Scam artists know how anxious business owners are during the current coronavirus (COVID-19) crisis. They know that as you struggle to meet customer demands, pay employees and stay solvent, you’re more likely to drop your guard and fall for a fraud scheme. The last thing your business needs right now is to suffer additional financial losses. So keep an eye out for the following scams:

Fake suppliers. Whether you’re a manufacturer seeking raw materials or a grocer desperate to keep shelves stocked, you may have trouble getting your usual supplies. If a regular supplier is temporarily — or permanently — shut down, be careful about doing business with unknown vendors. Many authentic-looking websites are, in fact, fronts for criminal operations, and if you place an order with them, you may never receive the goods. Also be wary of cold callers promising to source hard-to-get items. If it sounds too good to be true, it probably is.

Defective goods. Even if you do receive your supply order, there’s a chance its contents will be defective. In early March, an international team of law-enforcement agents arrested 121 criminals around the world who were selling counterfeit surgical masks, hand sanitizer and other in-demand products. Depending on your business, buying defective goods could be an expensive mistake — or a public health emergency.

Payment fraud. Online payment fraud was already growing aggressively. But COVID-19 is expected to throw fuel on the fire as more people turn to home services apps, such as those for food delivery and online learning. Consumers usually don’t pay when their stolen credit cards are used to make purchases. But businesses generally do. You’re likely to be held responsible for fraudulent transactions, as well as possible chargeback fees. So be vigilant about maintaining IT security. Retailers might consider adding an Address Verification Service, which confirms a cardholder’s billing address with the card company.

Google scam. Fake robocalls claiming to come from Google have circulated for several years. Now there’s a COVID-19 twist. The recorded message tells businesses “affected by the coronavirus” that they need to ensure their Google listing is correct so that customers can locate them during the pandemic. If you speak to someone, he or she may ask for payment to list your business or try to gain confidential information. Know that Google never makes unsolicited sales calls. If someone tries to convince you otherwise, hang up.

Unfortunately, these schemes represent only the tip of the iceberg. For the latest on COVID-19-related fraud, visit the Federal Trade Commission’s “Business Center” at ftc.gov/tips-advice/business-center. Or contact us.

© 2020 Covenant CPA

As governments around the globe mobilize to defend their populations from the novel coronavirus (COVID-19), criminals are also mobilizing — to fleece people. These opportunists have already found ways to use the fear and chaos associated with the pandemic to enrich themselves. But you can protect yourself and your business.

Ripe opportunity

Phishing emails that promise valuable information about the virus have been circulating for weeks. Fake COVID-19 websites loaded with malware have also popped up everywhere. And as many Americans start working from home, often on vulnerable home networks and devices that lack the latest security updates, hacking incidents are becoming more common.

The federal government’s plan to send checks to Americans to help boost the economy will almost certainly bring scammers out in force. The Federal Trade Commission has already warned that crooks may try to convince people they must pay a fee to receive their checks from the government — which isn’t true.

Best practices

So how do you protect yourself or your business in these troubled times? Here are a few essentials:

Let phone calls go to voicemail. The best way to fight off phone scammers is to not answer the phone if you don’t recognize the number. But if you do answer, be wary of anyone making promises about, for example, interest-free loans or mortgage payment forbearance. If you need financial help, contact government agencies, charities and financial-service providers directly.

Keep your inbox clean. Along the same lines, exercise caution when opening emails, particularly if you don’t recognize the sender’s name. (Keep in mind, however, that hackers can hijack a friend’s account and send malicious emails to you in that person’s name.) Right now, scammers are likely to use enticing subject lines such as “Cure for COVID-19” or “Make big $$$ working from home.” If you open one of these emails by mistake, don’t click on any links or attachments.

Beware of charity fraud. Charity schemes are a time-tested method for stealing money from generous individuals and companies that just want to help. While you’re encouraged to donate money to organizations fighting COVID-19 and assisting its victims, give only to reputable charities you know. If you aren’t familiar with a nonprofit, ask for its tax ID number and verify it with the IRS. You’re also encouraged to research the organization on watchdog sites such as Charitynavigator.com and Charitywatch.com.

