Is Your Government Agency Safe from Fraud?
In 2022, the small town of Spring Lake, North Carolina, made national headlines when a jury convicted its former finance director of embezzling over $567,000 during a five-year period. Forging the signatures of town officials, the employee wrote checks from the town’s bank account and deposited into her accounts for personal use.1
While not all cases are this egregious, government fraud is rising. A recent study revealed that 18% of scams involved a government entity and had a median loss of $138,000.2 Of these, 27% involved state or provincial governments and 25% local ones.3 Regardless of level, the result is the same — fraud committed against governments reduces available funds to provide necessary services to the victim communities and citizens.
What makes government organizations more susceptible to fraud?
Municipal and local governments are more prone to fraud for two primary reasons — their inherent structure and security posture.
Lack of proper controls, training and resources contributes to internal fraud against governments.
Many local and municipal governments lack the financial and human resources necessary to provide oversight or effectively combat fraud. These agencies need more financial expertise among elected officials since there is frequent staff turnover due to regular elections. Further, the sector is experiencing a significant labor shortage as workers speed up retirement or quit at higher-than-average levels.4
When it comes to internal fraud against municipal and local governments, there's no shortage of schemes to drain taxpayer accounts. Sixteen percent of government scams involved collusion between multiple internal parties.5
Most theft involved some form of asset misappropriation, corruption, or financial statement fraud.6 There may be a culture of blind trust in officials that contributes to the organizations’ vulnerability to fraud. While most perpetrators are employees or managers (76%), the median loss at the executive level is the largest at $337,000.7 In over half of the occupational fraud cases in a recent study, the stolen funds were never recovered, leaving taxpayers holding the empty bag.8
Other real-life cases of government fraud:
- In one of history’s largest cases, 70 NYC public housing authority employees in six states were arrested for bribery and extortion. The ring demanded and received over $2 million in bribes in exchange for rewarding contractors $13 million in work.9
- A former senior director of fiscal services in an Orange County school district embezzled $14 million over seven years of employment. Using more than 250 unauthorized checks, he made deposits into his personal bank account to pay for a home and other luxury items.10
- Lack of oversight and financial controls opened the door for a Massachusetts town treasurer and collector to embezzle over $100,000 during a six-year period. She wrote checks to herself and falsified bank statements before a routine audit discovered a discrepancy.11
- Credit cards are an especially easy tool for fraudsters. An Iowa city clerk recently charged $19,000 in personal spending, including snacks, to the town’s credit card.12
- Among several schemes netting over $2 million, a California state employee set up a shell company for her and co-conspirators to receive fraudulent payments.13
Cyberattacks against the public sector and associated costs are increasing.
Internal fraud isn’t the only concern for government agencies. The private sector’s heavy investment in cybersecurity prevention is driving fraudsters to what they perceive as less secure public administration sector systems. In fact, Verizon observed 20% of incidents and 11% of breaches in the public sector – more than any other industry.14
Malware and ransomware can go undetected for extended lengths of time in the public sector and are increasingly worrisome. Here’s why:
- Out of 582 confirmed breaches, 300 involved malware or ransomware.15
- Between 2022 and 2023, ransomware attacks on local governments rose from 58% to 69% year over year. Municipalities are paying higher ransoms, with 28% indicating they'd paid $1 million or more in 2023 compared to five percent in 2022.16
- “Double-dipping,” where bad actors encrypt and steal data, occurred in 48% of ransomware attacks targeting state and local governments.17
Along with intellectual property theft, denial of service (DoS) and downtime contribute to cyberattack costs.
What are government organizations doing about fraud?
The short answer: not enough.
Some governments are supporting their municipalities with training programs to increase financial literacy and fraud detection, or enacting after-the-fact safeguards like management reviews and technology solutions.18 Many states have even mandated some level of cybersecurity readiness to protect sensitive data and conduct audits.19 Unfortunately, reforms and upgrades are being outpaced by criminal sophistication. What's more, the risk continues to increase as more government business is conducted digitally.
Take steps to reduce fraud risk in municipal and local governments.
It’s clear governments must do more to protect taxpayer funds. Seven steps will help to mitigate the effects of internal and external fraud.
Set the proper tone at the top.
Ensure senior management and elected officials promote a culture of ethics and accountability. Insist on annual training for all staff.Conduct risk assessments.
