Real Estate Agents and Brokers frequently manage cash for the clients. They may hold deposits, escrow funds, rents, CAM and tax monies, and other funds on behalf of their clients. We are seeing an increased trend in the theft of client funds by property managers, real estate agents and others related to real estate transactions. Some of the more common thefts we see are as follows:
1. Phony Vendors
Property managers are often responsible for approval of vendor invoices. Real Estate companies, and by extension tenants, rely on property managers to ensure that the prices paid for services are appropriate and that the services are actually performed. In many cases these costs are passed on to the tenants in the form of CAM and tax charges and not subject to the same internal controls as general corporate expenses.
Claims Example
In one case, a property manager and a relative were in collusion. The relative submitted multiple invoices for providing services to the property which were approved by the property manager and then submitted to accounting for payment. Since the control for the payment was approved by the property manager and the ultimate expense was charged back to the tenants, it was not caught until several years later. The total discovered discrepancies were $270,000.
Risk Management Procedures
-
1. Property Managers should have a procedure that ensures all vendors are approved by a central process of the real estate company. Property Managers may recommend vendors but they must always be approved in advance.
-
2. All work, except emergency services, should be subject to a requisition process. When a vendor submits an invoice and it is approved, then the invoice can be matched up against an open purchase order.
-
3. If the company is large enough, there should be a segregation of duties between the person requesting the work and the approval of the invoice for the work.
-
4. You should have a segregation of duties between the person who writes or signs checks, makes bank deposits and reconciles bank accounts. Some companies are not large enough to justify three separate employees performing these functions. At a minimum, the person conducting bank reconciliations should not be the same person who makes bank deposits or writes checks, even if that person doesn’t have signature authority.
2. Padded Invoices
Unfortunately, given the growth of large real estate companies it has become more common for management, accounting and other processes to be far removed from the actual properties being managed. This separation creates opportunities for fraud and theft where proper controls are lacking. We have seen many cases where a property manager either adds a fee or percentage to the invoice or orders more work/goods than is necessary and pockets the difference.
Claims Example
In one example, a property manager colluded with a vendor for a 10% kickback on all invoices during several construction related projects. This company had an approval process for all vendors but relied on the property manager for approval of all invoices. In this case, the invoices were from a previously established vendor, they were approved by the property manager and then charged back to the tenants. Over a period of three years, it was estimated that the additional cost to the tenants was over $2.5M which has subsequently been recovered. One individual was sent to jail.
In another case, a property manager ordered additional and unnecessary equipment for a property, with each new equipment purchase. For example, two air conditioning units were ordered instead of one, two garbage cans, two drills, etc. Over the course of two years, it was estimated that approximately $250,000 of additional and unnecessary equipment was ordered.
Risk Management Procedures
-
1. In addition to the procedures above, companies should have a conflict of interest policy that is signed both by employees and vendors. In the insurance industry, our carriers require us to sign a document every year which says we have not received any compensation from employees of the insurance company. We are also required to disclose any gifts. A similar policy with vendors for a property being managed is a good idea.
-
2. Real Estate companies should implement policies where employees are required to take at least one week of consecutive days off each year. In smaller companies, sometimes employees take off but still cover their regular work. Any employee who manages cash, approves invoices or makes payments should be required to take a full week of consecutive days off each year. This accomplishes two things:
-
a. It services as a notice that, at some point, a review of vendor files will be conducted.
-
b. If there are irregularities, these will almost certainly come to light, while the employee’s daily functions are handled by someone else.
3. Cyber Deception
The technology age has created efficiencies in the way real estate agents do business. They can send and receive invoices over the internet. They can make deposits, write checks and wire funds with relative ease. Unfortunately, these efficiencies have often come with limited controls. This creates significant opportunists for fraud and deception. A common claim today relates to a real estate agent being duped into wiring money to a fraudulent account. We are all familiar with the email from a Liberian consulate offering to share a $20 million dollar windfall, if you will only send him $1,000 to set up a transfer, or provide your bank account number so the funds can be wired to it. This scam has evolved significantly. Today, companies receive what appear to be valid invoices, wire transfer instructions or other correspondence, which then dupes an employee into sending money to a fraudulent account. This is a daily occurrence. Even companies with the most sophisticated controls have fallen victim to this type of scam.
Claims Example
A property manager received an invoice from an existing vendor that was approved for recently completed work. The invoice looks the same as all the other invoices they have paid and is even for the amount they were expecting. Except with this new invoice, the company is instructed to remit payment to a new bank account number as “apparently” the vendor switched banks. The property manager wires $75,000 to the new bank account, only to receive the correct invoice from the true vendor a week later. In this case, the vendor’s email was hacked. The thief knew about the invoice, intercepted the actual invoice, changed the payment instructions and sent the fraudulent email, making it look as if it was from the true vendor.
A title agent received a closing sheet from the seller’s attorney. The closing sheet had all the correct information as to borrower, property, rate, address etc. Included were wire transfer instructions with a note that they were updating the closing sheet to reflect the bank they had just switched to. The unsuspecting title agent wired $454,000 to the account indicated with the updated closing documents. The next day when the seller was looking for their funds, they discovered the mistake. In this case, the lawyer’s email was hacked. This gave the cyber criminal access to all the specific closing information needed to pull-off this scam.
Please note that in both of these examples the commercial crime policy did not cover the claim as the real estate company “voluntarily” wired the money to another party - no one had actually stolen the money from their account. There are policies that help cover some of this exposure, but it is a new and evolving risk that isn’t typically covered.
Risk Management Procedures
-
1.All vendor payment information should be verbally verified. As easy as it is to update information via email, the old process of picking up the phone and verbally confirming all information with a vendor should be part of the approval process. Don’t be duped into calling the number on the new invoice as it could also be bogus.
-
2.Any changes to existing payment information should also be verbally verified.
-
3.Do a quick internet search on new vendors. You might be surprised by what you find.
-
4.Implement a policy with your bank for a key for all wire transfers.
-
5.Verbally verify “ALL” WIRE transfers. NO exceptions.
For more information on this topic, please contact one of our licensed representatives at 201-847-9175 or at info@axisins.com