Safety In Numbers

East Coast Fraud & Risk Management Group

Blog

view:  full / summary

REDUCING THE RISK OF BUSINESS IDENTITY THEFT

Posted on 5 March, 2014 at 10:35 Comments comments (5)


REDUCING THE RISK OF BUSINESS IDENTITY THEFT 
Darrell Smith CFE, ARM, CIM, FCSI

Most of us are familiar with personal identity theft, where an individual has their identity stolen, but business owners may not be as familiar with Business Identity Theft. Business Identity Theft is not the theft of customer’s personal information, but is someone assuming the identity of the business, that has no right to, for illegal purposes. The purpose is to gather information on the company and then submit fraudulent business records and tax filings, causing significant financial losses to the company and defrauding their creditors, suppliers and financial institutions.
Corporate Identity Theft is not just about corporations, but include non-profits, government, small & medium enterprises, partnerships and sole proprietorships.    

Businesses are targeted for many reasons, including;  

- More complex financial affairs than an individual, numerous people involved and less chance of being discovered.
- Businesses have large cash balances in the bank, making it more profitable for the fraudster.
- Easier to open up a business bank account and get credit, than opening an individual account.
- Higher credit limits and less collateral required.
- A lot of business information is public such as HST tax numbers on invoices, licensing,    permits, and loans secured by assets through Personal Property Security Searches. Also anyone can request a credit report from the credit agencies on a company.                                       

In a 2012 survey by Javelin Strategy Research Report, 75% of data breach reports took place in businesses with fewer than 100 employees…           

While there are numerous scams involving Business Identity Theft, the following are some of the most common; 

1.         Fraudulently Change Your Business Registration Information: All business registrations in Nova Scotia are filed with the Registry Of Joint Stocks and when a company wants to submit a change to their registration, they fill out a form with the changes, sign it and send it either by mail or electronically. The Registry updates the information without verifying the changes, and most Provinces and States do the same. This allows a fraudster to change your corporate information, such as adding a new director, changing the corporate mail address or designating another name as the corporate secretary/treasurer. Then all they have to do is print off a copy and take it to the bank and open an account with the information or have mail delivered to the changed address.
Changing the business registration information could allow them to purchase assets in the company name, sell company assets, get access to bank accounts and credit lines, and get credit cards issued.  

  2.         Cyber Crime: The main technique here is Phishing, which is when the cyber criminals send out thousands of emails that look like they are from a legitimate financial institution. It is usually an urgent message saying something like “we have detected unauthorized use of your account,” “detected a security breach,” or “too many log in attempts,” or some other reason. The web site looks legitimate and the email address is usually very close to the actual financial institutions address. The email instructs you to click on the link which will take you to the site and get you to reset your password and or enter your account number. No financial institution will ever send you an email saying there is a problem with your account. 

3.         Obtain Loans and Credit using the business owner’s personal information.  Just like personal identity theft, the purpose here is to obtain the owners personal information and then either conduct business in the business name or to obtain credit and other assets or open bank accounts by using the owner’s information. Think about how easy it would be for someone to walk into a bank, with your full name, address, date of birth, Social Insurance Number, employer and open up an account or to apply for a credit card on line. 

  Here are some TIPS to help you prevent Business Identity Theft; 

