Tag Archives: business

It’s All Good

adult-american-football-athlete-209954

I have written before about the importance of whistleblowers as a prime tool for detecting and discovering fraud. The ACFE’s 2018 Report to the Nations states that 40% of frauds were discovered through a tip from a whistleblower. This is, by far, the most common way in which fraud is uncovered. At 15%, internal audit came in a distant second. That’s huge. It is important to note that, in a business, a whistleblower can report wrongdoing in many areas – dangerous weaknesses in the design of a product, dishonest marketing and anything else going awry in an organization.

The history of the whistleblower in America dates back to the late 1700s when ten members of his crew and 2 citizens reported Esek Hopkins, the nation’s first commodore, for torturing British prisoners of war among several allegations. Hopkins was suspended and, in turn, retaliated by having the whistleblowers arrested. These whistleblowers appealed to the congress claiming that they were “arrested for doing what they believed and still believe was nothing but their duty”.  Congress responded by creating the country’s first whistleblower protection law. I love this story because it covers the entire whistleblower cycle. First, we have people seeing behavior that they believe is wrong and then taking steps to report this. We then have authorities taking action on the reported wrongdoing. We see the ugly side of things when Hopkins retaliates, something that, unfortunately, happens too often when whistleblower complaints are filed. Finally, we have whistleblower protections, as lawmakers recognize that it is important to have a system in place that protects those who call out what is wrong.

Sadly, this was not the moment when the world realized the importance of the whistleblower, holding the role in an esteemed position, where whistleblowers would be lauded and admired for all time. Instead, over time, in all spaces, including the movies, whistleblowers were given a bad rep and uncomplimentary labels like “snitch”, “informer” or “rat”. Instead of being admired for uncovering wrongdoing, whistleblowing was viewed as violating a sacred code of silence. We were being told that it was better to be a criminal, stealing money, jeopardizing people’s livelihoods and sometimes even their lives, than to be the person shining the light on all of this. We found ourselves in a space where, yes it’s terrible if someone runs off with your money or turns a blind eye to safety in a product, in pursuit of profits, but it is so much worse if someone tells us about it.

In 1971, Ralph Nader, the famous consumer activist, made it his mission to remove the tarnish from whistleblowing. He described whistleblowing as “An act of a man or woman who, believing that the public interest overrides the interest of the organization he serves, blows the whistle that the organization is involved in corrupt, illegal, fraudulent, or harmful activity.” He worked tirelessly to put a positive spin on the word whistleblower and as people view the role more favorably, whistleblowers can be better protected from retaliation.

We should recognize that it is not easy to be a whistleblower. Most people have a level of loyalty, if not to their job, then definitely to their colleagues. When they see fraud or other wrongdoing happening, they are torn and conflicted and often hope that they are wrong. Most of us like the people we work with and may know about their families and may even socialize with them. The second last thing we want is to find out that a coworker is perpetrating a fraud, only because the last thing we want is to be the person reporting this. At times, people will leave a job before they report a fraud. Other times, a person will keep quiet, hoping that someone else takes on the burden of reporting the fraud. It is a heavy emotional burden.

This is all before a whistleblower has to consider possible retaliation for reporting that wrongdoing. Many people fear losing their job or being ostracized after blowing the whistle on fraud. Unfortunately, sometimes these people are correct. At times the retaliation will not be overt but can happen in insidious ways where those retaliating try to find loopholes and legal ways in which to push a whistleblower out. When this happens, any other potential whistleblowers can be scared into silence. We tend to find out about this retaliation when a fraud is uncovered and we discover that, perhaps for years, others had tried to report the fraud but were fired, ostracized as people who were not team players, or treated as though they were insane for suggesting such a thing.

With these things in mind, it is paramount to business leaders and all others to act to hold whistleblowing as a positive action and to encourage and protect whistleblowers. Unless you are a leader perpetrating a fraud at your organization, why wouldn’t you want a whistleblower in your midst? Here are a few steps you can take to make this happen:

  • Your onboarding process should include information to employees encouraging whistleblowing and giving them clear and easy ways in which they can make reports.
  • Provide employees with an anonymous way in which they can share a tip. Also provide various places or a third party, in case the whistleblower does not feel that the option provided is one that is safe and one that will act on the tip.
  • Have zero tolerance for retaliation. This should not only be communicated to employees but be an active part of your company’s culture.
  • Show clearly that you have acted on a tip and that such actions are encouraged and appreciated in your organization.
  • Keep information on reporting whistleblowing prominent in your firm and remind employees regularly.

