- Posted August 8, 2014 by
Bp Holdings Tax Management, Balley Price Holdings- Lessons From An $8 Million Fraud
In hindsight, it seems obvious: Nathan J. Mueller’s pilfering of financial services giant ING should have never been allowed to start, much less last as long as it did.
First, it was an accident that gave Mueller, an employee in ING’s reinsurance division, the authority to approve company checks of up to $250,000.
Then, the check his credit card company returned to ING could have exposed his theft in the first year, but the accounts payable department simply returned the check to him.
Finally, the evidence that he was living far beyond his means—the expensive cars and watches, the lavish nightlife, the frequent trips from Minnesota to Las Vegas—could have raised a few eyebrows among his co-workers, but nobody voiced any concerns for years.
In the end, Mueller embezzled nearly $8.5 million from ING over four years and three months. When he was caught, he was sentenced to 97 months in prison—a term that he began in February 2009 at the Federal Prison Camp in Duluth, Minn.
Why should anyone care about Nathan J. Mueller? His case is noteworthy because of the millions of dollars involved and the length of time that his scheme went undetected and because his scheme was made possible by a breach of controls. This article describes the fraud in Mueller’s own words and examines the lessons learned with strategies for management on how to prevent and detect similar schemes.
THE PATH TO ING
Mueller grew up in a small town in south central Minnesota. A high school friend remembers that Mueller was popular in school, decent at athletics, and competent at his schoolwork, and that he liked to play rap music “pretty loud in his car” whenever he could. The friend also remembers that Mueller’s family was always on a tight budget and that Mueller didn’t like living that way.
Mueller attended a private liberal arts college and graduated with an accounting degree in 1996. He enjoyed the inner workings of accounting systems, and in 2000 he found himself part of ING after his employer, life insurance company ReliaStar, was acquired for more than $6 billion.
Mueller played a lead role in transitioning his old employer onto a new enterprise resource planning (ERP) system. A mistake by his new employer created an opportunity for Mueller to steal company funds. In the next section of the article, Mueller describes the fraud scheme in his own words.
WE OFTEN LOGGED ON AS SOMEONE ELSE
As a part of the changeover team, I became an expert on all aspects of the ERP system including financial reporting, journal entries, and, most importantly, checks and wire payment processing. I was also, by mistake, along with a co-worker, given the authority to approve checks up to $250,000. I discovered this permission quite by accident some two years after the takeover.
Our accounting department consisted of a controller, assistant controller, accounting manager (me), and three people under me. Together with a co-worker (CW) and a subordinate (SUB), I was one of three of us in my division who could request checks. CW and I also could approve checks. In our small accounting department, we knew everyone else’s system passwords. This was a practical workaround for when we needed to get something done when someone was out of the office. We often logged on as someone else to get the job done. One morning, while sitting at my desk, I realized that I could log in as someone else, request a check, and then log in as myself and approve my own request. I went to work every day for the next year tempted by the pot of gold that was there for the taking.
In June 2003, my wife was pregnant and my annual $80,000 salary was just not getting all of our bills and college loans paid. I thought that if I just paid off my debts, then we could do quite well with my income matching our living expenses. I tested my scheme by paying the current amount due on one of my credit cards that had a name that included the word “Universal.” Just before I left the office late on a Monday afternoon, I logged on as CW and requested a check made out to Universal for $1,100. This check looked normal because we did a lot of business with an insurance company that had Universal as the main part of its name. After the check was prepared, I mailed it with my statement to my credit card company, and the amount was applied to my account without a problem. For a while I felt guilty and worried. If I were caught, I’d lose my job for only $1,100. Two weeks later, I decided to try it again, and my next check was for $1,800. During that summer, I transferred all my other debt balances to the Universal card and kept requesting checks made out to Universal. After $88,000 was paid against my credit card, I was free and clear of all debt, except for the mortgage on our house.
Just before I’d cleared all the charges to the Universal card, I noticed that one of my checks for $4,500 had apparently gone missing. It wasn’t posted against my credit card account, and it had not cleared the company’s bank account. I was worried that something had caused the bank not to process the check or that my fraud had been discovered internally. For a few weeks I nervously looked at my emails each morning scanning the subject lines for words like “explanation requested.” Each time the phone rang I assumed that I was going to be called upstairs for a meeting. Then at around 10 on a hot late-August morning, I received one of those brown interoffice recycled mail envelopes in my inbox from our accounts payable department in Atlanta. There was the check! I had forgotten to put my personal credit card number on the check, and so the card payment processors didn’t know whose account to credit. They then mailed the check to the head office address. The accounts payable people also didn’t know what to do with the check, so they sent it back to me, the check’s requester. That stopped my 2003 fraud spree dead in its tracks.