Home ] Next ]

Tampa Bay Chapter - ACFE       http://TampaBayCFE.org          September 2006

The Gramm-Leach-Bliley Act

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional "financial institutions" are regulated by the FTC. For more information on the types of financial activities covered, click here.

The Financial Privacy Rule governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information. For a summary overview of the Financial Privacy Rule,  see In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act.

The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions "such as credit reporting agencies" that receive customer information from other financial institutions.

The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as "pretexting."

Source: http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

FTC Releases Top 10 Consumer
Fraud Complaint Categories

Identity Theft Again Leads the List

The Federal Trade Commission today released its annual report detailing consumer complaints about fraud and identity theft in 2005. Complaints about identity theft topped the list, accounting for 255,000 of more than 686,000 complaints filed with the agency in 2005. The complaints, filed online or at a toll-free number, are shared via a secure database with more than 1,400 federal, state, and local law enforcement agencies, and law enforcement and consumer protection agencies in Canada and Australia.

“With a call or a click, consumers can file complaints with law enforcers across the country and around the world,” said Deborah Platt Majoras, Chairman of the FTC. “These reports provide ammunition that helps law enforcers fight fraud and identity theft.”

Identity theft complaints represented 37 percent of the 686,683 complaints filed. Other top categories of fraud complaints for 2005 include:

  • Internet Auctions - 12 percent

  • Foreign Money Offers - 8 percent

  • Shop-at-Home/Catalog Sales - 8 percent

  • Prizes/Sweepstakes and Lotteries - 7 percent

  • Internet Services and Computer Complaints - 5 percent

  • Business Opportunities and Work-at-Home plans - 2 percent

  • Advance-Fee Loans and Credit Protection - 2 percent

  • Telephone Services - 2 percent

  • Other - 17 percent

Other findings from the report include:

  • Internet-related complaints accounted for 46 percent of all fraud complaints.

  • The percent of Internet-related fraud complaints with “wire transfer” as the reported payment method more than tripled between 2003 and 2005.

  • The major metropolitan areas with the highest per capita rates of consumer fraud reported were Washington, DC; Tampa/St. Petersburg/Clearwater, FL; and Seattle, WA.

  • Credit card fraud was the most common form of reported identity theft, followed by phone or utilities fraud, bank fraud, and employment fraud.

  • The most frequently reported type of identity theft bank fraud was electronic funds transfers.

  • The major metropolitan areas with the highest per capita rates of reported identity theft were Phoenix/Mesa/Scottsdale, AZ; Las Vegas/Paradise, NV; and Riverside/San Bernardino/Ontario, CA.

TRAINING

Association of Certified Fraud Examiners

18th Annual ACFE Fraud Conference and Exhibition

Orlando, Florida

Tampa Bay Chapter

Dinner Meetings

September 12, 2006
George B. Tselentis, CISM
Control Solutions International
"Technology Fraud"

October 17, 2006
Thomas Palermo - Assistant State Attorney
Florida State Attorney's Office
"Identity Theft and the Criminal Justice System"

January 9, 2007
Jean Joanne Perrino
J.J. Berrie & Associates, Inc

February 13, 2007
Melody Shimmell
Century Bank

March 13, 2007
Darrin Morgan, Assistant Vice President, Special Investigations Unit, Fifth Third Bank, Cincinnati, OH

April 10, 2007

8th Annual Fraud & Computer Crimes Seminar

May 8-9, 2007
Ruth Eckerd Hall
Clearwater, Florida1111 McMullen Booth Road
Clearwater, FL 33759

2005 - 2006
OFFICERS & DIRECTORS

PRESIDENT
Christine Dever, CPA, CFE
Accountabilties Consulting Services
(813) 417-1825

VICE PRESIDENT
Gary Chapman, CFE, CGAP
City of Tampa, Internal Audit
(813) 274-7163

SECRETARY
William H. Miles, CFE
Florida Department of Law Enforcement
(863) 701-1474

TREASURER
Laura Krueger Brock, CPA, CFE
Cherry, Bekaert, Holland, LLP
(727) 822-8811

DIRECTOR
 Mark Dubina, CFE
Florida Department of Law Enforcement
(813) 878-7366

DIRECTOR
Ellen Wilcox, CFE
Florida Department of Law Enforcement
(727) 298-2482

DIRECTOR
Steve Hooper, CIA, CFE, CCSA
Clerk of the Circuit Court Hillsborough County, FL
(813) 276-2029 x3703

CHAPTER TRAINING
Wayne Boytim, CFE
City of Tampa, Internal Audit
(813) 274-7167

News from the ACFE

Report to the Nation

The 2006 Report to the Nation is now available at http://www.acfe.com/fraud/report.asp.

