A Primer on Small Business Bookkeeper Bank Fraud
By Don Coker: Banking & Economic Consultant
Every day, trusted bookkeepers of small and medium-sized businesses across this country embezzle millions of dollars from their employers. It is not unusual for these embezzlement schemes to last for fifteen years or so, and no one knows how many go completely undetected from beginning to end.
The country's banking system has built-in safeguards to help prevent and detect fraudulent activities, but often there is a breakdown in their implementation.
Common Types of Fraud
Let's look at some of the
more common forms these frauds take and how they can be prevented:
"Less Cash" Deposits
A quick and easy way for
a bookkeeper to pickup a little pocket change (even up to a few hundred
dollars or more) is to deposit checks payable to the company into the company's
bank account and show a "Less Cash" amount, which he or she pockets. How
can this be prevented? It's very simple. A bank receiving a deposit for
a corporate account should not allow any Less Cash deposits but rather
should require that checks made out to the company be deposited into the
company's account. Then a company check, signed by an authorized signer
on the company's account, can be written for the required cash amount.
And of course, any deposit endorsed "For Deposit Only" should only be deposited
into the account of the payee, with no "Less Cash" disbursement. This type
of fraud is easy to accomplish if the bank operates in a sloppy manner,
but it is impossible to accomplish if the bank follows industry standard
banking practices and procedures.
Forgery
Check forgery, as
it relates to small business bookkeeper fraud, can take several forms.
A dishonest bookkeeper can forge the signature of an authorized signer
on the account and write out a check to himself, to an accomplice, or to
a fictitious name that the bookkeeper controls. A bold embezzler may even
probe the bank's diligence by signing his or her own unauthorized name
to a company check and use it to transfer funds to his or her own account
or pay a bill. Avoiding check signature problems will be discussed later.
Fake Account
A bookkeeper
can open a bogus account in the name of the company and then periodically
deposit payments intended for the company into the bogus account, to which
the bookkeeper has access either by fraudulently placing his or her name
on the account or by forging the name of a legitimate company person. This
involves producing fraudulent signature cards and corporate resolutions
authorizing the new account
Letter of Authority
Sometimes, dishonest
bookkeepers have been known to send to their company's bank a forged "Letter
of Authority" purporting to empower the bookkeeper to have access to certain
accounts. A bank should not accept such a document but rather should demand
proper documentation in the form of signature cards and resolutions, as
required. Of course, a simple telephone call from the bank to its customer
would help detect many of these fraud attempts.
The Need to Launder Money
"Money Laundering" can be defined as changing,
concealing, or disguising the nature, the location, the disposition, the
source, the ownership, the access to, or the control of assets unlawfully
obtained. Obviously, running funds through bank accounts can accomplish
this twisted goal if the bank's system for managing the accounts allows
it. Permitting the items described above enables money laundering to occur.
Safeguards Banks Should Use
The Uniform
Commercial Code
The UCC requires that
a bank "customer must exercise reasonable promptness in examining the statement"
for the account and notify the bank of any irregularities. For unauthorized
signatures and signature alterations, thirty days is considered a reasonable
period for a customer to examine his or her statement, discover a problem,
and notify the bank. However, if the customer can prove that the bank did
not exercise ordinary care, then the thirty day period does not apply.
Then the UCC goes on to state that no matter what the situation with regard
to care or lack of care on the part of the customer or the bank, a customer
must notify the bank within one year of any account activity involving
unauthorized or altered signatures, or else the customer is precluded from
asserting against the bank.
If the bank failed to exercise ordinary care, and the customer failed to promptly examine the bank statement, then the loss is allocated between the customer and the bank according to their relative contribution toward the creation of the loss. The UCC's requirements are typically the most important potential problem for a checking account fraud case such as we are discussing here, but there are often ways to deal with them, as we will discuss here.
Often, in a small or medium-sized business, the same person that keeps the books will also receive and balance the bank statements. This means that there is the possibility that the person perpetrating the fraud is in a perfect position to conceal it from their company. Ideally, someone other than the person managing the checking account should receive and balance the bank statement each month. This is economically unfeasible in many cases, as is the retention of an internal auditor. This is not necessarily negligence on the part of the business but rather a reflection of the reality of how business is carried out in small and medium-sized businesses.
