Archive for the 'Due Diligence' Category

Business Interrupted

Managers sometimes tie themselves into knots worrying about the risk or threat rather than analysing the impact of interrupted business processes. My advice is to stop fretting about the cause and concentrate on alleviating the impact of the interrupted business processes.

To do this, defeat the problem in detail as follows:

  • Decide which processes are critical and which are not.
  • Determine how long any particular process can be interrupted before it’s loss become detrimental to operations, profitability, and customer satisfaction.
  • Design a plan of action to determine if the disruption will continue beyond the tolerable time limit.
  • Have a plan to replace each missing process.
  • Plan for the concurrent loss of several critical processes.

The key to a successful business continuity plan is concentrating on the critical day-to-day operations.

How does this relate to investigtion and research? The answer is quite simple:

  • Have you ever done a security survey?
  • Have you ever done a competitor SWOT analysis?
  • Have you ever done due diligence on a critial supplier?

Political Contributions In Canada

Federal Political parties in Canada are only required to report the identities of contributors donating over $200 to one riding association or the central organization. For donations of $200 or less, receipts must be kept by the individual riding associations, but Elections Canada doesn’t record of them. Completely anonymous contributions of $20 or less are permitted.

Elections Canada confirmed in 2007 that individuals could contribute as much as $60,500 over the $1,100 limit – simply by donating $200 to each of a party’s 308 riding associations and Elections Canada would never know about it. Contributions of $200 or less are reported in aggregate, without a break-down by contributor to allow cross-checking across the riding associations.

However, we can search the Contributions & Expenses Database and other databases maintained by Elections Canada.

 

Charities & Background Investigations

I see a lot of reports produced by Private Investigators from all across North America and rarely do I ever see a search for a subject’s involvement with a charity included in background investigation reports.

In Canada, this is quite easy to do. The Canada Revenue Agency (CRA) has a web site where one can get the filings of a charity if you know its name. All Canadian registered charities are required to fill out an information return in leu of paying income tax. Like so much data produced by government, it is poorly presented and is difficult to navigate.

A much better search facility for the CRA data is available that allows searches by Director or Trustee name. This seems to work very well. Of course, all such search facilities need to be doubled checked against the “official” version before you put your name on the report.

This data will reveal associations, affiliations, the names of family members, and much more.

 

Remote File Handling

High Risk Files

When doing IIR, I often come across files that I don’t want to handle for security reasons. These can be Word documents, PDF documents, PostScript, or even Gzipped PostScript files. These file may include a load of malicious code. I sometimes don’t want any record of viewing the file on my computer. To accomplish this I must load these files remotely and safely so they don’t touch your system (the web cache should be disabled to accomplish a true remote viewing of the file as should the swap and home partitions, if the whole system isn’t encrypted).

Unless you verify each file through checksum verification (like MD5 or GPG) there’s a chance they could’ve been trojaned or the file may contain phoning home instructions or some other type of malicious feature within the file. If I don’t want to be recorded as a recipient of the file via something like ReadNotify then the file must be verified clear of such code or it must be viewed remotely.

The Remote File Viewer

I use the site at http://view.samurajdata.se/. I have only used it with PDF and Word documents. PDF and Word files are transformed into single paged graphics which you may navigate through. Most of the time it works, occasionally a PDF does not load. It doesn’t require Flash and works without cookies or javascript enabled.

I don’t know anything about the site’s privacy policy and how that might that might affect anonymity.

 

 

The Bank Act & the PI

The Bank Act

The Bank Act (1991, c. 46) is an Act of the Government of Canada respecting banks and banking.  The Canadian banking industry includes 20 domestic banks, 24 foreign bank subsidiaries and 22 foreign bank branches operating in Canada.

Canadian Banks & Lending

Canadian Banks have the right to lend money to wholesalers, retailers, shippers and dealers in “products of agriculture, products of aquaculture, products of the forest, products of the quarry and mine, products of the sea, lakes, and rivers, of goods, wares and merchandise, manufactured or otherwise” on the security of such goods or products, and to lend money to manufacturers on their goods and inventories.

The Private Investigator (PI)

When doing a background investigation of a person, the PI will be looking for previously unknown assets, banking and financial arrangements, or corporate affiliations.  When investigating a company, the PI will be looking for previously unknown assets, banking, and financial arrangements.  In both cases, the equity held by the subject in the assets will be of interest.  Searching the Bank Act Security Registry may reveal all of the above.

Bank Act Security Registry

Under S. 427 of the Bank Act, the borrower must sign a document that provides the bank with the first preferential lien on the goods or equipment.  The Bank then registers a ‘Notice of Intention‘ to take the goods as security, to perfect its security interest.

