Laundering stolen checks: Skimming revenue, part two

In the January/February 2005 issue, we began a discussion about the primary method I've seen where the highest-risk employee - the employee who's the last person to prepare the bank deposit before it goes to the bank - skims revenue from the organization using a check-for-cash substitution scheme. Skimming frauds are perpetrated by employees who remove funds from the organization prior to recording accountability for the transaction in the accounting system. This column continues the discussion on employees stealing checks from the organization.  

Stealing checks
Many managers don't understand the fraud risk associated with checks. They believe they're safer than currency and no one else can endorse them after the customer enters the organization's name on the payee line of the check. This is faulty logic. I see more employees stealing checks now than ever before.

Trusted employees can negotiate stolen checks in several different ways but regardless of the methods, the endorsements on the checks are irregular and certainly aren't what managers would expect.

Why don't banks notice irregular endorsements during processing? I've found that most fraudulent endorsements on stolen checks generally are sufficient for them to be processed through the banking system.

By necessity, the cost of internal controls over check irregularities has caused banks to default to requiring check issuers to notify them of any irregularities they detect. Banks will accept their responsibility and suffer the losses if fraud is present. Sometimes, they do this to maintain good customer relations. According to the 2005 Safe Checks Web site (www.safechecks.com): "Check fraud is a problem reaching epidemic proportions. With annual losses over $20 billion, check fraud far exceeds all other forms of financial theft, except embezzlement. No company is immune."

In this environment, banks are seeking ways to transfer the liability for bogus checks to their customers. In 1990, the U.S. Uniform Commercial Code was revised; the cost of check fraud is now shared by the bank and its customers. In each case, the party in the best position to prevent the fraud takes the greater share of the loss.

Most financial institutions and consultants recommend organizations implement a number of practices to combat the risk of check fraud and reduce the likelihood of incurring a loss from bogus checks. Here are some of those practices:

• Separate financial duties within the organization.
• Reconcile bank accounts immediately upon receipt of the bank statement.
• Implement positive pay or reverse positive pay systems. These systems reconcile checks issued with checks clearing the bank on a daily basis to prevent bogus checks from being paid.
• Ensure that checks being issued incorporate an appropriate number of security features. (Contact your banker for additional information about these standards.)

Conversion of stolen checks
When an employee steals checks, they dispose of them both inside and outside the organization. I call this process "money laundering" because it's what the employees do to convert the stolen checks to currency for personal use. From my experience, fraud perpetrators use at least the following methods to launder stolen checks through bank accounts inside and outside the organization.

Inside the organization
An employee can launder negotiable instruments inside the organization by using a check for cash substitution scheme in the organization's daily bank deposit. (I described this scheme in greater detail in the article, "Big Switch: The Check for Cash Substitution Scheme," in the July/August 1996 issue of The White Paper. Additional details on this scheme and related fraud case studies were also published in the January/February 2005 Fraud's Finer Points column.) If this method is used to launder stolen checks, the endorsements on the checks will match that of the organization; there won't be any irregularities.

An employee also can launder negotiable instruments inside the organization by making irregular deposits into, and subsequent withdrawals from, an authorized bank account with a name similar to the name of the organization, such as an employee fund or an authorized bank account used in the organization such as general depository, imprest, trust, etc.

In the first instance above, the organization's name is included in the name on the bank account. Even though there's an irregularity in the endorsement of the stolen check, no one notices the subtle variance between the check payee name and the bank account name. In the second instance above, the endorsements on the stolen checks will match those of the organization. A common internal control weakness in these bank accounts is that no one independent of the account custodian monitors or reconciles them. As a result, this employee easily can disburse funds to themselves or to vendors to make payments on personal commercial or debt accounts in an amount equal to the amount of all improper bank deposits made into the accounts.

Case study: An employee laundered in a five-year period more than $188,000 through both an advance travel imprest fund and a union employee fund by issuing checks from the two funds to herself, which she deposited into her personal account, and to vendors to pay personal bills. The sentence was the least given in any major fraud case on record in the state of Washington - one day in jail, 24 months of community supervision, and mental health counseling. I was disappointed because we spent a great deal of time and effort proving the case.  

Employees also can launder negotiable instruments inside the organization by making a "cash-back" withdrawal from a deposit for any type of bank account at the organization. The employee withdraws an amount equal to the amount of all stolen checks included in the bank deposit. For example, if the correct amount of the deposit is supposed to be $1,000, the employee lists checks on the bank deposit slip totaling $1,500 and withdraws $500 as currency for a "net" deposit amount of $1,000. This method is difficult to detect because the net amount of the bank deposit agrees with the organization's accounting records and the irregularity is shown only on the bank's copy of the deposit slip.

