“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness…”
It may not be as odd as you think to quote Charles Dickens when talking about protecting your business against fraud. Clearly it’s the “best of times” when it comes to how technology enables us to do business faster and better. Yet in some ways it’s also the “worst of times,” considering how the same technologies can leave companies vulnerable to fraud and even at risk of failing.
Rarely a week goes by that we don’t read about a business that was hacked and had data stolen or even held for ransom. Or one where a trusted employee was discovered to have embezzled funds, even to the extent that it threatened business continuation.
In its 2016 Report to the Nations on Occupational Fraud & Abuse, the Association of Certified Fraud Examiners (ACFE) estimated that the typical organization loses 5% of revenues in a given year due to fraud, with median losses running around $150,000 and almost a quarter of cases studied losing $1 million or more.
Unfortunately, even simple prevention measures are often overlooked by growing businesses. A strong banking partner should advise business customers to establish policies and procedures that are as robust as possible. Setting them up correctly from the start makes it much easier to keep them current – and their business healthy − as time goes on.
Fortunately, this is also an “age of wisdom” because we know more about how to protect business operations and finances…that is, if we’re not ignoring best practices for companies of any size or type. We recommend this list as a good place to assess whether you’re doing enough to reduce your risks.
Sometimes one of the strongest deterrents to internal fraud is reducing opportunities for it to occur and knowing the employer has strong controls in place.
Access to products, data, financial information, emails, intellectual property
- Are user IDs unique?
- Are password changes periodically required?
- Are employees regularly educated about current scams & risks − from not opening certain types of emails to falling prey to scam fund transfer requests, etc.
- Is intellectual property protected beyond just codes & passwords?
Security of physical assets
- Laptops secured every night
- Lockable files & desks
- A safe for overnight cash deposits
- Security cameras
Security of financial assets — custody of cash, signed checks, etc.
- Authorization hierarchy clearly defined
- For key processes, procedures & transactions
- For documentation required
- For acceptable request methods
Segregation of compatible roles
- Recording and posting in accounting systems
- If departmental staffing prohibits internal segregation, have independent checks done by a 3rd party not involved in that process, such as owner review of bank statements
Dual approval processes
- One person required to initiate and a second to confirm any money movement
- Account reconciliation
- Conducted daily and via online banking when feasible
Part of your risk planning should also include external controls that can help you conduct periodic audits and manage access, including who is allowed to direct and who is allowed to either send out or pull payments. Consider these measures.
- Automated Clearing House − ACH
- Blocks and filters − an added ACH service that enables retrieval of wired funds if fraud is detected within 48 hours
- Annual treasury check-up
- Annual financial procedure audit
- Background checks − an important way to ensure you’re hiring wisely
It’s easy to get lulled into “This is how we’ve always done it” or “These are people I’ve known and trusted for a long time.” Even if yours is a family business – or your employees have been with you so long they feel like family – you could still be at risk. Your bank or financial advisor can recommend reputable third party resources for external controls or audits that are appropriate for your business.
The good news is that, if you don’t write off these tips as “foolish” safeguards because you’re busy or too trusting, putting in place smart controls and exercising vigilance will protect your business against the “worst of times.”