The Bank of Canada offers a Security Registry service which may be searched for registrations.  The search will reveal whether the Bank of Canada has taken security on property that may interest you.  If the Bank does have a claim on the property, then it means that it has loaned the customer money and that it has the right to take possession of and sell the property if the loan is not paid.  This is important for you to know for two reasons.  First, it shows that the person or business is indebted to a Canadian chartered bank and may have equity in the property listed in the security agreement.  Second, it may uncover previously unknown assets, banking and financial arrangements, or corporate affiliations. You will need to provide the name of the person or business being searched.

Years ago, we only did this when we suspected the subject person or company might have an interest in an agricultural business.  Today however, we find more non-agricultural businesses in the Bank of Canada registry. We have online access to the Bank of Canada registry to search for Bank Act Security items. The search results often indicate that a business assigned its inventory to a bank as security under the Bank Act.

A manual search for Notices of Intention filed under Section 427 of the Bank Act are conducted at the agency of the Bank of Canada in the province or territory where the debtor’s place of business is located. For Bank Act searches,  “agency” means, in a province, the office of the Bank of Canada or its authorized representative but does not include its Ottawa office, and in Yukon, the Northwest Territories and Nunavut means the office of the clerk of the court of each of those territories respectively [see S. 427(5)].

 

The New Neighbourhood

In the past, most investigations included ‘neighbourhood inquires’ where neighbours were questioned regarding the subject’s activities and lifestyle.

We still do neighbourhood inquiries, but over the last three decades this has produced less and less information of value, to the point that we now consider this an extraordinarily expensive investigative process.

Neighbours rarely share derogatory information or observations about the subject, and fewer still, even know the subject as most urban neighbourhoods are too transient and social contact is minimal.

Today’s neighbourhood isn’t tied to geography, but rather by Internet connectivity. The advent of virtual media has created virtual neighbourhoods that the Investigator must be adept at navigating and interrogating.

This new neighbourhood may reveal inappropriate pictures, drug and alcohol abuse, bad-mouthing of employers, co-workers, clients, and organisations. It may reveal poor communication skills and much worse – much of which is found exclusively online.

Unfortunately, inexpert interrogation and navigation of this neighbourhood has caused issues.

The ubiquity of Internet search engines and a lack of training and guidelines may put the Investigator in contravention of some laws if the resulting information creates a record of personally identifying information that is subsequently mishandled. Possession of Internet search results may impose either declared or implied responsibilities regarding the handling of the data in some jurisdictions.

A casual and undisciplined approach to Internet and social media searching raises questions regarding the competence, handling, fairness, storage, and analysis of the data. The role of the Investigator doing the searching should be clear from the outset. The sources and methods employed should also be clear throughout the search process and its reporting.

Virtual Identities

The subjects of an investigation do not line-up to tell the Investigator all his or her screen names and their related email addresses.

The Investigator must find the screen names and related email addresses from what he already knows at the beginning of the Investigation to build an online profile of the subject.

The Investigator must also recognise that screen names are often used by more than one person or a screen name may be used maliciously.

As the old New Yorker cartoon said, “On the Internet, nobody knows you are a dog”.

Navigation & Interrogation

The unstructured nature of data available on the Internet, and its density, creates problems for the searcher.

Google may say it found three million hits, but it will only show one thousand. The results will change depending on which version of Google searched and whence it is searched.

When searching for information about a person or company, the Investigator shouldn’t get bogged-down by search engine hits, but rather go straight to databases that have the right category of data for his purposes. This may mean searching sources not indexed by the search engines.

Google isn’t a substitute for knowledge and experience.

Due Diligence Failure

Salman Farooq Sheikh, had been the Tory candidate in the Pickering-Scarborough East riding until just before he was arrested on 14 charges in cases of identity theft, credit-card fraud, stolen and forged cheques, and fraud related to mortgages obtained in people’s names without their knowledge.

From media reports his entire background was a sham that would have been apparent had a proper due diligence process existed in the Tory party.

Implications of Organised Spam Taking Over Google

Manipulated Search Terms

Huge amounts of money is being spent to manipulate highly competitive search terms in Google. I’m not talking about the normal link-building or link-buying and other normal efforts. The trend is related to criminal organizations trying to sell counterfeit goods through the US search results, and to a lesser degree, the results for UK, France and Germany.

The spammers do this through keyworded anchor-text heavy links provided by automated forum and blog spam along with hacked websites. These gangs create such large numbers of these sites and links that Google is having quite a hard time catching up with the spam. The Caffeine update that ranks sites faster may be degrading overall search quality as this trend seems to go back only 7 months or so.

Lessons

  • Don’t trust what you read on the Internet; it may be planted data
  • If you don’t find anything interesting on the first few pages of Google, then you’re doing it wrong!  Set-up the search preferences properly and make them persistent.
  • Press releases and promotional websites are not a source of reliable data
  • The Internet is not a “neutral” source. Fact-check and evaluate everything you find.
  • The Internet is only one research venue

DIY Research is Not Practical

Over the last two years we have seen a DIY trend really take hold due to shrinking budgets. This has appeared in the areas of Due Diligence and Background Investigations particularly. This is false economy because the DIY Researcher doesn’t recognise changes like those described above, let alone what to do about such a distortion of the results.

