News headlines announcing failing companies, corporate fraud and illegal business practices have become commonplace across the national scene. Partly due to decreased staffing and increased workloads and responsibilities, corporate executives and middle managers may not have the ability to oversee employees in the same way that has protected their organizations in the past. As a result, many businesses, including financial institutions and other major lending conglomerates, are now more at risk of falling victim to fraud than ever before. This article, takes a closer look at the reasons why corporate fraud is committed, and discusses detection and prevention techniques that companies can utilize to help ensure an organization’s financial security for years to come.
Before discussing how best to manage risk and prevent fraud, it’s important to consider the three main types: asset misappropriation, corruption and false statements. Interestingly, asset misappropriation accounts for 90% of all fraud cases committed and involves the theft or misuse of an organization’s assets. Generally, asset misappropriation is identified with fraudulent disbursements, skimming and cash larceny.
Fraudulent disbursements usually involve billing, payroll and expense-reimbursement, or register-disbursement schemes and check tampering. In the case of skimming, cash is stolen before it is recorded in an organization’s accounting records. For example, an employee may accept cash payments from a customer, but intentionally not record the transaction. When looking at cash larceny, we are primarily talking about the theft of cash receipts after they have been recorded. In this situation, an employee steals cash and checks from daily receipts before they can be deposited in the bank.
Misappropriation of funds schemes often start small, but can increase quickly over time, imposing huge financial consequences on an organization, as well as the financial institutions that service their banking needs. For example, a major New York–based commercial bank was fined by the Department of Treasury for failing to adequately assess customer risk and potential incidences of money laundering. A $12 million civil money penalty was assessed on the bank in 2006 for failure to adequately report numerous suspicious transactions representing, in the aggregate, hundreds of millions of dollars over a period of several years. This reported fine was in addition to the significant costs incurred by the bank for the implementation of procedures, systems and controls required to prevent future incidents.
Corruption, the second main category of fraud, occurs when a fraudster wrongfully uses his or her influence in a transaction with the purpose of procuring a personal benefit for him- or herself. Otherwise known as a bribe, corruption can take the form of bid rigging, invoice kickbacks, illegal guarantees or economic extortion.
Finally, the third main type of corruption is false, or fraudulent statements, which can be financial or non-financial in nature. The creation of fake financial statements may include over- or underreporting of assets and/or revenues, fictitious revenues, concealed liabilities and expenses, and improper asset valuations. Non-financial statements, when fraudulent, may include erroneous or exaggerated employment credentials or some other type of “support” document.
Although the scope of corruption often requires a forensic investigation of the relevant financial records, knowledgeable managers are often able to spot false information immediately and, for this reason, are in the best position to stop fraud. Intermittently missing financial records should be cause for concern.
In a case involving such a broad act of corruption, a German-based engineering firm was a victim to a major bribery scheme. Between 2002 and 2006, a former mid-level accounting executive at the engineering company oversaw an annual budget of between $40 million to $50 million, which was used by its managers and sales people to engage with corrupt government officials around the globe. Ostensibly, the purpose was to remain competitive in foreign markets.
The money was passed through secret bank accounts and handled by outside parties that usually had ties to ruling leaders that would in turn ensure the company won its contracts. As part of an outsourcing agreement, the firm paid these outside consultants a fee for their services. These outside parties then delivered cash to the final recipients. In one instance, to win a phone contract in Asia, the company paid $5 million in bribes to a prime minister’s son and other senior officials.
However, the scheme came to the attention of investigators in several countries. They began to track suspicious transactions leading back to the perpetrator. Once tipped off to the corruption, the company employed the help of a team of forensic analysts, lawyers and staff members to trace the history and scope of the various transactions that took place.
Due to its lack of internal controls between 2001 and 2007, the company made approximately $1.4 billion in illegal payments and more than $2.6 billion in fines, fees and costs related to investigations and reforms of its business practices.
Reasons Why People Commit Fraud
While the reasons corporate executives or employees commit corporate fraud can vary widely and may often not be clear, nonetheless these reasons do exist. Industry research and various reports that have tracked cases of fraudulent activity over the years show the motivation is usually tied to any of three primary factors, and often more than one: perceived opportunity, personal motive and the ability to rationalize.
Many people believe that without the opportunity, deception would probably not occur. When a swindler recognizes gaps in an organization’s policies, procedures or internal controls, the temptation to take advantage may be too alluring. While most employees are honest, there are always a few who will exploit these loopholes. When left unmonitored, a dishonest executive with knowledge of weak internal controls, lack of supervision or awareness of accounting anomalies may choose to benefit from the situation. The lack of internal controls — along with the belief that many employees don’t think they will get caught — also accounts for the reason why such a small percentage of fraud cases are ever caught.
In other instances, it’s not the opportunity that is the leading motivator, but rather a personal situation, one that is often unrelated to any events in the workplace. Employees who find themselves burdened with mounting financial responsibilities, perhaps due to medical bills, credit card debt, gambling losses or divorce requirements may see fraud as the only way out. In some cases, the fraudster feels pressure from managers, family members or peers to succeed and to exude an image of that success.
One perfect example of this is the case of a senior manager of human resources at a global information and telecommunications systems company. In September 2009, this executive was handed a 57-month prison sentence for defrauding the company’s health and welfare plan.
