Send in the spooks
Frank, Allan Dodds
Safecracking gumshoes from the CIA and the FBI are finding second careers-helping CEOs protect their businesses.
Spurning the manana attitude of many Latin bankers-as well as billions of dollars of potential deposits from drug lords-Manuel Grullon, president and CEO of Banco Popular Dominicano, decided he needed help. His $2 billion-assets institution, the Dominican Republic’s largest bank, maintains offices in New York, which boasts a large population of Dominican expatriates.
Worried that his bank might be a target for infiltration by bad guys, Grullon decided to fight to stay clean and institute anti-money-laundering provisions that would pass muster in the United States. To conduct a comprehensive security review, he hired a team from Kroll led by Thomas Cash, a former high-ranking Drug Enforcement Agency agent based in Miami. “Their capabability of pointing out our vulnerabilities was quite impressive,” recalls Grullon. “With a simple laptop, they were able to crack half our internal email passwords in a couple of hours.”
Grullon can laugh about it now, several years later. Then, it was traumatic. “After I saw them penetrate half of the addresses, they didn’t need to go any further. I am sure they could have gotten to my laptop if they wanted,” says the 50-year-old CEO. “I felt relieved in a sense to know what the system’s vulnerability was, so that we could in fact fix it immediately. Up until then, we were under the false impression that it was a very secure system.”
These days, many CEOs, and not just those from the Dominican Republic, are turning to former members of the intelligence and law enforcement communities to help them manage their businesses. Agents and officers who have retired or otherwise departed from the DEA, CIA, FBI, Scotland Yard, MI5 and even the Israeli military are creating a new growth industry. This business sector likes to call itself “private corporate intelligence,” but it is really the 21st century’s answer to the old-fashioned gumshoe. They aren’t engaged in Dumpster-diving and dead-dropping secret documents as much as they once did. Instead, the former spooks are relying on legal methods in order to test a company’s own defenses, as well as checking the backgrounds of potential employees and business partners, particularly in parts of the world whose legal systems are less developed than those of the United States.
Often, these investigative intelligence companies are hired by a company’s outside law firm or by the chief financial officer, general counsel, head of security or top risk assessment officer. The idea is to insulate CEOs-under the privileged claim of attorney-client work product-from the hands-on private eye work, some of which can be messy.
But ultimately the CEO needs to be involved to get the biggest bang for the investigative buck. “When you get into the field of security, it is very difficult to delegate,” says Grullon. “You have to get involved and you have to be on top of all these issues. It’s my responsibility.” Otherwise, information may be suspect. “I can’t get this through a second person or a third person,” he adds. “It always comes a little bit watered down.”
Mike Baker, a former CIA officer, runs Diligence LLC, a Washington, D.C.-based boutique firm that does work for General Electric, Lloyds of London and other well-heeled clients. “Before 9/11, before the Patriot Act, before Sarbanes-Oxley, the tasking was coming more from security offices and overseas, from the risk-and-compliance personnel,” says Baker. “Now, it is further up the ladder. We are seeing more tasking, more requests, more interest in the information from CEOs and the general counsels’ offices.”
Diligence and similar firms check on potential business partners overseas by sniffing around on the ground. “There may be issues that the clients want to explore, but that they don’t feel comfortable exploring,” says Baker. “These issues could be potential ties with either individuals or companies to organized crime. It could be concerns over undue influence from the local government in that particular area on a particular business. It may be the activities of competitors. Sometimes it’s as simple as ‘Who is in? And who is out? Who should we be doing business with?'”
Most former government agents decline to discuss on the record exactly what sources and methods they use. But many firms claim to have a bigger old-boy network than Augusta National Golf Club. Former CIA agents may contact their old adversaries in the former KGB, GRU or Soviet military intelligence. FBI men who would be loath to cooperate with CIA operatives during their career now warmly embrace the folks from Langley.
