Businesses spend substantial resources on growth in sales. Online marketing efforts allow sales to customers and clients a business many only have contact with via email, and these days it is not unusual to develop new customers entirely via email engagement without “meeting” the customer by telephone or in person. Most of these electronic engagements make efficient use of everyone’s time and work out fine. But don’t let the allure of opportunistic growth override appropriate client vetting and risk management. What do you need to know to minimize the fraud risk posed to your business through the new relationship?
Say you are a sales professional for a company that provides payroll processing to businesses across the country. Your job is to bring in new accounts, and your compensation depends on how many you can land. One day you receive an email from a new customer, Jim, seeking help with a fairly large payroll. Jim is in a big rush because his employees must be paid by the end of the week. You don’t want to lose this lead, so you fast-track the paperwork, and your company sets up access to Jim’s account in order to process the paychecks for his employees. The transactions are all undertaken through ACH transfers. Your company does not advance funds until matching funds plus a fee are transferred to your company by an ACH transfer. On the surface, this appears to be a safe relationship. What is the risk?
In fact, all goes well for a few weeks with the same process of ACH transfers taking place on a weekly basis. But out of the blue, your company receives notice from your bank that Jim has reversed the ACH transfers to you over the prior few weeks from which you made payments to Jim’s “employees.” You learn that the account that made the transfers to your company was not a business account as represented, and the period for reversal of the ACH transfers is greater than you assumed. The transactions through which you collected the funds to pay Jim’s “employees,” as well as your fee, are reversed, and your company finds itself out the money it deposited in their accounts. The ACH transfers seemed safe and efficient but, in retrospect, made you an unsuspecting and unwilling creditor of a scammer.
Scams like this have impacted many different kinds of businesses, and even experienced, cautious professionals can be duped when they are moving too quickly to apply the appropriate level of scrutiny to new accounts. Once your money is gone, it can be very difficult to hold the culprit accountable, so companies are far better off taking proactive steps to protect their business and ensure they are working for legitimate clients, and that they appreciate the risks associated with the way in which they are paid.
1. Know who you are working with.
The more you know about your customers, the better job you can do in meeting their needs. But standard due diligence practices can help reveal red flags that should give you pause. Verify that the person who contacts you actually is affiliated with the organization he or she claims to represent. Read documents and make sure they are properly executed. To the extent that the transaction is secured by a guaranty or indemnification agreement, what have you done to evaluate the guarantor or indemnitor? Slow down and double check that you have all the information you need to move forward with confidence.
2. When has the payment cleared?
It is important to understand when the payment you have received is actually “yours.” Under what circumstances and for how long can your customer reverse the payment? Is the guarantor or indemnitor able to actually cover the exposure he, she, or it assumed to you? The answers to these questions is a measure of the risk that you have assumed through relationship with your customer. And the answers to these questions should cause you to evaluate whether, perhaps, you need to do more to protect yourself against the risk of non-payment or, possibly worse, reversal of payments.
3. Evaluate fraud risks associated with the way your company does business.
With any service it provides in the marketplace, a company is usually taking on some risk or responsibility for its customers — that’s what the customers are paying the provider for. In the case described above, the payroll processor agrees to briefly advance funds for employee paychecks and be reimbursed from the customer’s account. If the right kinds of accounts and safeguards had been in place, the fraudulent customer, Jim, would not have been able to reverse the payments he made. But you can only protect a vulnerability you know exists.
The risks inherent in providing services in advance of payment is common to many professional service providers. Do you require or need retainers? Have you documented the arrangements in a manner that minimizes your risk? Have you evaluated whether your retainers — or security deposits — leave you exposed? Have you evaluated the indemnification obligations that your business has accepted in its agreements with vendors or customers?
4. Establish internal policies and then follow them.
As your business grows, it becomes more difficult to keep your eyes and ears on every new customer. Having a standard onboarding process for new accounts that everyone in your company follows can create a baseline level of certainty that you are safe from scams conducted via email.
These tips sound simple, but the most effective protections for your company will depend on specific aspects of the way you do business. A skilled business attorney can help you create a plan tailored to your company’s needs and give you some peace of mind as you continue to grow your client base. What do you need to know to minimize the fraud risk posed to your business through the new relationship?
This article originally appeared on LinkedIn on January 16, 2020.