At least monthly — sometimes weekly — some attorney calls me seeking help for their client(s), whose long-time trusted employee has embezzled from the company; for a business whose systems have been hacked and their customers’ credit card numbers taken; or victimized by some other bad actors. Sometimes, it’s just a little money taken; oftentimes, unfortunately, it’s a lot. Worse, many of these dollar losses could have been minimized or avoided altogether with some small efforts to keep business funds and assets out of reach of the bad guys, and also to insure through adequate coverage against monetary loss in the event something bad does happen. 

It is therefore well worth every business owner’s and senior manager’s effort to spend just a little amount of time on financial and asset protection ‘due diligence’. This is especially important for those businesses who have seen their operations grow recently, or who are transitioning from a sole proprietorship or small business operation to an expanding operation with more than subsistence profits, or ones which have recently acquired a new business line or entity.

None of this guidance is new, and none of it is earth-shattering or difficult to implement.  But time and again, it is business owners’ and managers’ unawareness of just a few small steps, or lack of time, or simple trust of the individuals who work for them, or outright neglect, that can mean the difference between being wise and being taken.

This is a mistake. Bad things DO happen. Long-time employees with access to checking accounts and credit cards have drug problems or want to provide a better lifestyle for themselves and their family, or simply find the availability of “free cash” too tempting. Hackers and thieves outside of your business can gain access to your unprotected or poorly-protected IT system(s) and get their hands on your money. 

Many people live their whole lives without becoming the victim of an office theft or fraud scheme, just as the majority of drivers never suffer a motor vehicle collision.  But no one would ever think not to buy auto insurance “just in case,” and no business owner should think they are immune from the risk of theft or scam.  So act now, while you still can.  Here are some quick, easy, and simple tasks to help keep your business protected from needless exposure to risk:

1. Trust your financial staff and employees, but verify: the same person who opens the mail and totals up received checks should not fill out or make the bank deposit, or reconcile the accounts receivable.  In the same way, the functions on the payable side should be separated as well:  the corporate checking account should not be reconciled by the same person who causes checks to be issued. Your accountant can provide advice on how to implement simple cash controls and other financial “baby steps,” to help with the safe-keeping of company finances.
2. Know your finances and review them regularly, especially accounts receivable and accounts payable, statements of cash flow, credit card statements, and checking account registers. Does the amount of money the company takes in square with current expectations and past performance? Are there new or additional charges for costs you don’t recognize? Where is money being spent, and who has a company credit card to spend it?
3. Has each of your employees undergone a background check? This can be as simple as accessing their state criminal “rap” sheet, through the Pennsylvania on-line court website.  Search online for “PA Dockets,” click on “Common Pleas Court,” select “Court Information,” and search by participant name, for all counties’ records of criminal cases.  (All other information for which there are blanks in the “drop-down” menu are optional.) This search will provide a broad, “back of the envelope” background check for Pennsylvania criminal convictions of persons. Otherwise, it is well worth the cost of paying a service the small fee for a criminal background check, especially for candidates you are considering to hire.
4. Are employees driving more expensive cars, wearing fancy jewelry or taking more lavish vacation trips than their salary would logically support? Are they distracted at work, or exhibiting other signs of illicit drug use? Each of these can be the telltale indicator of financial need out of line with a normal lifestyle.  Your business could be funding it. Manage defensively, as if your business assets are your own.  (If you’ve read this far, they probably at least in part are.)
5. What is the dollar limit for an employee or manager’s authority on a check or other payment method? Your bank can assist with implementing controls for requiring a second signature for any payment instrument over a certain dollar value, or another way to protect against unauthorized charges. At least once quarterly, verify from the bank that the amount you have in your company’s accounts are what your employee(s) tells you is in these accounts.
6. Has your electronic system(s) been analyzed/reviewed by a competent “IT” professional, for security breach or vulnerabilities? Does your business use an online portal for numbers from customers, such that clients’ essential financial or even personal information is at risk?  Have you received a suspect number of “false charge” complaints or credit charge-backs recently?
7. Is your business insured against risk of loss through internal theft, and specifically, does your “CG&L” policy provide for ‘dishonest employee’ coverage? Or, do any of your financial staff have a separate fidelity bond?  Call your insurance broker; the policy cost may pale in comparison with the cost of an uninsured loss.  The same is true for cyber-security coverage; if you don’t have it, consider getting it, especially if your business is heavily involved in e-commerce.  If you do have cyber insurance, confirm that your policy covers forensic investigation costs in the event of a breach.  In short, do a coverage audit to determine if your insurance is adequate to protect your business, and consequently, yourself.

These steps are simple, easy and quick.

They are necessary.

Better to spend time on simple financial and loss prevention on due diligence now, then to remain vulnerable and exposed. 

__________________________

The Grail Law Firm advises business victims of crime, conducts internal investigations, and also defends suspects and persons accused of criminal and other bad acts, and also defends companies and professionals in federal and state regulatory enforcement actions.

