Employee Embezzlement on the Rise – Are You Protected?

A typical organization will lose an estimated 5% of its revenues every year due to fraud, according to a study by the Association of Certified Fraud Examiners.

The median loss among organizations both large and small was $140,000 per occurrence, and more than 20% of embezzlement losses were more than $1 million, the association found.

With those staggering numbers in mind, if you have not already done so, you need to take steps to reduce the possibility of employee theft – and also make sure you are adequately covered if they do steal from you.

Small organizations are especially susceptible to losses from employee embezzlement. These problems are often seen in cash-heavy businesses, or those with large inventories, but employee embezzlement is most frequently experienced in organizations lacking owner oversight of financial processes, usually due to placing far too much trust in employees and having no internal controls.

The new study by the fraud examiners association was released as another study, this one by professional security firm Marquet International, found that arrests and indictments for embezzlements had reached a five-year high in 2012.

Embezzlers are most likely to be a company bookkeeper, accountant or treasurer, who is female, in her 40s, and without a criminal record. The reason it’s more often than not a woman is that they are typically in the three aforementioned jobs.

How do they do it?

Marquet International in its study found that the most common ways of embezzling are:

  • Bogus loan schemes, which include cases in which fraudulent loans are created or authorized by the perpetrator from which funds are taken for their own benefit.
  • Credit card/account fraud cases, which involve the fraudulent or unauthorized creation and/or use of company credit card or credit accounts.
  • Forged/unauthorized check cases, which are those in which company checks are forged or issued without authorization for the benefit of the perpetrator.
  • Fraudulent reimbursement schemes, which include expense report fraud and other cases in which a bogus submission for reimbursement is made by the perpetrator.
  • Inventory/equipment theft schemes, including those cases in which physical corporate assets were stolen and sold or used for the benefit of the employee.
  • Payroll shenanigan cases, including all forms of manipulation of the payroll systems in order for the perpetrator to draw additional income.
  • Theft/conversion of cash receipt cases, which involve the simple taking of cash or checks meant for company receipts and pocketing or converting them for one’s own benefit.
  • Unauthorized electronic funds transfers, including those cases in which wire transfers and other similar transfers of funds are the primary mode of theft.
  • Vendor fraud cases, which include those where either a bogus vendor is created by the perpetrator to misappropriate monies or a real vendor colludes with the perpetrator to siphon funds from the company.

Thwarting embezzlers

Liability insurer Camico suggests that educating employees on the detrimental effects of employee fraud on the organization can reduce the likelihood of embezzlement.

Also, if you implement a regular review of bank and credit card statements, you’ll have a better chance of catching a thief. Company owners should look at the cleared transactions to determine the legitimacy of payees, including examining actual cancelled checks.

Also, it’s easy for transactions to be changed in the accounting system after the fact. An ill-intentioned bookkeeper could use this tactic to cover up their tracks. If you feel you do not have the time or expertise to oversee you finance department, you should contract with a qualified CPA to perform these checks and balances.

There are also inexpensive physical barriers that should be used to deter criminal activity. To protect cash, you can buy a $200 drop-slot safe to securely keep the night’s deposit until it is taken to the bank.

Similarly, security cameras deter misbehavior and can be the source of valuable evidence in case an incident occurs.

Securing coverage

Finally, you should consider taking out a crime insurance policy.

Most business insurance policies either exclude or provide only nominal amounts of coverage for loss of money and securities as well as employee-dishonesty exposures.

But a crime insurance policy protects against loss of money, securities or inventory resulting from crime. Common crime insurance claims include employee dishonesty, embezzlement, forgery, robbery, safe burglary, computer fraud, wire-transfer fraud, and counterfeiting.

Call us to discuss whether a crime policy is right for your company.

Massive Breach Exposed 773 million E-mails, Passwords

News of the latest global data breach of some 773 million e-mail address and passwords should prompt individuals and organizations alike to change their passwords – particularly for any accounts that have financial, credit card or other personal information.

The scope of this breach cannot be overstated as the list includes log-in credentials from more than 2,000 websites, according to an article on the website Marketwatch, which cited a report by security researcher Troy Hunt.

Hunt said that the files were collected from a number of breaches and uploaded to a cloud service called MEGA, and the data was promoted on popular hacking forums. MEGA eventually removed the data, so it’s not clear how many hackers gained access to the files.