Just say “no”

Most Americans are pulling together to fight COVID-19. However, some criminals view the pandemic as an opportunity to profit, so you need to maintain healthy skepticism. If you’re suspicious, hang up, delete or just say “no.”

© 2020 Covenant CPA

Business opportunity or scam?

The investment “opportunity” could be anything from a new nutritional supplement to a foolproof method for “flipping” houses. But if the investment or product is advertised as “easy money” or promises immediate high earnings, beware. Although there are plenty of legitimate business opportunities out there, there are also plenty of fraudulent schemes that exist for no other reason than to steal your money.

Simple or complicated

These schemes can be relatively straightforward. For example, one New York state man was convicted of enticing investors to sink $10,000 each into a vending machine distribution business he promised would be profitable — even though it was set up to fail.

But they can also take the form of complicated pyramid schemes that generally offer no actual product or service and are sustained by constantly recruiting new participants. Often, these schemes are couched as “clubs” or “gift programs” and promoted through social networks. Whatever they’re called, they usually end the same way: When the pyramid collapses, only the “founders” walk away with any money.

FTC safeguards

To assist potential investors, the Federal Trade Commission (FTC) has established a Business Opportunity Rule. Among other things, the rule requires sellers to produce a disclosure document and to detail any earnings claims in a separate statement.

Sellers also must disclose prior civil or criminal litigation involving claims of misrepresentation, fraud, securities law violations, or unfair or deceptive business practices; outline any cancellation or refund policy; and provide references nearest to the potential buyer’s location. Furthermore, the disclosure document must be written in the language in which the buyer and seller discussed the opportunity. For more about the rule, visit ftc.gov.

Practical tips

In practical terms, you can protect yourself by studying the disclosure document, earnings claim statement and proposed contract, looking for potential loopholes that might benefit the seller at your expense. For example, are start-up costs particularly high? Is the seller required to buy back inventory you’re unable to sell or would you be out-of-pocket?

Other tips to protect your money:

  • Research the seller’s history and reputation online and check for complaints with the Better Business Bureau. (Note that the absence of complaints doesn’t necessarily mean the seller is aboveboard.)
  • Find out if there’s an actual market for the business’s products or services.
  • Talk to current investors or participants and ask tough questions.
  • Ask your legal and financial advisors to review any documents you don’t understand, including the contract.

When to walk away

If you suspect a business opportunity is fake, turn it down. Then report it to your state attorney general’s office, your county or state consumer protection agency, and the FTC. But if you’re unsure about the legitimacy of an offer, contact us. We can help you evaluate it.

© 2020 Covenant CPA

Every time your business interacts with customers is an opportunity to build trust. And it’s an opportunity you can’t afford to neglect. Look at customer data. When customers hand over personal and financial data to your company, they expect you to do everything in your power to protect it from hackers — as well as non-criminal third parties. If you don’t? Just look at some of the companies affected by major data breaches.

Provide fraud notices

Unless you run a cash-only business, you collect financial data from you customers every time you process transactions. If you offer credit accounts to business customers, you probably collect even more information. You’re obliged to ensure this data doesn’t fall into the hands of thieves and fraud perpetrators.

Consumers don’t need to understand the inner workings of your fraud prevention efforts. However, they must trust that you have an effective program in place. Provide notices on your website and train customer service representatives to answer questions about your fraud prevention program. If you require customers to use passwords or answer questions to prove their identities online, explain why these steps are necessary.

Explain how you share data

Criminal activity isn’t the only thing customers worry about. Increasingly, they want to know how businesses willingly share — and often profit from — their data. Given the patchwork of data privacy regulations, most consumers know little about the laws and regulations governing businesses. In layman’s terms, briefly summarize which ones cover your company’s activities, as well as your commitment to honoring the spirit and intent of them. Note that if you have customers in the European Union (potentially any company with a website), you need to comply with the EU’s stringent data protection laws.

As a general best practice, don’t collect any more data from customers than you absolutely need.  If you intend to share it with third parties, inform customers at the time you request the data and allow them to opt out, if possible. Keep in mind that some customers will probably go elsewhere if they know you plan to share their data or if your business model is largely based on sharing data. Nevertheless, transparency is critical.

All about communication

Whether you’re trying to prevent fraud or share data with third parties responsibly, keep your customers informed. Good interpersonal relationships are based on trust — and that’s just as true for business relationships.

