Dishonest employees steal more than shoplifters…almost ten times more, in fact. Sometimes they steal from you — sometimes from your members and clients.
Most employee frauds start out small and escalate when no one notices. These simple checks and balances protect your business.
1. Guard against payments to fictitious suppliers.
We’ve seen situations where employees created fictitious suppliers, paid them with company funds — and cashed the checks themselves.
For example, your assistant invents a fictitious vendor, “Yoga Mat Warehouse”. She then creates fake invoices, issues checks or electronic payments from your business account to Yoga Mat Warehouse, and sends those payments to the Yoga Mat Warehouse post office box or bank account. Then she picks up the checks herself from Yoga Mat’s mailbox, endorses them, and deposits them to her own account.
The same fraud can also occur if your company pays its invoices with a company credit card or via electronic payments issued through your bank account.
If you authorize anyone other than yourself to sign checks, issue electronic payments, or use company credit cards to pay invoices, put controls in place to make sure that only legitimate vendors receive payments.
- Restrict who can add new vendors to your accounts payable system, and require a review step to add a new vendor.
- Don’t have the same person check in packages you receive and make payments to suppliers. Split those tasks.
- Checks to be signed should have the packing receipt attached where applicable.
- Cap the dollar amount of payments that employees can issue.
- Require a second signature or electronic approval on payments which exceed that maximum.
- Review your monthly online transaction history or statement for payee names you don’t recognize and for unusually large amounts.
- Never, ever put your signature on a rubber signature stamp that you allow others to use. Special locking signature machines are available if you’re still issuing lots of paper checks, and they’re more secure than a simple stamp.
2. Restrict and review access to customer credit card and bank account info.
Most of you accept credit cards and some of you debit customer bank accounts monthly for membership dues and fees.
- For one-time transactions, choose hosted e-commerce and back-office applications that send transactions to a third-party payment gateway and don’t store credit card data within the e-commerce app.
- For recurring transactions where credit card data must be stored, tightly restrict who has access to this data so that it’s clear exactly who is accountable should customers report issues with duplicate charges.
- Password-protect this data with tough-to-crack passwords that include upper- and lower-case letters interspersed with numbers and special characters.
- Change passwords monthly and always change them when an employee leaves the business, even if you don’t think they had access to customer data.
- Remind customers — in newsletters and so forth — to contact you or the appropriate customer service manager directly about billing mistakes. Don’t tell them to contact your bookkeeper.
- Low-tech security still matters. Lock customer paperwork with credit card numbers and voided checks in a file cabinet and restrict access to the keys.
- Don’t store customer financial information on laptops, smartphones, tablet computers and other mobile devices that actually leave your premises. If doing so is unavoidable, password-protect the device and encrypt the files containing this information.
3. Monitor direct deposits from affiliates and other business partners.
Many wellness and fitness businesses receive direct deposits from sources like these:
- Commissions from nutritional supplement affiliates
- Commissions from fitness equipment or apparel manufacturers or distributors
- Commissions from product sales made using an Amazon Associates link
- Sales through third-party hosted e-commerce providers like Paypal, Shopify and others
- Sales paid by customer credit cards and processed by Stripe or other merchant account and credit card processing services
- Payments from Amazon’s Kindle Direct Publishing or other publishers
- Payments from other affiliate relationships or business partners deposited electronically to your account
Because these payments typically recur monthly, it’s easy to overlook them. You’ve got to protect yourself against two risks.
- First, the vendor may not be making payments that they’re obligated to make to you. Don’t assume that they are — check every month.
- Second, an employee can easily redirect the deposit to a different account. It’s not hard to do. Confirm every month that the payments that should be appearing actually are.
The person who reconciles your company bank statement each month and confirms that the expected payments are arriving timely should not have online access (usernames, passwords) to affiliate and similar accounts, nor should they have access to key identifying information like social security numbers, affiliate PINs or affiliate account numbers required to make changes to the affiliate accounts.
