Stacey Greenlee, a 62-year-old Gilroy, California, woman, worked as an administrative assistant for the elderly owner of Guglielmo Winery in Morgan Hill from October 2022 to March 2024. Greenlee had access to the winery's bank accounts and credit card information.
During that period, Greenlee embezzled more than $100,000 by writing fraudulent checks, opening two credit cards in her own name linked to the winery's finances, and using them. She spent more than $60,000 at Graton Resort and Casino in Sonoma County, most of it in cash advances.
Greenlee concealed the scheme by withholding bank statements from the winery's accountant, despite repeated requests and by changing the email address associated with the bank account.
On September 08, 2025, Greenlee pled no contest in Santa Clara County Superior Court to two felony counts of elder fraud. On January 22, Judge Gilbert Brown imposed a four-year state prison sentence, which was stayed on the condition that she successfully complete four years of probation, including one year in county jail and payment of $30,000 in restitution.
Source: https://morganhilltimes.com/gilroy-woman-sentenced-for-stealing-from-morgan-hill-winery/
Commentary
In the above source, the perpetrator opened credit card accounts in the name of her employer without her employer's knowledge.
Employees opening credit cards or credit lines in the name of an organization typically exploit gaps in authorization, documentation, and oversight, so employers need layered controls before any account is created.
Organizations should adopt a written credit card and credit line policy that specifies who may apply for, or hold, organizational credit. The policy should require documented approval from an authorized officer, and prohibit employees from independently opening accounts or personal cards linked to the employer's tax ID.
Banks and card issuers should be instructed in writing to accept applications or account changes only with dual authorization, such as signatures from both a finance leader and an executive, and to send confirmation notices and statements to a central accounting address that a single employee cannot intercept.
Before granting any employee access to organizational credit, employers should conduct background checks, define individual limits, restrict merchant categories, and disallow cash advances, with all conditions recorded in an acknowledgment signed by the employee.
Once accounts are in place, management should review bank and card statements independently of the staff who process payables, reconcile activity promptly, compare spending to budgets and prior periods, and use online monitoring or alerts to spot new or unusual accounts, credit inquiries, or changes in contact information.
Any suspected unauthorized account or line of credit should trigger immediate contact with the issuer's fraud department. When appropriate, contact law enforcement, along with internal investigation and consistent disciplinary actions. These limit financial loss and reinforce a culture that responds to misuse of organizational credit as serious misconduct.
