 Hello and welcome. Thank you for joining us another episode of the nonprofit show. And today we have Jennifer Aliva CPA also managing partner with your part time controller. So thrilled to have you back with us Jennifer and you've spent a lot of time with us over the last couple of years. This week is a special week because it is your part time controller, but we always like to say why PTC power week so today share with us by frightening financial frauds. And I'm excited to have you on to talk to us about this. So before we dive into the conversation we want to remind our viewers and our listeners who we are so hello to Julia Patrick CEO of the American nonprofit Academy. I'm Jarrett ransom your nonprofit nerd CEO of the Raven group and honored to serve alongside Julia as the co host. We're also extremely honored to have the continued support from so many of our amazing presenting sponsors including your part time controller. Also want to thank Bloomerang American nonprofit Academy Fundraising Academy at National University be generous staffing boutique nonprofit thought leader nonprofit nerd and another shout out to your part time controller. So thank you so very much to our sponsors that keep these episodes going and growing. We're nearing 650 so I know we touted 600 but now we're nearing 650 and just honored to have these ongoing conversations. Speaking of these ongoing conversations if you missed any you know where to find us Roku YouTube Amazon Fire TV Vimeo and podcast so go ahead and queue us up wherever you stream your entertainment. And again Jennifer Aliva so glad to have you back with us welcome. Oh thanks it's great to be back. You know Jennifer you have been one of those go to people for us. I like to tell the story and I'm going to remind everybody that we had you on an early episode of the nonprofit show. And there was a congressional action that was being voted on and you had your phone and you were telling us real time as the votes were coming in because it had such a huge impact to the nonprofit sector. The stimulus dollars that came in and just all these things that were changing. Yeah, things are still changing aren't they they still are changing and today we're going to talk about some of the, all that flow of pandemic relief funding. And sometimes it doesn't turn out all that great and some people don't use it to the way it was supposed to be used. So during the time when the pandemic first started, it was, it was stressful for everybody nonprofits were really under tremendous stress and it was our pleasure to help them get through that very tumultuous time. And now we're hopefully coming out on the other side of it, but there's more issues as there always are. I just crossed my fingers for listening I'm like hopefully we're on the other side. Well you shared a little bit about how the pandemic has opened new ways for fraud. Talk to us about that Jennifer. Yeah, so the, you know, it's external to the organization internal to the organization and then really just to the general public I mean first external to the organization pandemic has created the virtual work environment that we are more susceptible to fraud because we're working in this new way and fraudsters are loving the change and taking us up on the vulnerabilities that they see and infiltrating organizations in that way and then of course internally. And a lot of organizations haven't revised their internal controls, or their policies and procedures to meet the new virtual work environment. We're doing a lot more electronic bill pay wires, a ch is and that is really a cause for concern in many organizations. And then you have the great resignation and the quiet quitting. You have disengagement of employees and that potentially is creates an environment that is ripe for fraud. And then you have this external risk, people that are setting up fraudulent nonprofits to prey on people's emotions that want to help in the pandemic relief and also in world events like the war in Ukraine so they're coming up with new ways to steal. Yeah, and you're going to talk to us about internal and external community basis, all of that. So let's start off with this frightening fraud number one. Yes, that our face you know it's the home alone. So tell us about number one the one you've identified for us a little bit to outside frauds, you know, a threat to the organizations from the outside of the organization so first let's talk about electronic threats. The FBI has reported that $43 billion has been lost on schemes in the US now this isn't just nonprofits it's all organizations but $43 billion on things on fraud schemes called social engineering and there's a couple different types of that and you're going to love these definitions there's phishing, there's phishing, and they're smishing. So phishing is sending fraudulent emails intended to trick the reader into revealing personal information, or tricking the reader reader of the email into sending money to a fraudulent to the fraudster I guess and then the phishing is making phone calls that's not emails it's phone calls that purport to be from reputable companies, and then smishing is that's fraud done by text message. To me so I've heard phishing, but fishing and smishing are new. Yes. So new vocabulary and talking about the theme of the pandemic and the new way of doing business, really increasing fraud opportunities. For nonprofits and I have a couple that really go to these in this category the external threats. So this is just came out in August it was the headline is local and federal law enforcement are investigating a scam in Lexington, Kentucky, which allegedly saw criminals send bogus wire transfer information to city staff. So the fraudsters sent bogus bogus emails to city staff saying, we're changing, pretending to be a nonprofit that they're funding. Right. So there's this outside nonprofit that the city's funding, and the fraudster sends these emails saying I, you know, we changed our wire transfer information. Right. I need to be that nonprofit. The city sends the money to the fraudster and not to the proper nonprofit to the tune of $4 million. This is just heartbreaking and fishing scheme. Classic. Absolutely. Wow. Big impact. Another one. This is in September, just this month, September 1 credential phishing attack targeted 16,000 emails