Important ACFE News

The ACFE has upgraded its member record management system in an effort to better serve the members, and to make it easier to use its resources and tools. It offers greater control of your personal and professional information and the ability to more easily manage your membership.

The ACFE is asking for your assistance by requesting you follow the following steps:

  • First, please confirm that the e-mail address they have on file for you is your preferred e-mail contact, as this will become your new username to access ACFE.com online member benefits.

  • Next, update your User Profile to reflect any changes in your job and/or industry codes.

Attention CFEs: Anti-Fraud Education Development Manager Wanted

The ACFE is seeking an experienced anti-fraud professional to help create new educational programs and resources. The Anti-Fraud Education Development Manager will provide innovative solutions in the development of new anti-fraud educational programs and resources. Read the Job Listing posted at the ACFE Career Center.

Chapter News

16th Annual Tampa Bay Ethics Award Breakfast

Each year, the Center for Ethics honors an individual with the Tampa Bay Ethics Award. This award celebrates integrity, virtue and character by recognizing outstanding individuals in business, professional services or government who exemplify moral qualities and the highest standards in their daily activities.

This year, Mr. John Ramil will be honored as the 2006 Tampa Bay Ethics Award recipient. Mr. Ramil is President and Chief Executive Officer of TECO Energy, Inc. During his 27-year career at TECO, his leadership roles have included Vice President-Finance and Chief Financial Officer, Vice President-Energy Services and Planning, and a variety of positions in engineering, operation, marketing, customer service, and environmental support. John has served the community as Chairman of the Greater Tampa bay Chamber of Commerce in which he focused on bringing a new appreciation for diversity and emphasis on collaborative leadership into the Tampa Bay community. Under John's leadership, TECO is recognized as on of the nation's leading environmentally concerned companies. Mr. Ramil has exhibited a passion for improving the quality of life in the community by his involvement in diversity and environmental issues.

The 2006 Tampa Bay Ethics Award will be presented at the Annual Business Ethics Breakfast on Friday, Sept. 22, 2006 (7:30 AM at University of Tampa's Crescent Club). The Tampa Bay Chapter sponsors a table at the breakfast. The cost for members to attend is $20 (payable at the breakfast). We have 3 seats available. If you are interested, please contact Gary Chapman at 813-274-7163.

Dinner Meeting Location & Cost

We had to change the location of our Dinner Meetings. This year, the meetings will be held at the Westshore Hotel (Best Western), which is just north of I-275 on Westshore Boulevard. The meetings will still include a single entree buffet, but we could not continue to subsidize down to $15 any longer. The Board approved a subsidy to $20 per person. One of the objectives of our Chapter is to provide our members with opportunities to obtain quality training at a reasonable cost. Given that some training can cost over $35 per CPE hour, our dinner meetings are still a bargain.

The Tampa Bay Chapter's CFE NEWS Awarded the ACFE's Newsletter of the Year

The Newsletter of the Year Award went to the Tampa Bay Chapter. Newsletters serve to reminder chapter members about monthly meetings and speaker topics, upcoming ACFE training and news, as well as other miscellaneous events. Newsletters also post articles on local, national, and international fraud topics to help chapter members keep up with current events. Chapter member Gary Chapman has handled the responsibilities of publishing the newsletter and providing a valuable resource to the Tampa Bay Chapter.

Accepting the award on behalf of the chapter was Chapter President, Christine Dever.

Source: http://www.fraudconference.com

CFE Examination Prep Course

Are you ready to take a first big step in advancing your career?  Becoming a Certified Fraud Examiner could prove to be the stepping-stone.  The CFE certification is becoming more recognized as a tool for professional advancement and an increase in income.

Private companies are not the only ones asking for help in the hunt for wrongdoing. Government agencies like the Federal Bureau of Investigation, the Internal Revenue Service, Department of Defense, and other federal and state agencies have investigators and accountants who investigate everything from money laundering and identity-theft-related fraud to embezzlement.  ACFE trained examiners are employed by law firms to help discover assets hidden by the former spouse of divorced clients. CFE’s have uncovered instances of companies cooking the books to falsely inflate company profits, minimize losses, or divert large amounts of money to company leaders.

