No disaster scammer is safe from the NCDF

What do COVID-19, major hurricanes and West Coast wildfires have in common? All three have attracted scam artists, who have bilked disaster victims, charitable donors, insurance companies and government agencies out of billions of dollars. Also, all of these disasters — and the criminals who take advantage of them — are the focus of The National Center for Disaster Fraud (NCDF). Let’s take a look at what this partnership between the U.S. Justice Department and various law enforcement and regulatory agencies does to investigate and prevent fraud.

Investigate and prevent

The NCDF was established in 2005 after Hurricane Katrina to combat the massive fraud schemes that emerged as financial aid poured into the Gulf region. The agency now coordinates investigations into all kinds of natural and manmade disaster fraud. It also helps to prevent perpetrators from finding victims.

Recently, the NCDF posted on its website tips for charitable donors who want to help victims of Hurricane Ida (justice.gov/disaster-fraud). For example, the agency urges people to avoid making cash donations, writing checks to individuals or donating via wire transfer.

COVID and other opportunities

COVID-19-related fraud — including dishonest Paycheck Protection Program (PPP) loan requests and phishing schemes offering fake “miracle” drugs — makes up the bulk of current NCDF complaints. In recent weeks, the Justice Department has announced the indictment and sentencing of a roster of COVID criminals.

This includes a Georgia woman who pleaded guilty to bank fraud after seeking $7.9 million in PPP loans for four medical practices she controlled. In another ambitious scheme, a Texas man submitted 15 fraudulent PPP applications to eight different lenders, seeking a total of $24.8 million.

Of course, criminals will capitalize on any opportunity. A California man received $26,000 in relief funds from the Federal Emergency Management Agency (FEMA) after falsely claiming a trailer burned in the Camp Fire was his primary residence. Earlier this year, a Florida woman was sentenced to more than six years in prison for using stolen identities to file five applications for FEMA disaster assistance that was intended for actual victims of Hurricane Irma.

Calls for help

Agencies investigating disaster fraud depend on tips from ordinary people who’ve witnessed or are victims of these crimes. The NCDF hosts a 24/7 telephone hotline (866-720-5721) and accepts Web form complaints at justice.gov/DisasterComplaintForm. Also, if you believe disaster fraud has delivered a double whammy to you or family members, contact us for more information on how to fight back.

© 2021 Covenant CPA

How to conduct a remote fraud investigation

Before the COVID-19 pandemic, most fraud investigations took place in the office or other work facility. This made it easy for investigators to gather and analyze data and interview suspects and witnesses in a face-to-face setting.

But if your company allows employees to work from home — either temporarily or permanently — you may need to conduct a remote fraud investigation. In addition to suspects and witnesses working remotely, those tasked with conducting investigations (including outside experts) may also be remote. Here’s how to manage these situations.

Policies and procedures

First, develop policies and procedures for remote investigations. If you already have written polices for traditional fraud investigations, use them as a starting point. Some features, such as the role and processes of investigators may remain basically the same.

Cover the entire process, including:

  • The technology solutions you’ll use to communicate with employees and investigators,
  • Backup options in the event of technical problems, and
  • How you’ll share relevant files and documents — both electronic and paper.

Once you’ve developed a draft, have legal counsel review it.

Conducting interviews 

Before conducting interviews, prepare subjects for the process. Let them know approximately how long the interview might take and whether they must review documents before or during the discussion. Stress the importance of sitting in a quiet location with minimal background noise where they can remain undisturbed throughout the interview.

To provide your team with ample opportunity to detect verbal and nonverbal signs of deception, subjects need to keep their video feeds on the entire time. Most computers, smartphones, tablets and wireless connections can facilitate video calls, but be sure to test subjects’ devices and Internet connections before interviews. Consider having a trusted member of your IT department perform the test, instructing this employee not to discuss anything specific about the interview or the fraud allegations.

There are a couple things you should keep in mind. First, any conversation conducted via video conferencing will be recorded and can be used in a subsequent court case. So discuss interview plans with your attorney.

Second, expect the unexpected. For example, how will you proceed if a fraud suspect declines to answer questions, turns off his or her video or audio feed or consults with an unknown third party in the room? Subjects attempting to dodge uncomfortable questions may pretend to have connectivity problems. 

Unique challenges

Remote fraud investigations present unique challenges — many of which can be anticipated and mitigated. But even if you normally would conduct a preliminary fraud investigation in-house, consider engaging a forensic accounting expert early in the process to help ensure you don’t miss anything.

