A new report from specialist insurer Hiscox recently revealed an unsettling trend about employee fraud and embezzlement: Most of the time, the scam involves two or more workers.
In its 2018 Hiscox Embezzlement Study, the company sheds light on how pervasive and damaging the embezzlement scheme can be. Scams can last months, or even years. The average cost of such a scam is $357,650. Fraudsters can be anywhere in the enterprise, from the payroll department to the Chief Financial Officer's desk.
The channels through which embezzlers commit their crimes vary, too. According to Hiscox research, the most popular method is billing fraud (i.e. the accounts payable [AP] department), where employees can deliberately report incorrect spending, overstate payments or even create fake vendors. One-tenth of cases involved the payroll function, where payroll payments were deliberately inaccurate or false employees were created.
Through the trove of data in the research report, it becomes abundantly clear that embezzlement scams can hit any business of any size or industry — even if they have invested in digital financial platforms and electronic payment technologies. According to Hiscox Crime and Fidelity Product Head Doug Karpp, that's because this problem is largely one of people, not technologies and systems.
"[The research] really demonstrates the need for companies to be watching their finances — or, more appropriately stated, to be watching the employees," Karpp told PYMNTS in a recent interview. "Because it really is a personal kind of thing, rather than an issue with their accounting systems. An individual [who] wants to get away with embezzlement seems to find a way, regardless of what those systems are."
It's true that paper checks and physical cash can pose extra risks to corporations. Hiscox's report found 15 percent of cases analyzed indeed involved the theft of cash that companies keep on hand for day-to-day operations. Ten percent involved tampering of check payments — including writing company checks into personal accounts — and 9 percent involved theft of physical cash from sources like customer payments or employee tips.
However, the research also suggested that it doesn't matter whether payment rails are traditional or electronic. An employee in the payroll or AP department would be able to initiate a payment into a personal account regardless of the rail through which it is made.
According to Karpp, electronic payments and digital, automated financial platforms do have the potential to combat the risk of embezzlement and other fraudulent scams, but perhaps not as much as companies would like.
"In the long run, [ePayments] can help quite a bit," he said. "There is a lot of Big Data and artificial intelligence technologies that can be used to comb through the electronic payments to identify fraudulent, or red flag-type, transactions. I think a lot of that is coming."
Yet, especially for smaller businesses that cannot afford to invest in such sophisticated technology, the anti-fraud benefits of electronic payments and digital platforms has, largely, yet to be realized, he said.
"I've been doing this for quite a while, and what really sticks in my head is that this is a people crime — it's not necessarily a system crime," he reiterated. "The people will find ways to get away with it, regardless [of] if it's an electronic payment, or cash, or check."
This also iterates the importance of human intervention to combat the crime, particularly for businesses without the technologies to automate identification of potential fraud. Take, for instance, the case of falsifying a vendor to send payments from the accounts payable department. The crime often avoids detection simply because companies fail to adequately manage their master vendor lists and conduct background checks. Deeper data mining and auditing practices can similarly enhance the ability for a firm to catch any fraud.
Without the proper oversight, businesses are not only getting hit with these embezzlement schemes, but are allowing them to go on for years. The average length of such a scam is 18 months before it gets discovered, the report found, and only a fraction of the funds lost are ever recovered. Researchers found that the consequences go beyond the stolen funds, too, with more than one quarter of companies hit by an embezzlement scam reporting that they had lost customers or were forced to lay off employees as a result.
Karpp acknowledged that, much like a cyberattack, it's unlikely a business will ever be able to 100 percent protect itself from an embezzlement scam ever occurring. However, in addition to insurance and litigation to cut their losses, there are other measures that companies can take to limit the negative impacts of employee theft.
One of the biggest mistakes a company can make is assuming that they aren't at risk. According to Karpp, these scams are able to occur for so long undetected often because companies don't fully understand the threat.
"Companies don't realize what's at stake," he said. "They don't realize this happens as frequently as it does. A lot of people think this only happens in financial services companies, or in larger companies. But looking at this study, it's really not the case — every business can be impacted by embezzlement losses."