Why Companies Can Be Easy Targets for Fraud

In order for companies to effectively safeguard their assets, it’s beneficial to understand the critical mistakes made by corporations that have been victimized. After 30 years of performing white collar crime investigations, we’ve become all too familiar with the most common pitfalls that typically accompany fraud.

1.    A Lack of Awareness

Most executives prefer to believe that their management team would never embezzle funds, take kickbacks or sell highly confidential or proprietary information to competitors.  Understandably, it’s disconcerting to even consider the possibility that one of their trusted executives would be willing to commit a crime.

However, as we’ve all learned, white collar crime does occur, and can have devastating financial and legal consequences.  Additionally, it’s commonplace to find that the perpetrators are long-term, highly trusted individuals.

2.   An Over-Reliance on Accountants to Uncover Fraud

Many CEO’s feel that their companies are protected from fraud because they wrongfully assume that their accountants will detect most forms of white collar crime.  Unfortunately, this is a dangerous assumption to make and one that has proven extremely costly for many companies.

Accountants are typically concerned about making sure that tax obligations are met, financial reports are prepared on time, and bottom line numbers are balanced.  If the corporate criminal is devious and subtle in their endeavors, the odds of an accountant uncovering the theft are quite remote.

In one investigation, we found that the CFO had been fraudulently billing his employer over $180,000 a year.  He incorporated a “dummy” company, printed invoices, rented a mailing address, then forwarded and approved the bills when they arrived each month.  This went on for eight years before anyone suspected a problem, and it was not detected by accounting personnel.

Had the CFO done something blatant, like diverting company funds to his personal account or writing checks to his own name, I’m sure the accountants would have noticed it.  However, when fraud is committed within the system, it tends to look exactly like standard operating practices and won’t typically be red flagged.

3.   Inadequate Policies and Procedures

Most companies that incur fraud-related loss don’t do enough to deter it from happening in the first place.  It’s important to remember that a good percentage of employees become dishonest after being exposed to the loopholes and opportunities that exist in their respective companies.  This blatant opportunity, combined with the temptation of pocketing a good deal of [tax free] money, oftentimes causes marginally honest employees to become company thieves.

From the standpoint of preventing employees from going bad, as well as having legal remedies available after a crime is uncovered, it’s prudent to adopt formal company policies and procedures regarding:

•           Employee integrity and ethics.

•           Soliciting or receiving gifts, gratuities or incentives.

•           The proper safeguarding of  proprietary information.

•           Working for a competitor while employed

4.    Failing to Perform Comprehensive Background Investigations

One investigation that illustrates the importance of conducting comprehensive background investigations involved a purchasing executive who was shaking down vendors and receiving upwards of $300,000 a year in cash and gifts.  We caught him by setting up a sting operation, where one of our investigators posed as a vendor and documented the purchasing executive asking for an 8% kickback on each order he placed.

When we confronted him with our evidence, the executive confessed.  During the interrogation, the purchasing agent admitted to falsifying his résumé and omitting several facts, including a previous employer that had terminated him for taking kickbacks.  The executive also admitted that he owed over $40,000 in credit card debt and had declared personal bankruptcy just two years before accepting his current position.

All factors considered, this was certainly not the type of individual you’d want in a responsible position.  However, none of these facts ever came to light prior to him being caught because the company neglected to conduct a comprehensive background investigation.  If they did, they would have uncovered some, if not all, of these relevant facts and certainly would not have hired him.

Playing fast and loose with the information contained on résumés is not unusual.  We find that between 12% – 15% of the white collar candidates we perform background investigations on have deliberately falsified or deleted critical information from their resumes.

5.    Lack of an Effective Way for Employees to Report Illegal Activity

When it comes to uncovering internal theft, this is perhaps one of the most effective, yet overlooked solutions available to corporations today.

