Business leaders would do well to look out for employees sticking their hand in the company cookie jar. Incidents of embezzlement can have long-term impacts on a company that don’t just mean losing money, though the financial consequences are significant on their own with the average embezzlement loss coming in at US$357,650, according to the most recent embezzlement study from Hiscox.
After surveying chief financial officers, controllers, and accountants who worked for companies where embezzlement occurred, the study found that almost four in 10 respondents reported that they experienced two or more cases of embezzlement over the course of their careers. Besides the financial loss, companies that were victims of embezzlement lost customers and business partners, and had trouble finding new customers as they suffered reputational damage from the incident.
“Companies still don’t realize that this is a big exposure for them, and that they could have a big hit like that to their bottom line,” said Doug Karpp (pictured), senior vice president, and crime and fidelity product head at Hiscox. “This study is put out in the hopes that we can get more people onboard with understanding that this is an exposure to think about.”
While embezzlement comes in all shapes and sizes, 79% of cases involved more than one perpetrator, 85% of incidents were carried out by an individual at the manager level or above, and 70% of cases lasted more than one year. In one example provided in the Hiscox report, embezzlement became a family affair when two sisters who worked as lunch ladies stole almost half a million dollars from their schools’ cafeterias over a period of five years. In another case, it was the chief operating officer of a non-profit organization that had swiped the business credit card for personal expenses, costing the organization more than $100,000 in 18 months.
In many cases, over half of the companies recovered less than a third of the funds that were taken from the coffers.
“It can be difficult to recover all of the funds because of the way the embezzler can get the money out of the US [and] out of the banking system,” said Karpp, adding that many businesses also don’t have coverage for embezzlement, which hardens the blow. “In our survey, about 75% of the companies involved in these losses didn’t have insurance for the embezzlement, and so it makes it hard to recover that.”
Money isn’t everything when it comes to embezzlement – employee layoffs, increased spending on auditing, lost customers, more time spent discussing security, and added security and audit requirements were the top five changes that companies had to make after experiencing embezzlement.
“Those ‘soft costs’ of embezzlement can be pretty damaging to a company, particularly on the smaller business side. Smaller, middle market businesses can’t really deal with having 30% of their workforce being laid off and losing customers,” explained Karpp. “It can be devastating, even beyond the amount of money that gets lost.”
With the gap in awareness around this risk, insurance professionals have an opportunity to help their clients better prepare for cases of embezzlement.
“Insurance brokers and agents do a great job selling the cyber policies and things like that, that are the latest trends, but one of the reasons that we put out this report is so we can help our brokers and agents inform their insureds that this is also an exposure,” Karpp told Insurance Business. “While embezzlement has been going on since biblical times, it’s still something that impacts companies.”
Mitigation comes in other forms as well, beyond taking out an insurance policy. Karpp outlined the key phases of risk mitigation that companies can implement.
“You have to prevent the embezzlements from happening in the first place when you can. You have to detect the losses when they do occur, and detect them as early as possible because over time they tend to escalate, and then [mitigate] the loss at the end of the day,” he said.
“As far as prevention controls, what we really look at is while you can trust your employees, that shouldn’t be the only backstop or internal control in place – you need to make sure that multiple individuals are involved in each transaction, that you have somebody that isn’t involved in the transactions monitoring what goes on, and reconciling bank accounts. That should help prevent those losses from happening in the first place, but it should also help the business owners find something that’s going on at the current time.”