$22 Million Wake-up Call to Improve Security

Segregation of Duties
Segregation of Duties

$22 Million Wake-up Call to Improve Security

A former Jacksonville Jaguars staff member is facing the possibility of a 30-year prison sentence after admitting guilt to financial crimes, including embezzling over $22 million from the NFL team.

Amit Patel entered a guilty plea for felony charges of wire fraud and illegal monetary transactions in the US District Court in Jacksonville. The wire fraud charge carries a maximum penalty of up to 20 years in prison, while the illegal monetary transaction charge could result in a maximum sentence of 10 years. Patel might face a 30-year incarceration and a potential fine of up to $500,000.

Patel, who was the sole administrator of the Jaguars' virtual credit card system, allegedly perpetrated a complex scheme over four years, embezzling funds without detection. From September 2019 to February 2023, Patel reportedly used the stolen money for various personal expenses, such as online gambling, private travel, sporting tickets, a Tesla car, a Nissan pickup truck, cryptocurrency investments, and a property in Ponte Vedra Beach, Florida. Additionally, he is accused of purchasing a Patek Philippe Nautilus watch valued at over $95,000 with the profits from his scheme.

To connect this case with the broader landscape of financial fraud, an Association of Certified Fraud Examiners report reveals over 2,504 cases of financial fraud in 2022. Other notable findings from the report include:

  • Extent of Losses: Employee theft results in staggering losses of over $3.6 billion in 2022.

  • Duration of Frauds: Occupational fraud lasts 14 months before detection and causes an average loss of $8,300 per month.

  • Insufficient Internal Controls: In many cases, a lack of strong internal controls contributed to the duration of the fraud. Managers sometimes fail to adequately review transactions, accounts, or processes, allowing fraudulent activities to go undetected.

Key Takeaways: Improving Enterprise Security 

This story is an important reminder for organizations to implement strong financial controls and conduct regular audits, especially in user roles involving significant financial responsibilities.

In this case, Patel, as the sole administrator of the Jaguars' virtual credit card system, exploited his position to embezzle millions of dollars over four years without detection.

To reduce the risk of fraud occurring in your organization, you should consider the following security measures:

  • Segregation of Duties: Ensure critical financial responsibilities are divided among individuals or teams to prevent a single person from having too much control, making it more challenging for fraudulent activities to go unnoticed. (Read more about segregation of duties and its role in mitigating fraud.)

  • Enhanced Monitoring: Implement advanced real-time monitoring tools and technologies to track financial transactions, quickly identifying anomalies or unauthorized activities.

  • Enforce Strong Access Controls: Limit access to sensitive financial systems and data only to those who require it for their job roles. Implement strong access controls, including multi-factor authentication, to prevent unauthorized access.

  • Automated Remediation: By automating control remediation processes, organizations can enhance the efficiency and speed of their response efforts, ensuring a proactive approach to security incidents.

  • User Access Reviews: Regularly conducting user access reviews is paramount for identifying and addressing any irregularities or suspicious activities within financial systems. Automated reviews enhance the accuracy of assessments and contribute to a more proactive and responsive approach to maintaining the integrity of financial systems.


Protect Yourself: Strengthening Governance

A robust governance framework is crucial for safeguarding your organization against internal threats. This framework should identify specific activities, determine necessary segregations, outline contingency plans, document procedures, and ensure implementation, allowing appropriate users to verify and review access. 

These controls should extend beyond finance processes to encompass all business operations. Failing to establish such a system exposes an enterprise to the risk of regulatory non-compliance, jeopardizes shareholder value, and erodes market confidence.

Analyzing risks and monitoring controls within critical business applications is a considerable challenge for many organizations. Traditional approaches involving manual, spreadsheet-based, or consultant-driven Segregation of Duties risk analysis and remediation can prove expensive, inefficient, and complex without automation integration. 

Additionally, there's the added cost of external auditors validating and retesting systems. When these processes become labor-intensive and expensive, leveraging a strong access governance solution is imperative. Automation simplifies these processes, enhances risk coverage, ensures timely reporting, and enforces preventive controls.

How SafePaaS Can Help

SafePaaS's fine-grained Access Governance platform simplifies security and mitigates the risks of financial fraud:

Segregation of Duties: The platform segregates critical financial responsibilities by implementing comprehensive policy-based access controls. It defines and enforces role-based access policies, dividing duties among individuals or teams. This prevents a single person from having excessive control over financial processes, making it more challenging for fraudulent activities to go unnoticed.

Enhanced Monitoring: The platform incorporates advanced real-time monitoring tools and technologies to track financial transactions continuously. It analyzes transactional data, swiftly identifying anomalies or unauthorized activities. The platform provides timely alerts through proactive monitoring, enabling you to respond quickly to potential security threats and fraudulent behavior.

Enforce Strong Access Controls:  Robust access controls are enforced through the platform by limiting access to sensitive financial systems and data only to authorized individuals based on your access policies. Multi-factor authentication is implemented as an additional layer of security, ensuring that only authenticated and authorized users can access critical financial resources. This minimizes the risk of unauthorized access and strengthens your security posture.

Automated Remediation: The platform automates control remediation processes, streamlining and expediting your response efforts during a security incident. Automated remediation ensures a fast and efficient resolution to security issues, reducing their impact. By automating these processes, you can proactively address security vulnerabilities and maintain high-security readiness.

User Access Reviews: The platform facilitates regular and systematic user access reviews, ensuring access privileges align with job roles and responsibilities. Automated reviews enhance the accuracy of assessments by analyzing user access rights and activities within financial systems. This proactive approach enables organizations to quickly identify and address any irregularities or suspicious activities, contributing to the integrity of their financial systems.

Access Governance and Application Controls provide a comprehensive and automated approach to managing access, monitoring activities, and responding to security incidents. By implementing these solutions, organizations can strengthen their financial controls, reduce the risk of fraud, and maintain a secure and compliant environment.

SafePaaS extends across leading financial management platforms, including SAP, Oracle E-Business Suite, Oracle  ERP Cloud, Workday, PeopleSoft, JD Edwards, and NetSuite.

By leveraging SafePaaS, organizations can streamline risk management, enhance security, and ensure compliance more efficiently and comprehensively.

Recommended Reading

Access Certification

Getting Access Certification Right with Governance

Make your user access certifications quick and easy. Change how you conduct access certifications by enabling process owners to participate in reviews. Conduct user access certifications instantly. 

Segregation of Duties Fraud Prevention

The Role of Segregation of Duties in Fraud Prevention

Without SoD, a business may inadvertently create an environment ripe for fraud. Imagine a scenario where a single employee has the authority to both initiate and approve financial payments. In such a situation, the potential for financial misconduct, whether intentional or accidental, significantly increases.

Policy-based access control

The Power of Policy-based Access Control

Policy-based access governance offers the agility and precision needed to secure today's complex business environments. Making access decisions based on real-time context and risk factors helps organizations stay ahead of security challenges, adapt to evolving requirements, and ensure compliance. In essence, it's a forward-looking approach that promises to enhance security, reduce risks, and streamline access management in the digital age.