Considering the size and scope of the data trove, you should immediately change your passwords on sites such as:

  • Your online e-mail services (like Gmail, Hotmail, etc.)
  • Your banking and other financial services accounts (retirement accounts, credit cards, etc.)
  • All of your social media accounts.
  • E-commerce sites.
  • Subscription sites and other sites that store your credit card information.

Hunt has created a page on his website for anybody to check to see if their e-mail address and passwords were compromised. You can check here for free: www.haveibeenpwned.com.

Hunt said even his own data appeared in the giant trove of stolen e-mails and passwords, despite his intensive security practices as a privacy professional.

If you have employees, you should notify all of them about the breach and urge them to change their passwords. It should be an organization-wide endeavor.

To best protect your privacy, Hunt recommends using strong passwords, a password manager and two-factor authentication. Two-factor authentication requires users to input a code sent to their phone or e-mail for log in, adding an extra layer of security

Top five password tips

  1. Adopt long passwords – And don’t use things like $ for the letter “s” or 3 for “E”, and other such changes that hackers are on to.
  2. Avoid periodic changes – Instead, change your passwords only when you feel there has been a threat. Most people will recycle old passwords or make small changes to their existing password.
  3. Create a password blacklist – Use this as the list of codes to avoid when making a new password.
  4. Implement two-factor authentication – Two-factor authentication has already become a de facto standard for managing access to corporate servers. In addition to traditional credentials like username and password, users have to confirm their identity with one-time code sent to their mobile device or using a personalized USB token.
  5. Organize regular staff training – Nearly 41% of company data leaks occur because of negligent or untrained workers who open phishing e-mails. It’s important to train employees to detect and avoid phishing and other social media attacks.

OSHA Stays Serious About Temp Worker Safety

While the Trump administration has eased off a number of regulations and enforcement actions during the past two years, Fed-OSHA continues focusing on the safety of temporary workers as much as it did under the Obama presidency.

This puts the onus not only on the agencies that provide the temp workers, but also on the companies that contract with them for the workers.

As evidence of its continued focus on temp workers, OSHA recently released guidance on lockout/tagout training requirements for temporary workers. This was the third guidance document released in 2018 and the 10th in recent years that was specific to temp workers.

One reason OSHA is so keen on continuing to police employers that use temporary workers, as well as the staffing agencies that supply them, is that temp workers are often given some of the worst jobs and possibly fall through the safety training cracks.

OSHA launched the Temporary Worker Initiative in 2013. It generally considers the staffing agency and host employer to be joint employers for the sake of providing workers a safe workplace that meets all of OSHA’s requirements, according to a memorandum by the agency’s office in 2014 to its field officers.

That same memo included the agency’s plans to publish more enforcement and compliance guidance, which it has released steadily since then.

Some of the topics of the temp worker guidance OSHA has released since the 2014 memorandum include:

  • Injury and illness record-keeping requirements
  • Noise exposure and hearing conservation
  • Personal protective equipment
  • Whistleblower protection rights
  • Safety and health training
  • Hazard communication
  • Bloodborne pathogens
  • Powered industrial truck training
  • Respiratory protection
  • Lockout/tagout

Joint responsibility

OSHA started the initiative due to concerns that some employers were using temporary workers as a way to avoid meeting obligations to comply with OSHA regulations and worker protection laws, and because temporary workers are more vulnerable to workplace safety and health hazards and retaliation than workers in traditional employment relationships.

With both the temp agency and the host employer responsible for workplace safety, there has to be a level of trust between the two. Temp agencies should come and do some type of assessment to ensure the employer meets OSHA standards, and the host employer has to provide a safe workplace.

Both host employers and staffing agencies have roles in complying with workplace health and safety requirements, and they share responsibility for ensuring worker safety and health.

A key concept is that each employer should consider the hazards it is in a position to prevent and correct, and in a position to comply with OSHA standards. For example: staffing agencies might provide general safety and health training, and host employers provide specific training tailored to the particular workplace equipment/hazards.

Successful joint employer relationship traits

  • The key is communication between the temp agency and the host to ensure that the necessary protections are provided.
  • Staffing agencies have a duty to inquire into the conditions of their workers’ assigned workplaces. They must ensure that they are sending workers to a safe workplace.
  • Ignorance of hazards is not an excuse.
  • Staffing agencies need not become experts on specific workplace hazards, but they should determine what conditions exist at the host employer, what hazards may be encountered, and how best to ensure protection for the temporary workers.
  • The staffing agency has the duty to inquire and verify that the host has fulfilled its responsibilities for a safe workplace.
  • And, just as important, host employers must treat temporary workers like any other workers in terms of training and safety and health protections.