© 2021 Covenant CPA

Fraud is costly for all victimized companies, but it’s even worse in the construction sector. According to the Association of Certified Fraud Examiners’ Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse, construction companies affected by fraud lose a median $200,000 per fraud incident, compared with $125,000 per incident for all organizations.

Some types of fraud are more prevalent in the construction industry, particularly payroll and billing fraud. These can lead to legal liability and fines. For example, paying under-the-table cash wages to avoid paying payroll taxes could result in criminal charges and significant penalties. To prevent your managers and workers from acting illegally or unethically, tighten your internal controls. 

Essential controls

Certain internal controls are essential — including segregation of duties. This means that multiple employees should handle multiple financial or accounting tasks. For example, the person who processes cash transactions shouldn’t also prepare your company’s bank deposits. If you don’t have enough accounting employees to segregate duties, consider outsourcing some or all accounting functions. Also, have monthly bank statements sent directly to you or a manager independent of your accounting department.

You can reduce purchasing fraud threats by naming someone other than your purchasing agent — you or an estimator, for instance — to review vendor invoices, purchase orders and other documents. Also use prenumbered purchase orders and regularly check materials and supplies to ensure they correspond to what was ordered.

Kickbacks and bid-rigging can be kept to a minimum with scrutiny. If your company is suddenly winning bids that you haven’t in the past and that seem like a stretch, verify that your bid processes have been followed. Sometimes employees disguise illegal activities as change orders, so be sure to scrutinize each change order.

To minimize the risk of payroll fraud in your company, ask someone independent of your accounting department to verify the names and pay rates on your payroll. And if you don’t already, pay employees using direct deposit, rather than with checks or cash. You may also want to make surprise jobsite visits to compare employee headcounts to time reports and wage payments. 

Get help 

Don’t forget to enlist the help of fraud experts. We can review your accounting records and inventory and visit jobsites to help assess risk and suggest additional internal controls.

© 2021 Covenant CPA

Without trust between you and your employees, your business probably wouldn’t be very successful. Delegating responsibility, sharing ideas, working as a team — all require a certain level of trust. However, too much trust can lead to occupational fraud and conflicts of interest. To maintain the proper balance, establish a policy that outlines your disclosure expectations and require employees to follow it.

Purchasing power

What constitutes conflict of interest? Let’s look at a fictional example: Veronica is the manager of a manufacturing company’s purchasing department. She’s also part owner of a business that sells supplies to the manufacturer — a fact she hasn’t disclosed to her employer. And, in fact, Veronica has personally profited from her business’s lucrative long-term contract with her employer.

What makes this scenario a conflict of interest isn’t so much that Veronica has profited from her position, but that her employer is ignorant of the relationship. When employers are informed about their employees’ outside business interests, they can act to exclude employees, vendors or customers from participation in transactions where there might be a conflict of interest. Or they can allow parties to continue participating in a transaction — even if it runs contrary to ethical best practices. But it’s the employer’s, not the employee’s, decision to make.

Prevention is the best policy 

Sometimes employees simply neglect to inform their employers about possible conflicts of interest. In other cases, they go to great lengths to hide conflicts. Perhaps they’re afraid a conflict will jeopardize their jobs or get them into legal trouble.

Prevention is the best policy here. Develop conflict-of-interest policies and communicate them to all employees. Provide specific examples of conflicts and spell out exactly why you consider the activities depicted to be deceptive, unethical and possibly illegal. Don’t forget to state the consequences of nondisclosure of conflicts, such as immediate termination.

Providing personal information

You might also require employees to complete an annual disclosure statement on which they list the names and addresses of their family members, their family’s employers and business interests, and whether the employees have an interest in those entities (or any others). To help ensure accurate statements, provide employees with a hotline to call if they have questions about your policy, aren’t sure how it relates to their circumstances or want to report someone else with an apparent conflict.

Also protect your business from conflicted vendors and customers. Before entering into a new agreement, compare the names and addresses on your employee disclosure statements with ownership information provided by prospective business partners.

Not necessarily fraud

Conflicts of interest aren’t necessarily fraud. But if you don’t know how an employee is personally profiting off your company, it could suffer serious consequences, including financial losses. Contact us for help reducing this risk. 

