Mitigating theft risk for teams

There are many requests on Green Chip for blackjack team advice -- how do you prevent theft, etc. However, advice is sparse as to really addressing the problem and providing some simple solutions for mitigating common team risks.

A team manager featured in an old video did a statistical analysis of the losses of a team and found out there is a 1/10,000 chance that the team was in its current position -- the team had been losing money for a long period of time. They even altered the simulation for an incredible amount of mis-bets and misplays, and the chance was still rather small. Ultimately, they ended up downsizing the team.

Watching the video from an auditing perspective, it really didn't seem like the team took much precaution to mitigate the risk of theft/fraud. While we all know that running a blackjack team requires more trust than most any other business, I think some controls that could have been easily enforced were neglected.

There are three main factors that lead to fraud/theft. These factors are described in what the auditing world knows as a "fraud triangle":

1. Opportunity
2. Rationalization
3. Perceived Pressure

Now, without saying, "opportunity" on a blackjack team is by far the #1 greatest force of the fraud triangle that affects a team. The team mentioned did seem to have some controls in place such as requiring logs for each trip, as well as reported their logs and winnings to the team managers after each trip. However, there were a lot of procedures that really invited fraud into the team. What I saw that I did not like, from a risk perspective:

1. Not all players were invested in the bankroll.
2. Players were allowed to go on solo trips.
3. The statistical analysis was performed using "fire-alarm" approach, which is a reaction to something only when something goes terribly wrong.
4. Skill retests didn't seem to be happening as often as they should have.

Three of these problems greatly increased the chances of theft (through the fraud triangle perspective), and simple measures could have been taken to mitigate those risks. The fourth problem increases the overall business risk of running a blackjack team, which also can be mitigated.

Problem #1: Players not invested in the bankroll.

Having a player not invested in the bankroll greatly increases the "opportunity" and "rationalization" portion of the fraud triangle.

Solution: Let's use an example of a simulation I recently ran.

Player A: $10,000 bankroll, very good double-deck conditions.

This player can play at around a 3% Risk of Ruin with a win rate at about $80/hour with a 1-7 bet spread.

Player A then meets player B, who also has $10,000. They decide to combine bankrolls -- RoR: 1%

Win Rate: $200-300/hour with a 1-5 spread (assuming conservative hands per hour. This is also played at higher stakes)

In this situation, both members have incentive to continue the business relationship. While they know they can make money on their own, they can make MORE money by keeping their bankrolls together while also reducing their RoR. This advantage of player A teaming up with Player B is not achieved by non-invested players, and the risk is magnified if players are not equally (or almost equally) invested in the bankroll. This is obviously hard to manage as the team continues to grow, where someone to "buy in" to the bankroll could get to a rather hefty amount, and thus this technique really can't be applied to this situation. For big teams, other measures can be taken, which are discussed below.

Problem #2: Players can go on trips by themselves.

Obviously on a blackjack team, you have to spread out your play across the country, and this requires players to travel.

However, trusting someone with $90,000 (two team managers had this trip bankroll) and having him/her play solo is an invitation for fraud. The opportunity to steal is being given on a silver platter. This risk can be greatly reduced by requiring people to play in pairs (and obviously have people playing with different people as much as possible).

Solution: The team should only allow trips of two or more people. This solution provides two mitigating risk factors:

A. The players serve as "verifiers" for each other, and can sign off on daily logs of play to be turned into the team manager. Money is counted at the end of each day, hours are logged, etc. If someone comes back from a 10-hour day, and logs 10 hours of play, the corresponding "verifier" knows that there is a small possibility that the player played 10 hours straight in one casino. Vice versa, if the player set out to play a 10-hour day, but only logged two hours of play, he may be falsifying documents as well. Logging the money, and having the other player sign off the money won/lost is also a good deterrent for theft, as money is being hand-counted by two separate parties.

B. Theft now has to be more concealed, as you are playing with another person who is living in close proximity to you for the duration of the trip. If a player wants to steal, the thief must collude with the other player to fake logs. With rotating player partners, etc, this only makes it even harder for a thief to continue to collude with various different players in order to continue his/her scheme.