To increase your value you need to get the proper credentials.  One of these is the certified fraud examiner (CFE) certification.   By earning this credential, you will show employers (either current or future) that you "exemplify the highest moral and ethical standards" of the profession and you have, in ACFE's terms, the ability "to conduct complete, efficient, thorough, and ethical fraud investigations."

In April 2006, the FBI recognized the CFE designation as a "critical skill set."  It is the only professional certification the FBI accept for the Special Agent program.  Like the FBI, more organizations (public and private) understand the value a CFE can bring to the table or the bottom line.

If you are ready to take the leap to become a CFE and be a leader in the anti-fraud profession, we recommend the CFE Examination Prep Course.  Over the past 2 – 3 years, several of our members earned certification using the prep course as their only study tool.  All of them passed the exam on the first attempt.  The reduced rate ACFE examination Prep Course offer is still available.  The offer is 25% off the member rate for the course and $100 off the exam fee.  The exam fee is not payable until the application for the test is submitted.  Using the offer, the Prep course would cost $536 and the exam fee $150.

The only catch is that there has to be a minimum of at least five applicants on the list for the course before the ACFE will honor it.  It is up to you – talk up the prep course with coworkers, colleagues, or other interested acquaintances to get them on board to save money now and increase income after earning the CFE credential.  For more information on the prep course or to be added to the applicant list, contact me.  (Wayne.Boytim@TampaGov.net or 813-274-7167)

Dinner Meeting News

Our next Dinner Meeting is scheduled for September 12th

George Tselentis is a Manager with Control Solutions International and has more than 20 years of experience that encompasses management of all aspects of security, control and audit. This experience includes the successful direction of corporate IT departments as the Manager of Information Systems. He has a record of outstanding success in compliance and security management of corporate and information technology assets.

George has extensive experience in security systems analysis, disaster recovery and business continuity. Projects have included IT operations, security and technology audits, including vulnerability assessments of nuclear weapons systems. He has worked with local, state and federal authorities in dealing with intrusions and “attack scenarios.” George’s military experience includes the protection of the President of the United States, cabinet members and other civilian leadership. He has also been responsible for protection of special weapon systems, civilians, and force protection; his last government clearance was Top Secret.

George's presentation will be about "Technology Fraud" and cover the following topics:

  • Sarbanes-Oxley Controls

  • GLB ("Gramm-Leach-Bliley Act")

  • HIPAA (Health Insurance Portability and Accountability Act)

  • Financial Fraud (Bank Compliance under the Office of Comptroller of Cash, security issues spanning credit card theft and ID theft, computer fraud and the relationship to internal controls, and insurance fraud cases that he worked in the past and methods)

The dinner meeting will be held at the Westshore Hotel (Best Western), located at 1200 N. Westshore Boulevard in the Hyde Park Room (first floor). The hotel is just north of I-275 and Cypress Avenue on the west side of Westshore (map). Evenings will begin with a social at 6:00 P.M., followed by a buffet dinner at 6:30 and a presentation at 7:00. The cost is $20, payable at the door.

To make your reservation, please use the following link Chapter Meeting Reservation and complete the form at the bottom of the page.  You can also make your reservation by emailing Wayne Boytim or calling him at (813) 274-7167 by the Friday before the meeting date. Reservations will be accepted after that date and walk-ups are always welcome. Please remember that cancellations are accepted up to the afternoon of the meeting. No shows will be billed after the second missed meeting. Please help us keep our costs down by letting us know if you are unable to attend.
Tampa Bay ISACA Training
Payment Card Industry Security Standard

Click here for meeting information

Tuesday, September 19

This is the requirement from the Payment Card Industry (PCI) to protect credit card information. All company's that accept credit cards must comply.

Location:
Quorum Hotel (Westshore Mall)
700 N. Westshore Blvd.
Tampa FL, 33609 
813-289-8200

Cost:
     Member - ISACA: $150
     Member - Other*: $150
     Non-Member: $175
     Student (full-time)**: $25

* Member rate is being extended to other Professional Organizations, such as IIA, InfraGard, ISSA, etc.
** Full-time student is defined as an individual who attends school full-time and does not have a full-time job

Time:
     Registration: 8:00 a.m.
     Start Time: 8:30 a.m.
     End Time: 5:00 p.m.

CPE Earned:  8 hours

Click Here To Register

HIPPA: The Security Rule

The Final Rule on Security Standards was issued on February 20, 2003. It took effect on April 21, 2003 with a compliance date of April 21, 2005 for most covered entities and April 21, 2006 for “small plans”. The Security Rule complements the Privacy Rule. It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule. Addressable specifications are more flexible. Individual covered entities can evaluate their own situation and determine the best way to implement addressable specifications. The standards and specifications are as follows:

  • Administrative Safeguards - policies and procedures designed to clearly show how the entity will comply with the act

    • Covered entities (entities that must comply with HIPAA requirements) must adopt a written set of privacy procedures and designate a privacy officer to be responsible for developing and implementing all required policies and procedures.

