>"The lawsuit said that Crétier, Garda’s founder and chief executive officer, told a meeting full of executives that he ran one of the world’s largest investigative operations and if anyone leaked how bad the company’s finances were, he’d find out. According to the lawsuit, he added: “I will kill you, and I will kill your family.”
In a deposition, Crétier admitted he threatened to kill any executives who leaked information. But he testified that he was joking and denied threatening to kill family members."
Holy shit. Things that are not appropriate for managers to joke about: Protected class, firing people, killing people.
I have no way of knowing whether or not he was really joking (and obviously it's not okay to joke about that), but why would you trust him that he was joking? He hardly seems like a trustworthy guy.
Couple decades ago I had a boss who in corporate meeting threaten “jokingly” that he would have me hack them if they didn’t get X done. All good fun for him.
Earlier in the day I had someone trying to convince me seriously about hacking a bank.
I had to pull boss aside and let him know it wasn’t joking matter.
I had the skills back then to do it. I was terrified of people trying to use me to do it.
That fear kept me out of info sec, so it would never come up. I didn’t want to know how.
I have heard in person, multi millionaires joking about shooting people in the back of the head within the company open office and during business negotiations.
When you watch "The Office" you think Michael Scott is bad and cringy, fake firings and all.
Then you get into the real world. I've had to explain, as a very junior employee, that joking about firing someone is bad. And maybe this behavior would have something to do with morale. This person oversaw about 250 people and had been for 10+ years.
I think this kind of "technical debt" is penny-wise-but-pound-foolish but I can see where it fits in their scheme of things.
It seems that one reason for management not to be worried is that the sums are so small. Upgrading security in all their facilities would probably cost $9MM which they could easily cover from operating cash (they had about USD 3B) last year.
If I were a bank though I'd be concerned that this was merely the visible top of a large iceberg of problems.
Yes, stalling auditors and engaging in a coverup to hide information from auditors tends to draw some harsh findings. It’s 9M that’s known to be missing, it could be much larger (or smaller). But generally deceiving your customers isn’t the best way to keep them coming back.
I have a friend who used to run cash operations for a midsize bank. When they outsourced the operation, she basically laid out her idea where the money savings came from, which boiled down to eliminating internal controls necessary to operate... if you’re a bank. Compartmentalized physical security operations don’t scale up quickly.
End of the day, it’s the usual story of corporate incompetence and regulators looking the other way. At the end of the day, FDIC is insuring all of this bullshit.
According to the article, in previous cases the Courts have found the banks responsible for losses held in 3rd party vaults, presumably to discourage exactly this kind of effort to dodge liability.
Oh of course. But someone made the business decision anyway.
Storing money is probably the single oldest operating practice in history of banking. If you time travelled a banker from 1920 to 2020, he’d adapt pretty quickly.
An incompetent company like Garda shouldn’t be able to get away with fraud at this scale.
The regulations and internal controls are fubar.
The banks might be ultimately responsible, but if they go under the FDIC is still responsible for repaying the depositors. What else are you going to tell them? "Sorry grandma, FDIC deposit insurance doesn't cover losses held in 3rd party vaults so all your life savings are lost" would be political suicide.
FFIEC could revoke your status as a TSP though, and poof, watch your revenue dry up as wells fargo, boa and all the other big banks suddenly can't use your services.
Assuming that the amount they "lost" can be covered with a couple of months' profits. What thet just did, is forced every bank they work with to enforce their "right to audit". I believe that on the next contract updates, EVERY client, will make sure for the two following things:
1) right to audit (in case they don't already have one), and
2) 4h notice (or something equally small/ridiculous. The 4h is a minimum in order to ensure that names/passport numbers, photos, etc are exchanged to ensure security.
EDIT: extra point:
3) I believe (since in the banking internal audits everyone knows everyone else)(especially on the Director/CAE level), some banks will ahen coordinate their audits and give them a group visit.. I want to see GW showcasing the same bag of coins to 10 clients at the same hour..
> In 2015, emails show that Garda employees discussed how to keep TD Bank from learning that a single branch couldn’t find $924,000 of the bank’s coins.
If that was all quarters, that is somewhere in the ballpark of 25 tons of material. That didn't go missing by employees carrying it out in their pockets. You can't run that through the local coin star. How on earth is this possible?
It's totally possible if it was spread out. $924,000 worth of quarters over 10 years is only 37 rolls per day. That doesn't seem to hard to smuggle out, especially if you have accomplices.
Yeah I guess at some point people just assume that "a few rolls of quarters a day" is a fringe benefit of the job. Everybody does it so it's okay, right?
A man smuggled half a tonne of $2 coins out of the Royal Australian Mint in his boots and lunch box and kept notes of when he exchanged the money, a court has been told.
Most likely incompetence. They need to check the inventories on EVERY location at the same day. Perhaps that $1m will appear as surplus on other locations. Perhaps this $1m has been moved over 10 years and 100 different shippings and the paperwork was bad, they loaded the wrong crates, they don't have RFID on each crate, the RFID antenna was offline and didn't pick "that" crate, etc.
Only if they count every single coin/dollar on all their vaults they will be able to ascertain whether the money is lost/stolen, or they just messed up every process/procedure under the sun.
If you lost the primary key to a database row, how would you find the data? You’d have to iterate over every piece of data you have. For a physical operation this can be as good as permanently lost.
