Community associations are particularly vulnerable to embezzlement because of the access employees have to both an association’s assets and financial records. In fact, the average loss caused by employee dishonesty is $140,000 with one in every five cases reporting a loss of at least $1 million.
The typical organization loses five percent of its revenues to fraud each year. Common examples of fraud impacting all types of companies include:
- an employee setting up phantom vendors in order to steal money;
- unauthorized funds transfers;
- employee collusion with an external party for asset misappropriation;
- the receipt of counterfeit money; and
- forgery of financial documents such as checks, bank drafts, and wires.
In addition, employee-related theft losses can continue for years before they are uncovered. For example, one board member embezzled $100,000 from a condo association over a four-year period before the other condo members discovered what was going on. In a famous Manhattan case that made headline news back in the mid-2000s, the treasurer of a high-end co-op embezzled nearly $4.7 million over seven years.
In another case, the property manager of a Florida condo association arranged for the company that processed the association’s payroll to issue unauthorized payments to her. She also opened credit card accounts in the association’s name, charged personal expenses, and paid bills with association funds. In all, she stole close to $500,000 from the association before it was discovered a few years later.
Mitigating Theft, Covering Losses
In order for associations to help mitigate these types of losses and reduce exposures they need to implement strong internal controls. This involves, among other things, not giving anyone sole signing authority over a common checkbook or bank account, and ensuring that there is more than one person receiving bank statements on the association’s reserve fund.
In the case of the Manhattan co-op, the treasurer was able to create phony bank statements for three years, something that might have been harder to accomplish if, let’s say, the building’s managing agent or outside auditor had continued getting their copies of statements from the bank.
In addition to implementing strong internal controls, a community association needs to have the proper insurance program in place to mitigate financial losses related to employees’ action and other crime-related incidents. This involves securing a Commercial Crime policy designed to protect a business from losses due to third-party fraud or employee fidelity. State statutes, although they vary, require associations carry insurance on all persons who control or disburse funds of the association. If an association chooses to not have coverage, it would be in violation of the law.
Typically when completing an application for Fidelity (or Employee Dishonesty) coverage, an insured will make declarations about its internal controls and other financial operations of the business, confirming the following:
- Financial statements are annually audited by an independent CPA;
- All subsidiaries, locations and similarly controlled and operated companies are included in the audit;
- The audit firm regularly reviews the system of internal controls and furnishes written reports;
- Accounting is decentralized;
- At least two signatures are required on checks;
- Employees who reconciled monthly bank statements do not sign checks, handle bank deposits or have access to check-signing machines or signature plates;
- Internal control systems are designed so that no employee can control a process from beginning to end; and
- All incoming checks are stamped “For Deposit Only” immediately upon receipt.
In reviewing Crime and Fidelity insurance with a condo association, HOA or other community association, be sure to go over the following important points:
- The dollar amount of losses to be covered.
- The period within which a covered loss may occur, or the period a covered loss is discovered.
- How an employee is defined. For an association this should extend to non-compensated directors and officers, property managers and management companies, and temporary and leased employees. Also, although not a part of the employee definition, it’s important to note that if an employee is known to have been involved in theft or other dishonest acts before coverage is obtained, losses from that particular employee, past or future, are not covered.
- If the policy contains an insurance limit which may be applied to one occurrence and how this works.
- How the policy is written: loss sustained vs. loss discovered. Basically, under the sustained loss form, a loss must occur—and be discovered—during the policy period in order to be covered. Contrast this with the discovery form, which only requires the loss be discovered during the policy period, no matter when the incident occurred.
- When the loss is discovered is important, as timely notification to the carrier is required, and specific steps must be implemented to minimize possible continued exposure to the loss. Discovery typically means when the insured first becomes aware of facts “which would cause a reasonable person to assume that a covered loss has occurred, regardless of when the act or acts causing or contributing to such loss occurred, even though the exact amount or details of loss may not then be known.” This allows the insurer to take actions to limit the amount of loss, lowering its liability and allowing it to begin investigating.
Additional Coverages Under a Crime Insurance Policy
It’s important that community associations also look beyond Employee Dishonesty coverage. A Crime policy can be purchased to offer community associations protection against forgery, computer fraud, funds transfer fraud, money and securities coverage, and coverage for money orders and counterfeit money.
An incident in Florida underscores the need for all types of Crime protection: A property manager’s teenaged daughter used her computer to hack into the association’s bank account and make unauthorized transfers totaling $50,000 to her own account. The bank didn’t take responsibility, as the breach occurred on the association’s end. Without forgery, alteration and computer fraud coverage, the association would not be covered.
The cost of Crime and Fidelity insurance is based on the amount of coverage being purchased and the number of people associated with the board’s finances.