Reducing Your Bank’s Risk of Wire Transfer Fraud
Criminals like to use wire transfers because the money moves fast and is difficult to get back. While you can’t always stop your customers from being victims of wire transfer scams, you can help minimize wire transfer risk to your bank by having the right controls in place. Below are some ways you can help prevent fraud from impacting your organization.
Develop adequate policies and procedures
This may seem like a basic concept; however, many organizations lack the appropriate written procedures. A bank’s procedures should carefully specify how incoming and outgoing wire transfers should be processed, how entries should be posted and balanced, and employees’ responsibilities for implementing these policies.
The procedures should specifically state that wire transfers should not be performed for non-customers and should not be processed against uncollected funds.
Ensure proper segregation of duties
All wire transfers must be processed using dual control. Acceptance and authentication of wire transfers should be segregated from the processing and approving of the transaction.
Segregation of duties is not always practical in smaller organizations; however, mitigating controls should be used as necessary to ensure the proper checks and balances are in place.
Set prudent system limits
Use any and all system limitations to help improve controls and consider limiting who can initiate and approve wire transfers. Review the wire transfer set-up to ensure all of the proper system limitations have been implemented. Also review all of the users to determine that their approval limits are appropriate and the users have a logical need for their capabilities.
Limit acceptable methods of wire transfer requests
Since all wire transfer requests are not made in person, decide which methods you are willing to accept. Methods such as fax, e-mail, telephone, and internet banking requests all carry different risks which should be evaluated before agreeing to accept these types of request.
Whichever methods your bank chooses, specific checks and verification procedures should be performed. For instance, customers who frequently do wire transfers should be required to sign a wire transfer agreement. You may want to let these customers have agreements on file to deliver their requests via certain methods that you don’t accept from your non-recurring wire transfer customers (i.e., fax or e-mail).
Get customer verification
Customers were previously sensitive when asked to provide additional identity verification, but this is generally no longer seen as a burden, and is considered a useful way to protect your customers.
Conduct call back procedures on all wire transfers over a certain threshold. Make sure your verification methods are properly outlined in your policies and procedures.
Watch for red flags
Coach individuals responsible for accepting and verifying wire transfer requests to be skeptical. Encourage them to question when something seems out of the ordinary. Employees should learn to trust their instincts.
In almost all wire transfer fraud cases, when the individuals are asked about their actions, they recognize that there were red flags. Make sure all employees responsible for approving wires are trained to always perform their due diligence before signing off.
Perform internal audit procedures
Whether this is performed internally or externally, there should be an independent review of the activities related to wire transfers to ensure the controls set up at your organization are being followed.
Wire transfer fraud can be expensive, and is not only limited to the dollar amount of the fraud. Your bank will incur other costs as well — research and investigation costs, legal fees, and a loss of reputation. Risks associated with your wire transfer controls should not be taken lightly. Evaluate your current processes on a continuous basis and implement new controls whenever necessary. The costs of fraud may well exceed the costs to implement the proper controls.