Fraud Series: Basic Controls Over Wire Transfers
The following article is part 4 in a series on protecting your business from fraud, authored by Bill Morgan, CPA, principal at WNDE.
Companies and other organizations often fall victim to online “phishing” schemes or phone scams, whereby fraudsters trick officers or employees into disclosing confidential codes or procedures involved with the processing of wire transfers. Noted below are some basic internal controls that will help safeguard wire transfers from fraudulent misappropriation.
General Internal Control Principles
For large-dollar wire transfers that are material to a company’s financial position, the following general principles should be used when establishing controls over wires:
- The initiation and processing of wire transfers should not be executed solely by automated systems and procedures. There should be human involvement in the process, whereby two or more high-level officers review and approve the transaction.
- Established internal control procedures for wire transfers should not be circumvented. This will prevent employees from sending wires on an “emergency” basis because of a fraudulent email, text or phone scam.
Wire Agreements with Banks and Other Financial Institutions
Banks and other financial institutions usually have standard wire agreements, which include specified procedures for initiating and processing wire transfers, password and encryption controls to be used, which bank and company officials are authorized to execute wires, etc. Company officials should read, and carefully comply with, the terms and conditions of the wire agreement. Also, the wire agreement should be reviewed on an annual basis, and amended if the parties to the wire transfers have changed.
Caveat: If the provisions of the wire agreement are not followed, the bank may not indemnify the company if a fraudulent wire transfer occurs.
Segregation of Duties
Controls will be strengthened if the person, or persons, who initiate wire transfers (i.e., the person that originates the paperwork, inputs the amount of the wire into the cash system, etc.) is separate from the person, or persons, who are authorized to execute (send) the wire transfer.
Although computer-generated facsimile signatures may be used by a company, controls will be strengthened if approval signatures are done manually. (This shows that the person has personally reviewed and approved the wire transfer forms.)
For additional information, please contact your WNDE professional.