The Peregrine Financial Group Inc. fraud is
still emerging, but once again, we see auditors being duped because they failed
to follow the basic procedures of the auditing profession and exercise an
appropriate level of professional skepticism.
The CEO and
sole owner of Peregrine Financial Group, Russell Wasendorf, Sr., attempted to
commit suicide and left a note detailing the fraud that was committed over a 20
year period of time. It’s alleged that more than $200 million in customer funds
are missing.
The Note Confirming the Fraud
Here is
part of the suicide note (I’ve highlighted important concepts in red):
“I
have committed fraud. For this I feel constant and intense guilt. I am very
remorseful that my greatest transgressions have been to my fellow man. Through a scheme of using
false bank statements I have been able to embezzle millions of dollars from customer
accounts at Peregrine Financial Group, Inc.
“The forgeries started nearly twenty years ago and have gone
undetected until now. I was able to conceal my crime of forgery by being the
sole individual with access to the US Bank accounts held by PFG. No one else in
the company ever saw an actual US Bank statement. The bank statements were
always delivered directly to me when they arrived in the mail. I made counterfeit
statements within a few hours of receiving the actual statement and gave the forgeries to the
accounting department.
“... I had no access to additional capital and I was forced into a
difficult decision: Should I go out of business or cheat? I guess my ego was
too big to admit failure. So I cheated, I falsified the very core of the
financial documents of PFG, the Bank Statements.
“At first I had to make forgeries of both the Firstar Bank
Statement and the Harris Bank Statements. When I choose [sic] to close the
Harris Account I only had to falsify the Firstar statement. I also made forgeries of
official letters and correspondence from the bank, as well as transaction
confirmation statements.
“Using a combination of Photo Shop, Excel, scanners, and both laser
and ink jet printers I was able to make very convincing forgeries of nearing
every document that came from the Bank. I could create forgeries very quickly
so no one suspected that my forgeries were not the real thing that had just
arrived in the mail.
“With careful concealment and blunt authority I was able to hide
my fraud from others at PFG. PFG grew out of a one man shop, a business I
started in the basement of my home. As I added people to my company everyone
knew I was the guy in charge. If anyone questioned my authority I would simply
point out that I was the sole shareholder.
“I established rules and procedures as each new situation arose. I
ordered that US Bank statement were to be delivered directly to me unopened, to
make sure no one was able to examine an actual US Bank Statement. I was also
the only person with online access to PFG’s account using US Bank’s online
portal. On US Bank side, I told representatives at the bank that I was the only
person they should interface with at PFG.
“When it became a common practice for Certified Auditors and the
Field Auditors of the Regulators to mail Balance Confirmation Forms to Banks
and other entities holding customer funds I opened a post office box. The box
was originally in the name of Firstar Bank but was eventually changed to US
Bank....
“When online banking became prevalent I learned how to falsify
online Bank Statements and the Regulators accepted them without questions.”
Improper Bank Confirmation
During a financial audit, auditors verify bank balances by sending
confirmation forms directly to the banks. In this case, the auditors made a
fundamental mistake. They allowed Mr. Wasendorf to give them the bank address
to send the confirmation form. This was a false address. It was P.O. Box which
Mr. Wasendorf controlled, he said in his statement.
As we’ve learned from many frauds in the past, auditors must be
sure they do not allow management to control any part of the audit process.
Time and again, we have seen management, in the interest of helping the
auditors, work to deceive them.
Lack of Professional Skepticism
According
to the Wall Street Journal:
In early 2011, NFA [National Futures Association - the regulator] officials reached out to U.S. Bank, a unit of
U.S. Bancorp, seeking to confirm that Peregrine's customer account figures
matched the bank's own account, according to a person familiar with the
investigation. The regulator received a response from the bank showing that the
client-fund account held less than $10 million—far below what it was supposed
to contain.
A few days later, the NFA received a fax purporting to be from
U.S. Bank that showed that the account was whole, with more than $200 million,
the person says. In fact, this person says, investigators now believe the fax
came from a number controlled by Mr. Wasendorf.
Now many people might think that the second document was
sufficient to support the $200 million account. But, there are two problems, first,
auditors have a professional obligation to be skeptical about all transactions.
Second, they have a professional obligation to follow-up on any potential “red
flags” they observe.
In fairness to the regulators, the alleged fraud was exposed:
“…after the National Futures Association, Peregrine's front-line
regulator, dispatched an audit team in recent weeks to Cedar Falls to review
the firm's books and pressure the executive to sign on to a new, online system
for verifying accounts. The system, called Confirmation.com, likely would have
rendered the fraud unsustainable.
Mr. Wasendorf resisted signing the necessary form for several
days, prompting the NFA to threaten stronger action against Peregrine,
according to a person familiar with regulators' investigation. Mr. Wasendorf
relented and signed on Sunday, the person said.”
The Lessons for the Auditors
Finding fraud requires a level of skill that calls for the auditor
to understand how frauds have occurred in the past and to be willing to
challenge management. Too often, auditors do not spend the time learning about
past frauds. I’ve even heard auditors say, “I doubt it is happening here.”
Here are some lessons from this fraud. Recognize:
1.
Any document can be altered with the technology available to us
today.
2.
Management has an incentive to get a “good” audit result. A “bad”
audit result can create future difficulties for the management team.
3.
Auditors should independently obtain confirmation from third
parties. Do not use the audited organization’s mail stream and do not let
management assist in any part of the process.
4.
If third party documents are available (such as bank statements)
get them directly from the source.
5.
Many people depend on the auditor or regulator to find the fraud
that may be occurring and to stop it before significant harm occurs to innocent
parties.
Fraud happens. Auditors have got to get better at finding it. Keep
in mind Mr. Wasendorf’s statement: Using a combination of Photo Shop, Excel, scanners, and both laser
and ink jet printers I was able to make very convincing forgeries of nearing
every document that came from the Bank. I could create forgeries very quickly
so no one suspected that my forgeries were not the real thing that had just
arrived in the mail.
Here are two of the documents Mr. Wasendorf altered:
The Phony Bank Statement:
The Phony Bank Confirmation: