"It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness…”
It may not be as odd as you think to quote Charles Dickens when talking about protecting your business against fraud. Clearly it’s the “best of times” when it comes to how technology enables us to do business faster and better. Yet in some ways it’s also the “worst of times,” considering how the same technologies can leave companies vulnerable to fraud and even at risk of failing.
Rarely a week goes by that we don’t read about a business that was hacked and had data stolen or even held for ransom. Or one where a trusted employee was discovered to have embezzled funds, even to the extent that it threatened business continuation.
In its 2016 Report to the Nations on Occupational Fraud & Abuse, the Association of Certified Fraud Examiners (ACFE) estimated that the typical organization loses 5% of revenues in a given year due to fraud, with median losses running around $150,000 and almost a quarter of cases studied losing $1 million or more.
Unfortunately, even simple prevention measures are often overlooked by growing businesses. A strong banking partner should advise business customers to establish policies and procedures that are as robust as possible. Setting them up correctly from the start makes it much easier to keep them current – and their business healthy − as time goes on.
Fortunately, this is also an “age of wisdom” because we know more about how to protect business operations and finances…that is, if we’re not ignoring best practices for companies of any size or type. We recommend this list as a good place to assess whether you’re doing enough to reduce your risks.
Sometimes one of the strongest deterrents to internal fraud is reducing opportunities for it to occur and knowing the employer has strong controls in place.
Access to products, data, financial information, emails, intellectual property
Are user IDs unique?
Are password changes periodically required?
Are employees regularly educated about current scams & risks − from not opening certain types of emails to falling prey to scam fund transfer requests, etc.
Is intellectual property protected beyond just codes & passwords?
Security of physical assets
Laptops secured every night
Lockable files & desks
A safe for overnight cash deposits
Security of financial assets -- custody of cash, signed checks, etc.
Authorization hierarchy clearly defined
For key processes, procedures & transactions
For documentation required
For acceptable request methods
Segregation of compatible roles
Recording and posting in accounting systems
If departmental staffing prohibits internal segregation, have independent checks done by a 3rd party not involved in that process, such as owner review of bank statements
Dual approval processes
One person required to initiate and a second to confirm any money movement
Conducted daily and via online banking when feasible
Part of your risk planning should also include external controls that can help you conduct periodic audits and manage access, including who is allowed to direct and who is allowed to either send out or pull payments. Consider these measures.
Automated Clearing House − ACH
Blocks and filters − an added ACH service that enables retrieval of wired funds if fraud is detected within 48 hours
Annual treasury check-up
Annual financial procedure audit
Background checks − an important way to ensure you’re hiring wisely
It’s easy to get lulled into “This is how we’ve always done it” or “These are people I’ve known and trusted for a long time.” Even if yours is a family business – or your employees have been with you so long they feel like family – you could still be at risk. Your bank or financial advisor can recommend reputable third party resources for external controls or audits that are appropriate for your business.
The good news is that, if you don’t write off these tips as “foolish” safeguards because you’re busy or too trusting, putting in place smart controls and exercising vigilance will protect your business against the “worst of times.”
Click here for additional resources for mitigating fraud and risk.