It’s difficult to say anything that is not painful about the college admissions scandal, where Boston federal prosecutors already have a dozen wealthy parents, including actress Felicity Huffman, pleading guilty to fraud in helping  their children get into elite colleges. Most painful (to me) are all the kids who should have been accepted on merit, but whose classroom seat was taken by those less worthy but rich. Painful, for those who got admitted when they shouldn’t have without even knowing it, and now have to face the consequences. Painful for the school administrations that trusted the corrupt coaches, and painful for the Athletic Directors who hired them; painful for the friends and families of the involved parents, who must confront their family member’s very public fraud and deceit. Painful even for the inequality of consequences sure to follow: the Manhattan star law firm partner defendant will surely lose his license to practice, along with his career and the lifetime of effort he spent building it, versus the Hollywood stars, who might even get role-playing themselves in the spin-off series that are likely already being scripted.

There’s more than enough pain to go around here.

Turn on the news: the defendants have already learned to loudly, publicly profess their guilt, their shame, and their remorse, some even before their pleas have been made in court. According to the federal Sentencing Guidelines, acceptance of responsibility is key to bringing down both the calculation of the Guideline “level” (and consequently, its corresponding range of prison terms), and any “variance,” that last little tweak a federal judge can make to drop the sentence below that guideline prison sentence, all the way to house arrest and probation.

Well after the sentences are handed down and the media moves on to the next sensation, colleges and universities will have to face the challenge that goes beyond bad PR: putting controls in place to prevent this type of fraudulent misconduct from happening again. As Arthur Middlemiss points out in his latest for Bloomberg Law, colleges will no longer be able to simply express remorse over a bribery scandal and walk away unscathed. “If schools ignore these risks and refuse to build intelligent controls,” he writes, “they face a real danger that the next time a scandal explodes, the prosecutor or regulator, or the court of public opinion, may determine that the word ‘unwitting’ no longer describes their involvement.”  Shame on the parents for their crimes against the schools’ admission process this scam revealed.  Shame on the schools themselves if they don’t rejigger the application process to protect against this scam.

Implementing — and most importantly, executing on — an effective compliance and ethics programs will be the only way for colleges to avoid exposure to liability or prosecution by officials who are unsympathetic to such “unwittingness.” Several colleges have already implemented measures in the wake of the scandal, and many more will be designing new risk avoidance and compliance measures over the coming months. These programs will require administrative officials to assess their risk, implement new operational controls, and work with leadership to ensure a similar scandal doesn’t befall their collegiate communities in the future.  

My colleague Laurel Gift, Esq., a former prosecutor at the Schnader law firm in Pittsburgh, posted a list of proactive steps for institutions of higher education to consider in real time – i.e., now (review records of students receiving extra time on admissions exams; scrutinize athletic recruits’ admission files; audit whether athletic recruits actually played their sport in college; review overall admissions policies and procedures for weaknesses; conduct internal investigations where ‘red flags’ indicate possible improprieties). 

Admission decision processes are as varied as are the institutions, valuing to a greater or lesser degree admissions test scores, GPAs, extra-curricular activities, recommendations, athletic ability, relationship to alumni, diversity (of all types), in-person interviews, and more. At a more fundamental level, admissions testing authorities, educational institution accreditors, guidance counselors, and the institutions of higher education themselves – who have wrestled for the better part of half a century or more over who to let in to their colleges, and how to identify them – must continue to wrestle with greater intensity, and hopefully, diligence.

In the end, as my wife’s experience teaching at an elite Ivy League school showed, you can always tell the ‘legacy’ students from the ones who matriculated on their own merit. There’s always the old-fashioned way of securing your kid’s spot in a certain college: donate a boatload of money. Only the super-rich can do it, and it certainly isn’t fair – but it isn’t illegal either.

In addition to defending entities from white collar crime, the Grail Law Firm has worked with dozen of clients to develop proactive initiatives and compliance programs, especially in response to discovery of ongoing improprieties. Contact the Grail Law Firm to learn more.

Efrem Grail, along with his co-presenter, Ericka Adler, offered a special session at the American Society for Addiction Medicine’s Annual Meeting last week: “The New Enforcement Environment: How to Keep Your License & Avoid Indictment.” 

The Department’s recent establishment of 12 Opioid Fraud and Abuse Detection Units under former U.S. Attorney General Jeff Sessions unfairly targets opioid prescribers, they said. U.S. attorney’s offices, along with federal agencies, state medical boards and state attorneys general, have focused on prescribers of buprenorphine and other medications to treat opioid use disorder in their efforts to detect and prosecute prescribers.

During the session, both Grail and Adler shared advice on how to stay on the right side of the law, survive a law enforcement investigation and avoid being targeted by an investigation in the first place.

“’Best practices include reasonable compliance procedures and ongoing education that puts patients and physicians on clear notice of what the law requires,” ASAM wrote in their coverage of Grail’s and Adler’s session. “Noncompliance by a physician literally puts his or her medical license on the line,” they said.

You can read the full coverage of the session at the American Society for Addiction Medicine’s Annual Meeting on Sunday, April 7, 2019 here.