We hear stories of employees embezzling money from unsuspecting employers, but we never expect it to actually happen. Nathan J. Mueller, an employee in the reinsurance division of financial services giant ING, carried out a scheme, embezzling nearly $8.5 million over a period of four years. Mueller’s story serves as a lesson to employers, alerting managers and business owners of what they can do to protect against and prevent fraud.

How it can happen

A corporate error granted Mueller and two of his co-workers the authority to approve company checks of up to $250,000. They often logged on to the system as one another to complete specific tasks, which gave Mueller the ability to request checks under one identity and then approve them under his own account. Because Mueller was also allowed to pick up physical checks, he was able to take the checks to the bank and deposit them into a fake vendor account he set up. As he had the authority to conduct the transactions, his actions went undetected for quite some time. Mueller spent the money on luxurious cars, expensive watches, and frequent trips.

How He Got Caught

“I told people that I was an amazingly successful gambler and I got my extra income from hitting large jackpots on high-dollar slot machines,” explained Mueller. Eventually, Mueller’s ex-wife told his co-worker that she didn’t believe his gambling explanation. Once his co-worker’s suspicions were raised, she ran a query to list all the checks that she had requested or approved. The query revealed 10 fake checks made out to Mueller’s fabricated vendor, adding up to $1 million. Mueller was sentenced to 97 months in prison—a term that he began in February 2009 at the Federal Prison Camp in Duluth, Minnesota.

Lessons to Learn

Mueller explained that he began embezzling money in order to pay off his debt. An employee facing personal financial stress will not necessarily begin embezzling, but companies need to be aware that they may present a potential risk.

To reduce risk, companies should always include a credit check as part of their hiring policy for positions that have access to financials. In addition, companies should conduct past employment verifications, a background check and education verification.
Other steps to help avoid fraud involve system controls:

• Authentication controls include passwords, smart cards, and biometric identifiers. Having strong authentication controls in place will reduce the risk of employees signing on as others.
• Authorization controls restrict the access of authenticated users to certain classes of information and capabilities. Employers should regularly verify what access employees have and decide if having this access is necessary.
• Processing controls verify that data is processed correctly and that obvious errors are not processed. This includes conducting thorough reviews of the bank accounts and making sure that the vendors are all verified.
• Physical safeguards ensure physical documents are handled correctly. Good business practices, such as keeping operational responsibilities separate from recordkeeping responsibilities can limit opportunities for fraud.
• Employee support programs can assist employees struggling with addictions, mental and emotional issues, and family and financial concerns. A good support system can help employees reduce and better manage pressures that can sometimes lead to fraudulent activity. It can also help them make healthier and more rational choices.

Providing employees with fraud awareness training and teaching them how to watch for it lays the foundation for prevention. Training also reminds the staff that the company recognizes fraud as a serious threat. Establishing an anonymous third-party hotline can also encourage employees to report suspicious activity. Making employees aware of fraud, establishing systems and protocols for prevention, limiting opportunities for access and integrating the team as part of the solution will help guard your business from being a target.