Have you ever wondered why law enforcement agencies almost always set up a confidential 800 number after a serious crime has been committed? Because a high percentage of cases are successfully concluded after confidential tips are phoned in by informed sources.

The same holds true for the private sector.  Our 800 Hotline number for example, has received calls regarding dozens of cases of white collar crime, that otherwise would not have been detected for months or even years.  In fact, some of our clients, after being notified about a fraud, instinctively reacted with shock and disbelief.  Only after checking out the information did they come to the painful realization that the caller’s tips were right on the money.

The reason an employee tipline is so effective is because it’s almost impossible to keep illegal activity a secret from co-workers.  There are always others who know, or at least have good reason to suspect, that another employee is committing a fraud.  The problem arises when the employees who possess this information fail to come forward because of an inherent fear of being exposed and having the culprits seek revenge.

That’s why a successful tipline program will offer callers anonymity, therefore guaranteeing them that their identities will never be revealed.  Additionally, callers should be able to speak with experienced security professionals, not switchboard operators, who will know how to fully debrief them, i.e., asking all the right questions, as well as developing a rapport, so callers feel comfortable providing the information.

One caveat however:  no one should ever be punished or rewarded based solely on a call.  The information should be corroborated before any action is taken, so no one could use the tipline as a means to perform a character assassination on a co-worker they dislike.

Is Your Company at Risk to Cybercrime?

Cybercrime can literally be launched from any place on the globe. Unauthorized entries into corporate servers and networks can result in fraud, the theft of proprietary information, the misappropriation of company funds, as well as highly destructive and costly sabotage.

There are generally three categories of those who illicitly seek to penetrate corporate computer systems.

One group, which has grown significantly, is motivated by political or philosophical beliefs. They have vendettas against certain corporations or industries. You’ve seen groups such as these staging protests at national and international economic summits. Taking their beliefs to an extreme justifies their efforts to sabotage networks and data communications.

Another group of hackers, sometimes referred to as “script kiddies”,  are predominantly driven by mischief. Hacking into servers and websites, and then defacing them, is in essence cyber-vandalism. To many, it has become a game of matching wits – theirs against corporate or government IT experts who are entrusted with protecting networks.

A third category of attackers is driven by greed, and in certain respects can be the most dangerous form of hacker. In many cases, they are highly sophisticated, well financed and have successfully stolen classified data from government, organizational and corporate websites and networks. In fact, there are international crime organizations specializing in cybercrime as well as solo “cyber guns-for-hire” who will attempt to penetrate a corporation’s network for the right price.

With the downturn in the economy, company employees have become another area of risk. One investigation involved a company executive who became vindictive as he witnessed the value of his stock options plummet. As a personal vendetta directed at senior management, he accessed highly confidential files, including customer lists and marketing plans, and sent them to a competitor.

Experts fear that for every cyber related fraud, theft and embezzlement that is uncovered, there could be as many as 80-100 crimes that go completely undetected.

Assessing Your Risk

Here’s a basic diagnostic self-evaluation that can help you evaluate just how vulnerable your server, network, proprietary data and internal communications may be:

  • Do you, at least once per month, verify that your data is actually being backed up the way you think it is?
  • Are passwords used by your employees a minimum number of characters and numbers (or are they relatively easy to crack because they consist of nicknames, birthdays, etc.)?
  • Are employees automatically required to change their passwords at least three times per year?
  • Does your company regularly update your operating system and software packages with the most up-to-date patches?
  • In the last 12 months, have you had experts perform a penetration test where they attempt to deliberately circumvent your firewalls and hack into your servers?
  • Is all company e-mail encrypted?
  • Does your company utilize effective intrusion detection products that will help detect, identify and stop unauthorized access?
  • Have you analyzed your network architecture to identify vulnerable points of entry for viruses?
  • Is your server in a highly secured room, protected by controlled access electronics, alarms (intrusion and temperature) and video equipment? If so, are the security clearances periodically reviewed to determine whether modifications are needed?
  • Do you have the ability to uncover employees sending damaging information from your company’s e-mail systems?
  • Does your company’s disaster recovery plan incorporate storing backed up data at an off-site location and making contingency plans for employees to work elsewhere if they can’t get to company offices?
  • Are employees given orientation and training regarding protecting company networks and following established security policies?
  • Are comprehensive background investigations performed on candidates and employees who will have access to classified data?
  • Are there follow-up background investigations conducted when employees are transferred or promoted into high security positions?
  • Is there a confidential 800 number available and effectively promoted for employees to anonymously call if they suspect or know of illegal or unauthorized activity by a co-worker, vendor or contractor?