We are in the midst of football season and many fans are very upset with referees right now because it seems they are not making calls that they should, and they are letting players get away with things that lead to what fans view as unjust outcomes. If we feel this strongly about referees blowing the whistle on bad plays, shouldn’t we be bringing at least the same level of passion to blowing the whistle on wrongdoing in businesses and other organizations?

 

Tagged , , , , , , , , ,

Nobody’s Perfect

stockvault-fortune116480

Barings Bank was the United Kingdom’s oldest merchant bank and the second oldest merchant bank in the world. In 1992, the bank sent 25-year-old Nick Leeson to be the general manager at its new office in Singapore. During that first year there, Leeson made unauthorized trades that earned Barings £10 million in profits. The bank should have had a system where one person was a trader, and another was double-checking and then authorizing these trades. Instead, Leeson did everything with no checks and balances. Yes, these trades were unauthorized, but they made the bank a lot of money and so, instead of nipping the unauthorized trades in the bud, Barings paid Leeson a massive bonus and labeled him a rising star. Things changed very quickly, and Leeson started losing money on his trades. Instead of reporting his losses, Leeson hid them in a suspense account, that he created and tried, unsuccessfully, to recoup his losses. He would then hide those losses in this suspense account as well. By the end of 1994, the losses stood at £208 million. In February of 1994, Leeson left a note stating, “I’m sorry”, and fled Singapore, leaving Barings Bank with £897 million in losses (equivalent to $1.4 billion). Barings Bank could not recover from those losses and, after being in business since 1762, collapsed and was bought by ING for £1.

The story of Barings Bank and Nick Leeson is like one of those puzzles where you circle the ten things wrong in a picture – there are that many problem areas and weaknesses that led to the downfall that we could revisit this story many times for lessons. Today we shall focus on Nick Leeson hiding his bad bets. Initially, Leeson made errors and miscalculations on some trades that he made and lost money from those errors. From some of the accounts from Leeson, it is implied that mistakes were not looked upon kindly. Leeson claimed that he first opened the suspense account in which he hid losses after a colleague lost £20,000 after making an error herself. Instead of either one of them reporting the error, they decided to hide this error from leadership. Nick Leeson then went on to hide more of his trading errors here, thinking, in the manner of a gambler, that he could gain the money he had lost back, and his bosses would never find out what he was doing.

I thought about Nick Leeson this week because I am reading Principles by Ray Dalio. In it, he tells the story of how his employee Ross, who was in charge of trading at the time, forgot to make a trade and that cost the business “several hundred thousand dollars”. Dalio tells us that, with such a costly error, he could have dramatically fired Ross and “set the tone that mistakes would not be tolerated. Instead, Dalio recognized that mistakes happen to us all the time, he himself had made mistakes so large that he had essentially lost his business at some point. Dalio’s approach, which is an approach that I am a huge fan of and have tried to follow for a long time, is to think about what to learn from mistakes and how to improve things to minimize the chances of those mistakes happening again, or at least how to minimize their impact should they occur. As I have written before, Dalio recognized that punishing Ross for his mistake would likely result in other people working hard to hide any errors. Dalio saw that would cost his business a lot more in the long run. At his firm, Bridgewater, Dalio and Ross created an error log where errors were tracked and addressed. Instead of people getting into trouble for making mistakes, they would get into trouble when they didn’t report mistakes.

With Leeson (and Barings Bank) and Dalio in mind and the different outcomes that have resulted from their approaches to dealing with mistakes is very telling. One person brought down the second oldest merchant bank and the other has what is considered to be the fifth most important private company in the United States. Some things to keep in mind when considering how to manage responses to errors in your business:

  • Create an environment where everyone is comfortable reporting errors that they have made. Be explicit with this, both in what you say and how you respond.
  • When you discover a mistake, take the time to look, with your team, into how this mistake might have been avoided or recognized and resolved earlier. An example is, with a missed trade, it is likely that Dalio and his team looked at the process and sought to put in checks to make sure that there were others aware of the trade, checking to make sure the trade was made and having a way to check in with Ross to make sure he had not forgotten.
  • Review your systems to see where there are checks and balances and if especially important areas are not put on one person. Make sure that someone else is checking – we all make mistakes and that is why there is a checking system. Not to make us feel bad about ourselves but in recognition of our humanness.
  • Have open discussions about errors and get input from all levels on how to avoid or detect errors. At the leadership level, you may come up with a system, but you may find that staff find that process cumbersome, don’t stick with it and errors can go undetected for a while. And if an error has not even been detected, it can’t be reported.

