Due diligence: two important words for all those who wear the white hats

Harris S. Berger

Does anyone believe borrower due diligence is no longer a core requirement in good lending practices? This article seeks to convince you of due diligence's increasing relevance in an intensifying fraud environment and discusses broad parameters for a due diligence program. As any seasoned lender will tell you, recognizing red flags is an important key to an effective due diligence program. This article captures those flags to help you mitigate fraud in your institution.

$300 billion in losses from failed S&L institutions accrued during the second half the 1980s--a "mortgage" that U.S. taxpayers will likely absorb until 2020. (1) This amount does not include the billions lost in the commercial banking industry.

It makes us wonder what else we could have done with $300 billion. Here's just one possibility: It could underwrite the construction of 1.25 million $250,000 homes; 25,000 homes in each of the 50 states would produce construction jobs, the purchase of home-building supplies, and ultimately real estate tax income. Here's another possibility: It could finance a four-year college education for 3 million young Americans.

You, too, can lose $300 billion. Here's all it takes:

* Work without accountability.

* "Make" the loan rather than "secure" the loan.

* Make uninformed decisions.

* Ignore the three most critical C's of lending--character, capacity, and collateral.

Let's take a moment to focus on the first of the three C's mentioned--character. While capacity and collateral are important components in making a loan, the character of the borrower is paramount. Remember: An individual may develop financial problems during the life of the loan affecting capacity and collateral, but a borrower with character will find a way to fulfill the obligation.

Historically, banks have done a remarkably good job in gathering information and documentation from the borrower, and many hours are spent analyzing the information obtained. However, they do an extremely poor job of verifying the information they gather and analyze! Two classic cases prove this point beyond all doubt (see sidebar, Con Tests) and are prime examples of the often repeated axiom, "Sophisticated crooks don't steal money--they simply take money banks give away."

Watch Your Back Side through X-Ray Vision on the Front Side

If the banking industry were reduced to a graphic form, we would watch the upward spiral of growth over a five- to seven-year period, then a crash downward when the economy takes a nose-dive, at which time the government tightens regulations, credit dries up, and lenders become collectors. Eventually, the cycle begins anew, and we begin to have trouble hearing the plaintive cry for due diligence before the loan is funded. If we did keep that call of due diligence in mind, the graph would be different. Instead of soaring and diving, we'd see a steady upward growth of profitability.

You may be asking whether there realistically is time to perform proper due diligence today. In many cases, a fair amount of time passes between the application for a loan and final approval. This is the time in which to perform suitable due diligence--from within, if the bank is large enough to support an in-house operation, or through outsourcing to companies or skilled individuals who have networks they can tap to verify data and information. (2)

Many banks are now implementing in-house due diligence services. With computers and skilled operators, vast amounts of information can be screened and reviewed. While computers have enhanced the ability to obtain background information, it is important that someone with "street smarts" interprets it and applies it. Since 9/11, we have heard many government officials--members of Congress and others--express the need to redevelop "human intelligence." Volumes of information can be produced, but it takes judgment to interpret information and apply it to a given loan situation.

Several conditions in the current lending market--all tied to competition--strongly reinforce the need for due diligence:

* Spreads that once were in the 4-6% range are now compressed to 150-250 basis points. This creates a very narrow margin for error.

* Competition among lending institutions compromises policies and procedures in the credit and loan departments.

* Goal attainments with financial rewards are clouding lender judgment. Promotion within the department or to the next level of supervision--predicated on overall performance rather than monetary bonuses--is a sounder method of management.

Going forward, we must become agents of change by putting into practice some simple, proven methods of due diligence. In turn, these methods will make a significant contribution to the safety and soundness of our institutions in an ever-changing environment.

Establishing a Due Diligence Program

Each bank's ultimate goal in setting up a due diligence program should be learning the true identity of all customers so that its lenders deal only with customers of sound character and reputation. This is a proactive approach, with each business line within the institution establishing policies and procedures for conducting due diligence investigations for both new and existing customers. Established parameters reflect in large part the nature of the business line's customer base and transactions.

These policies and procedures should outline standards for the collection and verification of customer information, requirements for thorough background investigations, requirements for internal scans to check for the existence of prior transactions, and guidelines for assessing the need for further investigation.

Importantly, in the commercial lending world, background checks should be performed on key officers, directors, and shareholders, as well as the company itself. The importance of internal scans or searches for previous transactions cannot be overstated, as these inquiries have been known to uncover prior problem loans and/or charge-offs. When this type of information surfaces after the loan is made, it becomes a source of embarrassment to the new business effort.

It also is helpful to develop a detailed list of topics for inquiry or focus ("talking points")--with sample questions in such areas as business and industry profile, management/ ownership structure, accounting and reporting, and regulatory matters--to assist in preparing lenders for customer visits.