Ø      Review you banking agreement. Before you are a victim of Business Identity Theft, know your banks policies on liability for fraud on your bank accounts. Ø      Reconcile your bank account daily. By using online banking you can log onto your account and review balances and transactions. Report any discrepancies to your bank immediately.
Ø      Use a secure computer, that only you have access to, for your business banking. The computer must have anti virus and anti spy ware software protection. Use passwords that are at least eight characters long and change them monthly. Do not access your bank accounts through public internet or Wi-Fi spots and don’t use your smart phones to log onto your business bank accounts.
Ø      Educate all your staff on Phishing scams on line, and by telephone calls requesting information over the phone. I know of a situation where the administrative assistant gave out information over the phone, to what they thought was a legitimate call, by a vendor wanting to deposit the funds electronically. Resulting in losses to the company.
Ø      Protect all your business documents and information. Keep all financial and confidential information locked up and in a secure location. I worked on an investigation where the cleaners would come in at night and one of them would go to the receptionist computer, log on and down load confidential information and sell it to their competitor.
Ø      Shred all unneeded documents that have confidential or financial information on them. I prefer a shred company that supplies the onsite shred boxes and empties them on a regular basis.
Ø    Check your business registration information regularly. This can easily be done by going to Registry of Joint Stocks website www.rjsc.gov.ns.ca and entering your business name. 
Ø    Check your business credit reports at least once a year and more frequently if you suspect something. Reports can be obtained from Trans Union and Equifax and Dunn & Bradstreet.
Ø    Have high quality computer virus and spy ware software.
Ø    Train all your employees on Business Identity Theft prevention. This should be part of new employee training and orientation and make it a topic at staff meetings. Ø    Be aware of large orders from new customers or a new company. Do your due diligence by asking. Does the order make sense? Does the order information raise a red flag? Such as overseas address or a PO Box. If you are not sure call the customer or email for additional information.
If in doubt, hold the order back. It is better to delay an order from a new customer than to ship goods and not get paid for them. One results in a potential loss of a customer the other is a loss of inventory or cash.  

In closing keep in mind that cyber crime operates anonymously, the fraudsters don’t wear masks and rob banks. They conduct their crimes from the comfort of their own homes, they are very good with computers and many are well educated, they know the chances of getting caught are slim. All organizations should make Business Identity Theft part of their risk management program. Talk to your insurance broker to see if you have coverage for Business Identity Theft.

Visit our site for additional blogs at: www.eastcoastfraud.ca

The High Risk of Fraud in the Accounting Department

Posted on 5 January, 2014 at 13:40 Comments comments (11)

Darrell Smith CFE, ARM, CIM, FCSI
 

No where in an organization is the opportunity for fraud the greatest and the catastrophic losses the highest than in the Accounting/Bookkeeping department.   The accounting department handles large inflows and outflows of cash and cheques, that a dishonest employee can find numerous ways to commit fraudulent acts. Not only can they commit the fraud, but they also have the means to conceal it, because they have too much control over the accounting function and the secrecy that surrounds the financial information.

As a Certified Fraud Examiner, I am seeing a huge increase in accounting fraud, with devastating consequences to the owners and shareholders of the business. If you read the papers, there is something every week about another organization finding themselves a victim of employee fraud. Many of these businesses actually close or go bankrupt because of the losses.  

In many small and medium firms, it is usually just one or two individuals who process accounts receivable and payables, receive cheques and make deposits at the bank.
As stated above there are many opportunities for bookkeepers to commit fraud, but most employees would never consider such a thing. The Association of Certified Fraud Examiners states that in order for fraud to occur, three things must be present. They call it the fraud triangle, which consists of Motive, Opportunity and the Rationalization by the employee, to commit the fraud. Employers cannot control the Motive and Rationalization, but they can do something about Opportunity.
Implementing internal controls and monitoring them is essential. 

In many of the cases I have worked on in the past 20 years, I have seen a number of red flags that are common. While every case is unique there are a number of warning signs that owners and managers should be aware of.   

1. Lack of Delegation of Duties: As stated previously, many small firms have only one or two people in the accounting department. They essentially control every aspect of the accounting function, from invoicing clients, to Accounts Receivable, Bank Deposits, Bank Reconciliations, Cheque signing authority, and post all entries into the accounting system. 

2.  Gambling or Addiction Problems: Employees that have such problems have a greater need for additional funds, giving them a motive and the rationalization to commit fraud.
 