However, keep in mind that in most cases, others outside the company typically do look at the business's financial records. Also, the bank may be aware, through conversations with the company's management and staff and visits to the business's premises, of who manages the business's bank account and who receives the bank statement each month. The statement even may be mailed to a specific person at the company that the bank knows to be the person primarily responsible for the business's checking account. In some cases, the business's employee may actually pick up the statement at the bank each month and sign for it.
How Embezzlers
Approach Banks
Of course there is no limit
to the number of methods the imagination of an embezzler may devise to
approach a bank. Banks should be aware of any suspicious activity that
could indicate the potential for fraud.
Two general procedural factors need to be mentioned here: 1) Embezzlers often probe their company's bank's procedures for any flaws that might allow them to perpetrate a fraud. Therefore, a bank detecting one of these probes should suspect that a fraud scheme might be planned. 2) Banks, like all other businesses, have a tendency to allow things that have been allowed in the past, even if they might represent a deviation from the bank's normal policies and procedures. These deviations should be carefully examined whenever detected.
Customer Familiarity
A bank should be familiar with the basic operations of its business
customers. It is common for a "relationship officer" to be assigned to
any account of any significance. Often bank officers visit the premises
of their business account holders. This provides a bank with a firsthand
opportunity to see how the business manages its checking account. For example,
if a bank officer visits a customer's place of business and sees that the
bookkeeper handles the company's bank accounts and also balances the company's
check book without any other person involved, then the bank should advise
the customer of the
potential for fraud.
Customer Information File
Virtually all banks maintain some type of CIF system, or Customer
Information File, that cross-references all of a customer's dealings with
a bank. In some cases, a simple look at a customer's CIF would tell a bank
from its own records that a bookkeeper who is authorized on a company's
account also maintains a separate and unrelated business account. This
would avoid the embarrassing situation for a bank where a fraudulent scheme
was carried out in which money was illegally taken from a customer's
legitimate account and placed in another account controlled by the perpetrator
of the fraud, all under the eyes of the bank - and only under the eyes
of the bank. This leads to a key point: Sometimes, the bank is the only
party with a vantage point that would enable the observation of the obvious
connecting links in a fraud scheme.
Signatures and Account Documentation
A bank should have on file a signature card for each account.
Banks vary in how they handle changes in authorized signers, with most
using the preferred procedure of having a new card signed by all
current authorized signers; and other banks attempt to document these changes
by crossing out deleted authorized signers and adding new ones via an additional
signature card. This second procedure is ineffective and really should
not be used since multiple cards with handwritten notations pulled by a
bank employee in a hurry can lead to erroneous conclusions regarding who
is authorized on an account and who is not. Most banks have a system that
will display on a monitor a facsimile of the authorized signatures for
each account. This eliminates the need to physically pull a signature card
or a copy of it Likewise, corporate resolutions authorizing bank
accounts should be on file naming the persons currently authorized to transact
business in the account. Changes in those authorized to have access to
the account should be documented by a new corporate resolution. However,
some banks follow the alternative procedure described above for signature
cards and simply obtain an additional corporate resolution naming the new
person or persons; and can result in the same confusion mentioned above
regarding signature cards. And lastly on signatures, there is no banking
procedure that allows one person to sign another persons name to a check.
If it is intended that a person be added to an account as an authorized
signer, even for a temporary period, then the bank must obtain a new signature
card with the new signer's signature.
Checking Signatures on Checks
Banks are responsible for checking the signatures on all checks written on accounts at their bank. However, banks consciously make an economic decision to not check the signatures on checks and rely instead on alternative means to provide some degree of security. For example, a bank may have a policy of examining only the signatures on checks over a certain dollar amount. Of course, this leaves them exposed on a wide open basis to fraud involving checks under their cutoff level for checking signatures. In addition to this cutoff level, banks often have a policy to randomly check the signatures on a percentage of checks under their cutoff level. This at least provides them a chance of detecting fraud under their cutoff level; and without these random checks, the bank is completely exposed to fraud on checks under the cutoff level.
Maintain Uniform and Orthodox Account Procedures
A bank's defense that a customer designed an unorthodox
account management system is invalid since the bank should establish the
rules by which the account is operated. If a bank customer requests or
attempts to force through an unorthodox procedure in the management of
its account, then it is the bank's duty to see that this does not happen.
What It Takes to Win A Case
There are many items that should be examined in order to mitigate
the fault of the account holder and demonstrate the negligence of the bank:
1. Information known to the bank.
It is important to know what the bank knew and when. Likewise,
it is equally important to determine what the bank did not know but should
have known. For example, if a bank knows that Mrs. Adams is the bookkeeper
for a bank customer and that she is not authorized to transact business
on the part of the company, then the bank is negligent if it lets her transact
business through the company's accounts.
