By Don Coker: Banking & Economic Consultant
Every day, trusted bookkeepers of small and medium-sized businesses across this country embezzle millions of dollars from their employers. It is not unusual for these embezzlement schemes to last for fifteen years or so, and no one knows how many go completely undetected from beginning to end.
The country's banking system has built-in safeguards to help prevent and detect fraudulent activities, but often there is a breakdown in their implementation.
Common Types of Fraud
Let's look at some of the more common forms these frauds take and how they can be prevented:
"Less Cash" Deposits
A quick and easy way for a bookkeeper to pickup a little pocket change (even up to a few hundred dollars or more) is to deposit checks payable to the company into the company's bank account and show a "Less Cash" amount, which he or she pockets. How can this be prevented? It's very simple. A bank receiving a deposit for a corporate account should not allow any Less Cash deposits but rather should require that checks made out to the company be deposited into the company's account. Then a company check, signed by an authorized signer on the company's account, can be written for the required cash amount. And of course, any deposit endorsed "For Deposit Only" should only be deposited into the account of the payee, with no "Less Cash" disbursement. This type of fraud is easy to accomplish if the bank operates in a sloppy manner, but it is impossible to accomplish if the bank follows industry standard banking practices and procedures.
Forgery
Check forgery, as it relates to small business bookkeeper fraud, can take several forms. A dishonest bookkeeper can forge the signature of an authorized signer on the account and write out a check to himself, to an accomplice, or to a fictitious name that the bookkeeper controls. A bold embezzler may even probe the bank's diligence by signing his or her own unauthorized name to a company check and use it to transfer funds to his or her own account or pay a bill. Avoiding check signature problems will be discussed later.
Fake Account
A bookkeeper can open a bogus account in the name of the company and then periodically deposit payments intended for the company into the bogus account, to which the bookkeeper has access either by fraudulently placing his or her name on the account or by forging the name of a legitimate company person. This involves producing fraudulent signature cards and corporate resolutions authorizing the new account
Letter of Authority
Sometimes, dishonest bookkeepers have been known to send to their company's bank a forged "Letter of Authority" purporting to empower the bookkeeper to have access to certain accounts. A bank should not accept such a document but rather should demand proper documentation in the form of signature cards and resolutions, as required. Of course, a simple telephone call from the bank to its customer would help detect many of these fraud attempts.
The Need to Launder Money
"Money Laundering" can be defined as changing, concealing, or disguising the nature, the location, the disposition, the source, the ownership, the access to, or the control of assets unlawfully obtained. Obviously, running funds through bank accounts can accomplish this twisted goal if the bank's system for managing the accounts allows it. Permitting the items described above enables money laundering to occur.
Safeguards Banks Should Use
:
The Uniform Commercial Code
The UCC requires that a bank "customer must exercise reasonable promptness in examining the statement" for the account and notify the bank of any irregularities. For unauthorized signatures and signature alterations, thirty days is considered a reasonable period for a customer to examine his or her statement, discover a problem, and notify the bank. However, if the customer can prove that the bank did not exercise ordinary care, then the thirty day period does not apply. Then the UCC goes on to state that no matter what the situation with regard to care or lack of care on the part of the customer or the bank, a customer must notify the bank within one year of any account activity involving unauthorized or altered signatures, or else the customer is precluded from asserting against the bank.
If the bank failed to exercise ordinary care, and the customer failed to promptly examine the bank statement, then the loss is allocated between the customer and the bank according to their relative contribution toward the creation of the loss. The UCC's requirements are typically the most important potential problem for a checking account fraud case such as we are discussing here, but there are often ways to deal with them, as we will discuss here.
Often, in a small or medium-sized business, the same person that keeps the books will also receive and balance the bank statements. This means that there is the possibility that the person perpetrating the fraud is in a perfect position to conceal it from their company. Ideally, someone other than the person managing the checking account should receive and balance the bank statement each month. This is economically unfeasible in many cases, as is the retention of an internal auditor. This is not necessarily negligence on the part of the business but rather a reflection of the reality of how business is carried out in small and medium-sized businesses.
