Unfortunately, theft from charitable organizations is neither rare nor insignificant. The Internal Revenue Service, which began collecting diversion data in 2008 from the larger nonprofits that are registered with the agency, reported that 285 diversions involving total losses of more than $170 million were reported for 2009.1 A separate study found that nonprofit organizations are the victims in one-sixth of all major embezzlements, placing second only to the financial services industry.2
Nonprofits and their advisors can best guard against fraud by understanding perpetrators’ motives, types of fraudsters, and the forms of fraud to which nonprofit organizations are the most vulnerable.
What motivates a person to commit fraud, especially when it involves stealing funds from a nonprofit organization dedicated to helping the less fortunate or advancing a greater good? Research reveals that, in most cases, a fraudster’s illicit behavior can be explained by the convergence of the three necessary elements of the “fraud triangle”3 —pressure, opportunity, and rationalization (Figure 1). It is the simultaneous presence of each of these elements that serves as the catalyst to a fraudster’s illicit behavior.4
Pressure occurs when the fraudster is faced with a problem that he or she perceives to be “nonshareable.” The fraudster’s problem is often financial—for example, trying to maintain a lifestyle well beyond his or her means. There are exceptions, such as an employee who steals money to “get even” with his or her boss. What a fraudster perceives to be nonshareable varies considerably from one individual to the next, but the problems are almost always associated with either gaining or maintaining status. Another consistency is the fraudster’s strong desire to solve the problem in secret. Ironically, it is the nonshareable problem, not the illicit behavior, that the fraudster is most concerned about keeping secret.5
The second element of the fraud triangle is opportunity. Fraudsters must be in a position of trust with access to the necessary tools and information, have the technical skills to perpetuate the fraud, and perceive that they can act undetected.
The third, and most fascinating, element of the fraud triangle is rationalization. Almost invariably, perpetrators of fraud do not consider themselves wrongdoers. Rather, they absolve themselves of guilt in their minds by justifying their illicit behavior. Perhaps the most common rationalization is that the fraudster is only “borrowing” the money and will eventually repay it. This rationalization can be amazingly strong. Many Ponzi scheme operators, even after their schemes have collapsed, fervently believe that they were engaged in a victimless crime and that the only reason any of their victims lost money was that their schemes were discovered and stopped too soon. Despite overwhelming evidence to the contrary, these fraudsters often truly believe that they are just one more fraudulent act away from making everything right.
The longer a fraud continues, the more difficult it becomes for fraudsters to rationalize their behavior and reconcile their actions with their self-image of being generally good people. This contradiction between their actions and self-image often results in fraudsters becoming anxious, tense, or unhappy.6 Ironically, even though rationalizing their behavior becomes more difficult the longer the fraud continues, the act of committing the fraud becomes easier. Research indicates that once fraudsters commit their first fraudulent act, they do not stop before any realistic possibility of repaying the stolen funds disappears.
Within the framework of the fraud triangle, fraudsters are organized into three types: (1) independent businessmen, (2) long-term violators, and (3) absconders. Fraudsters may believe their scheme to be unique and inventive, but the nature of fraud committed by individuals within each category is relatively similar. Fraudsters within each category also tend to use the same rationalizations to justify their illicit activity.
Independent businessmen fraudsters typically victimize their clients or other business associates who have entrusted funds to them. Almost universally, independent businessmen describe the nonshareable problem that led to their illicit activity as being an “unusual situation” or “unique circumstances.” The two most common rationalizations for the fraud itself used by this category of fraudster is (1) that they are just borrowing the money or (2) that the funds involved are really their money so it is not actually stealing.
Fraudsters who are independent businessmen also commonly believe that occasional acts of illicit behavior are commonplace and normal business practice. Because they believe that everyone does it, they rationalize their actions as normal behavior. Ponzi scheme operators generally fall into this category. The most infamous of the recent Ponzi scheme operators, Bernie Madoff, drained hundreds of millions of dollars from nonprofits, including more than $26 million from New York University, according to disclosures filed by the school.
Long-term violators are fraudsters who steal modest amounts of money repeatedly over time. Long-term violators hold positions of trust within their organizations that allow them to conceal their illicit activity for extended periods of time, sometimes even years. In 2016, the CEO of the nonprofit Community Action of Minneapolis pleaded guilty to 16 counts of fraud and theft for misspending more than $800,000 on personal vehicles, exotic travel, and golf over the course of at least five years.7 He committed his fraud by using a corporate credit card and by lying to the board so it would approve the expenditures. The CEO was charged after the state conducted an audit of the nonprofit and discovered the fraud.
Similar to independent businessmen, long-term violators commonly espouse the “borrowing” rationalization to justify their behavior. They also often justify their actions as necessary to protect their family’s social status and to prevent its members from suffering poverty or shame. Another common rationalization among long-term violators is that the organizations they are stealing from “deserve it.” This rationalization is often grounded in the belief that their organization is in some way taking financial advantage of the long-term violator or is dishonest toward other people and therefore deserves whatever happens to it.
The final type of fraudster is the absconder. Absconders are individuals who steal money and then flee. Absconders tend to be of lower socioeconomic status and usually hold menial or lower level positions. They often live alone and do not have a strong social network, so there is little to dissuade them from running away after their theft.
Absconders often rationalize their illicit behavior by citing their socioeconomic status and lack of close personal relationships as proof that trying to live an honest life is pointless. Absconders often believe that, either due to their upbringing or their socioeconomic status, they are predisposed to criminal activity. The American Legacy Foundation disclosed that a former employee diverted more than $3 million over an eight-year period.8 An investigation revealed that the former computer specialist had allegedly diverted the nonprofit’s funds by creating inflated invoices for computer equipment and software that the nonprofit never actually received. The fraud continued until the employee left the foundation in early 2007 and moved to Nigeria.
There are four types of fraud that a nonprofit is most likely to experience: (1) check tampering, (2) expense reimbursement, (3) billing schemes, and (4) corruption—bribery, intimidation, or extortion.9 The most basic step that a nonprofit, or any organization, can take to protect itself from fraud is proper employee screening, especially for employees that hold positions of trust. Indeed, the Association of Certified Fraud Examiners found that in 49 percent of the cases analyzed, no background check was ever performed on the perpetrator of the fraud.10
Another basic step is the implementation and use of appropriate internal controls, including (1) separating responsibilities for maintaining the books, collecting funds, writing checks, and reconciling records, (2) sending monthly financial statements directly to the board and executives, and (3) establishing a strong relationship with the bank, including requiring two signatures and asking for notification for canceled checks and other unusual events. In the cases studied in one report, weak or lax internal controls contributed to fraudsters’ ability to perpetrate their schemes in 29 percent of the cases; the ability to override the internal controls was a contributing factor in 20 percent of the cases; and lack of management review of internal controls was a contributing factor in another 19 percent of the cases.11
The Association of Certified Fraud Examiners has reported that more than 40 percent of fraud schemes are uncovered through tips from employees or others who have a relationship with the organization. One way to encourage and facilitate tips from employees and others is to set up a hotline or other mechanism through which information can be provided confidentially to a nonprofit’s board of directors and executives.
Finally, it is important to understand that corporate governance plays a large role in fraud avoidance.12 For any fraud prevention initiative or risk management program to be successful, it must have the strong support of upper management and the organization’s board. It is the responsibility of an organization’s leadership to ensure that periodic risk assessments or audits are performed so that poor financial controls or other potential weaknesses can be identified. It is impossible to completely prevent fraud, but good governance can minimize an organization’s risk through the establishment of fraud prevention and detection procedures that are appropriate to the size of the organization and its available resources.