Monday, 18 November 2019
When we think of corporate fraud prevention, we envision elaborate cyber hacks, high-level espionage and massive electronic breaches.
That's only part of the reality— avoidable errors and negligence also contribute to great vulnerability on a grand scale.
Nanette Crocker, BBVA executive director and USA corporate Treasury Management sales manager, has spent decades working toward better security solutions for businesses. She says something as simple as how you handle your outbound mail can have far-reaching implications.
She recalls one company that left mail bins near a rear exit by the snack machines. Anyone from the street could enter, rummage through the mail, and take envelopes that appeared to include check payments—and they did. They'd then “wash" the checks and doctor them with other information.
“There are people that have check-printing supplies, paper, ink, everything, in the trunk of their car. All they need is the bank's routing transit number and the account number," Crocker said, noting that there are checks available now that are more tamper-resistant.
“The majority of transactions in this country are still conducted by check. And the check is the most vulnerable of all," Crocker said, adding that even people who are confident that direct deposit will remove risk shouldn't be so sure. “They need to be worried about direct deposit fraud, and that account being hit up with fictitious ACH debits."
Crocker says that most businesses perform transactions in the same way, regardless of their size or industry. "It is really no different for a small business, middle market, or large corporation. The only thing differentiating these companies is the size of a deposit or the volume and dollar value of the payments. So all companies should use fraud prevention tools and services, which cost little but protect enormously."
In fact, the Association of Certified Fraud Examiners (ACFE) found that 55 percent of frauds cost businesses $200,000 or less—but the next highest percentage, 22 percent, takes organizations for $1 million or more.
Your company's security should to be as important to your vendors as it is to you—ask the hard questions about security regarding your equipment, software, bookkeeping, manufacturers, distributors, contractors and other suppliers. It's also critical to work closely with your bank to learn about services such as:
"For every type of transaction, whether it's a deposit or disbursement, we offer fraud prevention solutions," Crocker said. "We encourage our clients to be proactive by using these services."
Working with email, software, and hardware providers is also critical to make sure that in the event of a data breach – say, an employee with sloppy password habits or an opportunistic laptop thief – operations can be shut down swiftly to contain the damage as much as possible.
Scammers tend to stay one step ahead of everyone else, exploiting vulnerabilities as soon as they're discovered.
Crocker recommends committing time to staying as up-to-date as possible on current scams and data breaches. A good place to start is the Association of Financial Professionals, which regularly publishes white papers and fraud case studies. It's everyone's responsibility to ask, “How does this possibly impact our organization?" Or, “Have we done enough to protect ourselves?" Crocker says.
Crocker says businesses should start their fraud-detection activities by assessing every process and procedure that could be compromised.
One common mistake, even in large companies, is assigning oversight of accounts receivable and payable to the same person.
“You want to split that out. You want to have audit control, reconciliation on a daily or at least a monthly basis," Crocker says. “People get into situations where they might be pressed financially, and it makes people do things that you wouldn't expect them to do.", Only 4 percent of employees who defraud the company have a prior conviction, says the ACFE.
Crocker recommends for companies to regularly review a fraud prevention checklist to ensure they have the right controls in place to combat fraud. The checklist covers everything from account structure and transaction controls to internal processes and staffing. Tips include:
It's important to understand the insurance implications if there is a breach. Do you have coverage if, say, there's a break-in and files are stolen? What if an employee leaves a laptop or a cell phone on the bus, opening the door for hackers? Do you have processes in place to protect sensitive information and perform a forensic review?
Finally, many of the anti-fraud tools and services are available for free or a nominal investment. Use them, Crocker said. The cost will pale in comparison to the expense of recovery from a breach.
It's critical that companies have a tested and regularly updated process in place to prevent and detect information breaches that can lead to fraud. You'll want to know the protocol so you can shut down the leak immediately, whether it's in-house or with one of your vendors who handles sensitive information. Once you've notified the proper departments, be prepared to create a swift and sincere communications strategy for customers, employees, investors, or any other stakeholders who need to know.
“Businesses are vulnerable in every type of transaction. It doesn't matter if it's check or electronic, or wire, or card. There are fraud opportunities, both on paying and receiving, across all channels. That's why we have so many different solutions," Crocker said.
Finding good employees, replacing ones who leave, and training new employees costs time and money. Here are 5 ways to hold on to your best workers.
Treasury management is a high-risk environment. Here's how to mitigate the risks through internal controls and an integrated treasury management system