3. The employee who seems to live beyond their means: Employees, who spend a lot of money on clothes, travel, cars, and any other consumer item, may have a greater need and resort to fraud. These employees are concerned about keeping up the image of being successful and well off.
 
4. The employee who always complains about money: Employees who regularly complain about not being able to pay their bills, who borrow money from other employees and consistently require cash advances. This could be a red flag for fraud.

 5.   I don’t know why we are not doing better financially: As an owner/manager you have a pretty good handle on your revenues and expenses. If you think you should be doing better financially then you are, investigate it. Don’t take the bookkeepers reasons for such shortages, get evidence not explanations. At the very least it will give you a better understanding of the cause and the ability to correct it. 

Here are 4 risk mitigation strategies to help prevent accounting fraud in small and medium enterprises;  

1.   Segregation of accounting duties: By far this is the most important control, yet in almost every case I have seen. There is either, a lack of segregation of duties or a break down in the accounting controls, because of staff shortages in the accounting department or an employee off sick. Segregation means that different employees handle the various stages of the receiving of and disbursements of cash and cheques. As an example; let’s assume that we are a service industry that invoices clients weekly and receives payments in the form of cheques in the mail In many enterprises the bookkeeper would open the mail and post the cheques to the various client accounts. They would then do up the deposit, take it to the bank and then do the monthly bank reconciliation. They would also prepare all invoices, have cheque signing authority, add new clients and suppliers to the accounting system and be able to make changes to or override accounting entries. Essentially, they have control over every aspect of the accounting function and when senior management or the external auditors require an explanation of a transaction, they also have control over what explanation is given. A simple system of segregation of duties is to not allow an employee to control the whole process. Here are some easy controls to put in place:

a. The mail is opened by two employees and all cheques received for that day are then recorded into a cheque registry, which records the company, cheque number, amount and date of cheque. The cheques should also be stamped “FOR DEPOSIT ONLY” at this stage.  The cheque registry can then be compared with the actual deposits. If cheques in the amount of $15,000.00 were received on July 1, then the deposit book and the bank statement should show a deposit of $15,000.00 on July 1. Timing differences can occur but all deposits should be matched. Once the cheques are received and recorded, they are then forwarded to the Account Receivable department, where they are posted, by another employee, the bank deposit is then done up and another employee takes the deposit to the bank.  

b. The bookkeeper prepares outgoing cheques, and then gives the cheques plus all supporting documentation including purchase order, invoice, expense forms and any other supporting documentation to a senior employee for review. After examining each cheque and supporting documentation for legitimacy and accuracy, they will then sign the cheque. Ideally all cheques should have two required signatures. Then the cheques are put in envelopes and another employee mails them. The key here is once the bookkeeper prepares the cheques, they no longer have anything else to do with them. 

c.   Ideally the owner/manager should control the cash. This means that all bank deposits should be made by the owner. If this is not possible, then trusted employees from other areas or departments can make the deposits. Different employees can do different days and be sure to let your bank know who is eligible to make deposits. A bank card can be obtained that only allows deposits to the bank account, withdrawals or other transactions cannot be made on this card. The key is that there is complete segregation of duties. From the receipt of cheques, to preparation of invoices and bank deposits, no one person has control over more than one function of this process. 

2.   Screen accounting employees properly by conducting Criminal Records Checks and verifying references. Criminal records checks are important for obvious reasons. You can request an employee obtain one from the local police agency or you can use a firm that provides criminal records checks. My experience shows that most accounting employees, who commit fraud, did not have a previous criminal record, but they may have left previous employers under suspicious circumstances. It is also essential that reference checks from past employers, be completed on employees. I recommend the last two questions be asked 1. Do you have any reason to doubt the honesty of the candidate? 2. If the opportunity presented itself would you rehire the candidate?  

