Fraud, embezzlement, and other types of employee theft are among the biggest exposures community associations face. Exacerbating this significant risk is that it typically takes 18 months before the average fraud scheme is detected. What’s more, often the theft involves small amounts taken over a long period of time, which goes unnoticed but results in the accumulation of massive losses.
“Given today’s challenging economic environment, it’s prudent for community associations to revisit their best practices for mitigating the risk of employee theft and other related crimes,” notes Meg McBurney, Vice President of Claims and Loss Control at Distinguished Programs.
In fact, the Association of Certified Fraud Examiners (ACFE) issued a warning on the increase of fraud during the COVID-19 pandemic, based on historical data during other economic downturns. According to the ACFE, there are a number of reasons fraud proliferates during recessions and times of economic instability, including the fact that employees’ personal financial pressures tend to rise, which is often where the decision to steal from an employer begins. Additionally, data from the ACFE 2019 survey indicates that 42% of occupational fraudsters are living beyond their means at the time they commit fraud, and 26% are experiencing financial difficulties – two most common behavioral red flags for these crimes.
Common fraud tactics against condo associations, HOAs, co-ops, PUDs and POAs include: falsified bank statements; falsified balance sheets; payments made to vendors that don’t exist; out-of-the-norm “consulting” fees paid to people who either did not exist or had no credentials to consult; and payments for highly excessive or unnecessary repairs, amenities, etc.
Risk-Mitigation Tactics for Community Associations
Meg suggests that community associations enforce their policies requiring dual signatures on all checks. If a management company or bookkeeper signs checks for regular bills, arrangements should be made to have a discrete list of those items they are authorized to approve. If there is a significant amount of funds involved, consider a specific account for payments made by management with all other accounts limited to board member-only signatures. Other risk-mitigation measures include: the use of “Positive Pay” or a similar online banking control tool, implementation of physical access controls regarding high-value property, and robust procedures for the approval and setup of vendors and client accounts.
Address Cyber Threats
Another important area community associations should be vigilant about is the rise in social engineering tactics during COVID as a result of so many individuals working remotely and increased vulnerabilities in cybersecurity. “Employees should be educated on the various phishing tactics cybercriminals employ to get individuals to make fraudulent wire transfers,” says Meg. “They should confirm all wire transfer requests via phone.”
Employees should also know how to spot suspicious emails or links and refrain from opening or clicking on these, as they can end up infecting one’s computer with malware. Implementing computer protections such as password controls and encryption of data is also critical in helping to prevent cybercrimes.
Speak with your insureds about stepping up their loss controls to help mitigate potential crimes. Also, be sure they are properly covered in the event of a loss. Distinguished’s Crime insurance program is designed to protect community associations’ funds against fraud, forgery, and theft.