The risk of theft—whether by one’s own employees or outsiders, in person or virtually—is an exposure all contractors should take seriously.
In fact, from 2009 to 2013, fidelity and crime bonds written for contractors generated about $61 million in premium and had incurred losses of $48 million for a 79 percent five-year loss ratio, according to data from The Surety & Fidelity Association of America (SFAA).
Common employee theft schemes include taking tools and materials from jobsites, creating fictitious vendor accounts, stealing company checks, and making unauthorized payments by altering the check and forging the signature.
The types of personnel that account for the most employee theft incidents include bookkeepers, project managers and executives. This makes sense considering these are the people with the greatest access to the company’s assets.
Fraudulent schemes ultimately are discovered in a variety of ways. A bank may provide the contractor notice of unusual activity in the account. Regular audits frequently expose unauthorized transactions. At times, the crooked employee may act strangely, such as a bookkeeper exercising a high level of secrecy over the company records or never taking a vacation. Very often, a scheme is unwound and detected when the employee is not around to ensure that the fraudulent activity is not detected, particularly when the bookkeeping duties are not segregated, such as making vendor payments and reconciling the bank statement.
For example, a scheme could involve a bookkeeper writing himself a $1,000 check at the same time he writes a check to a legitimate vendor for $10,000. He then records in the ledger his check as void and the vendor’s check in the amount of $11,000. At the end of the month, when he receives the bank statement and the cancelled checks, he simply destroys the check made out to himself. If the bookkeeper were on vacation, he would lose the opportunity to cover his tracks.
Contractors must be aware of the risk of employee theft and establish strong internal controls as a first line of defense. Some prudent controls include segregating critical duties (such as vendor payments and bank statement reconciliation), utilizing regular and unscheduled audits, providing employee training and establishing reasonable employee screening practices (e.g., background checks and reference checks).
Contractors also should give high priority to computer security, such as controlling access to the company’s computer systems and implementing intrusion prevention and detection software. Firms should be aware of their vulnerability to not only employee theft, but also the risk of theft by outsiders.
Technology is helping facilitate theft. For example, a growing scheme uses email to impersonate an employee or vendor and induce a company to make a payment (see Cyber-Phishing in the Construction C-Suite). The fraudster impersonates a vendor, customer or employee of the insured, and contacts the insured requesting a wire transfer of funds. Then, based on this phony information, a legitimate employee of the insured contacts the bank to place the order for a wire transfer. Thus, the instruction sent from the insured to the bank is legitimate, as it is sent by a legitimate employee intending to do so. However, the employee was fraudulently induced into contacting the bank and making the order for the wire transfer.
The exposure for such scams can be significant. According to the Federal Bureau of Investigation’s Internet Crime Complaint Center, such scams resulted in losses totaling $214,972,503 between October 2013 and December 2014.
In addition to establishing strong internal controls, contractors should obtain a crime policy that insures against theft losses in cases when the internal controls are defeated. For example, the SFAA Crime Protection Policy provides the following coverages:
- employee dishonesty;
- theft/robbery (inside and outside);
- computer fraud;
- counterfeit currency;
- loss of client’s property resulting from employee dishonesty;
- fraudulent wire transfers; and
- fraudulently induced wire transfers.