It makes for odd alliances. Take Jack Devine, once acting director of covert operations for the CIA and a 32-year veteran of the agency, who now runs the Arkin Group in New York, an investigative group affiliated with the law firm run by Stanley Arkin. Back when the mujabeddin in Afghanistan were U.S. allies, Devine equipped them with Stinger missiles to shoot down Soviet helicopters. Devine expects his connections will come in handy as his firm searches for assets hidden by a French company heir who may have profited from a telecom deal with the Taliban.
Devine believes there is no substitute for experience in the spy game. “When you retire from the CIA, you say, ‘What do I have to give the private sector?'” says the towering, craggy-faced Devine. “I am a spy. It is the process of osmosis at CIA, being slowly trained in information. Do you know good information when you see it? You try to target; you try to find ways to get there. The average mind does not work that way.”
Typical in-house corporate due diligence, he says, can be a colossal failure, especially abroad. “I am still amazed at how many companies rely on accounting information instead of human intelligence.”
Although reluctant to identify Arkin Group clients, Devine recalls a company that acquired a Chinese power producer and then wondered what went wrong. “All the numbers looked great,” Devine says. “What they didn’t realize was that some of the power was being siphoned off by the adjacent factory, which was being run by somebody’s second cousin.” He adds, “The tribunal to arbitrate was being run by the third cousin. If you know that ahead of time, you do not go in.”
Guardsmark International’s Bill Kinane, who opened the FBI’s office in Moscow years ago, tells similar stories while remaining tight-lipped about clients’ names. Recently, he says, after an American company caught several foreign-born employees downloading sensitive information from office computers, the CEO ordered a security check of the company’s facilities abroad. He discovered that all of his company’s research and development facilities in the home county of those employees were bugged. “They were all miked up. He was going to spend a fortune getting some company to do sweeps and all that,” says Kinane. “I just told him it was a waste of time because it was obviously being done by the host county. And the people going in there to help out were probably going to put more bugs in.”
Figuring out the relationships among the locals is always tricky. Lynn Mattice is director of corporate security for Boston Scientific, a company with 15,000 employees in 105 countries. At Boston Scientific and his previous employers, Northrop and Whirlpool, Mattice hired Kroll and other firms for a multitude of tasks, ranging from country risk assessment to due diligence of potential acquisitions. He screens his private-eye hires with the International Security Management Association.
Northrop, Mattice remembers, was once looking at an acquisition in an Asia Pacific country outside China. The deal seemed to be available on particularly favorable terms from well-connected businessmen. “They were really nothing more than a front for a government intelligence agency to funnel off technology and intellectual property,” says Mattice, noting that the connections of the firm he had hired paid off. “Former high-level government officials can assist you because they can talk to their old friends… It’s not what you know; it’s who you know. More than anything else, corporations have to be very, very concerned today with what they don’t know.”
What CEOs and their direct reports need to evaluate, with the help of private investigators, ranges from the mundane to the arcane. Large firms, such as Kroll, SPX’s Decision Strategies, Control Risks Group, Smith Brandon and Interfor, offer laundry lists of services, while smaller firms specialize in niches that include: security assessments of facilities, technologies and terrorist threats; bribery investigations; political risk evaluations; due diligence; asset recovery; and determinations of what competitors are doing.
For fees starting at a few thousand dollars, these firms troll thousands of databases. They collect information from open sources that include Lexis-Nexis searches and send people to retrieve criminal and civil court files. They check academic claims, resumes, credit histories and driving records. Higher-cost work may involve targeting operatives at competitors, undercover surveillance and covert interviews of thieves. They even still dig through trash. “You can’t beat Dumpster-diving,” says one old hand fondly.
In the current climate of scrutiny, in which the FBI is secretly recording conversations at HealthSouth, one obvious question CEOs have is: Are we being investigated by a government entity? That gets tricky for former government types. “If somebody asks us if there is an FBI investigation of them, other than things that are publicly known, we are not going to do it,” says Kroll President Michael Cherkasky, former head of the Investigations Division for famed New York district attorney Robert Morgenthau. “We are publicly traded. And we also do work for the government.”
