Don't Be a Victim: Mitigate the Risk of Fraud in Your Practice

Posted by John Clark

March 24, 2015 at 10:00 AM

mitigate the risk of fraud in your practiceAs an independent financial advisor, you must run a business, oversee your clients' finances, and adhere to both regulatory and firm requirements, to name just a few responsibilities. With everything else you have to do, finding strategies to mitigate the risk of fraud in your practice may not be top of mind. But given the variety of fraudulent schemes out there, it's a critical aspect of managing your practice.

What Does Fraud Look Like?

Fraud involves using deception to make a personal gain for oneself, create a loss for another, or both. Significant frauds have been reported by the media and regulatory bodies, although these are generally limited to the misappropriation of funds. It might be surprising to learn that the number of frauds that go unreported or undetected is significant. Even in cases where fraud is identified, only half of the victim organizations recover their losses. In fact, the Association of Certified Fraud Examiners' 2014 Report to the Nations reveals businesses may be losing up to 5 percent of annual revenues as a result of occupational fraud.

Fraud can be committed by staff, vendors, or clients. Small businesses can be more at risk, as financial constraints may limit their ability to implement internal controls. And fraud is difficult to detect, partly because it comes in many forms:

  • Ponzi schemes
  • Identity theft
  • Affinity scams
  • Nigerian e-mail scams
  • Money laundering
  • Insider trading

So, what could this mean for your practice? Let's examine a real-life example of fraud before discussing best practices to mitigate the risk of fraud in your practice.

"Hello, I'm Your Bank Auditor"

Bank robberies happen daily, but this one was different. The robber created an elaborate ruse, pretending to be part of the bank's audit team. He claimed he was there to conduct a review of its international currency procedures. But about an hour into the "audit," following a series of inconsistent and confusing questions, the fraud began unraveling. The staff started asking questions and voicing concerns. Eventually, the robber revealed his real purpose and claimed he had a gun. Nobody was hurt, but the bank robber got away (for a while, anyway).

A month later, a similar incident occurred at a different bank. This time, the robber wasn't so lucky! His second attempt was uncovered, and he fled. After his arrest days later, it turned out he was a former financial advisor with a history of financial problems and substantial debt.

The Fraud Triangle

Donald Cressey, a criminologist whose research focused on embezzlement, developed the fraud triangle to explain what causes an ordinary individual to commit fraud. Although this triangle addresses occupational fraud, it can be applied to fraudulent activities by anyone with whom you have a relationship of trust. The triangle's three sides are motivation, opportunity, and rationalization. According to Cressey's theory, fraud is unlikely without these three elements.

  • Motivation. The driving force behind fraud is often a financial problem that the individual can't solve. (In our example, the robber had substantial debt as a result of a failed business.) It might also be a drug problem, gambling addiction, or a desire for status symbols. In any case, the individual believes the problem can be resolved by perpetrating the fraud.
  • Opportunity. The individual identifies a way to exploit a position of trust to solve the problem. As was the case with the bank robber, fraudsters perceive less risk of getting caught if they know their victims or are familiar with the industry.
  • Rationalization. The individual often uses a grievance to justify the crime—lack of compensation from an employer, ill treatment from superiors, or missing out on a promotion. In the above example, the fraudster targeted an industry in which he couldn't find success.

Protect Your Practice

Adopting internal controls is an effective way to address the "motivation" and "opportunity" parts of the triangle. The "rationalization" component is personal to the individual and harder to combat, but a strong organizational culture and values can help. Some areas of focus include the following:

  • Protection of client information
  • Document integrity
  • Verification of client orders, particularly when dealing with the movement of client funds

A review of your practice's current processes could identify those that pose a risk. For any process that concerns you, implement appropriate antifraud internal controls, including both preventive and detection controls. Here are examples you might consider:

Preventive Controls

General internal controls
  • Does your office use processes that could invite fraud (e.g., how you handle checks/securities or open mail)? Identify areas that may pose a risk, and draft procedures that are easy to understand and train to.
Screening of new employees and third parties
  • Conduct background checks on new employees before the hire date. Include a provision in the offer letter stating employment is based on a clean background check. Continual screening is also important, particularly when you have concerns regarding an employee.
  • Vet vendors before offering a service contract. This includes asking for references from existing clients and determining if the vendor conducts employee background checks.
Division of responsibilities
  • This is often the least expensive and most successful antifraud control. Trusted long-term employees often take ownership of certain responsibilities. But it's a best practice to document tasks in formal procedures, allowing you to reassign duties or cross-train employees.
  • If you have only one support staff member, assess the processes delegated to and controlled by that person.
Ethics mission statement
  • Consider creating an ethics mission statement and integrating it into your culture. Having a solid culture and educational structure may reduce the strength of the "rationalization" piece of the fraud triangle.

Detection Controls

General internal controls
  • Implementing appropriate office-level procedures allows you to audit your staff. Particularly in high-risk areas (e.g., client checks/securities, mail handling), effective procedures can help identify trends, pinpoint concerns, and, in cases where significant issues exist, escalate the problem.
Appropriate oversight
  • Understand the day-to-day business operations, even if you delegate most administrative tasks. Staying in the loop can help identify and address concerns proactively.
  • Be on-site while third-party vendors are providing services.
Physical controls
  • It's essential to lock down important documentation, securities, and checks in a secured safe. You might also limit office access during particular hours for employees, partners, and vendors.
  • Employee and client tips can be a leading way to identify fraud. A culture where individuals feel comfortable sharing concerns with you can be a potent weapon against fraudulent activity.

Going Forward

Fraud can have a substantial ripple effect on a business—from destroying a firm's reputation to concerning clients and business partners. By instituting best practices, you may significantly reduce your risk of fraud. Even in the worst-case scenario, taking these measures may help detect fraud in the early stages and end it before it negatively affects your business and clients.

Have you encountered fraudulent scenarios in your current or past business? What steps have you taken to mitigate the risk of fraud in your practice? Please share your comments below.

Tips for Conducting a Self-Audit of Your Practice

Topics: Compliance

New Call-to-action
The Independent Market Observer, Brad McMillan

Follow Us