The use of an internal security unit or due diligence group is a critical component of a due diligence program. Internal security professionals, who are highly proficient in obtaining information quickly and efficiently, can provide valuable assistance in performing these background investigations, as well as in handling the internal searches for previous transactions within the institution. Further, they can assist in evaluating the risks associated with any issues uncovered. Internal security units also can be made responsible for the engagement and management of external investigative firms as deemed necessary. Given senior management's concerns regarding reputation risk, identification of any derogatory information should signal that alerts be sent immediately to senior line and credit management. Senior management can then discuss and evaluate the risks to the institution and make appropriate business decisions.

Conservative, minimum exposure thresholds should be established to trigger background investigations as needed. Business units may find it efficient to let their own underwriting or credit staff handle this directly (typically through Internet scans), but they should set additional threshold amounts, above which the internal security unit is brought in. It also is appropriate to require that these background investigations be refreshed if exposures increase, material restructures occur, or the borrower's key management or ownership changes.

The due diligence recommendations above are to be considered as additions to the more traditional credit due diligence requirements. Briefly, these requirements include the following:

* Receipt and review of audited financial statements, personal financial statements, and tax returns for individual borrowers/guarantors, and credit bureau reports.

* Bank, vendor, and customer references.

* Review of industry and trade publications.

* If lending to public companies, review of SEC filings, ratings agency reports, and analysts' reports.

Further, there is no substitute for personal site visits and meetings with the borrower's financial and operating management. With secured loans, this also means personal collateral inspections and appraisals. Lastly, there is much to be gained by requiring initial and periodic field examinations to validate borrower MIS and reporting capability.

Some Common Red Flags of Borrower Fraud

The warning signs indicating possible borrower fraud are too numerous and varied to place on any one list. However, circumstances or indicators that have occurred with some frequency are given here and offer a good feel for the various ways fraud can occur.

It is important to keep in mind that these and other warning signs may not necessarily indicate fraud, but they should certainly get your attention, causing you to focus on the situation at hand, ask pointed questions, request additional information, and/or perform additional due diligence to understand the nature and consequences of the event(s) that have occurred.

The goal is to then come to grips with the actual or possible fraud risk in the contemplated transaction.

1. Initial due diligence.

* Individual customer exhibits unusual behavior or an extravagant lifestyle, or the lifestyle may not be consistent with reported income or net worth.

* Individual borrower or company principal shows personal financial distress or unusually high personal debt.

* The customer has a vague credit history, or lacks a credit history.

* The borrower claims ties with prominent persons, which cannot be verified.

* The customer minimizes actual contact with the bank, or is unwilling to meet at his or her place of business (willing to meet only at the bank). The customer deals only through an agent who may be reluctant to provide the true identity of his or her client.

* Borrower refuses or restricts access to customers, suppliers, or prior lenders, making it difficult for the bank to complete reference checks.

* Customer has no discernable reason for using the bank, i.e., has distant address where competitive services are readily available, or has accounts at multiple institutions for no apparent reason.

* References are from offshore banks.

* Credit history shows sudden or unexplained pay down of problem loan, and/or source of funds cannot be verified.

* The borrower is impatient or tries to rush the approval process, placing undue pressure on the loan officer.

2. Organization, management.

* The company has an unduly complicated organizational structure that exists for no practical purpose.

* A highly decentralized company organizational structure exists without adequate controls or the ability to audit the various key pieces.

* Company borrower shows significant transactions with related entities or special-purpose entities not in the ordinary course of business, or where substance or ownership of these other entities is unclear, or where the other entities either are not audited or are audited by different outside firms.

* Lack of an effective internal audit staff at the company.

* Frequent turnover of management or directors, especially the CFO.

* Appointment of obviously unqualified persons in key audit or finance posts to avoid having improper transactions or practices challenged.

3. Financial reporting.

* Customer is reluctant to provide requested information or financial statements, or provides fictitious or conflicting data, or provides information that may be difficult or expensive to verify; unexplained delays occur in receipt of financial information.

* Unexplained or frequent changes in outside audit firm; use of audit firm outside local market for unclear reasons.

* Reluctance by customer to grant permission for bank to speak with outside audit firm.

* Customer's financial statements, tax returns, and financial profile do not reconcile.

* Reluctance by customer to give outside auditors needed data.

* Frequent changes in accounting methods, accounting inconsistencies, or irregularities; presence of overly aggressive, troublesome, or unusual accounting practices.

* Frequent accounting adjustments, which may serve to smooth over temporary business problems.

* Occurrence of unusually large or profitable transactions recorded at or near the end of an accounting period.

* The company continuously exhibits positive trends, consistently exceeding that of competitors, especially in a difficult or declining industry.

