Entertainment Capital, Employee Fraud Capital

Villanueva makes a point during his breakout session.

Villanueva makes a point during his breakout session.

By Cora Bullock, Assistant Editor, Fraud Magazine

It’s not all glitz and glamour in fabulous Las Vegas. A seedy underbelly of crime lurks in the shadows, away from the neon. Ralph Villanueva, CFE, CIA, IT Security and Compliance Analyst for The LVH - Las Vegas Hotel and Casino Resort, invited attendees to explore that underbelly with him.

In Nevada, companies lose 6 percent of revenue to employee fraud. “That doesn’t sound like much, but net gaming revenue in Nevada in 2012 alone was $10.9 billion,” said Villanueva.

He reiterated the Fraud Triangle, “The bread and butter of our profession,” as he called it, for Las Vegas fraudsters. Motive: Compulsive gambler? An alcoholic? Rationalization: Selfish boss? Underpaid? Opportunity: No segregation of duties? 

Internal controls come in three types:

  • Directive: directing someone to follow company procedure.
  • Preventative: from physical locks to user names and passwords
  • Detective: only come into play after the fraud is committed. Surveillance cameras and computer usage logs are examples of this type.

According to Villanueva, the ultimate tool in Las Vegas for mitigating fraud risk is the Minimum Internal Controls (MICS), mandated by the Nevada Gaming Control Board. Casinos have to follow all 1,041 MICS, from table games to cage operations. Though Villanueva called the 200-page manual a “cure for your insomnia,” it’s indispensable to keeping fraud at bay.

Case studies

Then came what attendees had been waiting for: case studies. One particularly seedy case involved Fr. Kevin McAuliffe, a parish pastor and diocese vicar general who siphoned $650,000 from his parish over the course of eight years to feed his video poker addiction. He was able to do this because of an egregious lack of controls: absence of segregation of duties, no surprise audits and a lack of oversight by upper management. What can we learn from this? “You can’t trust anyone, even our religious leaders, and you must look into organizational structure,” said Villanueva.

Kyle Roher was a former business analyst and financial planner for Nevada Power (now Nevada Energy) who stole $1.8 million via forged wire transfer forms.

Said Villanueva, “He was the typical fraudster. He had an MBA; he was hard working; he had no criminal background; he’d been with the company 10 years; and he was completely trusted.” He only received two years in prison.

Added Villanueva, “I stress vigilance because at the end of the day, controls can only do so much.”