By Daniel W. Draz, M.S., CFE, Principal, Fraud Solutions
Despite what many of you are thinking right now, the “F” word means “fraud” and major fraud events can do significant, often irreparable and even fatal damage to your company’s brand. Yet, many businesses are strangely unprepared for this activity and fail to account for it in their disaster preparedness or business continuity plans.
If you don’t think a major fraud event can kill your business… try calling Lehman Brothers these days. “The number you have dialed is ‘no longer in service,’” in fact neither is the business!
If that example doesn’t motivate you to think about how a major fraud event can damage your businesses brand, how about this scenario:
Martha Stewart was once America’s home decorating sweetheart – the darling of the media. Her company, Martha Stewart Living Omnimedia has suffered nearly ten straight years of losses. If anyone thinks that the correlation between 10 years, and 10 years of business losses is a coincidence, it isn’t. It was a little over 10 years ago (June 4, 2003) that Martha Stewart was indicted for lying to federal investigators looking into allegations of insider trading involving her sale of ImClone stock just 1 day before the FDA’s announcement about ImClone’s drug Erbitux.
So, the question is, how did the major fraud event impact both Martha Stewart and Omnimedia? From a business perspective, the major fraud event was ultimately the beginning of the company slide. Case in point, ten years after an indictment, arrest and prison sentence, her once high flying Omnimedia is now on “life support,” trading in the low $2’s, leaving many wondering whether it will ultimately “flat line” and be delisted.
These examples, and many more like them, clearly demonstrate that major fraud events manifest themselves in a number of different ways including: brand damage, reputational issues, loss of investor confidence, decreased stock value, lawsuits, fines, decreased ROI and regulatory actions, among others.
All of these issues can have significant impact on a company’s business (revenues, operation, and existence) and cause major brand damage. Once the “F” word seriously damages a brand, the effects on the business, and the brand, linger for an eternity. Often, it takes a long time for the business to recover, if they ever do. Why? For starters, while certainly not all publicity is good, this kind is extremely destructive and toxically negative. Consumers have long memories and it can be an arduous, uphill battle to win back consumers in the “court of public opinion.”
In Martha Stewart’s case, while some fans have forgotten about the conviction, clearly many others have not and certainly that resulted in decreased merchandising opportunities, sales, viewers, interest, and consumer purchases as indicated in the declining stock values and cancelled TV show. While there are certainly other contributing factors to the declining stock value, and performance of the business, including retailer lawsuits, the fact is that the genesis of this slide can be specifically traced back to a major fraud event, conviction and prison sentence for lying to the feds about her insider stock trades.
There is a significant message here which translates to companies and their brands about how they, their officers, and employees operate and what that says about the image and their brand to the public. Many professionals work diligently to protect their company’s brand from a variety of different factors but there is very little, if any, advance consideration for the “F” word and the impact that can have.
While most companies have a disaster recovery, or business continuity, plan in place to keep their business operational during a significant physical event (fire, flood, bomb, storm, IT disruption etc.,) which causes potential business interruption or outage, very few companies we come across include a major fraud, ethics or privacy related event in their business continuity and disaster recovery planning. The fact is that the failure to plan for the “F” word has potentially fatal consequences for the business.
However, all is not lost as there are pre event foundational steps that can be taken immediately to start “righting the ship” before a major fraud event occurs. The first step is to determine the extent to which you do, or do not, have a policy in place which addresses a major fraud event. For those that have a policy, you may not be “out of the woods” quite yet. An in-depth review of the policy should be conducted to determine whether the existing plan is deficient, or out of date, given the significant, sophisticated, large scale, fraud events going on around the globe today. Fraud is dynamic and fluid, so major fraud event policies must be updated regularly to keep pace as well. Simply “having one” is not good enough. Just ask the financial institutions that recently lost $45,000,000 in a complex organized crime attack, which spanned 26 countries in a period of two days! Needless to say, there were major fraud event planning deficiencies.
Beyond that, much like your disaster recovery plan for physical events, there are foundational anti-fraud pieces that must be in place. It’s imperative to create an effective major fraud event management team, conduct risk assessments, prioritize risks, put proactive anti-fraud and risk mitigation plans in place, establish an incident response plan and create communication and event notification protocols. There are also significant post event recovery steps which businesses can take but those are largely dependent on the effectiveness of the pre event risk planning in conjunction with the magnitude and scope of the major fraud event.
When the Heartland data breach occurred in 2009, estimates suggested that this major fraud event cost the company $140,000,000. However, using the 80-20 historical fraud loss rule, with 20% being the known losses and 80% being the unknown, it’s more than likely that the actual losses are significantly higher than$140,000,000 and those losses don’t even take into account the significant hit their brand took!
It’s doubtful that anyone had that in their disaster recovery or business continuity plan prior to the event. Heartland probably does now… but that’s like “closing the barn door after the horses have bolted!” We have seen that major fraud events can have the same impact as physical events that we all plan for (a $140,000,000 major fraud event is no different than a fire, flood or storm causing the same amount of damage), but this is about crisis management and being prepared. When it comes to brand damage caused by a major fraud event, we aren’t!