If your company uses wire transfers, you’ve solved some of the headaches involved with paper checks. With wire transfers, you know that a payment arrived and isn’t “lost in the mail.” You also avoid some of the risks of forgery and other check fraud schemes.
However, wire transfers have their own pitfalls. If you don’t have the proper controls in place, there’s little to prevent a controller or someone else with wire transfer authority from fraudulently wiring funds from your company to a non-U.S. account. That person may then disappear, leaving you with little ability to monitor his or her actions. And since wire transfers often involve large dollar transactions, this type of crime can be devastating to your company’s fiscal well-being.
Remember: Management is responsible for assessing the inherent risks in the wire transfer system you use, establishing procedures and controls to protect the firm against unreasonable exposures and monitoring the effectiveness of such safeguards.
Here are some recommendations to help you avoid becoming the victim of wire transfer fraud:
- First, management should realistically evaluate the risks and provide for adequate accounting records and internal controls to keep the exposure within acceptable limits.
- Effective risk management requires that an adequate accounting system be in place to determine the extent of any intraday overdrafts and potential overnight overdrafts before releasing payments.
- Wire transfer payments must be within established credit limits and amounts in excess of such limits (involving significant credit risk) must be properly approved by the appropriate lending authorities.
- Your company’s policies should establish the types of allowable transfers, especially on transactions involving a third party.
- Job descriptions should be well defined, providing for a logical flow of work and an adequate segregation of duties. No one person in a wire transfer operation should be responsible for the origination, testing, processing and balancing of a request. The daily balancing process should include a reconciliation of both the number and dollar amount of messages transmitted.
- Wire transfer personnel should promptly inform other departments or personnel affected by a transfer of funds so that the accounts involved can be updated. All adjustments required in the processing of a transfer request should be approved by supervisory personnel and the reasons for adjustment should be adequately documented. Transfer requests as of a past or future date should require supervisory approval with the reasons for those requests well defined.
- Internal controls must be sufficient to determine the authenticity of the transferor of funds. Telephone transfer controls might include a callback procedure, whereby an employee calls a prearranged telephone number to verify the identity of the transferor.
- Another possible control: A unique code provided by the originator and verified by the receiver. Transfer requests are normally documented by the receiver on pre-printed forms, which serve as the initial record for audit activities.
- Considerable documentation is necessary to maintain adequate accounting records and auditing control. Many financial institutions retain logs that record transfer request information, assign sequence numbers to incoming and outgoing messages and keep an unbroken copy of all messages received on wire transfer equipment. Use of pre-numbered forms is also common. At the end of each business day, an employee should compare request forms to the actual transactions to ensure that all transfers were properly recorded.
Even one incident of wire transfer fraud can cause serious damage to the financial security of your business. Consult a professional to be sure proper controls are in place.