Hired by the telecom in 1979, this employee was in charge of managing all aspects of the company’s benefits programs. In 1997, he opened an unauthorized bank account with a name that referenced his company. Between 2000 and 2008, he deposited approximately $8 million into the account. Of that amount, approximately $4.9 million were payments for insurance claims that belonged to the plan. Allegedly, the money was used in part to pay for more than $1 million in credit card bills and $3 million in personal luxuries.
In personally motivated situations, schemers often view their acts as a temporary emergency measure to placate a stressful situation, until they can “repay” the funds later. However, it’s important to note that in most cases, employees never emerge from their situation and go on to return the stolen funds. Instead, they are more likely to continue to commit instances of theft, especially as they realize they have gotten away with the initial act.
Over the past two and half decades, I’ve often spoken with executives at numerous firms about fraud and risk management. Their biggest question usually is: How do we find out if we are victims of fraud? Sometimes there are numerous signs that become obvious after the fact, yet other times there are none at all. However, research shows there are red flags that provide a good indication that deceptive activities are taking place. Recognizing these signs requires looking at individual factors about the employee, high-level organizational considerations, and currently, the effects of a recessionary economic environment.
On an employee level, someone who takes no vacations; prefers to work unsupervised—especially after traditional work hours or at home — lives beyond his or her means or carries unexplained debt, should put any risk manager on alert. In addition, changes in behavior, such as a new cavalier wheeler-dealer attitude, are also red flags to watch for.
When senior level executives look at fraud, they should be aware that the combination of high staff turnover, low employee morale and/or lack of job rotations are all important indicators in cases of fraud and employee deception. When financials, bank reconciliations or account reconciliations take too long to complete, it’s time to pay attention. In addition, when an organization has either an excessive number of bank accounts or payments that are made based on copies — rather than originals — of invoices, risk managers should take note.
In today’s marketplace, the effects of the recent and lingering recessionary environment are increasingly becoming the catalyst for finding fraudulent behavior. From high-profile lenders and major corporations to smaller saving banks and businesses, the economic downturn has affected the profits and growth that many had experienced in years past. In addition, cutbacks and layoffs have weakened internal controls by leaving fewer people with greater responsibilities and duties. Yet, it is also during these down cycles that records and funds become more closely scrutinized, and fraudulent practices that may have been hidden for years finally come to light.
Of the cases where fraud is detected, 46.2% were caught by way of a tip from an employee, according to the “2008 Report to the Nation on Occupational Fraud and Abuse,” published by Association of Certified Fraud Examiners (ACFE) See Figure 1. Internal controls account for 23.3%, discovery by accident 20% and internal audit 19.4%. Lagging methods include external audit 9.1%, and police notification 3.2%.
(Percentages exceed 100% because, in some cases, respondents selected more than one method)
Source: Association of Certified Fraud Examiners
Armed with an understanding of the different types of fraud and how to detect them, the next and most important task is to determine how to prevent fraud at your company. One of the first steps you can take is to assess overall risk, focusing on high-risk activities that are outsourced, moved between divisions and those handled without supervision.
Once there is clear understanding about roles and responsibilities, it becomes crucial to set the tone from the top of the organization, one that dictates high ethical expectations based on transparency and a controlled environment. Employees at organizations that do not present this uniformed message and are not clear on policy are usually more likely to commit fraud.
It’s crucial to implement solid internal controls and conduct regular management reviews of these parameters. Along with setting a strong and clear policy, one of the most successful internal controls is an anonymous hotline for employees. To further motivate employees to report fraudulent activity, offer rewards for “whistleblowers.” Follow up on any reports and investigate them quickly and efficiently.
The creation of a separate management committee to constantly monitor these controls provides another layer of protection. Use the practice of surprise audits, with the emphasis on “surprise” for the sake of the audits’ effectiveness. In addition to staging unplanned audits, to further decrease the opportunities for fraudulent schemes, ensure that job duties are properly segregated and that employees take regular vacations.
In today’s technologically advanced work environment, businesses can use state-of-the-art software to view employees’ workstations, limit access and set notifications if highly sensitive files are being accessed. For financial institutions, the use of this technology is even more important given the sensitive, personal nature of the information retained in their systems. On a consistent basis, review reconciled statements, work and computer access, and security control. You can conduct regular tests to ensure Internet controls are sufficient and secure.
As new employees join your organization, also conduct a thorough background check of all candidates, taking extra care to check references for those interviewing for financially important positions. To deliver a consistent message on fraud, it is also important to hold regular training meetings for new and existing employees. A strong ethical environment implemented by key senior executives and reinforced by sound training will induce more self-policing among employees. The end result is increased oversight beyond that provided by internal controls.
When considering your organization’s approach to detecting, eliminating and preventing fraud, trust your intuition and suspicions, and always take a hard look into the facts surrounding any gut feeling you have that something “is off.” Almost half of all fraud detected is through employee tips; therefore it is also critical that you involve your employees. Put practical procedures in place, then monitor the environment in high-risk areas. When it comes to fraud, unfortunately it’s not a matter of “if” it will happen, but rather, of how well you are prepared when it does.
Steven San Filippo, a managing director at Traxi LLC, specializes in generating value enhancing, innovative solutions in corporate finance, restructuring, transaction support and asset recovery situations. He can be reached by e-mail at email@example.com.