Skip navigation


It could have been a made-for-television movie of the week. A husband and wife team plots to purchase a body part, place it into a signature restaurant item that millions of consumers order every day, expose the foreign object and use the claim to extort cash from the restaurant’s parent company.

But it wasn’t fiction. It happened to Wendy’s International Inc. in March 2005, starting a three-month drama that included late-night television jokes, countless newspaper articles and millions of dollars in lost sales.

Eventually, the two people who tried to scam Dublin, Ohio-based Wendy’s by planting a severed finger in a cup of chili at a unit in San Jose, Calif., were sentenced to between nine and 12 years in prison. But that was not before Wendy’s reported losing at least $2.5 million in sales in the immediate aftermath, and even more in intangible losses to its brand reputation.

Now that the dust has settled, however, Wendy’s is able to see at least a few positives from the nightmare, says Denny Lynch, the company’s senior vice president of communications and the executive who led its crisis team during the incident.

“Some of the critical lessons learned? You have to have an early warning detection system in place, and you have to have a crisis management philosophy,” he says. “We knew within an hour that something had happened.” He adds, “A crisis comes in all sizes and shapes, and it is never convenient. … You can’t create a manual that tells you what to do, you have to create a philosophy.”

Wendy’s is not the only restaurant company to fall prey to scams. Pranksters, extortionists and con artists have always targeted the restaurant sector, mostly because the industry is vulnerable to litigation from so many angles. There are countless allegations of foreign objects being found in food, on-site injuries and even mistreatment by restaurant employees. In California, restaurants have been targeted by criminals posing as health inspectors, looking to scam money from operators that they claim to be in violation of health codes. These are the stories that capture the public’s imagination and most often harm a brand’s reputation and its bottom line.

Internal scams are also pervasive throughout the restaurant industry, and they are no less harmful, even if they are less public. Because the restaurant business is cash-heavy, relationship-based and employs many people working late shifts and long hours, fraud and theft is commonplace. And it can occur in both the corner office, as in the case of the former chief executive of Buca Inc. who pilfered millions of dollars from the company, and among unit-level employees, like the assistant manager at a Lee’s Famous Recipe outlet in Fort Wayne, Ind., who was charged just last month with stealing more than $16,000 from the restaurant over nine months.

In New York, a sophisticated identity-theft ring was found last month to have used restaurant staff to steal at least $3 million from the credit cards of more than 1,000 patrons.

Restaurants cannot always control what will happen to them, especially when a customer or employee has intended to scam the unit, but sources say companies can be prepared to reduce losses and stem poor publicity through comprehensive crisis management plans—and the constant reinforcement of those policies.


Put a crisis management plan in place—and practice it—systemwide.

Make sure all employees understand the chain of command.

Communicate to the entire restaurant system, senior management, the media and consumers. Frequent communication is key.

Provide confidential avenues for employees to report any instances of ethics violations. Staff those avenues 24/7 and make them multilingual.

Review and refine your crisis management and risk management processes often.

“We follow a process whenever there is a possible crisis,” Lynch says. “We don’t pull this out for the big ones, it is part of how we do things, and because of that it is constant training. Whether it is a false alarm or not, we go through the process.”

A simple but imperative first step in any situation, Lynch says, is a phone tree.

“We stress that you have to get a hold of someone,” he explains. “Don’t leave voice mails, don’t send e-mails, you keep going until you get in touch with someone.”

In the case of the finger that was placed in a serving of the restaurant’s chili, Wendy’s quick internal communication and its follow-up with both unit employees and its vendors allowed company officials to determine within 12 hours that the foreign object had not come from a Wendy’s employee. Officials then figured out within 36 hours that it had not come from any of the company’s manufacturers.


Headline-grabbing fraud attempts, like planting a piece of a finger in a cup of chili or a mouse in a bowl of soup, are not common in the restaurant industry. Internal fraud, however, is another story.

With late-night hours, bundles of cash and thousands of units, internal fraud in the chain-restaurant industry is a well-known roadblock to operational success that can be perpetrated by employees working the graveyard shift as well as those in the corner office.

But preventative measures can reduce a company’s vulnerability, says Stephen Molen, senior account manager for the restaurant and hospitality sector at EthicsPoint Inc., a governance, risk management and compliance services provider in Portland, Ore.

“The penalties are greatly decreased for companies that have effective processes in place,” he says. “A tip is a great way to find out about an event, but to properly investigate and resolve a claim, a sophisticated process is required.”

EthicsPoint works with numerous restaurant clients, including Buca di Beppo parent Buca Inc.; Rock Bottom Restaurants Inc., parent to the Rock Bottom Restaurant & Brewery and the Old Chicago chains; and the Arby’s and Waffle House systems.

The seven steps to preventing fraud in restaurants

1. Conduct a comprehensive risk assessment to establish your company’s risk profile.

Whether with an external agency or through internal resources, a risk assessment should be conducted at least once a year, Molen says. Once a company’s areas of risk are identified, a risk profile can be developed to plot the likelihoods of various occurrences and their respective impacts.

2. Promote effective communication of your company’s code of conduct and available procedures to report violations.

Companies should develop comprehensive marketing programs addressing issue, event and loss-management policies.

“With the restaurant industry’s high turnover rate, people are always shifting,” Molen says. “Simple insight into company policies when employees first start is imperative, but having posters, wallet-sized reminder cards, paycheck inserts and newsletters really re-emphasize a corporate goal of mitigating incidents that could cost dollars or get into the press.”