However, keep in mind that in most cases, others outside the company typically do look at the business's financial records. Also, the bank may be aware, through conversations with the company's management and staff and visits to the business's premises, of who manages the business's bank account and who receives the bank statement each month. The statement even may be mailed to a specific person at the company that the bank knows to be the person primarily responsible for the business's checking account. In some cases, the business's employee may actually pick up the statement at the bank each month and sign for it.
How Embezzlers Approach Banks
Of course there is no limit to the number of methods the imagination of an embezzler may devise to approach a bank. Banks should be aware of any suspicious activity that could indicate the potential for fraud.
Two general procedural factors need to be mentioned here: 1) Embezzlers often probe their company's bank's procedures for any flaws that might allow them to perpetrate a fraud. Therefore, a bank detecting one of these probes should suspect that a fraud scheme might be planned. 2) Banks, like all other businesses, have a tendency to allow things that have been allowed in the past, even if they might represent a deviation from the bank's normal policies and procedures. These deviations should be carefully examined whenever detected.
Customer Familiarity
A bank should be familiar with the basic operations of its business customers. It is common for a "relationship officer" to be assigned to any account of any significance. Often bank officers visit the premises of their business account holders. This provides a bank with a firsthand opportunity to see how the business manages its checking account. For example, if a bank officer visits a customer's place of business and sees that the bookkeeper handles the company's bank accounts and also balances the company's check book without any other person involved, then the bank should advise the customer of the potential for fraud.
Customer Information File
Virtually all banks maintain some type of CIF system, or Customer Information File, that cross-references all of a customer's dealings with a bank. In some cases, a simple look at a customer's CIF would tell a bank from its own records that a bookkeeper who is authorized on a company's account also maintains a separate and unrelated business account. This would avoid the embarrassing situation for a bank where a fraudulent scheme was carried out in which money was illegally taken from a customer's legitimate account and placed in another account controlled by the perpetrator of the fraud, all under the eyes of the bank - and only under the eyes of the bank. This leads to a key point: Sometimes, the bank is the only party with a vantage point that would enable the observation of the obvious connecting links in a fraud scheme.
Signatures and Account Documentation
A bank should have on file a signature card for each account. Banks vary in how they handle changes in authorized signers, with most using the preferred procedure of having a new card signed by all current authorized signers; and other banks attempt to document these changes by crossing out deleted authorized signers and adding new ones via an additional signature card. This second procedure is ineffective and really should not be used since multiple cards with handwritten notations pulled by a bank employee in a hurry can lead to erroneous conclusions regarding who is authorized on an account and who is not. Most banks have a system that will display on a monitor a facsimile of the authorized signatures for each account. This eliminates the need to physically pull a signature card or a copy of it Likewise, corporate resolutions authorizing bank accounts should be on file naming the persons currently authorized to transact business in the account. Changes in those authorized to have access to the account should be documented by a new corporate resolution. However, some banks follow the alternative procedure described above for signature cards and simply obtain an additional corporate resolution naming the new person or persons; and can result in the same confusion mentioned above regarding signature cards. And lastly on signatures, there is no banking procedure that allows one person to sign another persons name to a check. If it is intended that a person be added to an account as an authorized signer, even for a temporary period, then the bank must obtain a new signature card with the new signer's signature.
Checking Signatures on Checks
Banks are responsible for checking the signatures on all checks written on accounts at their bank. However, banks consciously make an economic decision to not check the signatures on checks and rely instead on alternative means to provide some degree of security. For example, a bank may have a policy of examining only the signatures on checks over a certain dollar amount. Of course, this leaves them exposed on a wide open basis to fraud involving checks under their cutoff level for checking signatures. In addition to this cutoff level, banks often have a policy to randomly check the signatures on a percentage of checks under their cutoff level. This at least provides them a chance of detecting fraud under their cutoff level; and without these random checks, the bank is completely exposed to fraud on checks under the cutoff level.
Maintain Uniform and Orthodox Account Procedures
A bank's defense that a customer designed an unorthodox account management system is invalid since the bank should establish the rules by which the account is operated. If a bank customer requests or attempts to force through an unorthodox procedure in the management of its account, then it is the bank's duty to see that this does not happen.
