With all due respect to my friends at ABN AMRO in Antwerp, I couldn’t give a hoot about $28 million worth of stolen rough, cut, and polished diamonds. What really is infuriating is that a steady client, one who frequented the bank during the last year almost on a daily basis (and often twice a day), was able to get away with using a false identity – he was simply an imposter. That is something that should worry each and every one of us – and goes far beyond ABN AMRO. Imposter Carlos Hector Flomenbaum has taken the bank for a ride – probably because he was truly greedy and, let’s face it, banks are where the money is. But any imposter could also have easily defrauded colleagues in the diamond business, assuming he is active in diamonds. He is not.

            Carlos Hector Flomenbaum apparently came to ABN AMRO about a year ago and introduced himself as a newly retired person who elected to enjoy his golden years in Antwerp. Don’t assume that any client of the diamond branch is a “diamond client” – that isn’t necessarily the case and it certainly isn’t in this instance. Sadly, this makes the situation for the bank far worse.

Surely, if the imposter made daily visits to the bank and visited the bank’s vaults twice a day, it must be assumed that there must be some correlation between Flomenbaum’s visits, the nature of Flomenbaum’s business and his bank account activity.

It must have looked rather odd to bank personnel for a pensioner to visit the vaults twice a day. This should have been a reason for the bank to become suspicious, unless information in the client’s profile indicated otherwise. Carlos Hector Flomenbaum, the pensioner, didn’t need - neither applied for – a credit line. Thus, he was a no-risk customer – at least that was assumed until the heist on the weekend of March 2-5, 2007.

If the pensioner was up to some (monkey) business, and his trading partners needed a reference, there would have been no reason for the bank not to provide a warm recommendation or at least a positive reference. After all, a bank will generally only say good things about its own clients.

            Today, one doesn’t need the bank for a reference. Google’s browser, as of this morning, gives only 11,800 hits to Carlos Hector Flomenbaum – and the numbers are growing by the hour. A week ago, there was not a single reference to him on the Internet. All these articles are virtually identical. But let’s put the sensation aside – there is a serious underlying issue that must give us all serious reasons for concern: the use of identity theft in business.

Identity Theft in the Diamond Business

Carlos Hector Flomenbaum may not have been a diamantaire; he happened to target a diamond bank and he is now laundering some US$28 million worth of goods, somewhere. This case thus certainly impacts our business.

Identity theft is overwhelmingly becoming the world’s fastest growing white-collar crime and an integral part of money laundering as criminals and terrorists have discovered the tremendous advantages of using stolen names.

            It is extremely worrisome that “identity theft” can go unnoticed for such a long time. The Federal Trade Commission in Washington estimates that as many as nine million Americans have their identities stolen each year.

            It is easy to “find” an identity. Thieves may simply rummage through our trash, find a bank statement, and misuse your checking account. On a small scale, you may find out about it months later, when your credit application was rejected or when you notice charges on your credit card statement that you didn't make.

The real Carlos Hector Flomenbaum found out when he received a phone call in his home in Argentina. He is lucky – if he would have lived in Antwerp, he would have been arrested first and might have lingered in jail for weeks trying to prove his innocence. Millions of people whose identities have been stolen may spend tons of money, and waste weeks or even months of time trying to clean up the mess identity thieves have made of their good name and credit record.

Victims of identity theft are often arrested for crimes they did not commit. By the time you realize that you are a victim of identity theft – your business will be down the drain. The diamond business is especially vulnerable because so much commerce is conducted on the basis of reputation, good name, and references.

            In the case of the ABN AMRO theft, within hours a €2 million reward was promised for information leading to the arrest of the thief. That is rather unusual in Belgium – and especially the speed by which it was announced is telling. It isn’t clear who is putting up the money. Probably the bank’s insurance underwriters. A former head of the FBI’s white collar crime section once remarked that “criminals know that to launder money, stealing an identity is more effective than creating (fabricating) a new one.”

            One reason that criminals prefer identity theft is that it often provides an instant line of credit as any bank would get a good reference by just making a few phone calls, or getting a credit report. And this gets me back to ABN AMRO.

Laws Require Identity Checking and Customer Due Diligence

            The anti-money laundering laws which govern relationships between diamantaires in Antwerp (and in many diamond centers around the world, including the United States) and bank-client relationships, require various levels of identity verification and client due diligence. In the diamond business, the thresholds for such checks go well beyond those of ordinary (lower risk) businesses.

            If an imposter can maintain an active bank account, what does it tell about the bank’s identity checking and due diligence process when a new account is opened? When a foreign, obviously unknown, person walks into a diamond industry financing institution, is there not some form of enhanced due diligence?

The process of due diligence is one of “intelligence” gathering – at a minimum it includes learning about all the client’s sources of income (and that applies to the diamond business as well), and it would require referrals, introductions, etc. It is a legal requirement to gather information on the client’s type of business, the nature of the client’s business, information on suppliers, distribution channels, etc. The question that should be posed: if the legal requirements of customer identification and due diligence was followed, would an imposter not have been discovered quite close to the date of opening a bank account? Had Carlos Hector Flomenbaum already established a name and reputation in Antwerp before he opened a bank account, or is it the other way around, and was he able to establish a reputation in Antwerp because he had a bank account? If he came as a newcomer to town, a foreign pensioner, should the bank have made some inquiries as to his past?

Why didn’t the bank ask, for example, why the pensioner selected a bank in the heart of the diamond district? That doesn’t just seem weird – it is weird. The imposter apparently knew what he was doing.

            Some Antwerp newspaper reports lamented that, because of the customary baseball cap that the client was wearing, his face was never in clear view of the video cameras. The Diamond High Council, now managed by an ex-ABN AMRO banker, was quoted as calling “for better protection of diamond bank buildings in the areas”. This is not a matter of the physical protection of the banks – no force was used, it wasn’t reminiscent of the Bonny and Clyde operations of the early 1930s. It was the result of a breakdown of (or a gap in) internal control systems.

The pensioner was so well-trusted that he received an electronic access card to the vault area of the bank – a privilege not afforded to most, if any, clients.

Correlation between Daily Vault Visit and Customer Information

Identity theft cases in the diamond industry are rare. But it has happened and it can happen in all phases of the pipeline.

A report by an Indian tax commissioner identified hundreds of bank accounts opened in the names of individuals who were just “lending their names” (providing fictitious addresses) but were not connected to the account-related diamond business. That may be an extreme (and rare) situation, but it says a lot about the presence or absence of due diligence procedures.

Some of the press articles seem to suggest that there is a possibility of “inside help”. Though nothing is impossible in this world, anyone remotely familiar with ABN AMRO’s internal banking procedures will reject such notion. An “inside” job would have commenced at the level of account opening. These are processes which involve multiple officials – and checks and balances. That would have required a conspiracy involving several people over a long period of time. One snidely could say that it happened in ABN AMRO in Holland well over a decade ago. But, precisely because it has happened in the past, there are now safeguards in place which would prevent recurrence.

The issue is “identity theft” and we hope it is not linked to any larger conspiracy. What the “success” of Carlos Hector Flomenbaum drives home is that there is still something lacking in the industry’s internal procedures. Not just the bank – but probably also in the industry at large. Twenty eight million dollars is a lot of tuition for a short course in identity checking and customer due diligence.

ABN AMRO is paying the price of faulty or poor customer due diligence. The fact that imposters can freely operate is something that should raise an alarm bell in any organization. What happened to ABN AMRO can happen to each and every one of us. Identity theft is a real danger – we better face it.

Have a nice weekend.