5 facts about fraud that most companies learn the hard way

Source: Soldiers Media Center

Fraud happens. Often. Here are just five facts that companies learn the hard way when fraud occurs:

Fact #1 – Fraud does not happen on the company’s timetable.

Revenues are up. Revenues are down. It doesn’t matter. The company could be experiencing the best of times or the worst of times. The fraudster doesn’t care. All he or she wants is money. Fraud will happen on the fraudster’s timetable. He or she decides if, when, how much, and how often. If the company has countermeasures in place, the fraud may be prevented or the losses kept to a minimum. With little or no countermeasures in place, however, watch out.

Fact #2 – Fraud scares people, especially senior executives.

When I meet with clients, I often tell them that fraud is a small word with big implications. In my experience, senior executives are most often apathetic when it comes to discussions regarding fraud. That is, until they are made aware of an actual fraud taking place on their watch. Then they become exceptionally nervous and spend a great deal of energy worrying about what will happen. They don’t know what they don’t know, and that makes them nervous, sometimes angry, and generally apprehensive about the future. Is this my fault? Will I be blamed? How much money will we lose? Will we get it back?

Fact #3 – Fraud prevention is an afterthought in most companies.

When meeting with a new client, we want to gain a sense of the overall maturity of their efforts to prevent, detect, and investigate fraud. Below is a small selection of the questions that we typically ask:

  • Do you have an employee hotline? How do you measure its effectiveness?
  • Do you have a fraud case management database? If so, when was the last time the information was used to develop proactive countermeasures?
  • What controls do you have in place to prevent and detect fraud? Who “owns” control development, deployment, and testing?
  • What policies and procedures do you have in place to ensure that employees are unable to steal your company’s intellectual property? When was the last time someone tested their effectiveness?
  • How often does fraud take place in your industry?
  • Have you incorporated “lessons learned” from fraud at other companies?
  • Who is responsible for fraud prevention, detection, and investigation within your organization? If separate departments, how often do they meet to share intelligence?

Very rarely will senior executives answer these questions without providing some potential areas for improvement. Most often, they struggle to answer at least one or two of the questions, which can lead to some uncomfortable silences and pained expressions. That’s OK. We know that fraud prevention is an afterthought. It shouldn’t be, but it is. Most companies don’t think about fraud until it happens or they narrowly avoid taking a loss. I personally want to change that. There is no reason that companies need to experience the vast majority of employee and third-party fraud. A company will never be fraud free, but it can certainly make it much more difficult for fraud to happen.

Fact #4 – Fraud investigations are easy to screw up.

Investigating fraud, particularly employee fraud, is much more complicated than it appears. Employees have rights, and lots of them (as they should). If in the course of an investigation a company violates those rights, the “hunter” can become the “hunted.”

Let’s consider a real-world example.

Local law enforcement thinks that one of your employees, Bob, is involved in drug trafficking. Your internal audit department is also investigating Bob. They plan to talk with him next week regarding some missing inventory. A detective from local law enforcement wants internal audit to ask a couple of questions that would help him with the drug investigation. In fact, the detective really wants to be in the room during the meeting. Helping law enforcement is a good idea, right? We might need them to help go after Bob for the inventory we think he has stolen. Would we screw up the investigation by helping law enforcement? How? We’ve already sent an email to the detective detailing the inventory theft. The detective agrees – this guy is a criminal!

(Hint: this investigation is destined for failure.)

Screw up an investigation, and you may be forced to rehire the employee that allegedly committed fraud as well as pay lost earnings and possibly even a fine. Trust me, it happens.

Fact #5 – Fraud losses are rarely recovered.

We’d like to think that law enforcement can reach out and claw back the proceeds from a fraud whenever needed. The truth is that most of the time, the proceeds are long gone. Fraud schemes typically last a median of 18 months. During that time, your company’s money is burning a hole in the pocket of the fraudster. They want to buy goods and services, pay down debt, stop foreclosure, share their good fortune with family and friends, etc. The last thing they want to do is deposit the money in their bank account and watch it gather interest (although in very rare circumstances, this does happen).

Notwithstanding the fact that fraudsters want to spend the proceeds, the truth is that law enforcement is often unable or unwilling to help companies recover fraud losses. Law enforcement is overstretched. At the local level, detectives in small cities are assigned all manner of cases, from petty theft to murder. In larger jurisdictions, detectives have an overwhelming case backlog that is closely tracked by their superiors. Financial crimes can be extremely complicated and time consuming to investigate, especially if the detective does not have a financial background. Detectives need to close cases – quickly. At the federal level, the bar is even higher. A six-figure loss may be devastating for your company, but it may barely raise the eyebrow of an FBI special agent in a large metropolitan area. With no connection to organized crime, drugs, or terrorism, the case file may be shelved and forgotten.

I strongly support law enforcement and have worked with some very talented local, state, and federal agents. However, we really can’t expect them to pursue every fraud that hits their desk. Let’s be honest; why should we expect law enforcement to help recover losses when so many of them could have been easily avoided?

If you have additional “facts” that you would like to share, please feel free to add a comment.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Advertisements

Nonprofit fraud can be very profitable

Don’t let the word nonprofit fool you; as this case shows, there is plenty of money up for grabs.

Over the course of eleven months, Jeffrey Bernstein allegedly embezzled over $2 million from the Albert Ellis Institute, a nonprofit based in New York. The Institute’s mission is to provide “global access to the benefits of Rational Emotive and Cognitive Behavioral Therapies through the training and education of mental health and allied professionals worldwide.” I’m not sure what that is either, but clearly they have money on hand to fund their efforts. Or at least they did.

Yet again, we have a remarkably simple fraud. Bernstein allegedly transferred funds from the Institute’s bank accounts at J.P. Morgan Chase to personal accounts that he controlled. Here is the twist; the Institute is not pursuing Bernstein. Instead, they have sued J.P. Morgan Chase in civil court. Presumably, they believe that Bernstein has spent the money and that a judgment would be worthless.

In order to prevail in a civil suit, the Institute is going to have to show that J.P. Morgan was at fault. In practical terms, how much responsibility should the courts place on a bank to detect embezzlement? Unless J.P. Morgan Chase made a glaring error that was entirely inconsistent with their own policies and procedures, I don’t see the Albert Ellis Institute prevailing in court. Further, the Institute better be able to show that they had taken the necessary steps to prevent the fraud in the first place.

Each year, J.P. Morgan Chase invests tens of millions of dollars to prevent, detect, and investigate fraud. Speaking from experience, banks will never get it right 100% of the time, with embezzlement being the most difficult fraud for a bank to guard against. By definition, the transactions are initiated by authorized individuals that are granted access to the organization’s bank accounts to conduct routine business transactions. In most circumstances, expecting a bank to detect embezzlement in a sea of routine transactions is just unrealistic. (Each case is different, so I stress “most circumstances.”)

In my opinion, given that the fraud took place over eleven months and was perpetrated by the president of the Institute, the burden that the plaintiff must overcome to prevail in court will be considerable.

Stay tuned…

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com