The way around that particular issue is to pose the question: What might a government agency be looking for, in a purely hypothetical sense? “People do hire us if they want to know how someone in government would approach this investigation,” says Cherkasky. “Especially when they know who the prosecutor is, or who the judge is, or who the agents are, clients want to know: what in fact is the government looking for, what’s driving them, how is it best to approach them?”
Bill Daly, senior vice president of Control Risks Group, emphasizes how important it is for CEOs to maintain the integrity of corporate governance. “Those integrity issues can affect the reputation, the branding, the viability of the company,” says Daly, whose own background involves the FBI. “CEOs are looking for established programs that will enable them to identify potential areas for fraud or mismanagement, or when they do occur, to address them as quickly as possible so that they do not become festering issues and major media dilemmas.”
Many of the former top executives at companies that did not follow that course are now targets for Juvel Aviv, who runs Interfor, a firm that specializes in tracking down assets. Creditors of Enron, Tyco and WorldCom have engaged Interfor, which uses more than 2,000 databases to ferret out hidden plunder.
Aviv, who boasts of Israeli intelligence connections and once staffed several dozen offices worldwide with other former spooks, is now placing increasing emphasis on hiring people with knowledge of accounting and computer forensic science. “I have a computer that tells me whether you own a boat, if you own an art collection, if you own real estate, if you have brokerage accounts, if you have safe deposit boxes. It is a chess game with the bad guys,” says Aviv, who is based in New York. “When we look at a target, we look at their lifestyle.”
Unlike some of his counterparts, Aviv concedes that his company will look for ways to find information that might be deemed to have been illegally obtained, had it been found in the United States. Investigating Swiss bank accounts, for instance, is illegal-if the investigation starts in Switzerland. However, it’s perfectly OK if the search originates in Germany or Spain.
Clients praise Interfor’s blend of computer database searches with the up-close-and-personal approach. They say Aviv assumes different identities, follows people around and still gets his calls taken by cops on the beat. Mark Robinson, chairman of the white-collar defense group at Bingham McCutchen, particularly likes Interfor’s network, which allows it to tap into airline and insurance databases. “People who try to hide assets or abscond with money end up buying things-houses or art-work. And they make mistakes insuring them in their own names, because otherwise it’s fraudulent and they cannot collect.”
It’s that combination of database work and gumshoe interviewing that internal corporate security forces have trouble matching. Unitel CEO Bill Callahan conducts investigations for Caterpillar, Richard Branson’s Virgin Atlantic companies, Wall Street firms and even actor Robert DeNiro, who is always on the look-out for imposters. Callahan is great on the street, says Jim Dabney, a trademark lawyer from Penny & Edmunds who represents Virgin. Dabney says Callahan’s detective work helped him crack a group of Long Island retailers who tried to piggyback illegally onto Branson’s entry into the cell phone business by opening stores named Virgin Wireless. “Callahan was able to talk with the store clerks and find out about how they interacted with the public,” says Dabney. “That takes a certain knack.”
The most difficult judgments that former spooks get asked to make are often about an individual’s character. Robert Strang, a former DEA and FBI agent whose Strang-Hayes boutique has now been merged into the Decision Strategies investigative unit of SPX, had to make one such judgment when he was hired for a due diligence assignment.
Strang’s firm was often engaged by John Stark-then executive vice president and general counsel of PPM America, a $50 billion asset-management company owned by British life insurance giant, Prudential plc-to investigate potential investment targets. For one, an aircraft securitization firm, Stark hired Strang to follow the chairman around Greenwich Village in New York City after hearing that the man liked to wear women’s clothing. “We didn’t care so much about that,” says Stark, now the CEO of Water Tower Capital in Chicago. “But we wanted to make sure he was somewhat stable.”
Strang remembers the man lived in a third-floor walk-up apartment. “We did confirm that he was wearing women’s dresses and going out to different locations. But it did not interfere with his business.” Stark approved the investment deal.
Reminicising, Strang deadpans: “In our business, we see a lot of unusual things.”
Copyright Chief Executive Magazine, Incorporated Jun 2003
Provided by ProQuest Information and Learning Company. All rights Reserved