)

所有这些因素如何共同影响内部舞弊？我们可以利用唐纳德·克雷西博士的舞弊三角理论来更好地理解上述因素的出现是如何增加内部舞弊风险的。三角关系的三个组成部分——感知到的不可共享的财务需求（通常扩展为“压力”）、感知到的机会和合理化——是舞弊行为的必要条件。(参见ACFE.com/fraud triangle。)

In the case of pandemic-era state benefit programs, there was ample opportunity for unscrupulous internal actors to take advantage of a difficult situation. Fast rollouts, increased work volumes, outsourcing and changes to processes left little room for diligent oversight and created an environment perfect for internal fraudsters.

在疫情时期的国家福利计划中，肆无忌惮的内部行为者有充分的机会利用困难局面。快速的推广、工作量的增加、外包和流程的改变几乎没有留下勤勉监督的空间，并为内部舞弊者创造了一个完美的环境。

Every fraudster has a modus operandi (MO), or a method by which they commit fraud. When it comes to the MOs of internal fraudsters, we’ve seen the following:

每个舞弊者都有一种作案手法（MO），或他们实施舞弊的方法。当谈到内部舞弊者的MOs时，我们看到了以下内容：

1. Collusion with claimants. The internal actor colludes with claimants to increase the benefit amount of an otherwise legitimate claim or fraudulent claim.

与索赔人勾结。内部行为人与索赔人串通，以增加其他合法索赔或舞弊索赔的福利金额。

2. Account takeover. The fraudster abuses their access to the state’s system to take over active or dormant claimant accounts. From there, they might increase benefit amounts and redirect benefits to their own bank account or an accomplice’s account.

账户接管。舞弊者滥用其对国家系统的访问权，接管活跃或休眠的索赔人账户。从那里，他们可能会增加福利金额，并将福利转移到自己的银行账户或共犯的账户。

3. Fabricated accounts. The fraudster abuses their access to create fake accounts that directly benefit their own bank account or an accomplice’s account.

伪造账户。舞弊者滥用其访问权限，创建虚假账户，直接为自己的银行账户或共犯的账户谋利。

4. Family and friends. A variation of collusion with claimants but in this case the fraudster colludes with their family or friends.

家人和朋友。与索赔人勾结的一种变体，但在这种情况下，舞弊者与其家人或朋友勾结。

5. Fraudster’s own claim. The internal actor abuses their access to the program system and submits a benefit claim on their own behalf to receive fraudulent payouts.

舞弊者自己的索赔。内部行为人滥用其对计划系统的访问权，并代表自己提交福利申请以获得舞弊性付款。

6. Information theft. The internal actor abuses their access to the program system to steal personally identifiable information (PII) or other sensitive information for nefarious purposes, such as selling it on the dark web or committing identity crime.

信息盗窃。内部行为人滥用其对程序系统的访问权，窃取个人识别信息（PII）或其他敏感信息，以达到恶意目的，例如在暗网上出售或实施身份犯罪。

Internal actors are making their mark and taking advantage of their access to get big payouts for themselves and their accomplices. So, what can we do about it? We suggest the following six strategies to reduce risks and identify losses from fraud:

内部行为人正在发挥作用，利用他们的机会为自己和同谋谋取巨额报酬。那么，我们能做些什么呢？我们建议采用以下六种策略来降低风险并确定舞弊造成的损失：

1. Acknowledge the risk. Fraud can’t lurk in the shadows if you acknowledge that the risk exists. This may entail a culture shift to ensure fraud isn’t a four-letter word, and when it comes to internal fraud, ensuring it’s not avoided simply because it’s uncomfortable to think about.

承认风险。如果你承认风险存在，舞弊就不会潜伏在阴影中。这可能需要一种文化转变，以确保舞弊不是一个由五个字母组成的词，当涉及到内部舞弊时，确保它不会仅仅因为思考起来不舒服而被避免。

2. Understand where you’re vulnerable. Assess where in your controls and processes you’re vulnerable to internal fraud. Where are the gaps? Where are the overrides? Where’s there a lack of oversight? How’s access to your organization’s system managed and monitored?

了解你的脆弱之处。评估您的控制和流程中哪些地方容易受到内部舞弊的影响。差距在哪里？失效在哪里？哪里缺少监督？如何管理和监控对组织系统的访问？

3. Identify red flags. Internal fraudsters often engage in certain practices that can be flashing red-light warnings of fraud. In our experience, internal fraudsters often work late into the night or on weekends to perpetrate their frauds when co-workers or supervisors are less likely to observe them. In some cases, an internal bad actor might go out of their way to perform tasks that aren’t part of their job description to better carry out a scheme. Determining what might be a red flag in your program can help you better identify bad actors and stop them in their tracks. It’s important to remember that red flags may differ depending on the state or program.

识别危险信号。内部舞弊者经常从事某些行为，这些行为可能会发出舞弊的红灯警告。根据我们的经验，内部舞弊者经常工作到深夜或周末，在同事或主管不太可能观察到他们的情况下实施舞弊。在某些情况下，内部不良行为人可能会不厌其烦地执行不属于其工作描述的任务，以更好地执行计划。确定程序中的危险信号可以帮助您更好地识别不良行为人并阻止他们继续前进。重要的是要记住，危险信号可能因州或计划而异。

4. Assemble an investigative team. To understand whether internal fraud has occurred in your organization and where it’s occurring, you’ll need to put together a team that can investigate leads and referrals — such as hotline tips and referrals from a supervisor, law enforcement and/or a lead identified through proactive detection mechanisms. This investigative team can work in tandem with any existing fraud investigative groups or be a stand-alone team. There’s no right way to assemble the team as long as proper processes and governance are in place. For example, this should involve documentation that outlines the investigative process end to end, a team charter and an organizational chart to show how the team will coordinate and report into other functions and leadership.