at a nonprofit agency. I'm just going to read some of the headlines here on this or the summary here. Researchers have uncovered an effective recent phishing attack, where the fraudster claims to be the prominent charge card brand American Express and demands a card to open an attachment open attachment big risk and contact the card company immediately regarding the card holders account. And of course they're looking for the card holders information, their login information so that they can get into their account. This happens all the time. These fraudsters actually attacked a nonprofit agency, a larger one, and 16,000 employees got this email and got this request to send their personal American Express information to the fraudster. Now, you know, many nonprofits have company credit cards and they might have been, you know, if I was an employee and not trained employee of the nonprofit, I'd be potentially nervous like, Oh, they're trying to get into my company American Express account. So many take care of this. So, there's a lot of ways that nonprofits can be safe, safer, and help avoid these both of these phishing situations. First of all, have a rule never click on or open an attachment, unless you confirm it's safe. You know, Jennifer, I was aware of several organizations in my community that got an email and talking about purchasing gift cards. And staff said to the CEO, Hey, hey, I got those gift cards you asked me to get and they were like, What? To the tune of like thousands of dollars and so this can really ruin a lot of these nonprofits because you know, if we're operating at a very slim margin anyway, it's very disruptive. It's extremely disruptive and it's so important for nonprofits to have the right controls in place and also the rules of the road and making sure that they're checking that people are not going against the policies that they set up. So, we always tell our clients and other nonprofits, they have to have ways internally to confirm and multiple ways to confirm if they've gotten an email, you never go ahead and make a transaction based on just the email you're going to have to call the recipient call multiple sources to confirm that, especially if you're going to wire or a CH money or even send money electronically through a bill pay system. So you also have to have multiple people involved checks and balances. One person is in charge of sending all the electronic payments. There's that's easily set up for risk that from an outside source getting to that one person and changing having them change things and we always preach about employee awareness training. You know, you set up those kind of fake scams internally and see your people bite. And then you're like, okay, you've been on this now you really need the training. So, instead of having a real scam, you have a fake scam. Like a secret shopper right. So, you know, you've given us so many ideas of new ways to look at this. Let's dig down now to fraud number two, because that's not number one was a hair on fire moment for me. Okay. Yeah. So, fraud number two was so we're at fraud number three so review we had two phishing schemes, potential phishing scheme and one was just the classic vendor sending the information to the nonprofit for to send the wire to the wrong place the city officials. So now I'm going to talk about inside jobs. These are called occupational frauds. This is employee theft, or financial statement fraud, but I'm going to focus on the employee theft. And we always talk about the fraud triangle in our circles, the triangle in our circles, I thought that was funny, but anyway, the broad triangle are there's three things that components that can set you up and get you to make it right for fraud in your organization. One is the opportunity that the organization has that there's less. There's not there's not internal controls that are in place. One is pressure on an employee, they might have extreme financial issues that they are facing. And then there's rationalization and that's a big thing during the pandemic and we're talking about employee disengagement, and they're like, Well, that this nonprofit doesn't care about me anyway. It's I'm just going to I'm rationalizing that I can steal because there's perhaps other people doing it to there's not a proper tone at the top. So when we talk about these inside jobs. There's a couple ways people do this and you know, one is, especially in the pandemic, there's so much money going around that federal government was dishing it out very quickly and therefore we had proper internal controls in some cases to make sure everything was handled properly and then so there was this one Minnesota based nonprofit organization that helps to feed under privileged children, and this the federal government was giving them $240 million or even actually more because 240 million was the actual fraud that was perpetrated. And those were not using they were wandering the money through the organization allegedly through the organization to and using the money for their own purposes, and it was rampant throughout the organization and never got to the recipients that was intended whistleblower was one that blue that brought this to the attention of the FBI. It was actually the Minnesota Department of Education said this nonprofit is sending all of this money out to organizations that we do not think is actually helping the intended recipients were these children that were needed meals. So, this makes me wonder about this nonprofit was it was rampant sounded like because multiple employees were involved. Where was the board. I was going to ask, you seen that boards have become more complacent during this time because they're the fiduciary agents. Can you share with us about that Jennifer. Yeah, I'm not sure if it's really worse than it was. I don't have any evidence to support that, but I will say that boards have been distracted in many cases with other problems and maybe leaving like the policies and procedures, the internal controls, the proper review of financial statements. They haven't been on top of that as much of their than they were potentially when there wasn't so much stress and other issues going on, like during the pandemic that are we going to survive. Great. And they're not meeting in IRL in real life. So, think about all those board meetings