Commission a licensed Certified Financial Examiner to conduct a fraud-prevention checkup or a fraud risk assessment. Coordinate your payment and approval process with your financial institution to ensure maximum security.Protect your networks and systems.
Upgrade your security software. Implement password hygiene and two-factor authentication. Review remote desktop protocols, including ensuring that ports are closed after employees finish using them.Limit access to systems.
Split accounting functions among multiple staffers and ensure everyone uses their vacation days. Restrict the number of people with access to credit cards. Require multiple signatures for banking transactions.Secure payment and reconciliation methods.
Be sure you know who you’re paying. Keep up-to-date records on vendors and other payees. Enlist services that provide validation of payees, as well as flag and/or block payment requests that don’t match information on file. Track and frequently review debits and credits against your electronic file.Don't rely on Google® for background checks.
A paid service or software product is better for employee or vendor background research because it targets information related to fraud, money laundering, civil complaints, criminal judgments, or other criminal activity, whereas Google promotes "popular" websites.Pay attention to red flags.
Unexpected changes, higher-than-usual costs, substantial changes in employee lifestyle or behavior, and new or unusual vendors should all trigger further inspection.Promptly file a complaint with the Federal Trade Commission (FTC) or Department of Justice (DOJ).
If you suspect government fraud, it is important to promptly file a complaint. The FTC and DOJ both maintain websites — ReportFraud.ftc.gov and Justice.Gov — to report consumer and business scams, as well as suspicious business practices. The FBI’s Internet Crime Complaint Center (IC3) fights cybercrime and you may call them at 800-CALL-FBI (800-225-5324) to report fraud or public corruption. State and local entities may also contact the State Attorney General’s Office for assistance.
Tight budgets, staff attrition, inadequate training and overwhelming workloads can make it challenging for even the most resolute civil servants to properly detect and prevent government scams. Still, municipal and local entities must protect themselves against internal and external threats, while maintaining the public's trust.
For more information on how you can protect your organization from fraud, contact Synovus Government Banking Solutions.
-
How to Prevent Phishing and Other Business Fraud
Last year, phishing was the leading fraud claim and the second costliest in FBI investigations. Corporations must know how to prevent phishing to avoid fraud losses.
-
A Smaller World, After All: Technology that Makes Sense of Global Trade
Global trade is increasingly complex. Learn how international trade platforms can help your company manage risk.
Important disclosure information
This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information. Diversification does not ensure against loss.
- Department of Justice, “Former Spring Lake Public Official Sentenced to Four Years in Prison for Embezzlement,” December 14, 2022 Back
- Association of Certified Fraud Examiners (ACFE), “Occupational Fraud 2022: A Report to the Nations,” 2023 Back
- Ibid Back
- American City and County, “Report: Labor Shortage, Hiring Challenges Persist for State and Local Government Hiring Manager,” June 29, 2023 Back
- Verizon, “2023 Data Breach Investigations Report,” May 6, 2023 Back
- Association of Certified Fraud Examiners (ACFE), “Occupational Fraud 2022: A Report to the Nations,” 2023 Back
- Ibid Back
- Ibid Back
- Fox Business, “Dozens of New York City Employees Arrested in Bribery Case that Cost US Taxpayers Millions,” February 6, 2024 Back
- U.S. Department of Justice, “Former Orange County Education Official Arrested on Complaint Alleging He Embezzled More than $14 Million from School District,” October 19, 2023 Back
- The Stow Independent, “Landry Court Case Closer to Settlement,” August 9, 2023 Back
- Des Moines Register, “Iowa Clerk Spent Public Money on Gum, Tobacco and Fritos, Auditor Finds,” December 21, 2023 Back
- U.S. Department of Justice, “Former State Employee Sentenced to 12 Months in Prison for Role in $2 Million Scheme to Defraud the Office of AIDS,” April 20, 2023 Back
- Ibid Back
- Sophos, “The State of Ransomware in State and Local Government 2023,” August 1, 2023 Back
- Ibid Back
- Ibid Back
- ICMA, “It Can Happen Here: No Local Government is Safe from Fraud,” August 1, 2023 Back
- Agile IT, “A Guide to State and Local Government Cybersecurity Regulations,” August 18, 2022 Back