For a look at all 10 of the guidance documents OSHA has issued in the last few years, visit the agency’s temp worker page: www.osha.gov/temp_workers/

New Rule Simplifies X-Mod Calculation, Encourages Reporting First Aid Claims

A new method for calculating workers’ compensation experience modifications (X-Mods) took effect in California on Jan. 1.

The Workers’ Compensation Insurance Rating Bureau of California has created a new simplified formula for calculating X-Mods as part of its efforts to add more transparency to the process. The new formula excludes the first $250 of every claim for the X-Mod computation, no matter how large or small the claim is.

This also means that if an employer pays, say, $200 for first aid on a minor workplace injury, they are required to report it as a claim. Doing so will not affect their X-Mod in any way, no matter how many first aid claims they have.

The goal is to encourage employers to report all claims, even those that may require minimal medical treatment or first aid.

Examples:

  • If you have a $10,000 primary threshold and you have a claim that ends up costing $6,000, the amount used to compute your X-Mod would be $5,750.
  • If you have a $10,000 primary threshold and you have a claim that ends up costing $17,000, the amount used for calculating your X-Mod would be $9,750.
  • If you have a claim that’s valued at $250 or less, the claim will still show on your experience rating worksheet, but it will not be used at all when calculating your X-Mod.

Does this affect your current X-Mod?

Yes. Any claim incurred against policies incepting during the experience period for your 2019 experience modification, which includes 2015, 2016 and 2017 policy years, will be used in the X-Mod computation at $250 less than its reported value.

Claims costing $250 or less will be shown on worksheets, but will not be used in X-Mod calculation.

Reporting first aid claims is required

Workers’ comp regulations require that all claims that cost some amount of money to treat must be reported to your workers’ comp carrier, which in turn must report to the Rating Bureau so that it can accurately keep workers’ comp records on employers that are experience rated.

The rules have already been on the books for years, but the problem of non-reporting became too great, so the Rating Bureau has stepped up to encourage employers to follow the rules. And in this case, it can’t work against you.

Does Business Interruption Insurance Cover Partial Shutdown?

Interruption in the Business Life

What happens if your business suffers property damage or a supply chain disruption and is forced to stop operations either fully or partially? Will your insurance cover the work stoppage or slowdown?

It is important to understand how your insurance can protect you from the resulting financial loss. In addition to potential recovery for property damage from your property/casualty policy, you may be able to recover lost revenue from your business interruption coverage. If your operations are disrupted – completely or partially – the language of your policy will determine if, and for how long, your insurance company will cover the loss.

In the best scenario, your insurance should cover income loss not only when operations are completely shuttered, but also when your business is partially suspended.

Historically, many business interruption provisions required a “necessary suspension” of operations. The problem is that these older policies and forms did not define “suspension” or state whether a complete shutdown was necessary. Courts have wrestled with this issue, and have often come down on the side of a “complete shutdown.”

The precedent in California is the case of Buxbaum vs. AETNA Life & Cas. Co. , which held that a “necessary suspension” of operations “connotes a temporary, but complete, cessation of activity.”

In this case, the court said that business interruption coverage for a law firm was not triggered because there was no complete cessation of operations when evidence showed that its attorneys continued to bill hours following a water damage incident in its offices.

The key here is that if “suspension” is not defined in a policy, the policyholder will likely not recover lost income due to a partial cessation or slowdown of business.

The catch-22 in this type of interpretation is that the business interruption policy will usually include a clause obligating the policyholder to mitigate losses.

Slowdown coverage in new forms

In light of other states’ court decisions that were similar to the California case, the industry has developed new forms that also cover slowdowns.

One such form is the Insurance Service Office-approved “Business Income (and Extra Expense) Coverage Form.” It was updated to define “suspension” as “[t]he slowdown or cessation of your business activities.”

Fortunately, most insurance companies use forms that affirmatively state the policy “shall cover the loss resulting from complete or partial interruption of business.”

If you are renewing your business interruption policy or purchasing a new policy, ask us if the form the insurer uses includes the above language. If not, we can find an insurer that includes such wording.

That specific language can ensure that you get paid for any lost business income due to a partial shutdown of your operations.