This year I’ve seen an increasing number of businesses fall victim to their own employees. The manners of theft have not changed, but the frequency seems to have increased.
As a result, I thought it would be helpful to offer businesses a few suggestions on how to best protect against and recover from insider fraud.
I offer the following steps based on my experience as a federal prosecutor investigating fraud of all types as well as my years of aiding businesses victimized by employees.
1. Set detailed policies & procedures
The methods employees utilize to steal from their employers are fairly common. Some examples include falsifying expenses, inflating expenses, double billing expenses, misusing petty cash accounts, using the company credit card for personal expenses, routing money to fictitious vendors, fabricating invoices, and putting friends and family on the payroll.
The common theme among these is the exploitation of gaps in the system by those who have access to company funds. Employees who have access to money intended for business expenses and who abuse that authority to steal commit a type of fraud commonly known as embezzlement.
Depending on how the scheme is carried out, whether by mail or electronically, for example, could also qualify the conduct as the crimes of mail or wire fraud.
The first step in guarding against embezzlement is to have proper checks and balances in place to make sure those with authority over the money do not abuse it. Those safeguards initially should be considered, formulated, and applied through written policies and procedures.
The policies should detail the types of expenses considered appropriate for business purposes and include the kinds of expenses for which the company would repay an employee.
Additionally, policies should prescribe the procedures for employees to request approval for business expenses. There are a variety of options to achieve the appropriate level of protection. Regardless of how it is accomplished, however, identifying the potential abuses at the first-level review is essential because it nips problems in the bud and prevents them from growing into massive thefts.
The employment of effective checks and balances through meaningful policies and procedures puts all employees on notice of their obligations and provides a sound foundation for any business to protect itself from fraud.
2. Consider business insurance
While proper policies and procedures serve as the essential ounce of protection, if an employee circumvents them the business’s insurance serves as the pound of cure.
All business owners should discuss effective insurance policies with their brokers or representatives.
One of the most important policies a business can utilize to protect itself against an employee who steals is a fidelity policy.
This type of insurance policy is also referred to as a crime, crime shield, or fidelity bond policy.
In general, fidelity policies will cover a business for losses caused by an employee’s dishonest or fraudulent acts. These provide businesses with the best chance of regaining the money stolen.
3. Ask questions
Asking questions when circumstances suggest something might be amiss is the best method to discover potential problems and prevent larger ones.
Employees at every level should be encouraged to speak up when things do not seem right.
Fostering this type of business environment not only encourages employees to help detect fraud before it grows too large, but also serves as a deterrent to potential fraud.
Every business should take the questions and concerns of its employees seriously. Failure to do so discourages employees from helping expose fraud and promotes apathy.
When an employee sounds an alarm regarding improper expenditures, management should initiate a definitive and meaningful response. A business could utilize company personnel or outside experts, such as forensic accountants or attorneys or both, to investigate fraudulent conduct.
Not every concern warrants a full-fledged investigation, but no matter the response the company should inform the employee who raised the concerns of management’s response.
Keep in mind the concerned employee may not be entitled to know the results of management’s investigation, but management should convey it took the concern seriously and did address the substance of the matter.
5. Report to insurance
Reporting the dishonest or fraudulent conduct to the insurance company might seem intuitive if the company already had the foresight to secure fidelity insurance, but its importance is often overlooked when a company becomes focused on addressing the immediate effects of the fraud.
The timing of making such a report depends on the specific requirements of the fidelity policy, but the sooner the better. A company should never lose coverage for having unnecessarily delayed providing notice of a possible claim.
The initial notice of a potential claim should be made quickly after an employee raises a question or concern that warrants a response from management. The formal claim to the insurer that includes the loss amount usually comes later, after the company has completed its investigation.
Notably, with respect to the claim ultimately submitted to the insurer, it is in the company’s best interests to conduct a thorough investigation. The investigation should be performed by a reputable, experienced outside expert.
A third-party investigation increases the likelihood the insurance company will accept the results of the investigation and cover the entire loss amount. It is also more likely the coverage payment will be provided sooner rather than later.
6. Report to authorities
I generally encounter two types of business owners who have been victims of employee fraud: Those who want to press criminal charges, and those who hesitate to do so because they want their money back but do not necessarily want anyone to go to prison.
Ultimately, whether to report the fraud to the authorities is the client’s decision, but there are benefits to doing so.
First, some fidelity policies require the company to report the embezzlement to the authorities in order for potential coverage under the policy to be triggered.
Second, even if not required by the fidelity policy, reporting the fraud to the authorities conveys, both to the insurance company and other employees, the company is taking the loss seriously and will not tolerate any fraud.
Third, some fidelity policies require proof the employee had the intent to cause a loss to the company and a criminal conviction inherently provides such proof.
Fourth, the authorities will secure an order that requires the employee to make restitution, or can seize assets from the employee that could be sold to repay the money.
Fifth, if the insurance company pays the company for the loss amount under the fidelity policy, then the insurance company would be entitled to any restitution the authorities are able to secure.
Sixth, these benefits collectively also incentivize the insurance company to cover the entire loss amount under the fidelity policy, which permits the company to recover from the fraud more quickly.
7. Build up your defenses
Lastly, the best step a company can take after suffering a loss at the hands of an employee is to use the experience to strengthen its safeguards.
The employee’s fraud would have exposed holes in the company’s systems, policies, and oversight procedures. The company should learn from its mistakes and implement meaningful remedial measures to fix those gaps.
These tips offer practical guidance to all businesses, whether mom-and-pop shops or multi-national conglomerates. The knowledge is important for smaller businesses because employee fraud could be devastating. It is equally important for large businesses because there are many more opportunities for fraud that can be exploited and many more employees who can cripple the business.
Following these general steps will allow any business both to protect against and to recover from insider fraud.