© 2020 Covenant CPA

Businesses and fraud experts often face a long, arduous process when investigating any occupational fraud incident. When the suspect is a member of upper management, it’s exponentially harder.

In theory, investigating executives shouldn’t differ from the process of investigating rank-and-file employees. In reality, the authority and influence of an executive can slow — even shut down — a fraud investigation. You need a plan to prevent interference and facilitate the collection of evidence that can be used in court, if necessary.

Human element

The first step is to brief the executive’s chain of command. As soon as allegations surface, work with your company’s human resources and legal departments to make the suspect’s superiors aware of the situation. If you believe the fraud may involve the executive’s immediate boss, brief someone higher up the chain of command.

To minimize the potential for rumors and information leaks, limit the number of employees with knowledge of the investigation. Instruct them to refrain from discussing the case with anyone within or outside the company. Better yet, hire a fraud investigator to handle most of the investigation. An outside expert knows how to protect confidential information and is able to remain professional and impartial when interviewing suspects and potential witnesses.

If employees participate in the investigation, involve only experienced and trustworthy people. An investigation of an executive inevitably attracts greater scrutiny from the senior executive team and stakeholders such as investors. So make sure the team conducts the investigation in strict compliance with your company’s personnel policies and employment law. Investigation-related electronic files should be password-protected and physical documents stored on-site should be secured in a locked filing cabinet.

Closing in

Many companies are hesitant to discipline (particularly, to terminate), an executive involved in wrongdoing due to potentially negative publicity. In fact, many senior executives expect to see overwhelming evidence of wrongdoing before they agree to take action against a colleague. Keep this in mind as your team conducts its investigation.

You should try to assemble convincing evidence of fraud before formally interviewing the suspect. To avoid being overwhelmed or overpowered by the executive, a professional fraud examiner or a superior executive should conduct the meeting. Should the need arise to suspend the executive pending further review, make sure someone with the appropriate authority is present.

Cost is too high

Investigating allegations of wrongdoing by an executive can be stressful, but it’s critical. According to the Association of Certified Fraud Examiners, the median loss associated with fraud perpetrated by an owner or executive is $850,000, compared with $100,000 for non-management employees. If you suspect executive fraud, don’t hesitate to contact us.

© 2020 Covenant CPA

Financial statement manipulation is the costliest type of occupational fraud. The latest Report to the Nations published by the Association of Certified Fraud Examiners found that the median loss from financial statement fraud was $800,000, compared to median losses of $114,000 for asset misappropriation and $250,000 for corruption.

With any type of fraud, the sooner it’s detected, the more likely losses can be mitigated. One tool management and fraud experts might use to assess the likelihood of earnings manipulation is the Beneish model.

M score

The Beneish model measures the probability that a company’s revenue has been inflated and its expenses have been understated. The model generally computes an “M score” from comparisons between consecutive financial reporting periods of various metrics, including:

  • Days sales in receivables,
  • Gross margin,
  • Asset quality,
  • Sales growth,
  • Depreciation,
  • Sales general and administrative,
  • Leverage and
  • Total accruals to total assets in the current reporting period.

These metrics are designed to capture the effects of earnings manipulation or preconditions that can prompt a company to engage in earnings manipulation.

Cautionary notes

The economics professor who created the Beneish model admits there are some important limitations to the technique. Notably, the model can’t reliably be applied to privately held businesses because it was developed using public company data. Additionally, his sample involved manipulation to overstate earnings. Therefore, the model isn’t useful in circumstances where it could prove advantageous to reduce earnings — for example, to push revenue into the next quarter to help meet a target for that quarter.

Some distortions in financial statement data also could have a cause that’s unrelated to earnings manipulation. A metric might be distorted by, say, a material acquisition during the period examined, a material shift in the company’s strategy for maximizing value or a significant change in the relevant economic environment.

Simply a red flag

Because it’s relatively easy to use, the Beneish model can be an efficient screening tool for earnings manipulation. It’s important to note, however, that a high M score doesn’t prove fraud. Rather, it suggests that further investigation, preferably by forensic accounting experts, is necessary.