* Unexplained inventory shortages or receivable adjustments; unexplained deterioration in sales, earnings, or cash flow, or inability to generate cash flow while reported revenues and earnings continue to grow; inconsistent movements in the relationships between sales and receivables, and between inventory and accounts payable.

4. The transaction.

* Customer refuses to disclose loan purpose, the purpose cannot be clearly determined, or the stated purpose makes no economic or practical sense.

* Customer references special arrangements or unwritten deals that bank is told cannot be discussed due to confidentiality agreements, or domestic or foreign laws.

* Intended loan purpose is to generate questionable profits or tax benefits, or purely to justify dividends, bonuses, or commissions.

* Proposed transaction appears to be less than at arm's length, or lacks appropriate expected documentation.

* Proposed loan is to an offshore company or to a company or affiliate with income from bank secrecy havens, or loan is to be secured by obligations of offshore banks.

* At the request of the borrower, proposed collateral (typically cash, securities) is to be held by third parties instead of the bank, for unclear reasons.

* Proposed loan is to be supported by a third-party guarantee, where the borrower's relationship with the third party remains unclear or lacks a sufficient substance to justify the guarantee.

* Borrower submits engineering or feasibility studies for a proposed project to be financed from firms unknown to the bank or its industry experts.

Verify, Verify, Verify

The common theme in these red flags as well as in due diligence measures is that there is no substitute for the verification and validation of all customer information, as well as the verification of all sources of borrower/investor funds. Quite simply, if the transaction cannot be understood by the lender, or if it makes no sense, it may be appropriate to walk away.

Contact Harris Berger by e-mail at Hsbshrewsbury@aol.com; contact Bill Gearin at wc.fca@verizon.net.

CONTESTS

Con #1: Edward Reiners

In the mid-1990s, a smooth, articulate con man named Edward Reiners stole $323 million from seven banks in the U.S., Canada, Japan, and Austria. A reputable computer company was also victimized and forced into bankruptcy. Signet Bank in Richmond, Virginia, the lead bank, faced a plethora of lawsuits from the six other banks that were also victimized in this fraudulent scheme, described as one of the largest loan frauds in banking history. Reiners, a former employee of Philip Morris Tobacco Company and known to the bank and the computer company, devised a scheme that he presented to top management at Signet. He indicated that he had been retained by Philip Morris to orchestrate a top-secret project called "Project Star" in which several research facilities would be built around the world. The purpose of these buildings was to study the effects of nicotine in cigarettes and to defend Philip Morris in various courts throughout the country. The employees in these laboratories would not know for whom they worked as it would be a top-secret undertaking. He solidified his scheme by advising the bankers that if they attempted to VERIFY his employment, Philip Morris would deny he worked there. The scheme worked like a charm. Signet Bank loaned him $61 million, $11 million over their self-imposed cap of $50 million for any one credit, and NationsBank bought a $70 million piece of the project. Both the Signet loan and the Nations Bank loan were unsecured, predicated on the full faith and credit of the Philip Morris Tobacco Company. In the process Reiners furnished a "certificate of incumbency" signed by a Ms. Dianne M. McAdams, Assistant Corporate Secretary for Philip Morris, and Edward Reiners, chief operations officer for PM. Two years into the loan the Long Term Credit Bank of Japan questioned the legitimacy of the signatures on the certificate of incumbency. This document pledged the full faith and credit of the Philip Morris Company to this loan. A faxed copy of the document was sent to the real Ms. McAdams, who quickly and decisively called it a "phony document." With that revelation the house of cards came down and, predictably, the lawsuits erupted.

The FBI arrested Reiners and a female co-conspirator. Recoveries of approximately $125 million were realized in stock that Reiners had purchased, and a $10 million condo in Trump Plaza in NYC was also recovered. The remaining $100 million was never found. Reiners was subsequently convicted of loan fraud and sentenced to Federal prison.

In hindsight where did these banks fail in the lengthy lending process? Commercial loans of this magnitude are rarely made on impulse. Weeks and sometimes months pass before the credit is finally approved, thus providing more than ample time to VERIFY information and the documentation. Reiners caught Signet at a vulnerable point in time. They were very anxious to prove to their competitors that they could syndicate large loans. This anxiety, coupled with the name of Philip Morris attached to the loan, blurred the vision of the people involved, and making the loan become more important than securing the loan. Some of the other verifiable points included the following:

* IBM allegedly was going to provide computer equipment without serial numbers according to Reiners. Why? No legitimate computer manufacturer would ever agree to do this.

* Two years into the loan, the Japanese Bank became uneasy about the certificate of incumbency and decided to VERIFY the signature, two years and $323 million too late!

* For a credit of this amount and the bank's apparent business relationships with Philip Morris, an independent, discrete inquiry could have been made to verify Reiners's relationship with PM.

