After more than 25 years conducting fraud investigations, I have learned a lot about fraudsters, their methods, and the companies they work for.
Hotlines cut fraud losses in half.
Anonymous reporting mechanisms like fraud hotlines decrease the cost of internal fraud. Employees are excellent watchdogs, and are more likely to report wrongdoing if they have a confidential way to report the information they possess. Research shows that companies with hotlines discover fraud schemes sooner and therefore lose less to internal fraud.
Sarbanes-Oxley mandated anonymous reporting mechanisms like hotlines for public companies. Private companies should do the same, since the hotlines have been proven to be effective. However, companies should not get a false sense of security from a hotline. There are many other fraud-prevention measures that companies should also implement.
Employees are very receptive to anti-fraud training.
As I’ve mentioned, employees are typically very good watchdogs. They don’t like to see someone else on the take while they are putting in honest work. If they know what to look for, employees are likely to report misdeeds to management.
Therefore, anti-fraud training is usually very well-received by employees. They are anxious to learn what fraud looks like and feels like. During training, they often reflect on situations in the past that seemed suspicious. If they’d had anti-fraud training back then, they probably would have reported their suspicions to management.
It makes sense, therefore to provide basic anti-fraud training to everyone. Management can never predict who will see what, and it’s important for all employees to be armed with knowledge. More targeted anti-fraud training can be provided later to those employees who work in higher-risk areas of the company.
Teams of fraudsters steal more.
A single thief at a company can only commit so much fraud. Even with access to assets and data, that person is limited in the amount that can be stolen because someone is usually watching over other parts of the business.
For example, one employee makes bank deposits, while a separate employee balances the bank account. This effectively verifies the bank deposits that the first employee was supposed to make. Alone, the employee making bank deposits is unable to steal without detection.
On the other hand, two or more people in collusion can commit more elaborate frauds for longer periods of time. Under a typical company’s system of controls, employees intentionally perform independent checks of one another. If two employees collude to override those independent checks, they can more easily defraud the company.
In the bank deposit example, the employee doing the bank deposits could join forces with the employee balancing the bank account. If they are successful, the first employee can steal money from the bank deposits while the second employee helps cover the theft during the bank reconciliation process.
Thieves have a hard time keeping secrets.
Someone, somewhere always knows about the fraud. Some thieves are simply arrogant and they need to brag about how clever they are. Others just plain can’t keep their mouths shut.
In addition to verbal clues, there are non-verbal clues that can give away a fraud. Thieves often can’t help but show off the items they’ve bought with the proceeds of fraud. Others take many unusual trips, often to casinos. Some fraudsters exhibit nervous behavior or become overly possessive of their work responsibilities. Pay strong attention to those clues and investigate further.
Don’t forget that even though teams of thieves can steal more than single perpetrators, they also have a harder time keeping the fraud under wraps. Two or three conspirators have a harder time keeping a secret than a single thief. The more mouths involved in a fraud, the more likely someone is to talk about the scheme.
Small frauds lead to bigger frauds.
A planned one-time theft to fill a need or right a wrong can easily escalate into a full-blown fraud scheme. An employee who just intends to steal once finds out how easy it is, and that leads to repeat frauds. Each stolen customer payment or forged check gets progressively larger.
Even an employee who never intended to commit a fraud can be drawn into a scheme. She or he may notice that an accounting error went undetected and uncorrected. The right thing would be to notify management in order that the error can be corrected.
However, I have seen many honest employees turn dishonest in this situation. Instead of helping to correct the error and close the loophole, the employee may be tempted to take advantage of the breakdown in the company’s controls. Getting away with something small often emboldens previously honest employees, and a fraud of this type can escalate quickly.
Arrogance is often the downfall of a crook.
I often say that arrogance gets in the way of the fraud. Crooks sometimes get so wrapped up in a feeling of invincibility, it causes them to get sloppy. They forget to cover their tracks or properly conceal the fraud. Deep down, the thief believes she or he will not be caught anyway, so being cautious is not the chief concern.
Sometimes white collar criminals get so arrogant that they push the limits of the scheme too far. Again, they come to believe that they are not going to be caught. They believe that even if they are caught, they will not be convicted of a crime.
Pushing the limits of a fraud or getting sloppy inevitably causes a scheme to unravel. Maybe the numbers get so high that computer software flags some items or the auditors start looking harder. Sometimes a critical phone call or piece of mail escapes the scammer. Many times arrogance plays a part in discovering the theft.
Victims of fraud aren’t necessarily smarter afterward.
You would think that a victim of a fraud would be highly concerned with changing policies and procedures to prevent future incidents. I would expect a victim to at least be concerned with closing the loopholes the thief exploited.
Unfortunately, companies aren’t always willing to critically examine their anti-fraud controls after an investigation concludes. They consider the cost of the fraud and the high cost of investigating and litigating. No budget dollars may be left to help shore up controls.
This is one of the biggest mistakes a company can make. It is careless to leave loopholes open for future thieves. It also sends a bad message to everyone else in the company. Employees are now aware that there are defects in the system and that the company has not fixed them. That’s like sending out an invitation to steal.
Of all the things that companies can do after discovering a fraud, reworking the anti-fraud controls is probably the most important. Management must learn from the mistakes of the past, otherwise the company will be victimized again by employees.