‘Fruitcake fraud’ teaches small businesses lessons in internal controls

“The worst gift is a fruitcake. There is only one fruitcake in the entire world, and people keep sending it to each other.” With that joke delivered by Johnny Carson Nov. 22, 1978, on The Tonight Show, mail-order fruitcake orders began to plummet, or so says Collin Street Bakery (CSB) of Corsicana, Texas, the maker of the famous Deluxe® Fruitcake since 1896. The company says that sales eventually recovered. However, years later, the company’s bottom line suffered again, but it wasn’t because of some corny joke.

CSB’s deficient internal controls allowed quiet and unassuming controller, Sandy Jenkins, to embezzle nearly $17 million from his employer from 2004 to 2013. “The Fruitcake Fraud” (now the subject of a Discovery+ documentary) is an excellent case study for small businesses’ promotion of diligent auditing, and fraud prevention and deterrence programs. And this analysis of Jenkins’ crimes and his psyche could improve company controls. (See “New documentary recounts the Collin Street Bakery fraud scandal,” by Michael Fowler, KETK, Dec. 3, 2021.)

According to Texas Monthly magazine, Jenkins first went to the dark side when he dipped into the bakery’s petty cash in December of 2004. After he got away with that, he tried his hand at a bigger scam when he had a credit card payment due after buying a new Lexus he couldn’t really afford. He typed a $20,000 check payable to CitiCard, and the software automatically signed the check “Bob McNutt,” president and CEO of CSB. Jenkins printed the check, voided it in the system and mailed it to CitiCard. He typed the next check payable to a legitimate bakery vendor but never mailed it and kept it, according to Texas Monthly. That voided the invoice in the system. Therefore, the books, at the very least, reconciled numerically. This is a type of “authorized maker scheme,” which fraudsters can perpetrate in organizations with poor controls or lax auditing. (See “Just Desserts,” by Katy Vine, Texas Monthly, January 2016, and “Ex-fruitcake executive sentenced for embezzling $17 million to fund life of lavish mansions, private jet vacations, Neiman Marcus shopping sprees and luxury cars,” Dailymail.com, updated Sept. 19, 2015.)

Jenkins’ wild ride ended when Semetric Walker, then a CSB accountant for barely a year (but now the company’s controller), found a check to Capital One that she didn’t recognize because CSB didn’t have any accounts or credit cards with the financial institution, according to the Texas Monthly article. She then quickly found 11 discrepancies in the voided check register. She took the anomalies to executives. CSB fired Jenkins, the FBI moved in and Jenkins eventually was charged.

Jenkins fabricated 888 checks in his nine-year embezzlement spree. According to court documents, he and his wife, Kay, bought a luxurious second home in Santa Fe, N.M., purchased 38 luxury vehicles over the course of the scheme (he said he exchanged each car when it needed an oil change) and ran up more than $11 million on a Black American Express card alone. They spent $3.3 million on 223 trips on private jets to Santa Fe; Aspen, Colo.; and Napa, Calif., among other destinations. They eventually stopped shopping at Neiman Marcus, after spending about $1.2 million, when the store ran out of merchandise to sell them.

On Sept. 16, 2015, Sandy Jenkins, then 66, was sentenced to 120 months in federal prison after he pleaded guilty to mail fraud, conspiracy to commit money laundering and making a false statement to a financial institution. Kay Jenkins pleaded guilty to conspiracy to commit money laundering and was sentenced to five years of probation. She moved to a different city. Sandy Jenkins died in prison on March 15, 2019, when he took his own life. (See “Former Collin Street Bakery Executive and Wife Sentenced,” U.S. Department of Justice, Sept. 16, 2015; “Tarrant County Medical Examiner: Jenkins dies in hospital,” by Sarah Allen, Corsicana Daily Sun, March 21, 2019; and “A New Documentary Slices Up the Corsicana Fruitcake Scandal,” by Todd Jorgenson, D Magazine, Dec. 1, 2021.)

How did CSB miss the red flags during Jenkins’ nine-year-scheme? As controller, he had the final say on all bookkeeping and financial obligations. And his department lacked segregation of duties. He could create invoices and reconcile statements with no second-set-of-eyes oversight. Since then, company executives say they’ve learned their lesson and now conduct regular internal audits to ensure the accuracy of their records, while also encouraging interdepartmental communication. (See “The Sandy Jenkins Embezzlement Scandal,” Collins Street Bakery Blog, March 7, 2022, and the Dailymail.com article above.)

The ACFE’s Fraud Examiners Manual says that organizations should always verify lists of voided checks against physical copies and review bank statements to ensure that voided checks haven’t been processed. (See Fraud Examiners Manual, Section 1/Payment Tampering Schemes/Check Tampering Red Flags.)

