Memo PBL, John Alexander and John Lyons: good old fashioned investigative scoops are still what we want to see.

A ripper of a yarn on the Nine Network’s Sunday program today that outshone all other efforts on the day. Investigative reporter, Ross Coulthart backing up his great piece on the SAS in Iraq with an exclusive about how around $150 million was almost pinched from one of the Federal Government’s superannuation funds, the CSS.

The story raises questions about disclosure, the adequacy of supervision by APRA, security inside the leading US investment bank, JP Morgan Chase, and the systems in the $5 billion CSS super fund.

The story briefing as disclosed by Coulthart was that on Christmas Eve last year Morgan Chase received a fax, ostensibly from the CSS, requesting the transfer of $US112 in three overseas bank accounts, into accounts in other countries and other banks. The fax was checked against certain unspecified security tests and passed and the transfers were initiated.

JP Morgan was involved because it is the custodian of the CSS for all its investments and funds, which belong to about 50,000 members of the fund. Then two days later on Boxing Day, further checks set off alarm bells and the relevant executive at the CSS was contacted and then it emerged that the transfer application was ‘false’ and an attempted fraud.

JP Morgan said it set about reversing the transactions and the Federal Police was called in. A Morgan executive told Coulthart that the money was still in transit at correspondent banks and had not started moving through the accounts nominated by the fraudsters.
Since then the Feds have continued their investigations and most of the money has been recovered.

It was clear from the story and interviews that JP Morgan has agreed to put up all the money to the CSS while it is being recovered from other banks. A Morgan executive was unclear about whether the bank had topped up the CSS’s accounts, but didn’t answer a question from Coulthart on this matter directly. The CSS representative told Coulthart that the fund had not lost any money. Coulthart made the point that it was an inside job, but inside what or where remains unclear.

The people attempting the fraud knew the processes of the CSS and JP Morgan Chase and structured their deal on that basis. APRA, The CSS executive explained, had investigated the CSS systems in November and had given them the all clear. That clearly wasn’t good enough and its no wonder APRA didn’t want to appear in public.

What comes out of the story is that the CSS systems are out of date, and depended on faxed documents and not secure electronic communications.Coulthart said 80% per cent of super funds use electronic communications, and 20% the less secure fax and paper, which is obviously unsatisfactory.

On the question of non-disclosure, the CSS said the Federal Police asked for silence while it investigated. Apart from confirming the investigation and its continuing nature, the Federal Police would not comment any further or go on camera. No charges have been laid or any details of the fraudsters given, six months after it happened.

Sounds like a suitable case for treatment by the current round of senate estimates hearings in Canberra. The CSS and APRA should be quizzed, especially about the systems in place and their inadequate nature. Its not good enough to defend them by saying that the fraud was ‘an attempted’ one and that no money was lost.

From what was reported, they came very, very close to having to find $150 million, probably from JP Morgan Chase. Then it would have to be disclosed probably through a nasty court case. It’s a good thing that the Americans don’t celebrate Boxing Day as a holiday because someone was obviously in the office and still worried about the apparent legitimate set of transfer instructions from the CSS.

Had it been an Australian bank, it would have been closed and no one would have been working (unless someone was secretly worried).
The fraudsters had worked out that in 2003, with Christmas Day falling on a Thursday, Boxing Day on a Friday, with the weekend, there was an effective break of four to five days.

So as Coulthart reported, while Australians were wrapping up pre-Christmas shopping, the fraudulent request was sent on the the afternoon of Christmas Eve, which was a Wednesday, knowing they had until the following Monday, and more likely Tuesday for the money to move through to their accounts and then off into the great anonymous world of funny money.

It is obvious that whoever was worried at Morgan Chase here or overseas, stopped the fraud from happening. It was a close run thing and the CSS wouldn’t have known until the week after Christmas. What a belated present. It’s no wonder they were silent until Sunday forced them to go public on Saturday. A great yarn.