© 2020 Covenant CPA

When Dan received a large shipment of highlighter markers, he was confused. He didn’t remember ordering them — and he was the company’s sole office supplies buyer. Yet when he received an invoice for the markers a week later, he approved it for payment. After all, employees were already using the highlighters.

Dan fell for a typical office supply scam — and his company paid for the mistake. Here’s how to protect your business from this type of fraud.

Common features

Office supply scams typically begin as telemarketing fraud, with someone calling your business to obtain your street address and the name of an employee. Callers may ask for the person in charge, claim to need information to complete an order or pretend to verify an office machine’s serial number. The goal is to get a name that will lend legitimacy to bogus shipments and invoices.

The fraudster then attempts to perpetrate an office supply scheme, including one of the following:

Phony invoices. A supplier ships poor quality products and then, a week or two later, sends a pricey invoice. The delay is intentional: The fraudster hopes you won’t notice that the final price is much higher than you’d pay for better quality products. The person is also hoping you’ve used some of the products and feel obligated to pay for them.

Promotional items. Some pretenders offer to send you a promotional item. Before they hang up, however, they’ll mention in passing that they’re going to throw some ink cartridges in with the free coffee mug. What they don’t mention is that they’ll also throw in a bill for the ink.

Gift horses. A perpetrator sends a promotional item to an employee and follows up by sending unordered merchandise to you. When you receive the bill with the employee’s name on it, you question the employee. The scammer is hoping the employee will be so nervous about accepting the promotional item that you’ll end up believing the worker mistakenly ordered the merchandise.

Stop supply fraud

To keep your business safe from office supply fraud:

  • Tell employees to transfer all telemarketing calls to one or two designated buyers.
  • Provide buyers with procedures for documenting and approving purchases.
  • Set up a system for generating purchase order or internal reference numbers.
  • Instruct vendors to include those numbers on their shipment documents.
  • When you receive merchandise, inspect it and verify that you ordered it and that the packing list matches the box’s contents.

If everything’s in order, receiving employees should send copies of the bills of lading to accounts payable for reconciliation with the order.

Legal rights

Know that you aren’t legally required to pay for anything you didn’t order. Unless there’s a legitimate mistake on an order, you may treat any unrequested merchandise as a gift and use it as you like. If suppliers hassle you, discuss the matter with your legal and accounting advisors.

© 2020 Covenant CPA

All complaints will be swiftly and thoroughly investigated.” No doubt this sentence, or something similar, appears in your company’s employee handbook. Unfortunately, there will likely be a time when you’ll have to put those words into action. Whether an employee alleges discrimination or harassment, or reports a coworker for theft or fraud, you’ll need to handle the complaint appropriately.

Keep these five best practices in mind to avoid unnecessary legal complications:

1. Maintain confidentiality. Take every precaution to keep details of the allegation private — especially the identities of the accused and the accuser. Remind managers that they need to have all conversations behind closed doors, store all meeting notes securely and speak only to those people who are necessary to the investigation. Assure workers involved in the investigation that it will be held in strict confidence and inform them that they aren’t free to talk about any part of the process.

2. Conduct productive interviews. Be prepared with an opening statement that describes what’s being investigated, then ask open-ended questions that encourage employees to say more than “yes” or “no.” Ask all interviewees the same questions so that you can compare answers, identify patterns and uncover discrepancies. Also, have a witness present to verify what occurred during the interviews.

3. Avoid bias. Keep an open mind while gathering facts. Just because an employee has a reputation around the office as a “troublemaker” or “crank,” doesn’t mean that person is lying or guilty of an impropriety. Consider hiring a third-party investigator, such as a fraud expert, to handle interviews. This can help preserve impartiality and show all parties that the investigation is being taken seriously.

4. Document activities. Make detailed notes on all the steps of your investigation. Include the dates and times of workspace searches, computer forensic activity and conversations. After every interview or action taken, review your notes to ensure they capture all relevant information.

5. Close the loops. Even if an investigation turns up no evidence of misconduct or criminal behavior, you need to follow up and close the loop with those involved. When complaints are found to have merit, take appropriate action as quickly as possible. You may be able to handle some minor issues with in-house personnel. But consult your legal and financial advisors — and possibly law enforcement — in more serious cases.

