Employee theft causes more business bankruptcies than any other type of crime, according to a 2012 white paper from consulting firm McGladrey.
The greatest emerging source of employee fraud is embezzlement, but the problem ranges from accounting employees committing theft (26.9% of reported cases) to fraud by executives (17.8%) to front-line staff stealing from cash drawers (less than 3%), McGladrey reports.
Financial services and government organizations experience internal fraud the most.
Employee theft increases during difficult economic times, not only because workers in dire financial straits are more tempted but because layoffs often cause firms to cut internal controls.
Michigan State University Federal Credit Union in East Lansing has had very few incidences of internal fraud. But about 16 years ago, a young employee set up a fraudulent loan account.
“She was the friendliest person in the world,” recalls April Clobes, executive vice president of the $2.3 billion asset credit union. “It’s often the most unlikely people who do this. You don’t know what’s going on in their lives. A long-time employee could have a setback in his or her personal life that makes them desperate.”
The incident prompted the credit union to review dormant accounts for unusual activity and to reach out to those accountholders. “Now we feel comfortable that we have proper measures in place to prevent that type of problem,” Clobes says. “And if we had another incident, we’d debrief and evaluate our procedures for needed changes.”
Prevention starts in the hiring process, she says. Job candidates must agree to thorough background checks that cover criminal, legal, financial, and credit history, along with reference checks and drug testing. “We also have a rigorous interview process to make sure candidates have consistent backgrounds and are a good fit,” says Clobes.
After they’re hired, employees read the credit union’s personnel manual and sign a statement of integrity. The internal audit department, which divides its responsibilities among several individuals, conducts a daily loan review, audits information technology (IT) systems, does periodic cash counting, and reviews daily reports that would identify issues such as check kiting.
“They’ll go to a branch unannounced and audit the cash drawers, recyclers, and vaults,” Clobes explains.
Auditors review random samples of loans, loan set-up files, and employee accounts. If daily reports show unusual activity in an account, they investigate further. The department has written processes and procedures so managers know what auditors are reviewing.
“Managers conduct spot checks as well, and review in-branch films of the teller line, the drive-up, and other areas,” Clobes notes. “Data is our biggest concern, and we have processes so employees don’t do downloads. We don’t allow them to use external drives.”
Managers take note when employees have financial problems.
“This doesn’t necessarily correlate to negative actions, but desperate situations can influence behavior,” says Clobes. “We refer them to Greenpath Debt Solutions to get in a better financial position. Otherwise it puts them and us at risk.”
We all want to trust our employees, she says.
“You might have hired them and worked with them a long time,” Clobes says. “You’re hesitant to believe they could commit fraud, but you have to be aware that they could.”
Just because you haven’t had an incident in years doesn’t mean you can rest on your laurels.
“Employee fraud doesn’t happen often, but you can’t forget about prevention or not train people,” says Clobes. “If you don’t have an internal audit department, contract with an accounting firm or another third party.”
Watch for red flags
Any financial institution will have at least one minor incident of employee fraud at some point, notes Wanda Cathran, assistant vice president of operations at $615 million asset Farmers Insurance Group Federal Credit Union in Los Angeles.
“We keep that information proprietary, although we would report it to our insurer—CUNA Mutual Group—and management would be made aware.”
The credit union has comprehensive fraud-prevention processes. Its human resource department works with a third party to conduct thorough background checks of job candidates and verify whether candidates are bondable.
“We have an Internet manual of policies and procedures, system controls and monitoring tools, and training in proper safeguards by the IT and fraud departments,” Cathran says. “The IT department provides training on system-abuse prevention and the storage and disposal of confidential information. And every year employees sign code-of-conduct and compliance documents.”
Building access is secured. Computer systems log employees out after normal working hours unless they have special permission. Managers often work remotely and have extended system access.
The credit union’s fraud investigator, Voung Hoa, is overseeing the implementation of Guardian Officer—a software tool that flags suspicious or unusual activity.
“It looks at employee, dormant, and active accounts,” he says. “If there’s activity on a dormant account, it’s pulled for review.”
There’s also an automated system employees can use if they notice something suspicious about another employee’s behavior.
“They complete an online suspicious activity form, which gets forwarded to me,” says Hoa.
Managers take note of any employee expenditures that are outside the norm.
“If they have expensive new clothes or are traveling extravagantly, it can be an indicator of fraud,” Cathran says.
Hoa agrees. “In my history of fraud investigation, I’ve noticed internal fraudsters like to be flashy and show off their new stuff. They might have an expensive new vehicle they’re showing off to fellow employees.”
He looks for other cues, too, such as an individual acting differently when a supervisor or co-worker is around.
“If a task takes longer than is typical, it triggers suspicion,” he says. “I’d watch them and analyze their day-to-day activity to see if there are other red flags.”
Managers also work with candidates and employees having financial difficulty.
“In our advance background checks, if there are questionable situations, we give people the opportunity to clear them up before the hiring process,” says Cathran. “We treat all employees alike, but we’re aware of things like a history of overdrafts. Employees know from our code of conduct they can’t be overdrawn more than a certain number of days or above certain amounts.”
Hoa monitors the security process continually and makes suggestions for improvement, such as the Guardian Officer software.
“It will be a valuable tool that provides more oversight in certain areas,” Cathran says. “Voung’s job is to have policies and procedures in place, and to make sure employees are trained.”
Strong policies and procedures are crucial, Cathran says.
“Make sure everyone reads them annually, and provide frequent training so there’s more awareness of potential red flags. Ensure everyone understands management’s position on fraud. Our message is, if you’re caught, you’ll be prosecuted to the fullest extent of the law, and we’re all responsible for being aware and on the lookout.”