Your bank or credit union is the lifeblood of your business and critical spoke in the wheel of daily commerce. To their credit, financial institutions are working hard to make doing business more convenient for us.
Recent interactions with clients, however, has led me to the conclusion that some of these conveniences, used improperly or without oversight, can increase a company’s risk of fraud.
This doesn’t have to be the case! Understanding these products – what they can and can’t do – and your role in proper oversight over your banking transactions increases the likelihood that these products can work in your favor and decreases the chances that a fraud scheme goes unnoticed.
Simply put, positive pay ensures that the bank only pays on checks presented to them that match the amount and check number you have provided in advance. Checks presented to the bank that do not match the positive pay file, commonly called “exceptions,” must be cleared prior to being paid. I highly recommend that companies ensure that exceptions are cleared only by someone other than the person who initiates the positive pay file or who has access to the company’s check writing system.
Online bill pay or funds transfer access
I once investigated a fraud where an unscrupulous controller directed $5 million of my client’s funds to his own account using online bill pay. The bank statements indicated that expenditures were legitimate. It was only when the set up file was reviewed that it was discovered the funds were being misdirected to the controller’s personal account. Any online transfers of funds from your company to an outside source should be set up by one person and authorized by another. Many online banking systems can be set up with these dual controls, requiring the actual funds transfer be approved by a user different than who set up the initial transaction.
“We only go to the bank once a week because we only receive checks, we don’t take cash.” Checks written to your business are as easily converted for someone’s personal benefit as cash. It is highly recommended that cash and checks be taken to the bank daily, this eliminates the risk of theft or loss (and increases your cash flow!). Many banking institutions provide remote deposit machines that allow you to deposit checks as you receive them. While there are transaction fees associated with this convenience, it can be a convenient way to increase your cash flow and decrease your risk of fraud from a skimming scheme.
Access to banking transactions online is one of the most delightfully convenient products banks provide. Too often, however, my clients are choosing not to receive paper statements and/or choosing not to receive images of their cancelled checks. As such, the most critical oversight function in a business, the review of the bank statements and cancelled checks, is foregone. Take it from me, it is excruciating to wait for cancelled check images to load and most business owners don’t have that kind of time! Fraudulent disbursements (i.e. someone writing checks to themselves or their vendors for their personal benefit) are the number one fraud scheme, and the review of statements and cancelled checks is the number one way such a scheme is uncovered. Ask your bank to send you paper statements with the cancelled check images and perform that simple review function before your bookkeeper or accountant reconciles the account.
Work with your banker to identify what conveniences make sense to streamline banking functions and add additional security. And as with any of life’s conveniences, don’t lull yourself into a false sense of security. Your active participation in oversight and monitoring is the best internal control you can implement.
Published in the Vancouver Business Journal July 25, 2014