3.    Know your business: As the owner you have a pretty good idea of what your sales and expenses are and what your profit margins should be. If you have cash flow problems and don’t know why, look into it. In many cases I have worked on, this was a red flag that owners told me they thought there was something wrong but did not look into it, until it was too late. I recommend, to have a good working knowledge of your revenues and expenses and to know your gross margins. When I ran my business I knew my margins were approximately 18%, so $100,000.00 of sales a month should have given me $18,000.00 cash flow. If you have offices or branches in other regions, make sure you monitor them individually. If you think something is wrong, discuss it with your managers and accountant. A vertical and horizontal analysis of the Income Statement and Balance Sheet may give you a place to start. 

4.    Listen to employees and customer complaints: Frequently when a fraud is being committed it may affect suppliers, employees or customers. If suppliers are not being paid, then employees, who purchase supplies, will be told the account is not up to date. If customers complain about their accounts not up to date, when they make payments, this could also be a red flag.        

In conclusion, organizations of all sizes and types are victims of accounting fraud. Even large accounting departments with CFO’s, accounting managers and internal and external auditors, fraud still goes undetected. Only through sound internal controls, and astute managers will fraud be prevented and detected. The purpose of this article is a starting point, to get owners and managers to think about their own vulnerabilities in the accounting department and the impact to the organization if fraud occurred. Every organization is different so get help in conducting a fraud risk assessment and to set up sound internal controls and monitor them.

Visit our site for additional blogs at: www.eastcoastfraud.ca

How Not To Lose Your Life Savings to Fraudulent Investments and Advisors

Posted on 7 November, 2013 at 9:54 Comments comments (5)
How Not to Lose Your Life Savings to Fraudulent Investments.
 
As a former stockbroker turned fraud examiner, I am always dismayed when I hear about another investor getting swindled out of their life savings. It hurts the reputation of not only the firm involved but the industry as a whole. The securities industry is one of the most highly regulated industries in Canada with Investment Advisers being carefully screened, regulated and monitored. The firms are also highly regulated, by Provincial Securities Regulators, National Securities Regulators and their in house Compliance Departments. So with all this regulation, how can investors lose their life savings to bad investments and dishonest advisers?
 
I just read an online comment about a well publicized case in Halifax, where the blogger asked “What do we pay the Securities Regulators for, when investors continue to lose their savings” by bad advisers and investment scams. In my opinion that is like blaming your local Police Department when your house gets broken into or your car gets stolen. By saying they should have been there to prevent it.  The Securities Regulators are in a similar position; they do not have the resources to monitor each and every investor account.
 
While this may seem to be a long-winded explanation, I use it to drive home the point that investors must take at least some responsibility for their investments. No one will look after your money better than you will.
 
Here are some suggestions to follow to help you sleep a little better at night, at least when it comes to your investments.
 
1. Determine your investment objectives: By identifying your short and long-term goals. Determine how much risk you want to take and what kind of return would you like. Keep in mind the higher the return the higher the risk.
Once you have developed your investment objectives, stick to your plan. Don’t allow your advisor or relatives to talk you in to taking more risk than what you set out to take. Stick with investments you know and understand, if it is too complicated then pass on it. Make sure your advisor knows your objectives and it is reflected in the New Account Application Form. Advisers have to follow the Know Your Client rule (KYC). Review your investment objectives annually and update the KYC form. As an example; if your investment objective is 60% Income and 40% long-term growth, do not be forced into short-term trading or borrowing to invest.
 
2. Do your Due Diligence: Your Due Diligence should be done when selecting a new adviser, when choosing a firm and when selecting appropriate investments.
 
Selecting an Adviser – Most investors choose an adviser by either someone referring that person to them, by calling a firm and getting transferred to an adviser or by receiving a cold call from an adviser. It doesn’t matter how you got the name, your job is to ensure that you trust the adviser and you feel comfortable working with them.
You are hiring someone for one of the most important jobs, managing your money. So instead of being interviewed by the adviser you should interview them for the position. Just like if you were hiring someone for a job placement. Tell the adviser you are looking to hire someone to manage your money and have some questions you would like to ask, to ensure a good fit.
Here are some due diligence questions to ask; remember to take notes of your interview.
 
