Payroll fraud threatens any business that pays employees or contractors. Unfortunately, this type of financial crime can go undetected for months—even years—and inflict significant losses.
Findings from a Recent Study
The Association of Certified Fraud Examiners (ACFE) defines payroll schemes as "A fraudulent disbursement scheme in which an employee causes their employer to issue a payment by making false compensation claims." According to the ACFE's "Occupational Fraud 2024: A Report to the Nations," payroll fraud incidents generate a median loss of $50,000 (or $2,800 per month) and can take 18 months to detect.
The study found that some industries and geographic regions appeared more susceptible to these schemes than others. Although 10% of worldwide fraud cases in all sectors involved payroll, about 33% in the transportation, warehousing, retail, and technology sectors involved payroll. In the United States and Canada, 15% of fraud cases involved payroll.
Like many forms of occupational fraud, the impact extends beyond direct financial losses. It can also affect employee morale, attract unwanted media attention, and unsettle customers, possibly causing a loss of confidence. Furthermore, payroll fraud can lead to IRS and regulatory fines and penalties for violating tax and labor laws.
Types of Payroll Fraud Schemes
Although employees can commit payroll fraud, so can employers and third parties. Here's an overview of payroll schemes and recommendations for preventing them:
Ghost Employees
Perpetrators add individuals who aren't employees and exist in name only to the payroll. Ghost employees' wages are deposited in accounts controlled by fraudsters.
Some Ghosts Are Employers
"Ghost employer" is the term for employers that issue Forms W-2 to employees but don't submit those forms to the Social Security Administration. These employers also fail to file employment tax forms or make federal tax deposits, thus widening the IRS's tax gap (the difference between tax owed and tax paid).
To help reduce the tax gap associated with ghost employers, the Treasury Inspector General for Tax Administration (TIGTA) recently evaluated IRS data—called the Ghost Employer Project—that included results from 2018 to May 2023. TIGTA's analysis estimated that 162,000 potential ghost employers owe $1.7 billion. TIGTA noted that successfully prosecuted cases have led to an average restitution of $1.3 million per case.
Excessive Payments
Here, employees receive overtime pay by inflating the hours they work, their pay rate, or their commission rate.
Employer Embezzlement
Some employers might withhold income for taxes, 401(k) plan contributions, or medical expenses but fail to remit them.
Payroll Diversion
Cybercriminals often use phishing emails to trick employees into providing sensitive information, such as bank login credentials. This becomes a form of payroll fraud when they divert payroll direct deposits to accounts they control. Crooks might also target employers by sending them fake emails from "employees" requesting changes to their direct deposit instructions.
Expense Reimbursement Fraud
Employees receiving expense reimbursement might inflate their expenses, submit multiple receipts for the same expense, or claim nonexistent expenses. When perpetrated by employees, this type of false compensation is indirectly related to payroll fraud.
Fraud Prevention Tips
As with most forms of fraud, preventing payroll fraud requires multiple layers of internal controls. Here are some recommendations to fortify your company's defenses:
- Require at least two employees to approve the addition or removal of employees from payroll records and changes to employee compensation rates — including salaries, overtime, commission rates, and contracted hours
- Use exception reporting to flag excessive employee pay rates, total compensation, work hours, and expenses claimed
- Scrutinize employee expense reimbursement requests closely, notify employees of any discrepancies, and require timely amendments and resubmissions
- Ensure contractors' invoices and expense reimbursement requests are approved by a manager familiar with their role and engagement terms
- Perform a monthly or bimonthly audit of a random sample of employee payroll to identify anomalies
- Periodically audit automatic withdrawals from employee payroll and ensure the funds are properly transferred
- Deploy a robust verification process to ensure any changes to employee direct deposit are authorized. For example, send employees an email to their email address on file stating that a change order was received. In the subject line of emails, say something like, "If you didn't request this change, contact us immediately." When in doubt, don't make changes until employees confirm them.
Also, educate employees about payroll schemes, phishing attacks, and the importance of not sharing sensitive information via email. The 2024 ACFE study found that the median fraud loss for victim organizations that provided fraud training to executives, managers, and employees was roughly half the median loss reported by organizations without training programs.
Universal Threat
Payroll fraud can threaten businesses of all sizes and industries. Your organization can mitigate the risk by understanding the various forms of payroll fraud and implementing robust internal controls, frequent audits, and employee training.
© 2024