    • The policies and procedures must reference management oversight and organizational buy-in to compliance with the documented security controls.

    • Procedures should clearly identify employees or classes of employees who will have access to protected health information (PHI). Access to PHI in all forms must be restricted to only those employees who have a need for it to complete their job function.

    • The procedures must address access authorization, establishment, modification, and termination.

    • Entities must show that an appropriate ongoing training program regarding the handling PHI is provided to employees performing health plan administrative functions.

    • Covered entities that out-source some of their business processes to a third party must ensure that their vendors also have a framework in place to comply with HIPAA requirements. Companies typically gain this assurance through clauses in the contracts stating that the vendor will meet the same data protection requirements that apply to the covered entity. Care must be taken to determine if the vendor further out-sources any data handling functions to other vendors and monitor whether appropriate contracts and controls are in place.

    • A contingency plan should be in place for responding to emergencies. Covered entities are responsible for backing up their data and having disaster recovery procedures in place. The plan should document data priority and failure analysis, testing activities, and change control procedures.

    • Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. Policies and procedures should specifically document the scope, frequency, and procedures of audits. Audits should be both routine and event-based.

    • Procedures should document instructions for addressing and responding to security breaches that are identified either during the audit or the normal course of operations.

  • Physical Safeguards - controlling physical access to protect against inappropriate access to protected data

    • Controls must govern the introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.)

    • Access to equipment containing health information should be carefully controlled and monitored.

    • Access to hardware and software must be limited to properly authorized individuals.

    • Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts.

    • Policies are required to address proper workstation use. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public.

    • If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities.

  • Technical Safeguards - controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient

    • Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

    • Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.

    • Data corroboration, including the use of check sum, double-keying, message authentication, and digital signature may be used to ensure data integrity.

    • Covered entities must also authenticate entities it communicates with. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone callback, and token systems.

    • Covered entities must make documentation of their HIPAA practices available to the government to determine compliance.

    • In addition to policies and procedures and access records, information technology documentation should also include a written record of all configuration settings on the components of the network because these components are complex, configurable, and always changing.

    • Documented risk analysis and risk management programs are required. Covered entities must carefully consider the risks of their operations as they implement systems to comply with the act. (The requirement of risk analysis and risk management implies that the act’s security requirements are a minimum standard and places responsibility on covered entities to take all reasonable precautions necessary to prevent PHI from being used for non-health purposes.)

Source: http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act

President's Message

It is hard to believe we are in our 14th year of this Chapter. Over the years we have grown and accomplished so much. In July 2006, I attended the National ACFE conference in Las Vegas where I accepted the “Chapter Newsletter of the Year” on behalf of our chapter. This award represents so much of the dedication, research and commitment of the individual who puts this awesome letter together, Gary Chapman. Each month Gary gathers up to date topics, upcoming events, news from National ACFE, recent and historical fraud events, chapter news, the President’s message and so much more. It takes an enormous amount of time and planning as well as coordination of all who need to give the information. In addition to that Gary has developed and maintained our Chapter website for many years so that you can have the most current information available. Many Chapter leaders at the conference noted that they use our website as a model. Please join me in congratulating and thanking Gary for his continued dedication and excellent work. Great job Gary, thank you so much!

We have had our first board meeting and discussed our initial goals for the upcoming year. We have accomplished quite a bit in the last year and kudos to Steve Hooper and the entire team. Our first goal is to keep the momentum going and we will need all the members to pitch in this year to really make us successful. Listed below are just a few goals we are starting with and will be working with everyone on ways to accomplish these together.

  • Increasing membership and meeting attendance.

  • Increasing competition and participation in our scholarship programs.

  • Increasing our exposure in the community and among businesses to show them who we are, what we do and why we are important to the community.

  • Chapter of the Year award

We have been sorting through the surveys that you fill out at meetings and seminars and searching for speakers and implementing ideas brought forward so please keep filling them out.

We encourage members to bring along a colleague to our meetings that you feel will join use in the future. This year is full of wonderful presentations with real life experiences and tools to help make your jobs easier.

We look forward to seeing you at all our meetings.

Thank you,

Christine A. Dever, CPA, CFE