It is reasonable to wonder why you would need to protect your business from your own employees, but ask thosewho have been victimized and you would be advised to never let yourguard down.

This year I’ve seen an increasing number of businesses fallvictim to their own employees. The manners of theft have notchanged, but the frequency seems to have increased.

As a result, I thought it would be helpful to offer businesses afew suggestions on how to best protect against and recover from insiderfraud.

I offer the following steps based on my experience as a federalprosecutor investigating fraud of all types as well as my years ofaiding businesses victimized by employees.

1. Set detailed policies & procedures

The methods employees utilize to steal from their employers arefairly common. Some examples include falsifying expenses, inflatingexpenses, double billing expenses, misusing petty cash accounts,using the company credit card for personal expenses, routing moneyto fictitious vendors, fabricating invoices, and putting friendsand family on the payroll.

The common theme among these is the exploitation of gaps in thesystem by those who have access to company funds. Employees whohave access to money intended for business expenses and who abusethat authority to steal commit a type of fraud commonly known asembezzlement.

Depending on how the scheme is carried out, whether by mail orelectronically, for example, could also qualify the conduct as thecrimes of mail or wire fraud.

The first step in guarding against embezzlement is to haveproper checks and balances in place to make sure those withauthority over the money do not abuse it. Those safeguardsinitially should be considered, formulated, and applied throughwritten policies and procedures.

The policies should detail the types of expenses consideredappropriate for business purposes and include the kinds of expensesfor which the company would repay an employee.

Additionally, policies should prescribe the procedures foremployees to request approval for business expenses. Thereare a variety of options to achieve the appropriate level ofprotection. Regardless of how it is accomplished, however,identifying the potential abuses at the first-level review isessential because it nips problems in the bud and prevents themfrom growing into massive thefts.

The employment of effective checks and balances throughmeaningful policies and procedures puts all employees on notice oftheir obligations and provides a sound foundation for any businessto protect itself from fraud.

2. Consider business insurance

While proper policies and procedures serve as the essentialounce of protection, if an employee circumvents them the business’sinsurance serves as the pound of cure.

All business owners should discuss effective insurance policieswith their brokers or representatives.

One of the most important policies a business can utilize toprotect itself against an employee who steals is a fidelitypolicy.

This type of insurance policy is also referred to as a crime,crime shield, or fidelity bond policy.

In general, fidelity policies will cover a business for lossescaused by an employee’s dishonest or fraudulent acts. These providebusinesses with the best chance of regaining the money stolen.

3. Ask questions

Asking questions when circumstances suggest something might beamiss is the best method to discover potential problems and preventlarger ones.

Employees at every level should be encouraged to speak up whenthings do not seem right.

Fostering this type of business environment not only encouragesemployees to help detect fraud before it grows too large, but alsoserves as a deterrent to potential fraud.

4. Investigate

Every business should take the questions and concerns of itsemployees seriously. Failure to do so discourages employees fromhelping expose fraud and promotes apathy.

When an employee sounds an alarm regarding improperexpenditures, management should initiate a definitive andmeaningful response. A business could utilize company personnel oroutside experts, such as forensic accountants or attorneys or both,to investigate fraudulent conduct.

Not every concern warrants a full-fledged investigation, but nomatter the response the company should inform the employee whoraised the concerns of management’s response.

Keep in mind the concerned employee may not be entitled to knowthe results of management’s investigation, but management shouldconvey it took the concern seriously and did address the substanceof the matter.

5. Report to insurance

Reporting the dishonest or fraudulent conduct to the insurancecompany might seem intuitive if the company already had theforesight to secure fidelity insurance, but its importance is oftenoverlooked when a company becomes focused on addressing theimmediate effects of the fraud.

The timing of making such a report depends on the specificrequirements of the fidelity policy, but the sooner the better. Acompany should never lose coverage for having unnecessarily delayedproviding notice of a possible claim.

The initial notice of a potential claim should be made quicklyafter an employee raises a question or concern that warrants aresponse from management. The formal claim to the insurerthat includes the loss amount usually comes later, after thecompany has completed its investigation.

Notably, with respect to the claim ultimately submitted to theinsurer, it is in the company’s best interests to conduct athorough investigation. The investigation should be performed by areputable, experienced outside expert.

A third-party investigation increases the likelihood theinsurance company will accept the results of the investigation andcover the entire loss amount. It is also more likely the coveragepayment will be provided sooner rather than later.

6. Report to authorities

I generally encounter two types of business owners who have beenvictims of employee fraud: Those who want to press criminalcharges, and those who hesitate to do so because they want theirmoney back but do not necessarily want anyone to go toprison.

Ultimately, whether to report the fraud to the authorities isthe client’s decision, but there are benefits to doing so.

First, some fidelity policies require the company to report theembezzlement to the authorities in order for potential coverageunder the policy to be triggered.

Second, even if not required by the fidelity policy, reportingthe fraud to the authorities conveys, both to the insurance companyand other employees, the company is taking the loss seriously andwill not tolerate any fraud.

Third, some fidelity policies require proof the employee had theintent to cause a loss to the company and a criminal convictioninherently provides such proof.

Fourth, the authorities will secure an order that requires theemployee to make restitution, or can seize assets from the employeethat could be sold to repay the money.

Fifth, if the insurance company pays the company for the lossamount under the fidelity policy, then the insurance company wouldbe entitled to any restitution the authorities are able tosecure.

Sixth, these benefits collectively also incentivize theinsurance company to cover the entire loss amount under thefidelity policy, which permits the company to recover from thefraud more quickly.

7. Build up your defenses

Lastly, the best step a company can take after suffering a lossat the hands of an employee is to use the experience to strengthenits safeguards.

The employee’s fraud would have exposed holes in the company’ssystems, policies, and oversight procedures. The company shouldlearn from its mistakes and implement meaningful remedial measuresto fix those gaps.

These tips offer practical guidance to all businesses, whethermom-and-pop shops or multi-national conglomerates. The knowledge isimportant for smaller businesses because employee fraud could bedevastating. It is equally important for large businesses becausethere are many more opportunities for fraud that can be exploitedand many more employees who can cripple the business.

Following these general steps will allow any business both toprotect against and to recover from insider fraud.