If you haven’t answered yes to at least ten of these questions, your company may well be an easy victim, and it’s probably time to take action.

Help determine your risk factor by taking this confidential assessment — only you will be able to view the results. http://danbee.opendoorstech.com/fraud-risk-assessment

Why Your Employee Dishonesty Insurance May Not Pay a Legitimate Claim

Insuring your company from employee theft is a unique form of coverage, different from loss caused by fire, flood, or even break and entry. Very few executives understand how it works, which is why so many legitimate claims are rejected each year.

If your facility is damaged by fire, water or forced entry, the physical evidence is apparent. It is essentially a matter for the insured to document the damage, tally the destroyed or missing inventory, and notify the insurance company. When it comes to documenting internal theft, however, you’re dealing with significantly different variables.

To begin with, your alarm system will not be going off in the middle of the night providing you with immediate notification that you’ve been victimized. Internal theft is a silent predator, normally taking place for months, and sometimes even years, before management becomes aware of its existence.

Another difference is the lack of readily available physical evidence that clearly proves the loss was caused by dishonest personnel. Most firms come to the realization that they are missing product only after receiving troublesome inventory reports or a confidential tip. Some warehousing executives wrongfully assume that inventory loss is the result of an operational problem, such as a software glitch, product mis-selections, or counting errors by inventory personnel, and the theft continues.

When management finally does become convinced that their loss is dishonesty related, they are faced with the difficult task of uncovering and documenting it. Unfortunately, this is not simply a matter of taking photographs of for example, water-damaged inventory. After all, it is hard to photograph product that has vanished.

It is safe to say that your insurance company will not be running to your door with a check simply because you notify them that you’ve been victimized by internal theft.

Most policies state that an insured must provide independent proof, in addition to a profit and loss statement, or inventory report, that corroborates that the theft was, in fact, committed by company employees. Consequently, the firm incurring the loss has the responsibility of performing an investigation and compiling evidence that proves that one or more employees stole the missing inventory. Without this independent corroboration, your financial computations alone simply will not count for much.

When properly prepared, and in conjunction with accurate financial computations, these forms of corroboration put the odds in your favor of having an inventory theft claim honored by your insurance company.

Undercover Reports – Factual observations made by a professional investigator working alongside company thieves.

Video Evidence – New technology makes it possible to conceal cameras inside smoke detectors, sprinkler heads and wall clocks, virtually undetectable.

Covert Surveillance Reports – Investigators who witness employees removing product from your warehouse or truck drivers delivering product to unauthorized locations.

Admissions of Guilt – Confession statements must be properly prepared and witnessed so it is clear that dishonest workers made their admissions without any duress, undue influence or coercion of any type.

Why Theft Escalates in a Recessionary Economy

This distributor had historically been running acceptable inventory variances. Although there were occasional periods in the past where this company experienced discrepancies, management had never seen numbers this bad. Over the last six months, their cycle counts revealed an increase in shrinkage of more than 400%.

Unable to find an operational explanation for this, they decided to have a confidential investigation conducted. The undercover operation we conducted subsequently exposed a group of employees who were stealing company inventory each week. When these workers were apprehended, they admitted that while they had not previously stolen company inventory, recent events put them in a position where they felt they desperately needed extra income. After considering the alternatives, they decided that stealing from their employer provided the easiest way to supplement their income with the least amount of risk.

