Minimize Risk, Maximize Safety¹
These guidelines provide useful information for your business regardless of size, including
those with multiple employees who may be involved with the financial management of your
business. While these seven key steps have helped many small businesses develop effective
fraud prevention programs, you should consult with your accountant to develop internal
controls suitable to the unique requirements of your business.
If you become aware of a possible fraud situation, notify Union Bank immediately. Our, All About
Business Accounts & Services Disclosure and Agreement, details some of your obligations
relating to the security of your bank accounts.
- Review account transaction activity regularly via online banking. Consider establishing account activity alerts to notify you of non-standard banking activity in your account(s).
- Enhance the security of bank statements by viewing them online, rather than receiving paper copies via mail.
In addition, business owners with multiple employees should ensure your company’s financial management tasks are divided among different staff members. For some businesses, this may even mean hiring an outside book-keeper. A system of checks and balances makes it more difficult for any one individual to defraud a company.
- Split the responsibilities for issuing checks and reconciling bank statements between two people, so one person doesn’t control the entire process. This also applies to time card reporting, payroll processing and personnel recordkeeping.
- Ensure that adequate office supervision is on hand at all times to dissuade unauthorized employees from accessing financial information.
You can avoid many potential problems by restricting access to computerized systems. At a minimum, you should:
- Institute controls over the payroll and accounts payable functions to prevent fraudulent issuance of checks to “phantom” employees or vendors.
- Require employees to use passwords that are not easily guessed, and ask them to change them periodically. Instruct them not to share passwords with other employees.
- Restrict system access to employees based on their job responsibilities.
- In all third-party contracts, include language requiring security for transmitted information and specifying penalties for any breach.
- Ensure that network security configuration changes are documented, approved and tested.
- Update network vulnerability scanning and intrusion detection tools on a regular basis.
- Have a third-party security consultant conduct vulnerability assessments on a periodic basis.
- Develop an incident response process for suspected network intruders.
- Educate and alert employees to phishing, spoofing and vishing fraud techniques.
Here's how Union Bank can help you maintain strong safeguards:
- Contact us if you receive any suspicious calls asking to verify checks not issued by your company.
- Notify us if any law enforcement agency contacts you regarding fraudulent check activity.
- Inform us when an employee who is authorized to transact business with the bank leaves your employment.
- Take advantage of bank services such as Positive Pay, which can identify discrepancies and improve security for crucial checks.
- Reduce the number of paper checks issued by setting up electronic payment services including wire transfer, ACH, direct deposit payroll, and tax payments.
- Take advantage of available check-printing safeguards including watermarks, special inks, iridescent printing with distinctive colors and special paper.
- Ask us if you have questions regarding our security procedures for electronic banking services.
To reduce risk, limit access to critical financial materials, such as checks and statements, by purchasing a fireproof safe to store physical documents. In addition, following the tips below will help improve the physical security of your checks and financial documents.
- Limit your check order supply to six months.
- Review check orders immediately after they arrive from the printer to verify account information, including consecutive check numbers. Report any missing checks to the bank immediately in case you need to place a stop payment order.
- Make sure sensitive documents are protected not just from unauthorized employees, but from others who may have access to your building, such as janitors.
- Store your working supply of blank checks in a secure location and your reserve supply in a separate secure location; audit the reserves periodically to ensure that no checks are missing, especially in the middle of a stack.
- If you move your business, destroy all obsolete checks in a shredder or use a bonded shredding company.
In addition, business owners with multiple employees should:
- Use a process known as dual custody in which two people must be present to improve security when handling confidential materials.
By instituting guidelines for handling money, you help protect your business and show you have taken steps to avoid loss.
These steps, especially when part of a written policy, can be valuable in managing your risk:
- Keep cash in a secure location. If you have employees, consider securing under dual custody until you or an authorized employee delivers the cash to either the bank or other authorized personnel.
- If your business handles high volumes of cash, consider utilizing the bank’s cash vault and/or an armored car carrier service.
- Make sure checks that have been issued but not yet mailed or delivered are kept in a secure location, such as a safe.
- Avoid using signatures that are illegible or easily forged.
- Instruct employees, bookkeepers or accountants who are responsible for verifying issuance of a check to record the check number, date, amount and payee against the invoice or account receivable being processed.
- Confirm with your bank that they will accept facsimile check signatures. If approved by the bank, allow only designated employees access to facsimile signature machines and keep these machines in a secure location when not in use.
Implementing policies for financial transaction authorization can preclude fraud. You should:
- Periodically review bank signature cards, funds transfer agreements and access codes to confirm authorized users and signatures.
- Notify the bank immediately whenever there are changes to account ownership, signers, additional employees or vendors you would like to provide with account access.
- Periodically review online banking or information reporting systems to confirm the level of account access your employee, bookkeeper, or accountant should have.
It is possible for you or your employees to unintentionally expose your businesses to risk, so make sure these tips are part of a security policy that you review periodically.
- Do not include bank account numbers or identify authorized signers in correspondence or e-mail, even to the bank itself.
- Never request assistance for account maintenance or financial transactions via e-mail. The bank won’t be able to act on such requests.
- Do not act on any request received via e-mail outside secure messaging, which Union Bank offers through the Online Business Center and Online Banking for Small Business.
- Never include actual signatures of business owners or executive officers in public documents. This prevents the signatures being scanned and reproduced on checks or other negotiable documents.
In addition, while most business owners implicitly trust their employees, anyone who works with money in your organization should undergo a basic level of scrutiny.
- When hiring new employees, verify references and last place of employment of any applicant.
- Be alert to major changes in employees’ spending patterns or financial circumstances.
- When an employment relationship is terminated, immediately discontinue access to all bank accounts, the company network and any other sensitive internal or external applications.