© 2021 Covenant CPA

According to the Federal Trade Commission, veterans lost approximately $60 million to fraud in 2020. Active-duty military personnel and their spouses and dependents also suffered big financial losses to fraud last year. In fact, in 2020, military consumers lost more than the general public to fraud — a median $600 compared to $311 for nonmilitary consumers. Here’s what you and military friends and family need to know.

Beware of imposters

The greatest fraud threat to this group is “imposter” fraud. In this scheme, a criminal calls, emails or texts potential victims and pretends to be working for the Veterans Administration or another government agency. Perpetrators may claim they need personal information, such as Social Security or bank account numbers, to authorize the release of benefits. Instead, they use that data to commit identity theft.

In a variation of this scam, perpetrators pose as financial advisors who convince vets to exchange their pensions for up-front cash payouts. In most cases, the payouts are worth less than the pensions. Or fraudulent advisors may tout special benefits programs that can only be accessed by paying a fee. After paying, the fraud targets learn the programs don’t exist.

Unfortunately, many other types of fraud focus on vets and active-duty members — including fake job recruiting, loan, tax and charity schemes. One particularly vicious scam targets family members of deployed military personnel. Criminals claim the military member has been injured or is stranded and that the family must wire money. 

Foil fraud 

If you receive a communication from someone claiming to be a government official, offer to contact him or her at the agency’s official phone number. Don’t provide any information about yourself until you’ve independently confirmed the person’s identity.

In addition:

  • Never give anyone Social Security, bank account or credit card numbers over the phone or in response to an electronic communication. Legitimate representatives from, for example, the VA, IRS or state unemployment agencies, won’t ask for them.
  • Don’t click on links or download attachments contained in suspicious emails. Visit sites by typing their URLs directly into your browser.
  • Regularly monitor your credit reports for unusual activity and investigate sudden drops in your credit score.
  • Be wary of anyone claiming you must “act fast” to respond to an offer. Take time to confirm that individuals, programs and products are legitimate before handing over any money. Along the same lines, only work with financial advisors you know and trust. 

Sidestep risks

Military personnel, veterans and their families face a myriad of fraud risks. Be skeptical when reviewing claims, offers or information requests that aren’t delivered through official channels. Contact us with questions.

© 2021 Covenant CPA

Credit and debit card fraud was already a big problem when COVID-19 hit. Although how much payment card fraud increased in 2020 depends on the source, most experts agree that, like most types of fraud, it flourished during the pandemic. COVID-19-related prevention and treatment scams and increased online shopping likely contributed to this rise.

If you become a victim, it’s probably good to hear that the law protects consumers from serious losses. But to reduce financial liability, you need to follow the reporting rules carefully.

Unauthorized credit card charges

If your credit card is lost or stolen and you report the loss to the card issuer before your card is used in a fraudulent transaction, you can’t be held responsible for any unauthorized charges. If you report it after unauthorized charges have been made, you may be responsible for up to $50 in charges.

Some card issuers have decided not to hold their customers liable for any fraudulent charges regardless of when they notify the card company. And if your account number is stolen but not the actual card, your liability is $0. But either you or the card issuer must identify the fraudulent transactions for them to be removed.

Compromised debit cards 

If you report a missing debit card before any unauthorized transactions are made, you aren’t responsible for any unauthorized transactions. If you report a card loss within two business days after you learn of the loss, your maximum liability for unauthorized transactions is $50.

If you report the card loss after two business days but within 60 calendar days of the date your statement showing an unauthorized transaction was mailed, your liability can jump to $500. Finally, if you report the card loss more than 60 calendar days after your statement showing unauthorized transactions was sent, you could be liable for all charges. This includes money taken from accounts linked to your debit account.

What if you notice an unauthorized debit card transaction on your statement, but your card is still in your possession? You have 60 calendar days after the statement showing the unauthorized transaction is sent to report it and avoid liability.

Action steps

When reporting a card loss or fraudulent transaction, contact the issuer via phone. Then follow up with a letter or email. This should include your account number, the date you noticed the card was missing (if applicable), and the date you initially reported the card loss or fraudulent transaction.

Because liability levels depend in some circumstances on your card issuer, it pays to find out your issuer’s policies — before you’re subject to them. Also take steps to protect your payment card and personal information. The Federal Trade Commission provides a good list of fraud protection practices at consumer.ftc.gov (search for “credit card fraud”). Contact us for more information.