What It Takes to Win A Case
There are many items that should be examined in order to mitigate the fault of the account holder and demonstrate the negligence of the bank:
1. Information known to the bank.
It is important to know what the bank knew and when. Likewise, it is equally important to determine what the bank did not know but should have known. For example, if a bank knows that Mrs. Adams is the bookkeeper for a bank customer and that she is not authorized to transact business on the part of the company, then the bank is negligent if it lets her transact business through the company's accounts.
For another example, if the bank lets Mrs. Adams transact business through the company's accounts and did not know whether she was authorized or not, then that is equally as negligent.
2. Look at the bank's account documents.
It is certainly reasonable to assume that a bank knows anything that appears on an authorizing account document, such as a signature card or resolution form. These documents are the foundation of the relationship between the bank and its customer. Any actions permitted by the bank that are contra to the authorizations contained on the documents establishing the account are negligent.
3. Look at the bank's customer files.
For years, banks have sought to increase their level of service by creating a system wherein a customer can call on one person at the bank for all of their financial needs. Banks vary in how completely they believe in and implement this policy, but most follow it to some degree. This is important to consider in cases involving fraud since it is possible that a bank officer that is familiar with a customer's deposit accounts may also know details about the customer's loans or other business relationships with the bank. It is unlikely that the same officer will handle both deposit and loan functions, but there is generally an effort on the part of banks to ensure that the customer's primary account officer knows of all of the customer's activities.
4. Look at the bank's call and marketing files.
Even if the customer has not initiated other activities with the bank, valuable information about the customer's business and operations may be contained in the bank's call and marketing files. These are written reports that detail officers' marketing efforts, and often describe specific details of how the business operates.
5. Financial statements from external sources.
Business loan customers of a bank typically are required to file periodic financial statements with the bank. These financial statements often are prepared by a CPA firm that comes into the business and examines its books. Likewise, if the business is part of a larger organization or a franchise or in any way associated with another entity that would have occasion to periodically examine its financial records, then their inability to uncover a fraud is helpful in demonstrating the customer's inability to detect it.
6. Lack of warnings by the bank.
It is important to know if the bank ever detected any potential problem areas in the customer's business operations. It may be that the bank was the only party with the ability to see all of the activities that made up the fraud, so their lack of warnings is significant. Often, a simple telephone call would end a fraud scheme that ultimately costs the customer, bank, and others thousands of dollars.
7. Policy and Procedure Manuals.
The Bank's manuals for handling the specific items that took place in the fraud should be examined by a banking expert in order to determine if the procedures were adequate and if they were followed. Although these manuals may appear quite voluminous, an expert can usually quickly focus on the pertinent areas.
8. The Bank's Expert.
Bank's typically shoot themselves in the foot by bringing in an expert" who is an employee of the bank. Of course, this not only eliminates any chance of objectivity but also highlights the bank's narrow view and unwillingness to consider any opposing viewpoints. This is the worst thing a bank can do, yet they use an in-house "expert" over 90% of the time
9. Relate the fraud problem to a juror's checking account.
A banking expert can easily construct an example of the classic explanation that it is wrong for one person to take money out of another person's checking account. Simplifying all of the technical talk and bringing down to a personal level all of the theories presented in the case can make the typical fraud situation easily understandable for the average juror.
Concluding Comments
Most banks do a good job of helping guard against fraud in their customers accounts. A bank checking account customer pays for services that include the bank's duty to safeguard their funds. It is universally agreed that a bank has a duty to safeguard its customers funds on deposit with the bank. Concomantly, a bank is negligent if it does not take adequate steps to implement reasonable safeguards that can prevent fraud in a customer's accounts.
Technically, banks should check the signature on every check that passes through a customer's account. Banks are physically capable of doing this if they want to. But do bank's actually do this? No. Banks used to check every signature on every check that went through a customers account. Today, with automation and higher levels of checking account activity than in previous years, banks consider the process of checking the signatures on each check to be too time consuming. Therefore, what it comes down to is an economic tradeoff where banks choose to save money on the cost of checking signatures on checks and gamble that their cost savings will exceed their losses on fraudulent checks.
If a bank chooses not to check the signatures on checks, then one must ask why even have signature cards and why even require that checks be signed? It is a curious twist that has occurred in the banking business, driven by the need and desire to reduce operating costs, yet it creates the need for a means to resolve fraud problems that do occur as a result of a bank's lack of diligence in handling its customers' funds.
About Don Coker |