For another example, if the bank lets Mrs. Adams transact business
through the company's accounts and did not know whether she was authorized
or not, then that is equally as negligent.
2.. Look at the bank's account documents.
It is certainly reasonable to assume that a bank knows anything
that appears on an authorizing account document, such as a signature card
or resolution form. These documents are the foundation of the relationship
between the bank and its customer. Any actions permitted by the bank that
are contra to the authorizations contained on the documents establishing
the account are negligent.
3. Look at the bank's customer files.
For years, banks have sought to increase their level of service
by creating a system wherein a customer can call on one person at the bank
for all of their financial needs. Banks vary in how completely they believe
in and implement this policy, but most follow it to some degree. This is
important to consider in cases involving fraud since it is possible that
a bank officer that is familiar with a customer's deposit accounts may
also know details about the customer's loans or other business relationships
with the bank. It is unlikely that the same officer will handle both deposit
and loan functions, but there is generally an effort on the part of banks
to ensure that the customer's primary account officer knows of all of the
customer's activities.
4. Look at the bank's call and marketing files.
Even if the customer has not initiated other activities with
the bank, valuable information about the customer's business and operations
may be contained in the bank's call and marketing files. These are written
reports that detail officers' marketing efforts, and often describe specific
details of how the business operates.
5. Financial statements from external sources.
Business loan customers of a bank typically are required to file
periodic financial statements with the bank. These financial statements
often are prepared by a CPA firm that comes into the business and examines
its books. Likewise, if the business is part of a larger organization or
a franchise or in any way associated with another entity that would have
occasion to periodically examine its financial records, then their inability
to uncover a fraud is helpful in demonstrating the customer's inability
to detect it.
6. Lack of warnings by the bank.
It is important to know if the bank ever detected any potential
problem areas in the customer's business operations. It may be that the
bank was the only party with the ability to see all of the activities that
made up the fraud, so their lack of warnings is significant. Often, a simple
telephone call would end a fraud scheme that ultimately costs the customer,
bank, and others thousands of dollars.
7. Policy and Procedure Manuals.
The bank's manuals for handling the specific items that took
place in the fraud should be examined by a banking expert in order to determine
if the procedures were adequate and if they were followed. Although these
manuals may appear quite voluminous, an expert can usually quickly focus
on the pertinent areas.
8. The Bank's Expert.
Bank's typically shoot themselves in the foot by bringing in
an expert" who is an employee of the bank. Of course, this not only eliminates
any chance of objectivity but also highlights the bank's narrow view and
unwillingness to consider any opposing viewpoints. This is the worst thing
a bank can do, yet they use an in-house "expert" over 90% of the time
9. Relate the fraud problem to a juror's checking account.
A banking expert can easily construct an example of the classic
explanation that it is wrong for one person to take money out of
another person's checking account. Simplifying all of the technical talk
and bringing down to a personal level all of the theories presented in
the case can make the typical fraud situation easily understandable for
the average juror.
Concluding Comments
Most banks do a good job of helping guard against fraud in their customers accounts. A bank checking account customer pays for services that include the bank's duty to safeguard their funds. It is universally agreed that a bank has a duty to safeguard its customers funds on deposit with the bank. Concomantly, a bank is negligent if it does not take adequate steps to implement reasonable safeguards that can prevent fraud in a customer's accounts.
Technically, banks should check the signature on every check that
passes through a customer's account. Banks are physically capable of doing
this if they want to. But do bank's actually do this? No. Banks used to
check every signature on every check that went through a customers account.
Today, with automation and higher levels of checking account activity than
in previous years, banks consider the process of checking the signatures
on each check to be too time consuming. Therefore, what it
comes down to is an economic tradeoff where banks choose to save money
on the cost of checking signatures on checks and gamble that their cost
savings will exceed their losses on fraudulent checks.
If a bank chooses not to check the signatures on checks, then one must ask why even have signature cards and why even require that checks be signed? It is a curious twist that has occurred in the banking business, driven by the need and desire to reduce operating costs, yet it creates the need for a means to resolve fraud problems that do occur as a result of a bank's lack of diligence in handling its customers' funds.
By Don Coker: Banking and Economic Consultant
NOTE: Please change the document properties!!!
Insert Company Name Here, If Desired