Vaults without cameras is beyond incompetence. I hope the investigators are open to the possibility that these vaults were set up to fail by management.
Vault-Tec meets only very flimsy definitions of "competence" themselves. What fraction of the known vaults were some form of horrific experiment, again? What fraction eventually released sane, healthy survivors? And Super Mutants don't count!
Producing any survivors wasn't the objective, the vaults were for studying the effects of long term isolation, knowledge the Enclave wanted to use in building their colony ship for leaving Earth.
How large were the losses when compared to the fees charged by GardaWorld for cash management?
Every business needs to make a tradeoff of how much money is spent on security vs how much theft occurs... And it might be that GardaWorld has made the right tradeoff here, and all they need to do is pay to replace the lost coins.
The article states an annual revenue of $2.7b, and a shortage of about $9m.
That seems well within the realm of "they can cover it"... but the real problem isn't the shortage but the practices that lead to it in the first place. I don't see the shocking part of this story as "Garda has a shortage of $9m," but "Garda has had a shortage of what they report to be $9m, and there is strong evidence that they have defrauded auditors to conceal their poor controls for an indefinite period."
Note the value in these vaults isn't just the monetary amount, but that its actual physical cash. Even if Garda decided to cover the losses out of their revenues, I'm not sure its that easy to get, say, a million dollars in quarters, even if you have a million dollars in funds. (and certainly it'd be hard to do if your trying to hide the fact that your doing it from the Feds).
Presumably the reason the banks keep these vaults is because they need the actual currency to be available when needed. There are much easier and cheaper ways for them to store money.
> I'm not sure its that easy to get, say, a million dollars in quarters, even if you have a million dollars in funds.
This is probably the main thing preventing Garda from just writing it off as a cost of business.
Of course if they own up to the thefts the problem goes away -- their customers are all banks, who would in fact probably prefer to have FEDWIRE dollars rather than coins.
In which case, why is this a vault service at all? Why not make it a buy/sell coins service which intermingles coins from all customers, and let's you take out different denominations than you put in, etc? That way, the service is better and more effective for banks, and cheaper to run because less physical currency is required overall.
>Cash bonuses based on ‘performance’ are tax deductable
AFAIK cash bonuses aren't treated any differently than any other business expense. Paying a $1M bonus to an employee or to a client (because you lost their $1M) is the same from a tax point of view.
Except they were regularly defrauding auditors and covering it all up. It seems possible, if not likely, that we're seeing the tip of the iceberg here. Possible on the amount of missing cash, but also possibly in the rest of accounting practices. A company that will move around cash to fool auditors likely doesn't have any qualms about cooking its books to fool investors.
So, this is a serious screw up. Garda, like their competitors Brinks and Loomis process money for banks. For instance, a company like Target may bank with Bank of America, US Bank, Wells Fargo, etc.
However, historically every bank was regional. So a bank like US Bank was a Midwest bank (Minneapolis). If Target wanted to use US Bank on the West Coast for some of its stores, it was a problem because they didn’t have operations there. To fix that, a bank like US Bank may use an “outsourced processor” like Garda to process the deposits for some of their stores on the West coast.
So a processor like Garda has a “vault” in LA. In that vault, they process work for many banks (i.e. Us Bank, Wells, Bank of America... and many more). As deposits come in from many stores associated with many banks, the funds are allocated to the specific bank.
If an auditor from a Bank X comes in and says “I expect to count $8 million in your possession for Bank X” and it isn’t there, that is a huge problem.
I’d hate to work for Garda right now (or any of the outsourced processors). Lots of people think banks are archaic, but one thing they do great is audit funds. This is going to raise the level of scrutiny across the industry.
Likewise, this can’t just be coin. Most businesses keep as much coin as they can and don’t deposit much. Being off by $9 million in coin in one location would be crazy.
Likewise, most of these vaults have more security than most people have ever seen. They keep every piece of paper they receive in a holding cage for months and can find a paper clip deposited three weeks ago and tell you what customer and store deposited it.
There are cameras on every person almost all the time. The people who run these vaults are militant. Stealing money in a vault is extremely difficult. If you want to steal money, there are far easier ways to do it.
It smells of an accounting issue or a very inside job at a specific vault.
Not related to the article contents, but the font rendering on the document exhibits are really bad. Here's how it looks on firefox: https://i.imgur.com/z7xbUN4.png. I suspect It's because there's a slight rotation which screws up the font rendering. It's slightly better on chrome but it's still there. Anyone else getting this?
Years ago, Windows Firefox switched to DirectWrite (Chrome-style) font rendering. Due to user complaints, Firefox now uses GDI-style font rendering for a specific list of fonts (Arial,Consolas,Courier New,Microsoft Sans Serif,Segoe UI,Tahoma,Trebuchet MS,Verdana). The font in the screenshot is Arial, being rendered using GDI. And GDI-style font rendering cannot rotate text well (possibly due to the fractional vertical positioning needed).
> The company also stores money for the Federal Reserve
I'm hearing way too much news about the Federal Reserve Bank recently. Why does absolutely everything seem to be somehow related to the Fed these days?
In a deposition, Crétier admitted he threatened to kill any executives who leaked information. But he testified that he was joking and denied threatening to kill family members."
Holy shit. Things that are not appropriate for managers to joke about: Protected class, firing people, killing people.