Printed from

Alert the proper authorities when employee theft is suspected

Posted On: Apr. 1, 2013 3:46 PM CST

Alert the proper authorities when employee theft is suspected

When a midsize business owner or executive suspects one or more of the company's employees is stealing, the first call made often is to the wrong authorities, experts say.

Chris Giovino, a partner at New York-based forensic accounting firm Dempsey Partners L.L.C., said he had one case in upstate New York where the state police had to be called in after the business owner reached out to the local police department.

“That was the wrong call to make,” Mr. Giovino said.

The department had just four officers, none of whom was equipped to tackle white-collar crime, he said.

“I had to undo that and meet with the district attorney and ask him who he would like to work with,” Mr. Giovino recalled.

To save time and avoid frustration, Mr. Giovino suggested that midsize business owners and executives meet ahead of time with their local law enforcement authorities to determine whom they should call should they suspect occupational fraud occuring within their organizations.

“This is the kind of conversation you want to have before something bad happens,” he said.

For example, if the U.S. mail or money wire transfers are involved, U.S. Postal Service inspectors or the FBI may be the appropriate authority to contact, Mr. Giovino said. Alternatively, if tax fraud is suspected, such as when employees report income under the Social Security numbers of other individuals whose identities they have stolen, the Internal Revenue Service might be the appropriate source to tap, he suggested.


Hartford Steam Boiler Inspection & Insurance Co. offers “pre-notification consultation” to crime insurance policyholders “that will help the insured know who to notify” in the event of suspected employee theft, according to Vice President Eric Cernak. “Some states require that the state attorney general's office be notified. If it's a medical office, (the Department of) Health and Human Services needs to be notified,” particularly if the theft involves personal health information, which is protected under the Health Insurance Portability and Accountability Act.

“If it's financial in nature,” he said, such as if an employee is suspected of forging checks, “you're going to notify the financial institution right away, and they'll have their own fraud department and investigators.”

“A lot depends on the type of fraud or theft,” Mr. Cernak explained.

In the case of thefts involving data, trade secrets or other intellectual property by employees and other insiders, “you should have a contingency plan in place ahead of time,” said Richard Shea, a partner at Covington & Burling L.L.P. in New York, during a March 12 seminar on “Employee Trade Secret Theft: The Threat from Within” hosted by Covington & Burling in New York.

An incident response plan should include an approach to determine whether disclosure of a theft is necessary or desirable and to whom the theft should be disclosed, according to Robert Newman, also a Covington & Burling partner in New York who participated in the seminar.


“When you put together a plan, not only do you have to have an internal team — legal, human resources, public relations, (information technology) security, etc. — you will need an outside team because you may not have the capacity to do internal investigations,” Mr. Shea said.

And if customer data has been taken, the company might have a legal obligation to notify customers or regulatory agencies. The theft also might violate some criminal laws, according to Mr. Newman.

For example, the Economic Espionage Act of 1996 makes it a federal crime to attempt to take, or conspire to take, a trade secret, according to “The Threat from Within: Theft of Business Critical Information by Company Insiders,” a white paper recently published by Covington & Burling.