A useful tool is a standard monthly report that lists all the expected sources of incoming cash in the first column, and shows the current month’s deposits plus columns for each of the last six months of deposits to the right. The harder you make it to defraud the company without detection, the less likely it is to happen.
4. Reconcile and review your business bank and credit card statements monthly.
We worked once with a wellness business whose trusted clerk — a long-time employee — had stuffed bank statements in his desk drawer to hide the fact that he was writing checks against a little-used business account and pocketing the cash.
- Keep a list of all open bank accounts and credit accounts in use by your business.
- Whoever prepares the reconciliation shouldn’t have signature access to your accounts. Otherwise, it’s like asking the cat to keep an eye on the canary!
- Review the bank statements and bank reconciliations monthly.
- An added bonus: you may catch a bank mistake.
- Periodically run credit reports on your business. If someone’s opened unauthorized accounts of any kind in the name of your business, that’s a good way to find out.
- Give at least the appearance of close review. Even if you don’t really understand what you’re looking at, just giving the impression that you’re paying close attention really does help deter fraud.
5. Split financial responsibilities among individuals.
It’s rare for several employees to conspire to defraud your business. It’s far more common for a single employee to steal from your business.
For example, if a single employee is responsible for all financial transactions related to the spa, he can record, say, five bottles of massage oil for internal use when in reality only two were used in the spa and he sold the other three to friends and pocketed the cash.
- The person responsible for billing clients should not also be responsible for receiving and posting payments and making billing adjustments. This is particularly important if your business is often paid in cash — like a wellness center that handles insurance co-pays, or a spa or pro shop that receives cash for product sales.
- Don’t allow your outside accountant to sign checks on your business account. Think of them as an independent third party who can help you keep an eye on things. If they have access to business assets like cash, you’ve compromised their independence.
6. Conduct pre-employment background checks.
We were shocked to find that a very promising job candidate for a management position had a criminal record for shoplifting. And we’ve routinely seen inflation — or invention — of academic credentials like degrees.
- Run criminal background checks on people you’re planning to hire — and request written consent to do it. That helps protect you legally — and it encourages candidates with dubious records to withdraw from the process.
- Even if the candidate has a clean record, just knowing that you ran the background check communicates your “trust but verify” philosophy to managing the business. It puts them on notice that you’re vigilant.
- Background checks are quick and relatively inexpensive — from $5 to search public records yourself to a few hundred bucks per candidate, depending on the scope of the background check.
- Discuss bonding your employees with your business insurance broker if your business handles large amounts of cash, employees have access to business accounts and other significant assets, or your employees routinely visit clients’ homes.
7. Apply good business practices to everyone who works for you.
Sadly, we’ve seen numerous business owners burned by deeply trusted family members and friends — even spouses and siblings. Often these people were indeed reliable and trustworthy for many years…until something changed.
Unknown to you, your brother or sister-in-law or cousin may have massive credit card debt. A close friend may have a sudden cash crunch because their spouse just lost a job. Your son or daughter may have a substance abuse problem. Or they’re simply living a steak lifestyle on a peanut butter budget. We could go on and on.
You simply can’t know everything that’s going on in someone’s life…even someone very, very close to you. So:
- Don’t give family and friends the “keys to the kingdom.”
- Apply the same good business practices above that you’d use with other employees.
8. And last but not least…
- It’s also a good idea to require mandatory annual vacations for all employees with access to cash or other valuable business assets.
We’re talking a couple of weeks, not just a long weekend. If they’ve been hiding information which would reveal their fraud, you’ll improve the odds of catching it while they’re out.
- In smaller wellness businesses, owners should pick up and review the incoming mail themselves. It’s a quick way to spot-check vendor invoices, late notices, and other potential red flags.
If you assign this work to someone, it shouldn’t be the same person who handles vendor and customer transactions and has access to customer financial data.
- If you give your personal bank and credit card account information to an employee, remember to review your personal bank and credit card statements yourself.
- Many small business owners simply hand all that information to their CPA — but your CPA can’t usually tell what’s appropriate and what isn’t. And lots of owners and managers keep an eagle-eye on their business financials but never look at their personal financials.