where, you know, those reports are distributed and everybody sits and looks at them versus, Oh, did you look at them through the board portal and people are like, Oh, yeah, I skimmed it. I can see what you're saying that it's just kind of like fall through that is happening. So the boards I think need to remind, you know, be reminded and of course proper board training is so important about their fiduciary responsibilities as well as setting the proper tone at the top. And making sure that their behavior, their ethics in speech and in action are what they want the organization, all the staff members of that organization to follow and they want to have an executive that is going to be really walking the talk when it comes to ethical behavior and setting that tone at the top. Right. You know, Angela Cuxam, your wonderful manager was on again, nonprofit Power Week yesterday started with your part time controller and she reminded us the importance of tone at the top. And I don't think we hear that enough or when we hear it, we kind of gloss over it because it sounds good, but I was struck once again at how really important that concept is. And I can see it even now today as we chat that it really does, you know, filter down and impact what's going on. Okay, so I gotta say, well, going on to four then right going on to four, we're going on to number four. I can and this is the classic we're still in the inside jobs. This is the classic road bookkeeper fraud, which we see sadly all the time. So the headline is this recently a bookkeeper of a Hawaii based on profit was jailed for six months for writing checks to herself to pay for own family parties and trips. She also liked to set up fake fundraisers to use the money for her own use so she was double duty in the frauds that she was trying she was pulling off. So, it's interesting, during the pandemic, so many people switch to electronic bill pay system and they're, again, I was mentioning that their internal controls in that realm aren't fully set up in in many cases, but still there's a lot of people still using good old paper checks and the risks of individuals having no supervision and being able to sign checks, do the bank reconciliations, prepare the financials, all of the duties are all with one person is a situation that is ripe for fraud. It hasn't changed through the pandemic, but sad for these people because this is small nonprofit, and it was a $70,000 fraud not humongous but can hurt the reputation of the organization and it did in this case where funders are like, hey, you're not really showing your cherry responsibility, and perhaps we're going to pull our funding from you and that's that's a risk that nonprofits have when there is a documented fraud case with them. So, you're right and then you know to talk about it with you if you're a c six and your members that are part of the association. I mean that can really just breed some bad blood within the trust the rapport of the community, and to think you know if this person did that this time. How many other times has that also been done perhaps in previous years. My question Jennifer, do you then recommend a forensic audit or some kind of deep dive to see just how far back this might have gone. Yes, we always I always say when there's smoke there's fire. So sure if we see fraud in one area like checks being written to oneself, perhaps there was a fraud in the payroll area, perhaps there was a cover up in checks coming into the organization that were misappropriated or cash coming into the organization that was misappropriated. So we try to encourage our nonprofits to do a deep dive into all of their potential areas for fraud risk, and whether it's us that help them with that we're not forensic accountants but we can certainly help with some of those details, or pull out another non organization that can help take that deep dive with them and we also encourage our nonprofits to, to law enforcement, because if this person is doing this to you. Like you said, Jared, maybe they are, they have already defrauded another nonprofit and we hear that in the news all the time we've seen it in practice. And if we don't speak up they're going to potentially hurt a nonprofit and we want to protect our fellow nonprofits for sure I always encourage people to speak up it's hard because I talked about that represent reputational risk, and that could hurt a nonprofit and we do speak up with their funding sources but I just think, you know, as they say honesty is the best policy and transparency to your funders I think is the best way to go. Absolutely well talk to us about the external factors of this and how it could hurt the public as we mentioned, you know if this is internal. And you just read that headline, you know, how good how does this impact then the greater community. Absolutely. So there's this other good old fashion nonprofit fraud called setting up a scammy nonprofit to rip off the general public that's my title. Wow. And this is number five are we on this is number five we are number five frightening frauds we are a number one number five. And in July, the New York Times reported. This is the headline 76 fake charities shared a mailbox and the IRS approved them all. And you're just going to love this story. I think many people actually have heard the story because it was widely reported but it's always good to review and remember the interesting facts or alleged facts around the or the details of the story alleged details. So a convicted stock market fraudster once accused of dangling a man out of a building got the IRS to approve 76 nonprofits, often despite layering red flags of potential fraud. His operation stole the names of better known charities they claim to be located where they obviously were not. He stole about $152,000 from those nonprofits that it flowed through online giving platforms that people were just scam they didn't look really further into the nonprofit. I mean, maybe saw the name it looked like American Cancer Society or United Way, and they just gave money to the charity and luckily, the authorities are on top of this one. But what are we learning from this otherwise I mean I would say, you know it's well documented that the IRS is way behind on their enforcement and is letting things slip. Perhaps the new funding and this is controversial