We all know fraud can create a major drag on profitability. According to a 2014 study published by the Association of Certified Fraud Examiners, privately held companies, including farms and agribusiness lose, on average, 5 percent of their revenues to it annually.
Companies with fewer than 100 employers fare worst. In ACFE’s research, 28.8 percent of smaller companies experienced fraud, with an average loss of $154,000. By comparison, only 23.6 percent of companies with 100-plus employees were fraud victims. Their average loss was 17 percent less.
Why the difference?
Larger organizations tend to have more anti-fraud controls in place than smaller ones, the ACFE found. So they detect fraud sooner and lower their losses as a result. Smaller companies, on the other hand, have fewer resources to commit to fraud reduction strategies. Often they hope their banks, accountants and insurance companies will take care of fraud control for them.
And they’re half right.
As a banker, I can tell you that fraud prevention is a top priority. Many banks invest regularly in helping their customers reduce and prevent fraud, including providing the means for their customers to:
• Prevent paper check altering and forgery. Many banks make it possible for companies to provide them with a daily electronic file of all the checks they issue. The bank then matches the paid checks against the file to ensure the amount or payee’s name has not been altered.
• Prevent tampering with incoming payments. Rather than assigning employees to handle and deposit incoming checks, a company can arrange to have payments collected at a secure post office box and transported directly to their bank for processing. Companies can also reduce the risk of lost or altered checks by using remote deposit services that enable them to scan and transmit digital images of checks to the bank.
• Reject unauthorized transactions – Using Automated Clearing House (ACH) blocks and debit filters allow companies to authorize electronic transactions from particular businesses and specific or maximum amounts. Unauthorized transactions are automatically rejected.
What businesses can do for themselves
While banks can help businesses reduce risks, they are only part of a good fraud prevention solution. As the ACFE research suggests, losses are lower when companies implement their own fraud control programs. Among the many things they can do:
• Establish loss prevention procedures. Every company has “weak links” that can be exploited. A company’s own employees often know better than anyone where these weaknesses exist. It’s important to identify a business’ vulnerable areas and then set up internal controls to monitor and measure those activities.
• Conduct internal audits regularly. An internal accounting audit can help identify the presence of fraud. Typical schemes include check tampering, “skimming” and expense reimbursement fraud that, unfortunately, can be initiated by trusted, long-time employees.
• Automate work processes. Audits are easier to conduct if financial and banking processes are automated. Automation creates an online audit trail that identifies who has viewed, approved or altered every invoice or payment. Limiting access to billing and payment workflow helps keep unauthorized persons out.
• Separate duties. In a small business, employees often wear many hats. But that can be risky, particularly if the same person is responsible for authorizing, processing, paying, recording and reconciling financial transactions. It’s much safer to segregate duties to create an internal system of checks and balances. An employee who updates vendor addresses, for example, should not be able to pay their bills. To avoid malware designed to capture multiple users’ credentials on the same computer, a business can initiate ACH and wire payments using dual controls; one person authorizes a payment’s creation and a second person authorizes its release.
• Go paperless when possible. Every check or invoice sitting on a desk is a fraud risk. Companies that use electronic, rather than paper, billing and payment solutions reduce the risk of tampering and information theft. Receiving payments electronically also helps prevent against deposits into unauthorized accounts.
• Dedicate one computer to online banking. When a virus infects a computer, it can allow a hacker to access company bank accounts and wire money before anyone suspects a thing. Combat cyber-attacks by limiting online financial transactions to a dedicated “offline” PC that only a tightly controlled group of users can access.
• Protect home computers. A company’s fraud control measures are only as good as those used by employees, customers and vendors. If employees are allowed to do work on a home computer, make sure they are running updated antivirus software. You may consider preventing employees from initiating financial transactions from home.
The bottom line: bankers, like accountants and insurance agents, genuinely want to do everything they can to help their customers prevent and reduce fraud. But we need your help. The gateways for fraud are always changing, as attackers modify their approaches to work around the latest controls. The best efforts are team efforts.
Whitney Morrow is senior vice president of Treasury Services, Commerce Bank