Fraudsters can also alter checks by increasing the amount and removing an equivalent amount of currency from the till drawer and subsequent daily bank deposit. This method is rare because the check issuer normally detects this condition promptly and notifies the organization about the irregularity. The organization should have someone independent of the cash receipting function handle all customer feedback transactions.

Outside the organization
Employees can launder negotiable instruments outside the organization by making deposits into a "bogus" bank account in the name of the organization. The employee only needs the organization's tax identification number (easily obtained from U.S. W-2 forms and other accounting documents) and a copy of an authorizing resolution to open the bank account. Anyone can gain access to resolutions from the organization's governing body and thereby obtain the authorized names and signatures of these individuals. A bogus copy of an authorization can be created by using a computer and a copy machine. If the employee has established an "off-book" bank account for this purpose, the endorsements on the stolen checks will match those of the organization.

Case study: A food service bookkeeper opened an "off-book" bank account in the name of a school district and laundered more than $180,000 in revenue through the account over a five-year period. She transferred all funds from the bogus bank account to her personal bank account. She was sentenced to 50 months in the state penitentiary. 

Fraudsters also can launder negotiable instruments outside the organization by making deposits into their personal bank or credit union accounts. Usually two endorsements will be on the checks: the first fraudulently uses the organization name and makes the transaction payable to the name of the employee and the second endorsement is the name of the fraudster, which obviously is irregular.

In almost all fraud cases committed by state employees in Washington, they deposit the proceeds of their schemes into their personal bank accounts and then spend them for personal purposes. The losses range from a few thousand dollars to almost a million dollars and sentences range from a few days to 8 1/2 years in jail.

The fraudster can also cash the checks at a financial institution or vendor. Bank or vendor employees must know the employee well and mistakenly believe that he or she is processing the transaction on behalf of the employer.

Even though the check endorsements are irregular for both this and the previous method, two endorsements on checks are common in the banking system and aren't normally considered to be fraud. However, they can be irregular in conjunction with other suspicions. But in fraud cases, these two endorsements are irregular.

One observation I've made over time is that the employee who steals checks isn't normally the employee who receives them first. How can that be? In many organizations, funds are received at one location and then transmitted elsewhere where there should be accountability. But unscrupulous employees take advantage of the weakness in accountability at this cash receipts function by stealing the checks and negotiating them (as described above) to obtain the money.

Managers must address the internal control weakness of checks not being recorded immediately upon receipt at the initial point the funds enter the organization. These employees "receive" funds, but don't "receipt" them into accountability by recording the transaction on manual cash receipts or on manual or computer cash registers. Managers must realize that there's a significant difference in "receiving" and "receipting" so that they will change procedures to safeguard the organization's revenue.

The risk
What's the money laundering risk in your organization? If you're anything like state agencies and local governments in Washington, the amount of loss from money laundering greatly affects your organization's bottom line. For example, our losses from money-laundering activities were almost $900,000 from 1996 through 2001, or approximately 20 percent of all fraud losses during that period. Of course, your organization can't afford losses like that. Perhaps these fraud statistics alone will encourage your managers to implement improved systems of internal control over cash receipts.

Learning objectives  

• Because no one can control what happens outside the organization, managers must deter this type of fraud by recognizing the importance of "capturing" accountability for incoming checks immediately upon receipt regardless of the receipting system. Ideally, two individuals should open the mail, make a log of the transactions, deliver these checks to the cashier function, and reconcile the log to daily cash receipts and the bank deposit to ensure that all transactions have been properly accounted for and controlled. Few managers correctly deal with this risk today because of the high cost of internal control, they say. Therefore, there are a lot of "free" checks floating around within most organizations. All these checks are at risk and employees could easily steal them.
• Ensure that someone independent of the bank account custodian promptly reconciles the monthly bank statement by searching for bogus check fraud - a risk originating from outside the organization - and for employee fraud - a risk originating from inside the organization. The bank should directly mail this independent party the unopened statements and all redeemed checks. ¥ Require that all transactions be recorded immediately upon receipt at the first point of entry into the organization.

Reconcile the check and cash composition of the daily bank deposit with the mode of payment recorded on all cash receipts issued each business day.

Upcoming: stealing cash payments from customers
In the next article, we'll pursue methods employees use to skim revenue from the organization by stealing cash payments from customers. There's much more to come.

Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE Fellow, is audit manager for special investigations for the Washington State Auditor's Office.