3. Provide confidential, anonymous reporting avenues 24/7.

Confidentiality is crucial in empowering employees to communicate without fear to those who need to know, according to EthicsPoint. Provide open channels of communication through a hotline, a website, human resources or even an open-door policy. If a hotline or a website is used, both channels should be multilingual.

4. Promote process consistency with targeted report distribution and oversight.

Immediate access to reports regarding ethics violations minimizes financial, legal and reputational risks, Molen says. The system should also generate summary and trend reports for audit and oversight committees.

5. Assess and classify reports for detailed reviews.

A proper system should encourage the quick review of reports in order to determine next steps, such as anonymously following up with a reporter for more details on the alleged incident, closing a nonactionable report or starting an investigation, Molen suggests.

6. Resolve reported issues, events and losses.

While resolving reported issues can be complex and involve numerous steps, various executives and a wealth of data, it is imperative to close every reported incident.

7. Conduct a program review and refine company processes as needed.

A company should conduct an assessment of outcomes and measurable results of their program, providing continuous feedback for change and improvement, Molen says. —Sarah E. Lockyer

“In this case, was this consumer fraud or not?” Lynch says. “It starts with the restaurant, asking very hard questions, undertaking tough probing. Is it an employee prank? …You need to find out the truth.”

Wendy’s also uses a set chain of command that becomes very important in times of crisis, Lynch explains. A crisis management council—made up of senior management, including the chief executive, chief operating officer and chief marketing officer, as well as field representatives including franchisees—work together to lead the company, and the point-person is determined by the characteristics of the crisis at hand.

In this latest example, because the foreign object in the chili was determined to involve fraud, the situation moved from one centered on quality assurance to one revolving around public relations, Lynch says.

“Part of our philosophy is getting the right people in the right place,” he says.

Wendy’s set up a hotline so that anyone with knowledge of the incident could come forward anonymously, and it was that move that led to the tip that broke the case open. In addition, a $100,000 reward was offered and “happily paid out,” Lynch says, to the tipster.

“We knew we had to prove our innocence because the media had already chosen to convict us,” Lynch says.

Another proactive move was Wendy’s Frosty giveaway, where every domestic Wendy’s restaurant offered a free junior-sized Frosty to each customer, as a thank you for sticking with the brand throughout the incident.

“We had to get people back into the restaurants,” Lynch says. “There was a gross-out factor, and we understood that. The free Frosty weekend was away of shifting the news, and it worked. People thought about Wendy’s as a restaurant again.”

Operators need to be proactive even if an event is out of a company’s control, says Julie Davis, spokeswoman at Cracker Barrel parent company CBRL Group Inc. CBRL, based in Lebanon, Tenn., was the victim of an attempted scam in 2004 when a mother and son team planted a mouse in a bowl of soup at a location in Virginia. The company made it a priority to communicate to the press, consumers and the company’s employees any information that could be released, she says.

“Share what you can,” she says. “If you create a vacuum, others will fill it with rumors and guesses.”

Davis contacted reporters who had covered the story when it first occurred to alert them that the investigation had revealed it was a fraud and the two individuals had been convicted of attempted extortion. She said without that outreach, the media might have ignored the actual result because it was less interesting than the story of a mouse being found in food.

Officials at both Wendy’s and CBRL say it is also important to focus heavily on the company’s employees during a crisis to prevent turnover, another potentially costly concern.

“Look out for your employees,” Davis says. “Do everything you can to get through the difficult time and to build morale. Move quickly to protect the brand.”

Internal scams have a whole different set of issues, sources say. At Minneapolis-based Buca Inc., parent of the Buca di Beppo casual-dining chain, a former chief executive, Joe Micatrotto, pleaded guilty to fraud and was sentenced to prison after receiving kickbacks from vendors and using company funds for personal reasons. To create a new corporate culture based on values and ethics—and one that encouraged employees and vendors to report incidences of company violations—Buca began to outsource its hotline and governance capabilities.

“You have to have a clear message from the top,” says Rich Erstad, Buca’s general counsel. “The CEO must be clear on the company’s mission and values. When our new management team came in, it was imperative all employees and all constituents had a clear venue for reporting concerns.”

With an outside vendor, Buca created a website, , that allows anyone to anonymously report violations or concerns and follow up on the company’s handling of the situation.

“I think some companies are afraid, afraid of stirring something up,” Erstad says. “But especially because of the mess we had we have to be on top of this, we need to be hearing these things. It’s the way to do business. You can’t hide from your problems.”

It’s also a sound business decision, he notes. An anonymous platform for customers, vendors and employees to report ethics violations could reveal a costly situation months earlier than normal, saving money and even reducing corporate liability.

According to the Association of Certified Fraud Examiners’ 2006 Report to the Nation on Occupational Fraud & Abuse, companies that use anonymous fraud hotlines, or other anonymous reporting vehicles, reduce their monetary losses by half. The companies also are able to detect an incidence in 40-percent less time than companies that do not employ anonymous-reporting opportunities.

The study examined 479 organizations from various industries that had fraud hotlines or other anonymous-reporting mechanisms at the time the frauds occurred, compared with 581 companies that did not use those techniques. Those with hotlines had a median loss of $100,000 per scheme and detected the respective frauds within 15 months of inception. By contrast, organizations without hotlines suffered $200,000 in losses and took 24 months to detect the fraud.

Special Report


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.