Problem #3: Statistical analysis performed using a "fire-alarm" approach.

Especially with blackjack, using a fire-alarm approach for statistical analysis on team results is incredibly dangerous. We all know that blackjack has incredible variance. As has been said numerous times, you really don't know what is an advantage play, what the numbers should be, etc, until sims are run. On top of that, you really don't know you are playing a losing game or if you are just experiencing variance until you run sims.

Solution: An easy solution would be to determine set intervals of when to sim the team results and determine where the results fall on the distribution curve. This gives you a general idea of how the team is doing. If the team is getting close to -2 standard deviations, it can trigger an alarm to start evaluating individual play.

Creating a sim on a random sample of an individual's play, then, would be the next step. If someone was suspected of theft or bad play, a simple random sample of hands played can determine if the player is playing to expectations, or something fishy is going on (for example, falling below two standard deviations to the left would be a great determinant, or seeing that each of his results are always incredibly lower than his EV). This is also prone to logging errors, etc, but can still provide useful information in evaluating a player’s integrity and playing ability.

If someone really wanted to get into the nitty gritty, records could be scanned, and even individual sessions could be analyzed.

Problem #4: Retests did not seem to be being performed on a repetitive basis.

It was incredible to see one player getting retested (after already playing six months with the team), and failing four times, in his own home (missing the running count, index numbers, etc). We all know why this is bad.

I'm sure one reason why retests weren't performed as often is because the managers were the only ones who verified a player’s playing ability. Using this technique, that would require a huge amount of "retesting" hours for the managers, especially for even-larger teams.

The team only played about 40 hours/month. I know that in between road trips, I am doing everything in my life except practicing blackjack. I usually do a refresher course to make sure I am on my “A game” before a trip. Even after two weeks, I know I have forgotten some index plays, and this is simply because I am not a full-time player. If a team has 10 players, that's only playing blackjack four hours a month per person. It would be difficult for me to believe that all players have continued to retain their index plays and accuracy though playing only four hours every month.

Solution: I believe Casino Verite has a testing option that produces printable results. If it doesn't, I'm sure a reasonable sum of money could have been spent to customize the program to make it produce test results. The managers could have required these test results to be submitted every two weeks -- or even more thoroughly, before every trip. This would go a long way in giving team members incentives to stay on top of their game, as well as provide confidence that people are playing up to par (which may rule out "bad play" as an option during statistical analysis, and provide better proof that there is a thief among the team).

End Notes

I am aware there are flaws in this plan. Yes, in trip plays, a player could just hide money somewhere (even though that would be harder to do, assuming rental cars are shared, constant interaction, etc). I am aware that someone could actually collude with enough people to continue to shave money off of the top. Even with invested team members, people could still skim off the top.

These are not risk-resolving solutions, they are risk-reducing techniques that lower the chances (compared to not having them at all) of a team suffering fraud/theft/bad play.

The two players on a trip of course wouldn't be playing at the same tables. The validation occurs through beginning hand counts of money, ending hand counts of money, and works best with a designated "work period" -- for example, 6am to 10pm.

The validation could go even further and could require players to text results to their partner every hour/every session. This would mean that more fabrication would have to be done in order to make results believable, and this requires more intricate planning by the thief.

The verifier role acts as a deterrent for false logging. One could still falsely log hours/money won, but the fact that you know someone is at least semi-watching you serves as a stronger deterrent than one might initially believe.

The trust issue is still at play on all of these techniques, just like any other business. It would be impossible to be 100% sure on hours/money logs unless the manager himself were watching and following everyone.

Steve Waugh: I feel that you might have underplayed one key hypothesis: "If you are worried about teammates skimming, YOU ALREADY HAVE A BIG PROBLEM," since there are many opportunities. No amount of EV is going to offset a teammate skimming, just like no edge can compensate for a cheating dealer.

Instead of trying to minimize damage, one must really focus on "honest teammate selection" even if it is for temporary play.

A.counting: Agreed, that was implied. Of course you wouldn't hire someone without trust that they wouldn’t steal -- I thought that was implied.

I was able to attend a meeting where some top executives from companies who had committed fraud and were convicted, came to speak to my accounting firm, along with the detective.

