help protect your business against fraud and embezzlement
DESCRIPTION
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.TRANSCRIPT
Help protect your business against fraud and embezzlementFollow these simple guidelines to improve efficiency and reduce the risk of losses.
F R A U D & E M B E Z Z L E M E N T P R OT E C T I O N F O R B U S I N E S S E S
This brochure presents guidelines to help
you reduce the risk of losses from fraud and
embezzlement. This topic is increasingly
important as payment processing moves
from paper-based to electronic. While these
procedures have worked for many small and
mid-sized businesses, you should consult
with your accountant to develop controls
suitable to your unique requirements.
ContentsMINIMIZE RISK, MAXIMIZE SAFETY 2
Divide financial responsibilities among staff 2
Keep financial documents secure 2
Develop strict processes for handling checks and cash 3
Establish parameters for signatures, amounts and transfers 3
Institute prudent personnel policies 3
Incorporate protection into basic office functions 4
Set up appropriate computer security 5
Work with your banker to increase your protection 5
SAFEGUARDS CHECKLIST 6
Employee issues 6
Cash and check handling 6
Account reconciliation 7
Financial information security 7
UNION BANK WEB SECURITY 8
Web transactions require encryption 8
Sensitive information is encrypted 9
Firewalls are in place 9
Your own transmission method can be used 9
Banking needs are at your fingertips 9
2 U N I O N B A N K
bookkeeper. A system of checks and balances makes it more difficult for any one individual to defraud a company.
Basic guidelines include:
●● Split the responsibilities for issuing checks and reconciling the bank statements between two people, so one person doesn’t control the entire process. This also applies to the functions of time card reporting, payroll processing and personnel recordkeeping.
●● Reconcile your bank statement within two or three days of receipt, so discrepancies are noticed quickly.
●● Ensure that adequate office supervision is on hand at all times to dissuade unauthorized employees from accessing financial information.
●● Enhance the security of bank statements by having them delivered online to a password-protected computer.
Keep financial documents secure
To reduce risk, limit access to critical financial materials, such as checks and statements. It is prudent to purchase a fireproof safe to store physical documents, and to use a process known as dual custody — in which two people must be present — to improve security when handling confidential materials.
Use these tips to improve the physical security of your checks and financial documents:
●● Review check orders immediately after they arrive from the printer to verify account information, including
Minimize Risk, Maximize Safety Faced with ever-improving online security, some criminals are using old and new impersonation methods to steal from small and mid-size businesses. They might call and pretend to be an accountant or consultant wanting access to a password-protected database, or they might send an e-mail posing as a financial institution asking for sensitive information.
To develop an effective fraud prevention program, there are eight key steps:
1. Divide financial responsibilities among staff
2. Keep financial documents secure
3. Develop strict processes for handling checks and cash
4. Establish parameters for signatures, amounts and transfers
5. Institute prudent personnel policies
6. Incorporate protection into basic office functions
7. Set up appropriate computer security and establish safe computing practices
8. Work with your banker to increase your protection
If you become aware of a possible fraud situation, notify Union Bank immediately. Our disclosure statements, All About Business Accounts & Services and All About Global Treasury Management Services, detail some of your obligations relating to the security of your checking account and use of electronic banking services.
Divide financial responsibilities among staff
Ensure your company’s financial management tasks are divided among multiple staff members. For small businesses, this may even mean hiring an outside
F R A U D & E M B E Z Z L E M E N T P R O T E C T I O N F O R B U S I N E S S E S 3
consecutive check numbers. Report any missing checks to the bank immediately in case you need to place a stop-payment order.
●● Store your working supply of blank checks in a secure location and your reserve supply in a separate secure location; audit the reserves periodically to ensure that no checks are missing, especially in the middle of a stack.
●● Make sure sensitive documents are protected not just from unauthorized employees, but from others who may have access to your building, such as janitors.
●● Change keys and/or entry codes periodically to prevent unauthorized access to secure areas.
●● If you move your business, destroy all obsolete checks in a shredder or use a bonded shredding company.
Develop strict processes for handling checks
and cash
By instituting employee guidelines for handling money, you help protect your business and show auditors that you have taken steps to avoid loss. These steps, especially when part of a written policy, can be valuable in managing your risk and proving compliance:
●● Instruct all employees who are responsible for verifying issuance of a check to confirm the check number, date, amount and payee.
●● Make sure checks that have been issued but not yet mailed or delivered are kept in a secure location, such as a safe.
●● Allow only designated employees access to facsimile signature machines; keep these machines in a secure location when not in use.
