Rethinking The Business Of Wellness

Six Steps To Fraud-Protect Your Wellness Business

Dishonest employees steal more than shoplifters…almost ten times more, in fact.

Sometimes they’re stealing from you – and sometimes from your members and clients. 

Most employee frauds start out small and escalate when no one notices.  

Protect your business by putting these simple checks and balances in place.  

1) Guard against payments to fictitious suppliers.

We’ve seen situations where employees created fictitious suppliers, wrote them checks, and secretly cashed the checks themselves.

For example, your assistant invents a fictitious vendor, “Yoga Mat Warehouse”. She then creates fake invoices, writes and signs checks on your business account to Yoga Mat Warehouse, and sends those checks to the Yoga Mat Warehouse post office box. Then she picks up the checks herself from Yoga Mat’s mailbox, endorses them, and deposits them to her own account.

If you authorize anyone other than yourself to sign checks, put controls in place to make sure that only legitimate vendors receive payments.

  • Don’t have the same person check in packages you receive and make payments to suppliers. Split those tasks.

  • Checks to be signed should have the packing receipt attached where applicable.

  • Cap the dollar amount of checks that others can sign.

  • Require a second signature, preferably yours, on checks which exceed that maximum.

  • Review check images provided monthly online or in your statement for vendor names you don’t recognize and for unusually large amounts.

  • Never, ever put your signature on a signature stamp that you allow others to use.

2) Restrict and review access to customer credit card and bank account info

Most of you accept credit cards and some of you debit customer bank accounts monthly for membership dues and fees.

  • For one-time transactions, choose hosted e-commerce and back-office applications that send transactions to a third-party payment gateway and don’t store credit card data within the e-commerce app. One example is CoreCommerce in combination with Payflow Link.

  • For recurring transactions where credit card data must be stored, tightly restrict who has access to this data so that it’s clear exactly who is accountable should customers report issues.

  • Password-protect this data with tough-to-crack passwords that include upper- and lower-case letters interspersed with numbers and special characters.

  • Change passwords monthly and always change them when an employee leaves the business, even if you don’t think they had access to customer data.

  • Remind customers – in newsletters and so forth - to contact you directly about billing mistakes. Don’t tell them to contact your bookkeeper.

  • Low-tech security still matters. Lock customer paperwork with credit card numbers and voided checks in a file cabinet and restrict access to the keys.

  • Don’t store customer financial information on laptops, smartphones, tablet computers and other mobile devices that actually leave your premises. If doing so is unavoidable, password protect the device and the file(s) containing this information with tough passwords using the password selection guidelines above.

3) Reconcile and review your business bank and credit card statements monthly.

We worked once with a wellness business whose trusted clerk – a long-time employee – had stuffed bank statements in his desk drawer to hide the fact that he was writing checks against a little-used business account and pocketing the cash.

  • Keep a list of all open bank accounts and credit accounts in use by your business.

  • Whoever prepares the reconciliation shouldn’t have signature access to your accounts. Otherwise, it’s like asking the cat to keep an eye on the canary!

  • Review the bank statements and bank reconciliations monthly.

  • An added bonus: you may catch a bank mistake.

  • Periodically run credit reports on your business. If someone’s opened unauthorized accounts of any kind in the name of your business, that’s a good way to find out.

  • Give at least the appearance of close review. Even if you don’t really understand what you’re looking at, just giving the impression that you’re paying close attention really helps deter fraud.

4) Split financial responsibilities among individuals.

It’s rare for several employees to conspire to defraud your business. It’s far more common for a single employee to steal from your business.

For example, if a single employee is responsible for all financial transactions related to the spa, he can record, say, five bottles of massage oil for internal use when in reality only two were used in the spa and he sold the other three to friends and pocketed the cash.

  • The person responsible for billing clients should not also be responsible for receiving and posting payments and making billing adjustments. This is particularly important if your business is often paid in cash – like a wellness center that handles insurance co-pays, or a spa or pro shop that receives cash for product sales.

  • Don’t allow your outside accountant to sign checks on your business account. Think of them as an independent third party who can help you keep an eye on things. If they have access to business assets like cash, you’ve compromised their independence.

5) Conduct pre-employment background checks.

We were shocked to find that a very promising job candidate for a management position had a criminal record for shoplifting. And we’ve routinely seen inflation – or invention – of academic credentials like degrees.

  • Run background checks on people you’re planning to hire — and request written consent to do it. That helps protect you legally – and it encourages candidates with dubious records to withdraw from the process.

  • Even if the candidate has a clean record, just knowing that you ran the background check communicates your “trust but verify” philosophy to managing the business. It puts them on notice that you’re vigilant.

  • Background checks are quick and relatively inexpensive – usually less than $100 per candidate, depending on scope.

  • Discuss bonding your employees with your business insurance broker if your business handles large amounts of cash, employees have access to business accounts and other significant assets, or your employees routinely visit clients’ homes.

6) Apply good business practices to everyone who works for you.

Sadly, we have seen numerous business owners burned by deeply trusted family members and friends – even spouses and siblings. Often these people were indeed reliable and trustworthy for many years…until something changed. /p>

Unknown to you, your brother or sister-in-law or cousin may have massive credit card debt. A close friend may have a sudden cash crunch because their spouse just lost a job. Your son or daughter may have a substance abuse problem. Or they’re simply living a steak lifestyle on a peanut butter budget. We could go on and on.

You simply can’t know everything that’s going on in someone’s life…even someone very, very close to you.

  • Don’t give family and friends the “keys to the kingdom.”

  • Apply the same good business practices above that you’d use with other employees.

7) And last but not least…

  • It’s also a good idea to require mandatory annual vacations for all employees with access to cash or other business assets.

We’re talking a week or two, not just a long weekend. If they’ve been hiding information which would reveal their fraud, you’ll improve the odds of catching it while they’re out.

  • In smaller wellness businesses, owners should pick up and review the incoming mail themselves. It’s a quick way to spot-check vendor invoices, late notices, and other potential red flags.

If you assign this work to someone, it shouldn’t be the same person who handles vendor and customer transactions and has access to customer financial data.

  • If you give your personal bank and credit card account information to an employee, remember to review your personal bank and credit card statements yourself.

  • Many small business owners simply hand all that information to their CPA – but your CPA can’t usually tell what’s appropriate and what isn’t.  And lots of owners and managers keep an eagle-eye on their business financials but never look at their personal financials.

 

    Post a Comment

    (required)