While this is obvious to people within the accounting profession, it’s not so obvious to a lot of other people. Many frauds committed are not done with malicious intent (such as trying to make as much money as possible at other people's expense). A lot of frauds start off as something small, and then balloon into something much larger, always with a "good reason" behind it. Several of the executives said the fraud just kept progressing until it got out of control. The detective backed up what they had said, by pointing out, "It always started out with one small theft/fraud. Something that wouldn't even change the materiality of financial statements. It slowly grew over the years, obviously, to a much bigger problem.”

Let’s take a plausible scenario for a blackjack team -- it’s better illustrated for one with a smaller bankroll (let’s say $30,000).

Mr. XYZ gets done playing his trip, goes back home, logs in all hours played, all cash counted, etc. -- to the penny. All of his information is completely accurate. He gives his winnings to his team manager, and everything is great.

Later in the day, Mr. XYZ starts unpacking his suitcase. In a pair of pants, he finds three black chips that he forgot he stashed away during a session. Mr. XYZ says to himself, "Oh darn, I forgot I had these. Whatever, I'm going to Casino X again in a week, I'll just cash them when I get back there and include them with my winnings." So far, nothing really malicious. However, opportunity is now available, as the team manager believes that Mr. XYZ has already turned in all his money.

A week later, Mr. XYZ goes to Casino X, not forgetting to take his three chips with him. As he's walking back from a session, he goes to check his personal credit card, which he just remembered includes a larger than normal medical bill for his son. The team has been on a losing streak recently, and Mr. XYZ has been strapped for disposable income for other life expenses. He can afford the bill with his own money, but it will stretch him tight. He remembers he has the extra $300 from the previous trip. "Well... I really need this money. I'm strapped for cash, what if my son gets into another accident, or an emergency happens and I need some disposable income for immediate action? $300 won't hurt the team… I'll replenish it when the team gets paid again, it won't be a big deal, and nobody will notice."

As you can see, Mr. XYZ has all 3 pieces of the fraud triangle working:

1. He has the opportunity to steal.
2. He has a good reason to take the money (he rationalized away the bad portion of outright theft).
3. He has financial pressures of a family.

As you can see, from here, the situation may escalate. The next week he won't replenish the team bankroll. Later, another unexpected bill may come up, and Mr. XYZ may need more money, and steal again. Before we know it, Mr. XYZ will be stealing more money than intended, EXCEPT, in his mind, it is justified, a good reason, rationalized away. Mr. XYZ is a good guy, but he has gotten caught up in the death spiral of fraud/theft.

Trust is #1, but trust alone is not good enough, for any kind of business.

There always is opportunity

If someone wants to break into your house, they will break into it. It's the same with business theft/fraud. Controls can be overridden, the people who deal with the controls every day know how to get past the controls/falsify documents, etc.

The opportunity will always be there, but some cheap controls are worth putting in place.

Bluesman: How to understand A.counting's comments

The anti-theft measures that are listed above aren't like security guards. They won't stop determined thieves. They're like the rumble strips at the side of the highway; when you drive over them, they make a loud and unpleasant noise that is noticeable to everyone in the car. The anti-theft measures simply force everyone involved to notice that something unusual is happening. Complaints to the effect of "trust is everything, alerting other people is nothing" suggest an undervaluation of the utility of basic, common-sense risk management procedures that would be routine in similar cash businesses.

Myoo: A.counting has injected some insights that might be new to this audience, but surely plain as day to those with expertise in fraud and quality control. I'd like to hear more.

The approach "work only with people you can trust" is considered a complete (or at least, the best possible) fraud-prevention program by many advantage players. The nature of the problem -- the banality of evil -- provides a welcome challenge to this mindset.

Still, many AP's lean toward the view that the measures suggested apply only to the "normal" world. This group might think things like "for a large corporation, these methods make sense; for a small AP team, they bureaucratize an otherwise pleasant lifestyle." A stronger version of the same sentiment: "In the old days, business people had grift sense. Today, precisely BECAUSE we have beancounting controls in place, people tend to rely on beancounting controls and their grift sense has grown dull."

Originally published on bj21.com Green Chip, edited for this format.