●● Avoid using a rubber stamp to sign checks.●● Avoid using signatures that are illegible or easily forged.●● Keep cash in a secure location, preferably under dual custody, until an authorized employee delivers it to either the bank or other authorized personnel.
Establish parameters for signatures, amounts
and transfers
Implementing policies on financial transaction authorization can preclude fraud. You should:
●● Periodically review bank signature cards, funds transfer agreements and access codes to confirm authorized signatures.
●● Establish internal maximum dollar amounts on disbursement accounts so altered or forged checks that exceed this amount will be readily noticed. As a further safeguard, do not print the maximum allowable amount on the face of the checks.
●● Consider establishing repetitive wire transfers for any wire transfers that are frequently sent to the same beneficiary. This process still allows you to change specifics, such as the dollar amount or invoice numbers.
●● Review all wire transfer confirmations immediately upon receipt to ensure no unauthorized or incorrect wires have been sent.
Institute prudent personnel policies
While most businesses implicitly trust their personnel, anyone who works with money in your organization should undergo a basic level of scrutiny. At the very least:
4 U N I O N B A N K
●● When hiring new employees verify references and last place of employment of any applicant.
●● Be alert to major changes in employees’ spending patterns or financial circumstances.
●● Periodically rotate personnel who are in financially sensitive assignments.
●● Demand consistent adherence to security policies by all employees, no matter what their length of service.
●● When an employment relationship is terminated, immediately discontinue access to all bank accounts, the company network and any other sensitive internal or external applications.
Incorporate protection into basic office functions
It is possible for employees to unintentionally expose your businesses to risk, so make sure these tips are part of a security policy that employees are required to review periodically:
●● Never include bank account numbers or identify authorized signers in correspondence or e-mail, even to the bank itself.
●● Never request assistance for account maintenance or financial transactions via e-mail. The bank won’t be able to act on such requests.
●● Do not act on any request received via e-mail outside secure messaging, which Union Bank offers through the Online Business Center and Internet Business Banking.
●● Never include actual signatures of executive officers in public documents, such as annual reports. This prevents the signatures being scanned and reproduced on checks or other negotiable documents.
F R A U D & E M B E Z Z L E M E N T P R O T E C T I O N F O R B U S I N E S S E S 5
Set up appropriate computer security and
establish safe computing practices
You can avoid many potential problems by restricting access to computerized systems — both within the accounting department and in the company as a whole. At a minimum, you should:
●● Institute controls over the payroll and accounts payable functions to prevent fraudulent issuance of checks to “phantom” employees or vendors.
●● Require employees to use passwords that are not easily guessed, and ask them to change them periodically. Instruct them not to share passwords with other employees.
●● Set up audit trails to monitor changes to master file records, including who instituted them. Have an independent auditor review these records.
●● Restrict system access to employees based on their job responsibilities.
●● In all third-party contracts, include language requiring security for transmitted information and specifying penalties for any breach.
●● Ensure that network security configuration changes are documented, approved and tested.
●● Update network vulnerability scanning and intrusion detection tools on a regular basis.
●● Have a third-party security consultant conduct vulnerability assessments on a periodic basis.
●● Develop an incident response process for suspected network intruders.
●● Establish monitoring, reporting and investigation controls that identify unusual funds transfer activities.
●● Educate and alert employees to phishing, spoofing and vishing fraud techniques.
Work with your banker to increase your protection
Here’s how Union Bank can help you to maintain strong safeguards:
●● Notify us if you receive any suspicious calls asking to verify checks not issued by your company.
●● Notify us if any law enforcement agency contacts you regarding fraudulent check activity.
●● Notify us when an employee who is authorized to transact business with the bank leaves your employment.
●● Take advantage of bank services such as Positive Pay, which can identify discrepancies and improve security for crucial checks.
●● Reduce the number of paper checks issued by setting up electronic payment services including wire transfer, electronic funds transfer, direct deposit and electronic data interchange.
●● Take advantage of the check-printing safeguards we offer — including watermarks, special inks, iridescent printing with distinctive colors and special paper.
●● Ask us if you have questions regarding our security procedures for electronic banking services.
6 U N I O N B A N K
Employee Issues
1. Are employees who are involved in positions of trust bonded?
2. Is there adequate supervision at your place of business at all times?
3. Is the mail opened by someone other than the bookkeeper?
4. Is a daily listing of checks received by mail prepared by someone other than the bookkeeper?
5. If employees take more than a week of vacation, are their job duties assigned to others?
Cash and Check Handling
6. Are checks reconciled in the cash receipts journal by someone other than the bookkeeper?
7. Is the bookkeeper prohibited from signing checks?
8. If cash registers or other mechanical devices are used, are the cash register tapes or other documents reconciled to the cash receipts journal?