Furthermore, the lack of an independent auditor or regular reviews and reconciliations of bank statements are obvious red flags. Not reconciling bank statements allows unauthorized checks to go undetected. And the fraud is testament to why an organization can’t simply trust without vigorous auditing. “A lot of people, they like to think it would never happen to them, that they would not have been caught off guard like we were,” says Helen Crawford, CSB’s vice president of public relations and customer service and partner at the bakery. “And I contend it will always happen that way. It’s the trust that allows them to come in and embezzle.” (See “Documentary Tells Story of Fraud at North Texas Fruitcake Bakery,” by Deborah Ferguson, 5 NBCDFW, Dec. 1, 2021.)

Classic fraudster persona

Before Jenkins began stealing money from his employer, he was described as reliable and was never late to a meeting or paying corporate taxes. He worked his way up the corporate ladder, and by 2000 he made a good salary. But he felt unnoticed at work and in the cliquish Corsicana. His wife said the bakery wasn’t paying him enough. That’s when he began his company-check scheme. (See “Fruitcake & Crime Spice Up a Small Texas Town in documentary with local ties,” Fort Worth Business Press, Nov. 27, 2021.)

Classically, as we see in most large frauds, Jenkins began small but became dependent on the luxurious living. And a former classmate said that Jenkins might have inherited a penchant for extravagance and entitlement from his mother. While the debate of nature versus nurture is ongoing, parents’ traits can affect their offspring. Celia Aniskovich, the director-producer of the new TV documentary, “Fruitcake Fraud,” says that Jenkins was needy, wanted to impress and sought approval from others. (See “Just Desserts,” by Katy Vine, Texas Monthly, and “Taking the cake: New TV doc tracks the great Texas fruitcake embezzlement case,” by Jerome Weeks and Jill Ament, Texas Standard, Dec. 2, 2021.)

Aspects of Sandy Jenkins’ persona allowed his concealment and deceit to flourish. Both Jenkins and his wife were sociable and involved in the community, so it came as a big surprise when they were discovered embezzling from the company. Many questioned Jenkins about the sources of his income. He’d variously say a wealthy uncle, a trust fund lawsuit victory or an inheritance of expensive watches. As with many long-term fraudsters, he was a convincing liar. (See NBCDFW, Texas Standard and Dailymail.com articles above.)

Prevention and deterrence

CSB prides itself on being a “close-knit family.” So many companies make the mistake of not placing guardrails around their employees because they believe they’re “brothers and sisters” who could never betray their “relatives.” However, organizations aren’t families. They’re groups of disparate people, honest and dishonest, who can quickly and boldly break loyalties if tempted beyond their resistance to breaking the law.

Apparently, Jenkins didn’t intend to steal when he first began his job. But pre-employment personality screening might have spotted some early red flags that could’ve have indicated risks for the bakery. [See “8 Top Personality Tests Used in Psychology (and by Employers),” by editorial team, Indeed, June 30, 2021.]

Despite Jenkins’ fraud, Collin Street Bakery is still going strong but not without major changes. “We’ve put into place all the accounting mechanisms that will safeguard you against this kind of thing in the future. We just never had a need to in the past and so, we weren’t even cognizant that was an Achilles’ heel of ours,” says Crawford, CSB’s vice president of public relations and customer service.

The case’s lead prosecutor, Nick Bunch, says that “companies … need to establish procedures to have multiple eyes on their bank accounts and to ensure that one person is not left with sole authority to cut checks. Companies need to periodically review their accounting practices and have a game plan in place to quickly report a fraud when detected — and to preserve assets.” (See NBCDFW article above.)

Savvy organizations hold frequent trainings that, among other topics, plainly describe punishments for those who give into temptations. Emphasizing employees’ personal costs can deter their illegal actions. Appealing to their loyalty to the organizational family seldom works.

Small businesses remain particularly vulnerable to preventable and detectable frauds because they often trust their employees too much. So, they must have strong internal audit departments, preferably staffed with CFEs, and reputable external auditors. And CFEs often can spot troubling employee personalities, traits, behaviors, intrinsic and extrinsic motivators, and patterns long before fraud schemes erupt. Organizations can use observed patterns to form tactics to deter employees from committing fraud.

CSB reclaimed only about $5 million. That extra $12 million loss is a sorry lesson, and, hopefully, a strong incentive to prevent future debacles. May your organization learn from this fruitcake company’s shocking betrayal, heartbreak and enormous financial costs.

Steve C. Morang, CFE, is a senior manager at a Northern California-based CPA firm. Contact him at Steve.morang@yahoo.com.

Steven Morang, CFE, is a senior associate at a Northern California-based consulting firm. Contact him at Steven@fraudhelp.org.