Contact us if you need help investigating a fraud allegation.

© 2020 Covenant CPA

You may think your business has enough insurance already. But if it’s vulnerable to employee theft and fraud — and most businesses are — you may want to consider adding more coverage. Some insurance companies offer policies to protect against loss of money and property due to criminal acts by employees. Here’s how to decide whether your business needs one.

Specialty coverage

Employee dishonesty insurance can cover not only theft of money, property and securities, but also willful damage to property. If, for example, an employee smashes a computer or kicks a hole in a wall, it’s likely covered. And this type of policy covers losses from all employees. However, coverage generally is based on occurrences. So if more than one employee is involved in a single theft, the payout will be based on that single occurrence.

Rates and deductibles typically depend on a business’s level of risk. But separate employee dishonesty insurance policies are likely to have higher loss limits and more customized coverage than is available with coverage offered as part of a business insurance package.

Policy limitations

Employee dishonesty insurance covers only property your business owns, holds for others or is legally liable for. It usually doesn’t cover theft or damages caused by employees of businesses that provide services to your company. (For coverage related to third parties, such as contract workers, you may need to add “endorsements” or buy a broader business crime policy.)

Employee dishonesty insurance also generally won’t cover loss of:

  • Intangible assets such as trade secrets or electronic data,
  • Loss of employees’ property,
  • Damage covered by another insurance policy, or
  • The unexplained disappearance of property.

The burden of proof for employee dishonesty claims is solely on the policy owner. Insurance companies will pay claims only if there is conclusive proof that an employee caused the loss.

Finally, employee dishonesty insurance isn’t a substitute for a fidelity bond if a bond is required by a funding source or other contractual agreement. And such bonds can offer advantages. For example, Federal Bonding Program bonds, intended to encourage employers to hire hard-to-place applicants, reimburse employers with no deductible for loss due to employee theft.

Consider your options

Before buying employee dishonesty insurance, look closely at what your general liability or business owner’s policy covers so that you don’t pay for the same coverage twice. And keep in mind that some businesses — such as restaurants and retail stores, where employees often handle cash — may benefit from it more than others. For help determining what your company needs and finding affordable coverage, contact us.

© 2020 Covenant CPA

A Small Business Administration (SBA) loan can make big things happen for your small company. But the agency’s loan program is sometimes abused by con artists who know that many small business owners have little experience applying for financing and are, therefore, vulnerable to scams. Here’s what you should know.

Background on SBA products

The SBA provides various financing options with favorable terms and greater flexibility to small businesses and start-ups. It doesn’t disburse loans directly but gives lenders federal guarantees and backing to reduce lending risk. Individual businesses must themselves make arrangements with financial institutions that make loans.

Three key SBA programs are:

1. SBA 7(a) loans. This is the flagship product. It typically frees up working capital needed to acquire equipment, real estate or inventory.

2. Microloans. This program is more targeted. Smaller amounts are disbursed quickly to address short-term needs.

3. SBA 504 loans. This program is commonly used for commercial real estate purposes, such as the cost of buildings, land, equipment and renovations.

Look for red flags

If you’re applying for one of these types of loans, how can you avoid becoming a fraud victim? The government warns small business owners to be wary of companies offering to help them secure money from an SBA program. In particular, watch out for services that charge exorbitant fees or that guarantee you’ll get a loan if you work with them. In general, legitimate services don’t charge upfront fees to broker loans, perform credit checks or “process” applications. So if you’re asked to pay, walk away.

Fraud perpetrators also might claim that your business will be issued a forfeiture letter making it ineligible for any SBA funding if you don’t use their services. High-pressure sales tactics, such as threats or limited-time offers, are reliable indicators that you’re dealing with a fraudster. One way to verify suspicious claims is to call the SBA yourself.

Other bad actors may not ask for money at all. They’re simply after personal information that will enable them to steal your identity or access financial accounts. Don’t provide your Social Security number, bank account information or credit card information to any unsolicited caller or emailer.

Choose assistance carefully

Of course, many reputable businesses help companies apply for SBA loans — and they can make the process easier. But be sure to investigate the reputation of any business that contacts you. Better yet, ask trusted advisors or other small business owners for referrals.

© 2020 Covenant CPA