© 2021 Covenant CPA

Most restaurants are finally reopening to in-person dining. And while you may now be thinking about luring customers back, hiring enough workers and managing supply-chain shortages, one issue has remained the same: fraud. Restaurants often face fraud threats from employees, customers and vendors. So now isn’t the time to drop your guard.

Potential risks

Your restaurant may have high transaction volumes but lack the technology linking point-of-sale, inventory and accounting systems. This leaves gaps for fraudsters to exploit. Employees could, for example, provide food and drinks to friends without entering the sales — or ring up only a portion of friends’ bills. They might issue voids or refunds when there was no original sale and pocket the proceeds. Or they could overcharge customers by, say, charging for premium beverages but serving cheaper alternatives.

Although it’s less common, intangible property theft is another risk. Your restaurant may use proprietary recipes and confidential marketing plans to compete in the dog-eat-dog world of food service. If a departing employee takes such secrets to a rival, it could threaten your restaurant’s survival.

Watch bookkeepers and vendors 

Owners often employ bookkeepers to manage back-office operations but may neglect to give proper oversight. Such an environment provides criminals — or even ordinary people experiencing unusual financial pressures — with opportunities to cook the books. In one frequently seen scheme, the bookkeeper creates a fake vendor account, submits and approves fraudulent invoices, then directs payments to a bank account he or she controls.

Even when bookkeepers are honest, the invoices they process may not be. It can be hard for managers to keep track of the daily stream of food, beverage and supply deliveries. Vendors might exploit such chaos by inflating their bills to reflect more or pricier items than they actually delivered. When vendors collude with restaurant employees, particularly receiving or accounting staff, theft can exact a heavy financial toll.

Multipronged approach to prevention

Successfully combatting restaurant fraud takes a multipronged approach. For example, if you haven’t already, integrate your accounting, inventory and sales systems. And to manage potential occupational fraud, conduct background checks on new hires, install video surveillance throughout your restaurant and know how to spot red flags. For example, keep your eye on servers who are always flush with cash or purchasing managers with unusually cozy relationships with vendors.

If you don’t have one, set up a confidential fraud reporting hotline. Also engage a CPA to review your financial records at least once a year for discrepancies. Contact us for assistance. We can investigate fraud suspicions or simply go over your operations for potential fraud gaps that can be closed with better internal controls. 

© 2021 Covenant CPA

To use their ill-gotten cash, criminals must make it appear legitimate. That’s the job performed by money launderers, who increasingly use cryptocurrencies. According to digital currency analytics company Elliptic, crooks use them to launder $3 to $4 billion per year. With over 4,000 digital currencies to choose from, they gain access to a liquid asset that’s cost effective and usually untraceable.

But cryptocurrencies may also have something to offer legitimate businesses. Let’s look at the pros and cons.

Accepting cryptocurrencies

Some banks deny customers the ability to deposit digital currencies. They often cite laws that make it illegal to process cryptocurrencies, concerns about security and a lack of infrastructure to support such transactions.

But even though banks are reluctant to embrace cryptocurrency, there are some potential benefits for businesses. For example, if you accept cryptocurrency, it can:

  • Provide another way for customers to purchase goods and services, which could generate revenue you wouldn’t otherwise realize,
  • Enable you to avoid the fees charged by banks and credit card companies to use their payment networks, and
  • Prevent transactions from being cancelled or charged back to you once the cryptocurrency payment is final.

Understanding the risks 

Of course, there are also risks associated with accepting payment in cryptocurrency. One is the fact that digital currencies fluctuate in value — sometimes wildly. This can work in your company’s favor if the price of a currency increases. But it can also lead to big losses if the price declines.

What’s more, you should know that government regulation of cryptocurrency continues to lag — making the future of oversight unpredictable and subject to change. And digital wallets used to hold cryptocurrency aren’t necessarily secure and could be compromised by sophisticated criminals. Law enforcement is constantly working to improve its ability to monitor these transactions, which includes seizing payments connected to crimes.

Maintaining your wallet

Although all of these risks demand your attention, probably the most pressing challenge facing businesses relates to the maintenance and security of digital wallets. Before you decide to accept cryptocurrency payments, make sure you thoroughly understand how digital wallets — and price fluctuations — work. Contact us for more information.

© 2021 Covenant CPA

The world’s largest meat production company was recently sidelined by a ransomware attack. The hack forced the company to temporarily shutter plants in the United States, Canada and Australia, affecting the U.S. meat supply and even hurting commodity prices.

