July 30, 2020
Editor's Note: This article is an expanded discussion of an article in the February 2019 issue of CLM Magazine.
To reduce the risk of employee theft and embezzlement claims, policyholders must have sufficient internal controls. Accountants generally define internal controls as policies and procedures that are designed to provide reasonable assurance for safeguarding assets from loss. Virtually all companies have at least some level of internal controls, but embezzlements still occur. Why is that?
Many failures occur because of inaction by policyholders. Either anomalies in the accounting data do not receive proper attention, red flags are not recognized, or there is an override of an existing control by an employee. The override can be to save time or because the employee doesn’t understand the importance of the control—or it is intentional. In my experience, the majority of overrides usually involve a review procedure that is not done, or done in a cursory manner. As a result, the typical controls are diluted and the risk of loss is not reduced to a low level.
Reducing the Risk
Some additional anti-fraud measures that can reduce the risk of embezzlements and fraud from happening or discovering them early are:
- Anonymous Hotline—In survey after survey, a “tip” is the number one way that fraud is detected. The use of an outside company that provides a toll-free hotline number assures employees that their call is anonymous, which is important. This has been required of all publicly-traded companies since 2002. Carriers should require (or offer a premium discount to) all non-public policyholders to have an anonymous hotline with the number posted in the employee directory and/or the company’s website as the “Fraud and Abuse Hotline.
- Inform Policyholders of Fraud “Red Flags”—Carriers should communicate to policyholders—through a newsletter or their website—that the most common red-flags are an employee that: has an attitude of entitlement; is living beyond her means (usually includes an expensive automobile); is under financial pressure; is involved in a divorce or other family problems; has gambling, drug, or other addictions.
- Exit Interview of Employees Who Leave the Company—Normally, when an employee leaves voluntarily, there is an exit interview with Human Resources. As a fraud examiner, I would like one question to be asked: whether the employee ever saw something that seemed wrong, out of the ordinary, or not in accordance with company policies. Since the employee is leaving the company, she should feel free to answer honestly and fully.
- Accounts Payable Department Controls—The most costly embezzlement scenario involving the accounts payable department is a fictitious vendor. Once a fictitious vendor is entered into the accounts payable system, invoices will be paid for years until this is detected. Some of the best measures to reduce the risk of this fraud is to institute policies such as: Employees who process invoices for payment should not be allowed to enter new vendors into the payable system; requiring vendors to have a street address and not just a P.O. box on invoices (a fictitious vendor would only have a P.O. box on a fictitious invoice where the check would be mailed to, as this is the only way an employee can get the payment with no trace to themselves); when a check is generated and signed, it is never returned to the person who initiated the payment request; requiring a change of address by a vendor to be in writing, on letterhead—no phone calls, emails, or faxes. Carriers should communicate these measures in a newsletter or on their website.
- Email Phishing Scam Awareness—Technology has created many new fraud scams. One particular email phishing scam that has hit larger businesses with large losses goes something like this: Fraudsters gain access to a company’s email system and a senior management level individual as well as the controller or treasurer are identified. The fraudsters cause an email to be sent from the senior manager to the controller or treasurer instructing them to wire funds to a particular account for a certain fictitious purchase or required payment. Law firms and CPA firms have also been hit with this scam. It goes without saying that the best anti-fraud policy here is that non-recurring wires or electronic payments be validated in person or by telephone with the employee making the request. The importance of knowing about this scam could be communicated through a carrier’s newsletter or website.
- Specific High-Risk Areas Needing Specific Anti-Fraud Controls—These include: businesses that accept cash, which should have a security camera installed for full view of the cash register; and fleet maintenance departments, where high-dollar and small parts should be in security cages with restricted access and a security camera installed directly in front of the security cage.
As a fraud examiner, I focus on helping businesses prevent or detect fraud schemes early by recommending additional anti-fraud polices. Insurance carriers collect premiums and process claims. I recognize that it may be unusual for a carrier to get involved with anti-fraud measures for its policyholders, but I believe that if carriers can incentivize policyholders to institute at least some of these anti-fraud policies, claims will be less and it is a win-win for both.