In 1987, during arms control negotiations between the United States and the USSR, President Ronald Reagan popularized the phrase “trust but verify.” The maxim is pithy and oft-quoted, but for companies looking to mitigate risk and financial fraud, it should be reworded slightly to “Verify and monitor continuously.”
Fraud is often hard to detect—the Association of Certified Fraud Examiners (ACFE) estimates that the average fraud goes undetected for years. Some of the largest and most damaging frauds, including Bernie Madoff and Allen Stanford, spanned a decade or more. Fraud is also costly; it is estimated that U.S. businesses lose 7% of annual revenues to fraud, and it is responsible for one out of three business failures. The financial implications of fraud are bad enough, but reputational damage can be equally harmful.
Fraud is a potential danger for companies in all industries. In a survey my firm conducted in 2012, nearly 40% of private equity firms said they had experienced fraud. The statistics are sobering, but there is much that companies can do to protect themselves.
The biggest trend we are seeing is that corporate boards are implementing a tip line, which is a great way for employees and others to anonymously report wrongdoing. ACFE studies show 42% of frauds are uncovered through hotlines. You want employees to come forward and tell you what is wrong to give CEOs a chance to fix it. The average EEOC complaint costs between $50,000 and $100,000 in legal fees to settle, not to mention the potential damage to morale and reputation—wouldn’t you want a heads up to fix it before it gets to that?
Instituting rigorous hiring practices, including screening temps and contract workers, is another important tool in preventing fraud. It is not realistic to have the same level of scrutiny for an entry-level employee as you would for a senior executive, but the best way to avoid fraud is by carefully culling the bad apples before they are hired. Look for criminal or regulatory issues, limited references, job-hopping, trouble making eye contact and a pattern of lawsuits. A number of our clients have begun to ask us to vet their information technology hires. The IT department has access to the most sensitive files and so it is imperative to investigate potential hires in that department.
Every firm should also have a code of conduct, which describes the culture of a company and what is expected of each employee in terms of actions and conduct. Each company is different, but some rules are universal: sexual harassment cannot be tolerated; discrimination against anyone based on color or religion is strictly forbidden; the workplace should be free of illicit drugs and alcohol; and employees cannot accept gifts from customers or vendors. Consequences for violating any of these codes should be clearly spelled out.
A system of basic financial checks and balances is another way to protect against fraud. Even in smaller firms, the same person should not be in charge of both accounts payable and accounts receivable. Larger payments from the company should be signed by two executives. Regular meetings should be arranged with IT officials to insure that cyber-crime is being monitored at all times. Also, consider installing security cameras to serve as a deterrent for rogue employees.
In the wake of the Madoff scandal, the role of compliance officers has taken on greater importance. Compliance officers often have a seat at the C-level table and are valuable in helping companies to stay on the right side of regulations. As discussed, however, the best way to prevent fraud is by having several layers of protection.
Preventing fraud is an ongoing endeavor that requires a commitment to maintaining vigilance each day. Some red flags are easier to spot than others. Some of the most common “tells” of disgruntled or risky employees who may commit fraud include:
- Living beyond their means
- Financial difficulties
- Too-close relationships with customers or vendors
- Drug or alcohol problems
- Major stressors, like family problems, including divorce and bankruptcies
In the event that fraud is suspected, every company needs to have a playbook to help guide their actions. This should include having a process to address a tip or complaint, leveraging the expertise of investigators and attorneys and following a plan that keeps the company operating with minimum disruption.
The vast majority of companies prefer to keep things quiet and resolve matters in a private setting. No company wants to have one of its employees be the subject of a “perp walk,” where the alleged offender is shown by the media in handcuffs accompanied by police on their way to being charged.
The surge in cyber-crime is proof that fraud never truly disappears; it just changes shape and form. Therefore, it is up to each company to become a hardened target and make fraudsters want to look for an easier mark.