组建一个调查小组。为了了解您的组织是否发生了内部舞弊以及内部舞弊发生的地点，您需要组建一个团队来调查线索和转送，例如热线提示和来自主管、执法部门和/或通过主动检测机制识别的线索的转送。该调查小组可以与任何现有的舞弊调查小组协同工作，也可以是一个独立的小组。只要有适当的流程和治理，任何方法来组建团队都是恰当的。例如，这应该包括概述端到端调查流程的文档、团队章程和组织结构图，以显示团队将如何协调并向其他职能部门和领导层报告。

5. Get proactive. Investigative teams often rely on reactive detection, only investigating fraud after receiving a tip from an employee, supervisor or even law enforcement. The problem with relying on reactive detection is that many frauds end up getting through the system unfettered. But proactive detection — detection that can root out fraud as it’s occurring — should be baked into your anti-internal-fraud strategy. An example of proactive detection is a data analysis tool that scans systems for any of your previously identified red-flag behaviors. You can create a scoring system that prioritizes any red flags the analysis tool identifies to ensure that the investigative team focuses on high-value leads.

积极主动。调查团队通常依靠反应式检测，只有在收到员工、主管甚至执法部门的提示后才调查舞弊行为。依赖反应式检测的问题是，许多舞弊最终会不受限制地通过系统。但是，主动检测——能够在舞弊发生时根除舞弊的检测——应该融入到您的反内部舞弊战略中。主动式检测的一个示例是一个数据分析工具，它可以扫描系统以查找您之前识别的任何危险行为。您可以创建一个评分系统，对分析工具识别的任何危险信号进行优先排序，以确保调查团队关注高价值线索。

6. Don’t forget external fraud. Even though stories about internal frauds were overshadowed by headlines about external frauds, it’s important to remember that external fraud and internal fraud often go hand in hand and are generally seen in situations where an insider teams up with an outside fraudster. If you have separate internal and external investigative teams, ensure that they communicate with each other.

不要忘记外部舞弊。尽管有关内部舞弊的报道被有关外部舞弊的头条新闻所掩盖，但重要的是要记住，外部舞弊和内部舞弊往往是相辅相成的，通常出现在内部人员与外部舞弊者合作的情况下。如果您有独立的内部和外部调查团队，请确保他们相互沟通。

Along with the strategies we detailed above, state agency leaders can enhance their anti-internal-fraud operations with the following tactics.

除了我们上面详述的战略外，国家机构领导人还可以通过以下策略加强其反内部舞弊行动。

1. Focus on prevention. Prevention is best achieved with strong controls and processes. Leverage the insights you gained from the  analysis of your vulnerabilities to identify the controls you need to strengthen.

注重预防。最好通过强有力的控制和流程来实现预防。利用从漏洞分析中获得的见解，确定需要加强的控制措施。

2. Make internal fraud part of training and awareness initiatives. Many times, organizations focus their employee training and fraud awareness efforts on external fraud threats. But employees need to know about internal fraud and how to spot it. Be sure to include examples of internal frauds in employee training and explain the role they play in internal fraud risk management and how they might go about reporting tips or suspicious behavior.

将内部舞弊作为培训和意识活动的一部分。很多时候，组织将其员工培训和舞弊意识工作重点放在外部舞弊威胁上。但员工需要了解内部舞弊以及如何发现它。确保在员工培训中包括内部舞弊的例子，并解释他们在内部舞弊风险管理中所起的作用，以及他们可能如何报告提示或可疑行为。

3. Reassess your risks. Risk assessment isn’t a one-and-done activity. Risk assessment should be periodically revisited, whether you do it every year or every other year. It’s also important to reassess your risks on an ad hoc basis whenever a major event affects your fraud landscape. From your assessments, you might determine that you need to reorganize the department or implement a new system, for example.

重新评估您的风险。风险评估不是一项一劳永逸的活动。无论您是每年还是每隔一年，都应该定期重新进行风险评估。每当重大事件影响到您的舞弊情况时，在临时基础上重新评估您的风险也很重要。例如，根据评估，您可能会确定需要重组部门或实施新系统。

4. Define it in your fraud policy. Your fraud policy should include a definition of internal fraud and examples of what constitutes internal fraud. This internal fraud policy should also include the ramifications or actions taken if fraud is identified — such as termination of the employee.

在您的舞弊政策中定义它。您的舞弊政策应包括内部舞弊的定义以及构成内部舞弊的示例。该内部舞弊政策还应包括在发现舞弊时采取的后果或行动，如解雇员工。

5. Act now. Effectively managing internal fraud risk is a long-term journey. Any organization can benefit from determining where it might be vulnerable to internal fraud and develop strategies for detecting and preventing it. It’s imperative to focus on managing internal fraud holistically, with an eye on proactive and strategic internal fraud risk management.

立即行动。有效管理内部舞弊风险是一个长期的过程。任何组织都可以从确定其易受内部舞弊影响的领域中获益，并制定检测和预防内部舞弊的战略。必须将重点放在全面管理内部舞弊上，同时着眼于主动和战略性的内部舞弊风险管理。