Protecting Wire Transfers
If your company uses wire transfers, you've solved some of the headaches involved with paper checks. With wire transfers, you know that a payment arrived and isn't "lost in the mail." You also avoid some of the risks of forgery and other check fraud schemes.
However, wire transfers have their own pitfalls. If you don't have the proper controls in place, there's little to prevent a controller or someone else with wire transfer authority from fraudulently wiring funds from your company to a non-U.S. account. That person may then disappear, leaving you with little ability to monitor his or her actions. And since wire transfers often involve large dollar transactions, this type of crime can be devastating to your company's fiscal well-being.
Remember: Management is responsible for assessing the inherent risks in the wire transfer system you use, establishing procedures and controls to protect the firm against unreasonable exposures and monitoring the effectiveness of such safeguards.
Here are some recommendations to help you avoid becoming the victim of wire transfer fraud:
- First, management should realistically evaluate the risks and provide for adequate accounting records and internal controls to keep the exposure within acceptable limits.
- Effective risk management requires that an adequate accounting system be in place to determine the extent of any intraday overdrafts and potential overnight overdrafts before releasing payments.
- Wire transfer payments must be within established credit limits and amounts in excess of such limits (involving significant credit risk) must be properly approved by the appropriate lending authorities.
- Your company's policies should establish the types of allowable transfers, especially on transactions involving a third party.
- Job descriptions should be well defined, providing for a logical flow of work and an adequate segregation of duties. No one person in a wire transfer operation should be responsible for the origination, testing, processing and balancing of a request. The daily balancing process should include a reconciliation of both the number and dollar amount of messages transmitted.
- Wire transfer personnel should promptly inform other departments or personnel affected by a transfer of funds so that the accounts involved can be updated. All adjustments required in the processing of a transfer request should be approved by supervisory personnel and the reasons for adjustment should be adequately documented. Transfer requests as of a past or future date should require supervisory approval with the reasons for those requests well defined.
- Internal controls must be sufficient to determine the authenticity of the transferor of funds. Telephone transfer controls might include a callback procedure, whereby an employee calls a prearranged telephone number to verify the identity of the transferor.
- Another possible control: A unique code provided by the originator and verified by the receiver. Transfer requests are normally documented by the receiver on pre-printed forms, which serve as the initial record for audit activities.
- Considerable documentation is necessary to maintain adequate accounting records and auditing control. Many financial institutions retain logs that record transfer request information, assign sequence numbers to incoming and outgoing messages and keep an unbroken copy of all messages received on wire transfer equipment. Use of pre-numbered forms is also common. At the end of each business day, an employee should compare request forms to the actual transactions to ensure that all transfers were properly recorded.
Even one incident of wire transfer fraud can cause serious damage to the financial security of your business. Consult a professional to be sure proper controls are in place.
Wire Transfer Fraud Prevention Tips
Review the written policies and procedures established by management for accepting or initiating wire transfers, Automated Clearing House (ACH) activity and bank drafts.
Maintain accurate lists of employees authorized to initiate fund transfers. Have someone other than the person making the request verify all wire transfers.Document the nature and cause of any exceptions.
Make sure the wire transfer system not only validates authorized users, but also specifies the transfers they are allowed to make. (For example, a manager might be authorized to wire $1,000, while a CFO might be allowed $100,000).
Record all authorized and unauthorized attempts. Management must scrutinize these records.
Make staff aware of the importance of keeping passwords confidential and secure.
How One Firm Became a Target
A California communications company was the victim of internal fraud after one of its employees used wire transfers to divert corporate funds, according to the FBI.
The employee, a senior treasury analyst in his thirties, began transferring money from the accounts of SureWest Communications to the accounts of a venture capital firm owned by his father. The purpose of the transfers, according to the FBI, was so the venture capital firm "could demonstrate to potential investors that it had sufficient funds on deposit . . . and thereby attract new investors."
In order to cover up the scheme, the venture capital firm periodically returned the misappropriated funds to SureWest so that its auditors would not discover the missing money. However, only $23 million of the $25 million transferred was returned at the time the fraud was discovered. The employee, his father and another business associate were indicted by a federal grand jury on charges of mail fraud, conspiracy and money laundering. SureWest reported that its insurers paid the remaining $2 million.