If it seems like cybercriminals often target manufacturing (including food processing) and distribution companies, that’s because they do. According to software company Varonis, manufacturers account for nearly a quarter of all ransomware attacks — more than any other industry. To prevent your company from becoming another statistic, learn about security breaches and protect your network. 

A high price

It’s only natural that manufacturers fear data breaches — and unfortunately hackers often can use that fear to cripple organizations through ransomware. This type of malware is installed on a computer or network without the user’s consent. Hackers subsequently demand that the company pay a ransom to regain control of its data.

Cyberattacks can harm a manufacturer or distributor by causing safety issues, negative publicity, lost productivity, and compromised personal and corporate data. IBM reports that the average cost of a company data breach was approximately $4 million in 2020.

Role of employees 

Employees are a manufacturer’s first line of defense against hackers. But your workers can also be a liability if they aren’t vigilant and knowledgeable about cyberthreats. It’s critical to provide training about the latest scams and encourage employees to report suspicious emails immediately to your IT department.

Many hackers look for easy targets, so even the simplest security measure will deter some cyberbreaches. For example, you can use relatively inexpensive encryption software and phishing filters to make it harder for hackers to get inside your network. Probably the most important simple step you can take is to update security software as soon as updates and patches become available.

On the safe side

To minimize losses if a breach occurs or a ransom demand is made, think about purchasing cyber insurance to cover direct losses and the associated costs of responding to breaches. Your traditional business liability policy probably doesn’t include such coverage.

Also consider assembling a breach response team. The team should be responsible for making a response plan, identifying potential weaknesses in your network and conducting breach response drills. Include cybersecurity, financial, legal and public relations experts on your response team. They’ll be essential in the event a criminal demands ransom and your company must weigh the difficult decision about whether to pay it.

More to lose

No company can afford a cyberattack, but manufacturers that rely on automation, robotics and network connections may have more to lose than businesses in other industries. Contact us for help protecting your assets from fraud.

© 2021 Covenant CPA

Fraud perpetrators take whatever they can get their hands on. But they generally prefer cash because it’s virtually untraceable. Fortunately, fraud experts have the expertise and tools to trace even cash-based theft.

Multiple opportunities

According to the Association of Certified Fraud Examiners, there are three main categories of cash fraud, which includes checks because they’re easily converted to cash: 1) theft of cash on hand, 2) theft of cash receipts and 3) fraudulent disbursements. Fraudulent disbursements comprise many of the most frequently executed schemes, such as overbilling and “ghost” employee schemes.

Overbilling vendors usually submit inflated invoices by overstating the price per unit or the quantity delivered. A dishonest vendor also might submit a legitimate invoice several times. Overbilling may involve collusion with employees of the victim organization, who typically receive kickbacks for their assistance.

Employees also can conduct billing fraud on their own, submitting bogus invoices payable to a fictitious vendor and diverting the payments to themselves. Similarly, an employee might set up payroll disbursements to nonexistent employees.

Suspicious signs

Cash can be difficult to trace once it’s in the hands of a thief. But forensic experts usually are able to trace the path that stolen cash took before the fraudster pocketed it. This includes who “touched” the cash and what prompted its flow out of the organization.

Inflated invoices, for example, often leave a trail of red flags. Experts look for invoices that bill for “extra” or “special” charges with no explanation. Other suspicious signs may include:

  • Round dollar amounts
  • Amounts just below the threshold that requires management’s sign-off, and
  • Discrepancies between invoice amounts and purchase orders, contracts or inventory counts.

If forensic experts suspect that fictitious billing has occurred, they often investigate accounts with no tangible deliverables — such as those for consulting, commissions and advertising — and check vendor addresses against employee addresses. Invoices with consecutive numbers or payable to post office boxes receive extra scrutiny.

Other avenues to explore

Returned checks can supply useful information, too. Fraud perpetrators are more likely to cash checks, whereas legitimate businesses typically deposit them and rarely endorse checks to third parties.

To trace ghost employee schemes, experts examine payroll lists, withholding forms, employment applications, personnel files and other documents. The information collected from these sources may provide vital links between actual and ghost employees that wouldn’t otherwise be apparent.

Don’t waste time

If you suspect that any of these fraud schemes are underway in your business, contact us immediately. The best way to prevent significant losses is to catch the thief as quickly as possible. We can also help you implement internal controls to help prevent such fraud in the future.

© 2021 Covenant CPA