At least monthly — sometimes weekly — some attorney calls me seeking help for their client(s), whose long-time trusted employee has embezzled from the company; for a business whose systems have been hacked and their customers’ credit card numbers taken; or victimized by some other bad actors. Sometimes, it’s just a little money taken; oftentimes, unfortunately, it’s a lot. Worse, many of these dollar losses could have been minimized or avoided altogether with some small efforts to keep business funds and assets out of reach of the bad guys, and also to insure through adequate coverage against monetary loss in the event something bad does happen.
It is therefore well worth every business owner’s and senior manager’s effort to spend just a little amount of time on financial and asset protection ‘due diligence’. This is especially important for those businesses who have seen their operations grow recently, or who are transitioning from a sole proprietorship or small business operation to an expanding operation with more than subsistence profits, or ones which have recently acquired a new business line or entity.
None of this guidance is new, and none of it is earth-shattering or difficult to implement. But time and again, it is business owners’ and managers’ unawareness of just a few small steps, or lack of time, or simple trust of the individuals who work for them, or outright neglect, that can mean the difference between being wise and being taken.
This is a mistake. Bad things DO happen. Long-time employees with access to checking accounts and credit cards have drug problems or want to provide a better lifestyle for themselves and their family, or simply find the availability of “free cash” too tempting. Hackers and thieves outside of your business can gain access to your unprotected or poorly-protected IT system(s) and get their hands on your money.
Many people live their whole lives without becoming the victim of an office theft or fraud scheme, just as the majority of drivers never suffer a motor vehicle collision. But no one would ever think not to buy auto insurance “just in case,” and no business owner should think they are immune from the risk of theft or scam. So act now, while you still can. Here are some quick, easy, and simple tasks to help keep your business protected from needless exposure to risk:
- Trust your financial staff and employees, but verify: the same person who opens the mail and totals up received checks should not fill out or make the bank deposit, or reconcile the accounts receivable. In the same way, the functions on the payable side should be separated as well: the corporate checking account should not be reconciled by the same person who causes checks to be issued. Your accountant can provide advice on how to implement simple cash controls and other financial “baby steps,” to help with the safe-keeping of company finances.
- Know your finances and review them regularly, especially accounts receivable and accounts payable, statements of cash flow, credit card statements, and checking account registers. Does the amount of money the company takes in square with current expectations and past performance? Are there new or additional charges for costs you don’t recognize? Where is money being spent, and who has a company credit card to spend it?
- Has each of your employees undergone a background check? This can be as simple as accessing their state criminal “rap” sheet, through the Pennsylvania on-line court website. Search online for “PA Dockets,” click on “Common Pleas Court,” select “Court Information,” and search by participant name, for all counties’ records of criminal cases. (All other information for which there are blanks in the “drop-down” menu are optional.) This search will provide a broad, “back of the envelope” background check for Pennsylvania criminal convictions of persons. Otherwise, it is well worth the cost of paying a service the small fee for a criminal background check, especially for candidates you are considering to hire.
- Are employees driving more expensive cars, wearing fancy jewelry or taking more lavish vacation trips than their salary would logically support? Are they distracted at work, or exhibiting other signs of illicit drug use? Each of these can be the telltale indicator of financial need out of line with a normal lifestyle. Your business could be funding it. Manage defensively, as if your business assets are your own. (If you’ve read this far, they probably at least in part are.)
- What is the dollar limit for an employee or manager’s authority on a check or other payment method? Your bank can assist with implementing controls for requiring a second signature for any payment instrument over a certain dollar value, or another way to protect against unauthorized charges. At least once quarterly, verify from the bank that the amount you have in your company’s accounts are what your employee(s) tells you is in these accounts.
- Has your electronic system(s) been analyzed/reviewed by a competent “IT” professional, for security breach or vulnerabilities? Does your business use an online portal for numbers from customers, such that clients’ essential financial or even personal information is at risk? Have you received a suspect number of “false charge” complaints or credit charge-backs recently?
- Is your business insured against risk of loss through internal theft, and specifically, does your “CG&L” policy provide for ‘dishonest employee’ coverage? Or, do any of your financial staff have a separate fidelity bond? Call your insurance broker; the policy cost may pale in comparison with the cost of an uninsured loss. The same is true for cyber-security coverage; if you don’t have it, consider getting it, especially if your business is heavily involved in e-commerce. If you do have cyber insurance, confirm that your policy covers forensic investigation costs in the event of a breach. In short, do a coverage audit to determine if your insurance is adequate to protect your business, and consequently, yourself.
These steps are simple, easy and quick.
They are necessary.
Better to spend time on simple financial and loss prevention on due diligence now, then to remain vulnerable and exposed.
The Grail Law Firm advises business victims of crime, conducts internal investigations, and also defends suspects and persons accused of criminal and other bad acts, and also defends companies and professionals in federal and state regulatory enforcement actions.