The solution may be as simple as using OptimizeGoogle directed at a version of the search engine that does not implement Google Instant or it may mean conducting the search using a proxy in another country.  If you don’t understand how to do this and why you should do this, then don’t give money to somebody based upon your research.

How NOT to get Conned

Victims believe what they are told when someone says that a high rate of return is guaranteed. They don’t understand that a high rate of return equals a high risk.

Victims believe someone they know and trust. Familiar and trusted people are better able to victimize through their own ignorance or stupidity, or through concealed malice. Never let down your guard against this menace.

The victim thinks laws, regulators, and other government mechanisms will protect them. Nobody gives a damn about the individual victim. Educate yourself. If you don’t understand the investment, then don’t give them your money.

Victims don’t check the background of the people involved. Don’t give your money to people without the appropriate education and employment history. Don’t give your money to people with a history of bankruptcy, law suits, criminal prosecutions, and name changes.

Search Results Dominated by One Domain

The following two articles are required reading for anyone who must search by company or product name.

Furthermore, the Official Google Blog  post titled Showing More Results from a Domain, indicates that their algorithm is intended to show searchers more results from a single domain where evidence exits that there is a “strong user interest in a particular domain.”  They also note that the last few results (on a search results page set to show 10 results) are from other domains to preserve diversity in the results.

This has serious implications for anybody doing due diligence research as many derogatory entries in the search engine database will not appear without additional search terms.  It also means that search results set to 10, 20, 30, 50, and 100 per page may give radically different proportions of search results when sorted by domain.

WikiLeaks, YouTube, Propaganda, Politics, and SEO

It never ceases to amaze me how gullible people are. Let’s look at two examples recently in the news.

First, the case of Shirley Sherrod, the black U.S. Department of Agriculture official accused of racism. The evidence of her racism was a short, edited video clip offered up by a partisan web gadfly, Andrew Breitbart, who has a small empire of web sites. This guy knew such a controversial and inflammatory out-take would drive millions to his web sites. This huge burst of site traffic is money in Brietbart’s pocket.

What surprised me was that the NAACP and the Obama administration swallowed this hook, line, and sinker. They didn’t review the full video, interview people present at the event, or evaluate Breitbart’s motives for publishing the edited video.

Second, the leaked military documents that now appear on the WikiLeaks site need closer examination.

The founder of WikiLeaks, Julian Assange, is what a judge would describe as an unreliable witness. He pleaded guilty to 25 charges of hacking in Australia; and according to the National Post, “Before he set up the website in 2006, Julian Assange spent years hacking into government and company computers, including those of the U.S. Department of Defense, as part of a group calling themselves the International Subversives.”

With Assange’s talk about “war crimes” and his background, it isn’t hard to understand that this guy has an agenda. How his agenda distorts the picture of events depends upon what documents he publishes from this large volume of previously classified material.  We will never know what he didn’t publish and this creates a very similar situation to the selectively edited video clip published by Breitbart.

Cayman Islands Corporate Search

The General Registry now offers a search feature that allows registered users to search online for Companies Information.

Professional Licencing Verification

The Council on Licensure, Enforcement and Regulation (CLEAR) listings of online license verification databases maintained by state agencies/provincial regulatory bodies provides links to sites where you can verify a professional license.

Madoff and Due Diligence

The following post is an excellent example of how a disciplined due diligence process saved an investor from ruin.

If You’re So Smart, Why Aren’t You Rich?

Actually, the formulation of that headline that I prefer these days is the famous inversion by the Nobel economist Paul Samuelson: “If you’re so rich how come you’re so dumb?”

And yes, that brings us promptly to the Bernard Madoff scandal.

But this week Barron’s brings us one: “Living to Tell About Madoff,” an interview with James Hedges (not, I assume, a stage name, although in the circumstances it ought to be), “president and founder of LJH Global Investments in Naples, Fla., who has invested billions in hedge funds and private equity since 1990 through relationships with numerous hedge funds.”

Eleven years ago, Hedges spent two hours meeting with Madoff in his New York office planning to invest a few billion dollars of his clients’ money. He walked out without a deal.

Here are some of the reasons why…

PI Finds Madoff’s Company a Sham

Fool me once…

New York money manager Bernie Madoff was essentially running a $50 billion Ponzi scheme…

Not everyone was fooled. According to a story in the Wall Street Journal one hedge fund adviser actually hired a private investigator to look into Madoff’s accountants. He found that the firm had only three employees, one of whom was a 78-year-old accountant who lived in Florida and another who was a secretary.