Safeguards ChecklistReview this checklist to determine the strength of your company’s internal controls. If you cannot answer “yes” to each of these questions and would like more information about internal fraud prevention, please contact your banker. We’ll be glad to answer any questions.
9. Are cash receipts deposited intact daily?
10. Are cash deposits broken down by denomination on the deposit slip and verified by two people?
11. Are large amounts of incoming cash verified by two people?
12. Does your bank or courier provide a receipt for deposits?
13. Are all disbursements made by pre-numbered checks (except for petty cash disbursements)?
14. Are petty cash disbursements evidenced by supporting vouchers that have been properly approved?
15. Is the supply of unused checks controlled?
16. Is the signing of blank checks prohibited?
17. Are signed checks mailed without being returned to the preparer?
YES NO YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
F R A U D & E M B E Z Z L E M E N T P R O T E C T I O N F O R B U S I N E S S E S 7
18. Are signed checks mailed promptly or properly secured pending disbursement?
19. Do you issue checks in number order?
20. Do you avoid making checks payable to “Cash”?
Account Reconciliation
21. Are all invoices approved for payment and, when paid, canceled or noted as having been paid (for example, check number and payment date are rubber-stamped on the invoice)?
22. Are invoices checked to make sure there are no unexplained past-due notices?
23. Does management periodically review recorded cash discounts and allowances?
24. Are voided checks retained and accounted for?
25. Are supporting documents (invoices, delivery receipts, etc.) given to the check signer along with the check for his or her signature?
Financial Information Security
26. Is computer access of financial information restricted to only those employees who need access to perform their jobs?
27. Do you audit to ensure that employee passwords are changed periodically and not shared among employees?
28. Do you have a monitoring and reporting system that identifies unusual funds transfer activities?
29. Is the integrity of bank accounts and related service passwords/access codes maintained?
30. Does your computer system create an audit trail of all changes to master file records? Is this audit trail reviewed by an independent person?
YES NO YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
YES NO
8 U N I O N B A N K
Union Bank Web Security At Union Bank, we are committed to maintaining the highest possible levels of data security. This dedication drives our efforts to apply the latest technology to continually improve security and to conduct frequent tests and updates of our systems and practices.
Our technical security specialists work toward ensuring that all financial transactions, data transmissions and communications are completed in a secure online environment. To safeguard all financial and personal information, Union Bank:
●● Requires a user ID and a password●● Uses encrypted pages for password log-ins●● Retains all account data in secure Bank systems●● Protects e-mail received by the Bank and guards against e-mail being seen by unsecure third parties and non-Bank employees.
●● Maintains electronic and procedural safeguards that comply with federal standards to guard your nonpublic personal information.
Our systems of record protect all financial and personal information and are anchored by leading security features.
Web transactions require encryption
We use industry standard browser encryption (commonly known as SSL) and require a minimum of 128-bit encryption for Web transactions.
F R A U D & E M B E Z Z L E M E N T P R O T E C T I O N F O R B U S I N E S S E S 9
Sensitive information is encrypted
We utilize public-key cryptography (rather than same-key cryptography) to encrypt account information sent to and from Union Bank over the Web.
Firewalls are in place
Firewalls have been placed between users and bank servers, as well as between bank servers and bank systems where account data is housed. We employ an expert, independent third-party service to scan our network regularly for potential vulnerabilities.
Your own transmission method can be used
The transmission service provides a convenient way to transact your business with us online by receiving and sending files within our secure network. This flexible service allows you to choose how you transmit files using your preferred software and method for sending/receiving files.
Banking needs are at your fingertips
The Online Business Center allows you to:
●● View, set up and delete users●● Reset passwords ●● Update entitlements ●● Enroll for services
Secure messaging allows you to correspond online with your banker, customer service or other contacts at Union Bank:
●● Your messages are kept private and secure with 128-bit encryption, a level of security not offered by e-mail.
●● Attach or receive confidential documents, such as financial statements or loan documents.
●● Review message history for 90 days.●● If you have questions about our Security Policy, please contact your Relationship Manager.
To learn more about what precautions we take to protect the information you share with us and what you can do to help protect your privacy and financial information go to unionbank.com/privacy.
Not all services are available to all clients. Cash management services are available at an extra cost. To learn more, go to unionbank.com/cashmanagementsolutions.
To hear more about how we can help protect your business from fraud and embezzlement, contact a Union Bank Business banker today
Call 1-888-818-6060 https://www.unionbank.com/business Stop by your local branch
©2010 Union Bank, N.A. 86160 (01/10)
unionbank.com