These are just a few things to think about but the most important part is creating an environment that is open to communication, not just about success, but about the things that have gone wrong. You should think about making the environment open for the hard conversations the priority because it is simple to report and celebrate success but failure and error are what kill our business. With that in mind, are there situations that you have found yourself in where either you or someone on your team made a mistake? How did you respond, how did others respond, and how did things turn out?

Tagged , , , , , , , , , ,

Keep Rolling

gratisography-433H

When I first started running, I was out training, and my knee suddenly buckled in pain. I thought I had broken something, but it turned out that I had IT band syndrome. I tried several approaches to get better. Among these, I would change up my routes so that I was balancing out which leg was favored, I worked to improve my gait and I started foam rolling. No one warned me about that rolling. I think tears sprung to my eyes that first day I foam rolled. I know for sure that I yelped in pain, several times (thankfully I was alone). I couldn’t believe that I was supposed to do this every day, but I had to roll through the pain because I had a race on my schedule and I needed my knee to start working again.

After rolling consistently, I was amazed by how much better everything worked. I was also incredibly relieved that the rolling didn’t hurt so much anymore. I was a foam rolling disciple and whenever anyone told me they were contemplating taking up running, I urged them to also contemplate taking up foam rolling. At a point, I actually found joy in foam rolling. I could get through a rolling session with nary a yelp. It was glorious.

Recently, foam rolling slipped out of my life. After a fall apparently chipped a piece of my knee into non-existence, I could not run at all and I was, instead, focused on weight training to strengthen my knees. At the end of a week of working out, the trainer advised a foam rolling session. I didn’t even think twice; I hadn’t been running, how bad could things be? Painfully terrible, it turns out.

Managing controls in a business works in a similar manner. Sometimes, when a company sets up or has an auditor highlight weaknesses in its control systems, the company will go about creating policies and procedures that address risks and institute controls. At times, with that company, new hires will be given these manuals to read and, if they are lucky, these new employees will receive training. This training will teach the employees about the culture of the company and how to follow policies and procedures, in order to minimize risk within that company. However, how often will that company review its policies and procedures to see if they are relevant to technological advances and new risks that have arisen?

  • How often will the company’s leadership review policies and procedures with existing staff, to ensure that people have not slacked off and are still, for instance, getting the approvals that they are supposed to obtain for transactions?
  • Is anyone checking that reconciliations are occurring monthly (or at whatever frequency has been established) and, once performed, that those reconciliations are being reviewed by the relevant staff?
  • If there is a policy for checks over a certain amount to be signed by two signatories, is anyone reviewing to make sure this is the case?
  • When employees have left the company, have their access to the company’s system been suspended? Once suspended, have their accounts been deleted so that no one else in the company can use them? If they were signatories for bank accounts, has the bank been informed and has the bank removed them from the signatory list?
  • Have the company’s staff received training in how to reduce the risk of phishing?
  • Has the company’s leadership received any training themselves to update them on current risks and to remind them what the policies and procedures of the company are?

These are just a few examples of the many ways in which a company should be regularly checking in and exercising its control muscles. If all you are doing is handing over a manual on day one and assuming that your staff knows what and how they need to do things, you are only setting yourself up for possible pain in the future.

  • Can you be surprised if one of your staff members gets phished and hackers gain access to your company? Think about the pain of finding out that someone pretending to be the CEO sent an email that instructed accounts payable to wire a sizeable amount of money to an offshore account and that accounts payable fell for the scam?
  • If no one is regularly reconciling accounts, can you really be shocked when you discover that an employee has taken advantage of this lack of oversight and embezzled money?
  • If accounts of former employees are not properly suspended and deleted, how will you figure out who has been using them since the former employee left? How will you be able to trace unauthorized transactions?
  • If your company’s leadership is not up to date on policies and procedures, how can they enforce them? At that point, everyone will be just guessing and hoping for the best. Being unprepared and hoping for the best tends to only work out well in the movies.

