January 12, 2011

Embezzlement Happens. It's What Charities Do Next That Matters

What should you do when a trusted employee takes the equivalent of 15 percent of your organization’s annual budget?

Embezzlement and other fraud are a huge drain on nonprofits’ ability to serve their communities. Yet I consistently see nonprofits doing less than the law requires them to do to punish thieves, and far less than the most they could do to recover the lost assets.

Over the past few years, my colleagues and I have consistently told numerous nonprofits they need to do more to penalize embezzlers. Executives and board members in charge of nonprofits have a fiduciary duty to protect their nonprofits’ assets and preserve their ability to provide services. If nonprofit leaders don’t do enough, they have breached their duty, and that could prompt their attorney general to take action.

Embezzlement happens. Before my presentations to nonprofit groups, I often search the local news outlets so I can have current example available to illustrate my points. And without fail I find at least two in the previous four months or so, and those are just the ones that nonprofits disclosed and journalists found worthy of reporting.

According to the best estimate I’ve seen–a 2007 study by four university scholars of accounting— nonprofits lose 13 percent of the total they collect in donations each year to fraud.

I don’t know why organizations fail to take enough action against someone who just ripped them off. But all too often, state attorneys general have had to inform nonprofits that they need to do more.

What should a savvy nonprofit do if an employee has embezzled?

Punish the offender. Some nonprofits don’t even take this crucial step. The scholars who conducted the 2007 study found that only 72 percent of organizations that had been victims of fraud decided to fire the employee who stole from them. Seven percent took no steps at all to punish such workers.

Report the embezzlement. Tell law-enforcement officials about the problem and cooperate with investigators in every way they can. Ideally, nonprofits will get a police report and then do everything possible to help the investigator or detective who follows up. It is much more embarrassing to tell a donor you didn’t even file a police report after her $50,000 donation disappeared than it is tell a police detective what happened.

Get the stolen money back. I am constantly frustrated by nonprofits that get ripped off by employees who broke their trust in heartbreaking fashion, yet fail to do anything to recover the money.

I understand that stolen funds often disappear, but that is not an excuse not to even try to find out if repayment is possible. Nonprofit leaders often ask me whether they’ve done enough if they have determined the embezzler can’t pay back the stolen funds. Nonprofits don’t have to pursue embezzlers beyond some point of diminishing returns, but only once have I ever said that a nonprofit had done enough.

In that case, the executive director of a shelter stole about $100,000 in cash and property over two years. After he was discovered, he committed suicide. Four days after his death, the shelter sued his spouse and mother to retrieve its property. Its swift and decisive response saved a great deal of its assets.

Some organizations I have spoken to about embezzlement have made the following excuses for inaction:

  • "She is sincerely sorry for stealing, so we’re not going to terminate her."
  • " We’re sorry for him, so we’re not going to try to get any repayment from him."
  • "Even though our executive director’s inaction allowed the theft, we’re going to trust him to follow up without any oversight"
  • "We’re too embarrassed by this to tell: (a) the police, (b) our insurance company, or (c) our donors."

Others have made the more understandable but still inappropriate excuses, to explain why no new safeguards were put in place:

  • "We thought our external auditor would catch everything."
  • "His embezzlement was so creative that it could never happen again, so we’re not going to make any changes."

As a regulator, these excuses cause me to think that a nonprofit is unwilling to protect its own money, unwilling to protect the trust its donors have placed in it, and unwilling to do what is needed to serve its constituents. And if it is unwilling to do that, the attorney general could be quite willing to take more drastic action for the nonprofit’s breach of fiduciary duty.

However, nonprofits need to understand this above all: If you do contact us for assistance in an embezzlement case, you will always receive the benefit of the doubt and whatever assistance we can offer in retrieving stolen assets.