If you regularly read business publications, you have probably noticed more stories about business crime over the last two years. This is no coincidence. There is a direct correlation between this increase in criminal activity and the recessionary economy.

Employees are being driven to dishonest activity by financial need. With tens of thousands of companies instituting cost cutting measures, employees see their personal income at risk. Wage freezes, benefit reductions, reduced or eliminated overtime pay and vanishing bonuses, as well as plunging stock value, are the grim financial realities facing both white and blue collar workers today. In worst case scenarios, jobs are being completely eliminated and the prospects of finding a new one are bleak which is why Congress has extended unemployment benefits.

Even if cutbacks have not yet taken place, many workers believe that it is just a matter of time before their employers put them in effect. A growing percentage of employees see this belt tightening as unfair or unjustified, and at the same time feel pressured to find an alternative means of income.

Unfortunately, many workers are deciding that stealing from their company offers them this opportunity. Making matters worse, some employees rationalize and convince themselves they’re doing nothing wrong.

Employees who we’ve apprehended have offered a variety of explanations, many of them stating that they were simply taking what they felt they were entitled to. One supervisor caught defrauding his employer explained it this way, “I’ve worked hard for this company for a long time and I didn’t see the owners making sacrifices like they expected us to.”

Another dishonest distribution center employee, who was working in collusion with several co-workers, stated that he was “just doing it to them before they did it to me”.

These rationalizations don’t only extend to company workers. Unfortunately, vendors, contractors and even some customers can adopt a similar mind set when confronted with serious financial pressures.

We exposed one such theft operation that was taking place between a company driver and a customer that he regularly made delivers to. In this case, it was the customer who made the overture, asking the driver one day if he had any extra product he wanted to sell for cash. When the driver replied that he didn’t, the customer then suggested that if he reported a delivery shortage and the driver corroborated his story, there would be no way to disprove the bogus claim. The driver agreed and ended up selling the customer several cases of product for 30% of its legitimate value.

After doing this a few times, the customer told the driver that if he was able to “short deliver” other customers on his run, or arrange to have extra product “overloaded” onto his truck by other employees at his warehouse, he would gladly pay him in cash for the goods. After we apprehended the driver and then interviewed the customer, he admitted he had acted out of desperation.

Prompted by a downturn in sales and cash flow problems, this customer aggressively sought ways to generate additional profit, and before long he and the driver were netting nearly $1,500 a week by transacting stolen merchandise.

How to Avoid Being Duped When Verifying Background Information

Candidates who want to circumvent your screening process to hide a history of violence may resort to providing a “prepared cover” which allows them to conceal parts of their background that they do not want you to learn about. Oftentimes, this will involve creating fictitious addresses, places of employment, and work related references.

One way to avoid falling victim to a “prepared cover” is to properly verify addresses and telephone numbers provided by candidates. If, for example, a candidate lists his prior employer as Rosewood Logistics, located at 100 Valley Way, Los Angeles, do not simply accept this as a bonafide company or address. Rosewood Logistics may have been created by the candidate for the sole purpose of serving as past employment. The address provided could be a rented mailbox and the telephone number could be forwarded to a friend who is waiting for the opportunity to give the candidate a favorable reference.

To avoid being manipulated, check a directory to see if the company is listed, and if so, what their address and telephone number is. It may also be worthwhile to access a Dun and Bradstreet report to see if they are registered. If the telephone number or address is different, contact the company via the phone number and address you found, not with the information provided by the candidate.

Another red flag is a company that the candidate claims has relocated or gone out of business. While this may be true, it is an effective way to conceal an individual’s real history by providing a dead-end reference. Most companies simply accept this as fact instead of researching the company to see if, in fact, it did exist and whether the move or bankruptcy occurred when the candidate claimed that it took place.