Employee Theft (aka Fraud, Fidelity, White Collar Crime) in Canada
Here is another good example that Canadian companies are not immune to employee theft. The Toronto Star reports, here, of Controller Timothy Rodkin, 42, sentenced to five years for defrauding his employer, a medical research firm. The reported value of the loss was $12 million, but even with that amount of loss, in a private company, a forensic accounting firm was not hired until after Durham policy called to report “internal financial irregularities.” Now, it is not like me to be skeptical, but, if your fraud detection and loss control lies in the hands of the Durham police, I might not want to be an investor.
My last blog suggested that a class action products liability lawsuit is one of the biggest risks to a medical firm, but I certainly did not suggest it was the only risk. My blog was to urge invited prospective directors to consider the main risks of their new organization (this should apply to all directors, new and many years in) and make sure that loss control procedures were present, and actively and consistently employed, and that these major risks were insured.
Well, it doesn’t matter what the industry, employee theft is and should be one of the most important risks identified and managed by directors and senior management. I can’t seem to locate this stat on google, but I remember reading that one of the top reasons for business failure in Canada is employee theft, not poor product or poor execution (you will just have to trust my memory.)
In my insurance industry experience, the Number 1 underinsured risk is employee theft. And, it commonly goes unreported because it is embarrassing and not good for business.
Well, I don’t know the specifics of the Rodkin fraud, but I have written in many fraud blogs that these crimes are rarely diabolical and sophisticated schemes by mad geniuses. They tend to be seemingly normal people who have been able to take advantage in control gaps which exist because these policies and procedures are boring, the risks are underestimated, and the governance of such is even more boring……………..until the loss. Then it becomes an extraordinary surprise that could never have been prevented.
Read the crime applications and questionnaires (the ones for real limits, not the ones for a $10,000 extension to a property policy):
- Strict separation of duties (account reconciliation from deposit and withdraw; programmers from operators; company accounts from employee social or charity accounts),
- Dual signature,
- Mandatory 2 week vacations,
- Vendor controls and auditing (at all money levels),
- Verification of good received,
- Thorough background checks and new and existing employee screening,
- Active communication and enforcement of Code of Conduct (Tone at the Top),
- Independent review of operating and holding company accounts and T4’s, including sequential numbering on all T4’s,
- Whistleblower provisions (independent, trusted and secure),
- Audit of all branches and accounts (no appointments, no cancellations or postponements),
Just get it, or at least seriously consider it. That means limits that will have a material effect on the company from a financial and/or reputational risk perspective. $10,000 may be a common limit purchased, but $10 million ($1 billion for some) might be more appropriate for the business.
The application, submission and quotation is a great loss identification and loss control tool, even if the risk transfer mechanism (the insurance policy) is never purchased. The application is not that bad, don’t leave it up to one lone employee.
If the controller or CFO is the one who completed and signed the application, then you can be fairly sure the insurance company will successfully deny a future claim perpetrated by that employee (see Barnicke, here, it has been cited in other litigation because it is precedent law for successful insurer claim denial), but the result might have been better for J.J., if the perpetrator Mr. Lake was not the sole person involved in the purchase of the Crime insurance.
In a crime application there are control questions and (in some, but not all applications) warranty questions. Senior management and directors may not be able to determine if any individual knows of a situation that can lead to a claim under the policy, but they can investigate the questions on the application to determine if they accurately reflect the control policies and procedures in all of the underlying operations. And, they can ensure the controls are being consistently employed.
Employee theft has always been, and will always be, a material concern to every organization. The evaluation of this risk should not be emotional, it should be business as usual. In almost every crime discuss I have with clients and prospective clients I hear, “we trust our employees, we would know if they were stealing from us.” And, following almost every claim I hear, “we never expected this employee would steal from us.” And I usually want to reply, “yah, even though they drove a nicer car, and lived in a nicer house than the CEO.”
In the words of Ronald Reagan (or at least what Wikipedia says regarding U.S. Soviet relations), “Trust, But Verify.”
Greg Shields is a Directors’ and Officers’ Liability, Professional Liability, Employment Practices Liability, Fiduciary Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at email@example.com, 416-862-5626, or Skype at risk.first.
CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to firstname.lastname@example.org.