I know that you know the IRS funding, but the to us and we know this the as accountants. The agency is definitely underfunded there's definitely ways they could use the money in different ways, and perhaps it will help nonprofits. The other legitimate nonprofits show themselves, you know, more properly to the public. Instead of the headlines, showing these, you know, fake scams taking over. And so we were hoping that, you know, in the future, the IRS will be able to focus more on weeding out the improper nonprofits quicker. So if you're from a public if you're giving money to an organization, know who you're giving to there's organizations out there like guide star charity navigator, that better, better business Bureau and that organizations websites. Look for the IRS filings and proper financial statements on the websites before you give. And I can't tell you I probably go to guide star known as candid now, you can at least weekly if not daily. So those bookmark for me, you know, do your research look for that transparency the seal of transparency. You know Julia we talk about this often but our community. We're so known as being benevolent but these five financial, you know, frauds frightening financial frauds that's talk about a literation and mouthful Jennifer. And so I'm sure that there's, you know, viewers and listeners paying attention to today's episode going. What do I do but I love that you woven Jennifer so thank you so many things, you know, in regards to those policies and the internal controls. That's what we need to focus our time. I think building the public's trust a nonprofit has that job and to be transparent to show their financials on their website to and their IRS filings and to let the public know that they they can trust a particular organization because they're doing everything right they have proper board policies, they have a whistleblower policy a conflict of interest policy there's so many things a nonprofit can do to to gain the trust of the public and to. I guess it and it helps all nonprofits, when every nonprofit does their job to make themselves transparent. It does I think what you're saying is magical and that is for the good parts and the bad parts it impacts us all. And that's why we need to be sharing these messages and these stories because just because you think that you know you've been immune from this your organization has been you are impacted whether you know it or not. Yeah, that New York Times article was chilling because it was so simple and in that fraudster changed the name just a little bit to like all these other you know venerable organizations and so it's really a frightening thing I always love it when you come on and talk to us and share your knowledge with us. But I want everybody know that mission business is a really cool thing that you all have on the yptc.com website. It is a podcast where your experts come in and talk about things. It's really well done and I think this is a great way to get new information and it's free you don't have to be a client of yptc I mean it's an amazing thing that you're offering up Jennifer. I so appreciate you mentioning it because there's actually specific to the topic we're discussing today there's several podcasts and our most recent podcast really address some of the issues we talked about today. I talked to two members of Nazca, which is the National Association of State Charity officials, and we talk about state regulations for nonprofits, as well as some of the investigation of cases that they have about fraudsters setting up unlawful nonprofits to benefit themselves and what nonprofits can do to support themselves and look the best to the public. And I have an older podcast still on our website at yptc.com with Jerry Williams a former FBI agent, and we talked about some interesting fraud cases. Fraud is something people have find a lot of interest in it's kind of like the true crime stories and it is interesting but there's a lot to be learned for nonprofits about hearing these stories. And one more plug. We have our yptc October national webinar and that's on October 19. Okay, look out for this look out for this on our website. And that is topic is anti fraud best practices so also another timely. webinar and event that we're holding for any. You said that's October 20. So, 19, 19, October 19, just shy of a month away so make sure you get that on your calendar, yptc.com Jennifer thank you so much. And I'm really looking forward to the rest of the power week with your team, your part time controller team so again today we've had Jennifer Aliva CPA managing partner with your part time controller with us. Thanks again it's been fantastic Julie and I always love chatting with you. And we're so appreciative to partner with the nonprofit show, we love being part of it and we're really happy to sponsor power week and get to show off all of our great, some of our great members of staff. You know, they are great and you know they all bring something different to our conversations every day. But what I find really intriguing is that they weave through a lot of common things. And so it's just a pleasure to have your team on and to talk about everything. And I'm Julia Patrick, CEO of the American Nonprofit Academy been joined today by the nonprofit nerd herself, Jarrett Ransom. Again, we want to thank all of our presenting sponsors. Nonprofit power week doesn't come along very often. Jarrett and I only have these a couple times a year and so it's really a marvelous thing and to this week it's yptcyourparttimecontroller.com. Again, our sponsors, American Nonprofit Academy, Bloomerang, Be Generous, Fundraising Academy at National University, Staffing Boutique, Nonprofit Thought Leader and Nonprofit Nerd. These are the folks that help bring our content every day. You said Jarrett we're marching towards episode 650? We really are. Yes. Wow. No wonder I'm so tired. I'm so exhausted. Congratulations. Well, and thank you for the partnership. Yeah, it's been amazing. We love doing this, even with me traveling this week I text Julia and I said I just I miss it I miss the show so I have to be here. Thanks to all of you for joining us thanks Jennifer for joining us. And as we end every episode, we want to remind you to stay well. So you continue to do well and we'll see you back here tomorrow.