1. How long have you been in the business and what is your educational background and credentials.
2. What is the value of the assets you manage for all of your clients? This can be important because advisers with big books of business are more established and probably have a more stable income. Some advisers will have a minimum account size, so if you do not meet that minimum size, find someone else to deal with.
3.  What is your investment philosophy? Are they traders, speculators, or asset gathers?
4.  What percentage of your clients assets are in stocks, bonds, mutual funds.
5.  What is the annual turnover of your client’s assets? The turnover determines how frequently the adviser trades stocks or mutual funds.
5.  Have you ever been subject to an investigation by the securities regulators? Do you have any pending complaints or investigations open now?
This information can be verified by going to Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association (MFDA). For IIROC enter www.iiroc.ca  then click on IROC Advisers Report and enter Advisers name. For MFDA enter www.mfda.ca click on For Investors, and then Check an Adviser.
For investors in the United States enter www.sec.gov then go to Education, Check Out Broker or Adviser, Then Central Registration Depository and Broker Check. Then add broker name.
 
Do not be intimidated and ask any questions you feel are relevant. If you don’t get the right answer, go somewhere else.
 
3.  Check Your Account Statement Every Month: This is extremely important for two reasons;
1. Early detection of errors and unauthorized trades or account withdrawals.
2. As a possible deterrent. Advisers may be more hesitant to tamper with an investor’s account that checks the statement every month and calls and asks questions.
 
Your monthly account statement is a summary of your investment holdings, their value, any buy and sell transactions, any dividends or interest paid and any account withdrawals or deposits.
When your monthly statement arrives, review the asset summary section to verify the securities in your account are correct, including cash held. Then check the total value for this month compared to the previous month. Review the account activity section. This will show any purchases or sales of securities and dividends or interest received and any other fees charged to your account.
For each transaction, you should compare the statement with the buy and sell transaction slips you receive for each purchase or sale. Save all your confirmations and statements.
 
 
 
Some other Do’s and Don’ts:
 
-                     Do not make any check payable to the financial adviser.
-                     If an adviser pitches an investment and says you have to act right now, pass on it. Any good investment will be available later. This tactics is to instill a sense of urgency in the investor.
-                     Be aware of pitches from individuals who are selling to a specific group that you belong to, such as religious, nationality or hobbies. While this is a legitimate prospecting tool for many advisers, the unscrupulous adviser will prey on a specific group. This is called infinity fraud, and the investor’s justification is that so many other people you know have invested into it. It must be alright.
-                     Be aware of unrealistic returns, either for one year or over a period of years. 
-                     Be aware of guaranteed returns, especially higher than market rates of similar investments.
-                     Check to see if the firm is registered with the regulatory agency and if the specific investment is registered.
 
Many of us spend more time looking after our cars than we do our investments. Do your home work; ask questions and most of all trust your instincts.
Visit our site for other blogs at: www.eastcoastfraud.ca
 
Happy Investing

Fraud & Risk Management for S&M Enterprises

Posted on 31 August, 2013 at 10:45 Comments comments (5)
We are pleased to have added a Blog to our site. We will be covering topics that affect Small & Medium Enterprises such as Investment Fraud, Corporate Culture and Fraud, Corporate Identity Theft and Enterprise Risk Management. We encourage our many clients and friends to offer suggestions and comments. More to come shortly.

Fraud In S&M sized Businesses

Posted on 31 August, 2013 at 10:33 Comments comments (3)
We are excited about adding a blog to our site. It is our intentions to cover topics in Fraud and Risk Management that affect Small and Medium Enterprises. Planned topics will include Investment Fraud, Corporate Culture and Fraud, Retail and Hospitality Fraud, and Enterprise Risk Management.
We welcome comments from our many friends and clients. Check back later for our first blog.

Rss_feed