Con #2: William Stoecker

In Chicago, so-called whiz kid William Stoecker was in fact a 32-year-old con man. Initially, he made a significant amount of money buying real estate, rehabbing it and then selling it. The old adage of greed set in and he began to submit fraudulent documents from nonexistent companies that he allegedly owned, along with fictitious audited financial statements as collateral for loans. In all, a total of eight banks loaned Stoecker a total of approximately $400 million, which ultimately turned out to be fraudulent. The CEO of a bank in New England that ultimately failed in large part due to loan fraud was quoted as saying," In retrospect we can see that in spite of our best efforts, we misjudged the character of the borrower. When things started to go wrong, character flaws emerged."

In hindsight several red lights would have illuminated this wrongful and criminal activy. Some of those points include the following:

* Stoecker was paying Laventhol and Horvath, his outside auditing firm, $784,000 per month. When asked what Stoecker received in return, Referee in Bankruptcy Attorney Tom Raleigh replied, "Certified audits of the various nonexistent companies owned by Stoecker's holding company doing business as Grabill Corp."

* In a 60 Minutes TV interview with Ed Bradley, Stoecker admitted creating a fictitious "paper" company that showed net earnings of $63 million annually. The assets of this company were pledged as collateral at several different banks. Stoecker also had other loans with double-pledged collateral. Nobody ever took the time to conduct an on-site visit to this company to see it in operation.

Sample Guideline for a Due Diligence Policy

Policy Statement

The First National Bank (FNB) seeks to do business with individuals of sound character and good reputations. To achieve these goals, the FNB takes steps to ensure positive identification of each new customer in addition to their requirements and to periodically monitor the banking activity of existing customers. A Due Diligence process is hereby established for all business lines within FNB and banking subsidiaries.

Management Responsibilities

Group executives and business line managers must identify those entities within their areas of responsibilities for which Due Diligence inquiries are required under this policy. They will communicate these policies to the appropriate manager under their direction to ensure that policies and procedures are implemented and periodically reviewed. Managers whose functions fall within the purviews of these policies will be held responsible for training personnel. They will also be responsible for providing supervision to ensure customer relationships are maintained in accordance with this policy and that these policies are applied in a fair and non-discriminatory manner. Managers notified of possible concerns regarding a particular account relationship or having personal knowledge of a potential conflict with this policy must file an appropriate report with the Security Due Diligence Inquiry unit. Compliance has the primary responsibilities for ensuring the implementation of this policy throughout FNB. In addition, they will provide overall guidance to the Security Due Diligence unit and to each department and/or business line that is subject to this policy. The Security Director will be responsible for reviewing and monitoring requests for Due Diligence inquiries and will determine when and if inquiries will be conducted.

Employee Responsibilities

Employees are responsible for adhering to the Due Diligence policies when opening any type of account relationship, i.e., new accounts, DDA, loans both consumer and commercial, and any other relationships that could create liability to the FNB. They must be alert for any activity that would constitute a violation of local, state, or federal law. Employees are responsible for reporting these situations to their supervisors immediately upon discovery.

Notes

(1) A blow-by-blow account of the S&L crisis is a demonstration in creating conditions for a "perfect storm." For those who like to reminisce, visit http://www.fdic.gov/bank/historical/s&l/.

(2) Some personal recommendations from the authors:

* Corporate Resolutions (212-691-3800) in New York City, managed by Ken Springer, is an example of a versatile company specializing in due diligence investigations for the banking industry.

* Now that banking is global in nature, CTC LTD (407-655-3111) in West Palm Beach specializes in obtaining information in foreign countries. Fred Rustman, a former CIA operations officer, is the principal.

* Security Software Solutions (800-681-8933) in Tucson--Tim Rollins, president--has information on Social Security numbers. They now have the capability to provide a name and address on a given number on either an individual inquiry or in batches up to 10,000 and beyond. After Shawmut National Corp. lost $2.5 million to a con man from Texas, the bank checked his SSN and learned he had used his father's first name and SSN on the loan because he had just been paroled from state prison in Texas for loan fraud. For the minimal cost of verifying the SSN ($1.35), Shawmut could have prevented a $2.5 million loss.

* A source of due diligence service in the Northeast is National Data Verification Services (781-681-8000), Dan Lalumiere, president.

Harris Berger, formerly a senior credit officer at Bank of America, is a partner of the bank consulting firm of Webb, Berger & Associates. Bill Gearin has 51 years of combined experience in law enforcement and banking and retired from Shawmut National Corporation after 27 years. Since his retirement, he has performed bank security consulting services for financial institutions across the U.S.

COPYRIGHT 2004 The Risk Management Association
COPYRIGHT 2005 Gale Group