Insider Check Fraud — The How, The Why, and Prevention
- Check alterations by employees can be an issue
- City government employees sometimes alter checks to pay themselves
- They are usually small amounts and therefor rarely attract attention
Over the past year, most of the media coverage has spotlighted post office insider check fraud -- where a postal employee is responsible or part of scheme to steal checks in the mail. However, insider check fraud is not limited to the post office; EVERY company needs to be vigilant.
CPA and Certified Fraud Examiner Charles Hall has, for the last thirty years, primarily audited governments, nonprofits, and small businesses, and is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. At the CPA Halltalk website, he offers a look at "inside job" check fraud using city government and a wayward city clerk as an example.
Insider Check Fraud -- The How
The scheme he describes is actually rather simple. A city clerk with access to city checks merely writes checks out to his- or herself:
Using the city’s signature stamp, the clerk signed handwritten checks made out to herself; however, when the payee name was entered into the general ledger (with a journal entry), another name was used—usually that of a legitimate vendor.
This scheme relies upon the fact that most city governments are understaffed and inundated with small expenses that are almost impossible to track, making it easy to "slip through the cracks":
For example, Susie, the clerk, created manual checks made out to herself and signed them with the signature stamp. But the check payee was entered into the accounting system as Macon Hardware (for example). Also, she allocated the disbursements to accounts with sufficient remaining budgetary balances. The subterfuge worked as the expense accounts reflected appropriate vendor activity and expenses stayed within the budgetary appropriations. No red flags.
This is eerily similar to a case out of Pittsburgh, PA, where an employee at Chatham University issued 11 checks to his domestic partner. The issue for most companies is that, with internal resources stretched thin, many of the duties for Accounts Payable -- typically the department that issues payments -- will fall under very few employees, or even one individual. This leads to fewer safeguards put in place because of "trust" in the employees to do the right thing.
Insider Check Fraud -- The Why
While the above example is just one of many situations, there are many different motives that drive the temptation. Outside of pure greed and wanting to live a lavish lifestyle -- we cannot forget about the Nigerian Scammer "Hushpuppi" -- other motivations include the fact that an employee might need money to cover medical expenses of a loved one, or has put themselves in a desperate position and needs a way to cover debts -- such is the situation of an employee at the Albany County Sheriff’s Office.
Insight from the Commonwealth Fraud Prevention Centre -- a department of the Attorney General's Department of the Australian Government -- identify that three conditions must be present for an ordinary person (in this case, an employee) to commit fraud: Pressure, Opportunity, and Rationalization. We won't go into details but you can read more about these three conditions by visiting their website.
Additionally, we recommend you check out author Amanda Nieweler's article providing 23 reasons why people commit fraud on the Whistleblower Security blog.
Preventing Insider Check Fraud
The ease with which an internal city government employee, or any employee at a company that has the ability to issue payments, can pilfer small amounts of money takes some of the blame for the frequency of this particular fraud methodology. Mr. Hall believes organizations invite such small thefts by, frankly, making it too easy:
The accounting clerk, when confronted with evidence of her deception, responded, “I don’t know why I did it, I didn’t need the money.” We do a disservice to accounting employees when we make it so easy to steal. Given human nature, we should do what we can to limit the temptation.
Mr. Hall provides 4-steps to mitigate the risk of insider check fraud:
First, if possible, segregate the disbursement duties so that only one person performs each of the following:
• Creating checks
• Signing checks
• Reconciling bank statements
• Entering checks into the general ledgerIf you can’t segregate duties, have someone (the Mayor, a non-accounting employee, or an outside CPA) review cleared checks for appropriateness.
Secondly, have a second person approve all journal entries. False journal entries can used to hide theft.
Thirdly, restrict access to check stock. It’s wise to keep blank check stock locked up until needed.
Finally, limit who can sign checks, and deep-six the signature stamp.
In addition to these steps, we recommend that companies deploy a positive pay system from their banks. While previous systems only matched serial numbers or amounts, new AI-powered Positive Pay systems can now accurately read and extract payee names and match to a payee issue file source, building a strong deterrent to payee alterations. Furthermore, new technologies can validate additional fields like signature, date, and payor to provide a more robust fraud process.
Banks, credit unions, financial institutions, and corporate entities need to do their due diligence to fully assess the capabilities and technologies of fraud systems, while identifying specific alteration, forgery, and counterfeit use cases detected by the system.