Maintaining and updating policies and procedures should be a proactive and continuous activity. Speak with a forensic CPA about how to create, institute and regularly review your control systems to reduce risk in your company. It may seem like schlep in the beginning, but having the systems serves a deterrent to those contemplating wrongdoing, it also keeps your staff more educated about how, for instance, they can recognize errors or attempts to suck them into a scam. This can also mean that when something is going awry, it is spotted earlier, minimizing possible losses.

You should be doing this to avoid or, at the very least, minimize any future pain. You don’t want to be like me where incredible pain leads to you even more pain, on the eventual path to healing. Take it from my IT band, proactive is so much better than reactive.

 

Tagged , , , , , , , , ,

Regular Check-Ups

Image

Several years ago, I received a phone call from my bank. I was surprised to receive this phone call as I was probably this bank’s least profitable customer. I had recently moved to New York, it was my first bank account there and the account was remarkable only in how low its balances could get, especially just after I paid my rent check. The very nice woman on the line was calling to let me know that the bank believed that they had discovered fraudulent activity in my account. The bank noticed that, at least once a week, between $9.95 and $14.95 was being withdrawn from my account. The withdrawals were regular and, every time it happened, the name of the company making the withdrawal was slightly different from before. The regularity of the withdrawals, along with the amounts and the slight name changes, were all red flags for the bank. I was very grateful that the bank had spotted this and, quite frankly, rather shocked. I had assumed two things – first, that I was too poor to rob and, second, that the small transactions going through my account, on the rare occasions that I actually noticed them, were trips to the pharmacy or a lunch that I had forgotten about. It turned out that I was wrong on both accounts and an unscrupulous party took advantage of the lax attitude I had toward my finances. For over three months, at least once a week, money had trickled out of my account. Luckily for me, the bank helped me trace the amounts and credited my account. It seems that, in more recent times, banks are more likely to allow this kind of fraud to continue. They have decided to earn fees from these transactions instead of alerting their customers of these possible frauds.

After this incident, feeling violated by this invasion of my space (and funds) I became very diligent about checking my money. I had been very lucky. Yes, my money was being taken without my knowledge, but I was able to recover most of the funds and I had the bank looking out for me. Not many are so fortunate these days. It is important, therefore, to take steps to minimize the chances of unauthorized access to your bank account or, at the very least, to be able to quickly spot, stop and dispute transactions that you don’t recognize.

  • Be very careful about who you give your personal and financial information to, especially when this request comes via a cold call. Even if the person on the line sounds official, check the credentials. If need be, hang up and call up the organization that claims to be on the phone, using the contact number that you have in your records. If the person on the phone is a valid representative, they will not mind you checking to make sure things are above-board.
  • Check your bank and credit card balances often – at least once a week, if you can. Just about every bank has online banking facilities available to customers. Here, you can review recent transactions and make sure you know what happened with each one.
  • Be aware of the risks to seniors that you know, be they relatives or friends. Because of programs that tend to affect seniors, such as medicare and social security, they are particular targets for the unscrupulous. Fraudsters will call senior citizens and either cajole or scare them into giving up their information. Check in with those who may be vulnerable, either because of advancing age or lack of computer savvy, and make sure no one is raiding their accounts.
  • Safeguard the physical information you have on your accounts. Keep statements and account numbers in a safe place. The last thing you want is to find out that a guest or someone who has worked in your home, has taken your information and used it to gain access to your money. Don’t leave the temptation out in the open – that is only asking for trouble.
  • Should you come across odd activity in your account, be sure to call your financial institution and look into the matter. Time is of the essence here as, often, after a time, it becomes near impossible to reverse a transaction, even if you can show that it was unauthorized.

Once keeping track of your money becomes a habit, it also becomes a very simple exercise. If you check-in regularly, there are only a few transactions to remember at a time. Also if you check-in regularly, you will also become more familiar with your own spending patterns and be better able to spot irregularities. As a bonus, if you check-in regularly, you may also realize that you have bad spending habits that need some rehabilitation. It doesn’t matter how much or how little money you believe you have, there is always enough for someone to take away from you. All of this monitoring of finances may sound a touch paranoid, but paranoid is often better than broke.

Tagged , , , , , , , , , ,