From identity theft to email scams (called phishing), small businesses face a variety of fraudulent schemes which may be even more commonplace in challenging economic times. Among other things, perpetrators of fraud can:
- Misappropriate company funds;
- Destroy your company’s reputation with customers;
- Subject your company to potential civil and legal penalties if you fail to adequately protect your sensitive customer information;
- Compromise the safety of both employees and customers; and
- Ruin your company’s and customers’ credit ratings.
In consideration of the consequences, fraud prevention should be a priority for business owners. Fraud comes from both internal and external sources, and businesses must equip themselves to deal with both scenarios.
Businesses can protect themselves against external fraud by taking the following precautions:
- Verify all invoices. Employ procedures to verify all incoming invoices prior to payment. Compile a list of your normal suppliers and make certain that the list is available to anyone responsible for invoice payments.
- Perform due diligence. Check out any unsolicited business opportunity that does not come from a source that you trust. Internet searches can be a great starting place, but additional diligence may be warranted.
- Educate your employees. Educate your workers on common types of business fraud. Most local police or consumer affairs bureaus maintain lists of common frauds in the area, and it can be worthwhile to make your employees aware of these scams. For Colorado businesses see: http://www.ago.state.co.us/. Other online resources include www.ftc.gov and www.nclnet.org.
- Do not buy products over the phone. Never make purchase orders over the phone unless it is with an established supplier. Perpetrators obtain the names of businesses and employees and then falsely assert that these people placed orders on behalf of the business. Instruct your employees to verify all orders with the person who placed the order.
- Demand verification of offers in writing. If an unsolicited caller makes an offer to sell goods and/or services that interest you, request that the offer be made in writing. Be skeptical if the caller refuses this request. Ask for references.
- Implement a company-wide policy on the proper handling of sensitive information. Make sure your online networks are secure and your employees take steps to properly maintain sensitive information. Some credit report providers also provide tools to help prevent the theft of sensitive information.
Internal fraud can also pose a threat to small businesses. The following is a list of steps that businesses can take to protect themselves against internal fraud:
- Hire the right employees. Conduct background checks for employees handling client information or money. Check for past criminal convictions, call references and verify education credentials and certifications.
- Maintain internal controls. Employ a system of checks and balances. Implement a system of internal controls that distribute the financial duties of the business among two or more employees, thereby eliminating the possibility that a single employee can embezzle funds.
- Make sure all expenditures are approved. Split responsibility for reviewing and approving expenditures. If one manager has the authority to approve expenditures, make sure someone different is responsible for verifying the accuracy of the expenses. If your company issues credit cards to employees, monitor account activity on a regular basis.
- Conduct audits. Businesses should notify all employees that, throughout the year, the books will be subject to regularly scheduled internal audits as well as unscheduled audits. Auditors have sampling and computer data analysis techniques that help uncover fraud. At least once a year, your finances should be audited by an external source.
- Create a fraud policy. Establish a fraud policy and memorialize it in your company’s employee handbook. Provide employees with a way to anonymously report incidents of fraud within the company. Inform employees during orientation of the existence of the policy and communicate that fraud is not tolerated. Let your employees know the steps to take if they suspect fraudulent activities. Thoroughly investigate any allegations of improper activities.
- Institute mandatory vacations. An employee who never takes a day off work is a red flag for fraud. Fraudulent employees fear that whoever does their job in their absence will notice something isn’t right and will reveal their fraudulent activities.
If you suspect that you have been a victim of fraud, contact counsel immediately as there may be legal remedies available to you.
Moye White LLP has prepared this bulletin to provide general information; however this bulletin does not provide legal advice and does not create an attorney-client relationship between the reader and Moye White. No legal or business decision should be based solely on the content of this bulletin.
ABOUT THE AUTHOR
Vice Chair, Litigation Section