Category Archives for "Local Governments"

GASB 87 Lease Accounting
Jan 27

GASB 87 Lease Accounting

By Charles Hall | Accounting , Local Governments

Are you looking for GASB 87 lease accounting information? Are you a government that leases assets? Then you're in the right place. Below I provide information about lease terms, discount rates, accounting entries, and disclosure requirements.

GASB 87 Lease Accounting

Removal of Bright-Line Criteria

Historically governments have followed the guidance in FASB 13, Accounting for Leases. Lease classifications (i.e., operating or capital) were based on bright-line criteria such as whether the government leased an asset for more than 75% of its economic life. 

GASB 87, Leases, removes the bright-line criteria and calls for more judgment. (The words reasonably certain appears thirty-nine times in GASB 87.)

The new lease standard provides for various accounting alternatives. Let's see what they are.

Three Potential Accounting Alternatives

Regarding leases, there are now three accounting alternatives:

  1. Short-term leases
  2. Contracts that transfer ownership
  3. Contracts that do not transfer ownership

Before we dive deeper, here are three quick points about these alternatives:

First, know that short-term leases do not create a lease liability.

Second, understand that contracts that transfer ownership are a financed sale.

Third, know that contracts that do not transfer ownership create a lease liability. This third category is a catchall for arrangements that don't qualify for short-term lease treatment and don't transfer ownership.

Now, let's see how GASB defines a lease.

Definition of a Lease

GASB defines a lease this way:

A lease is defined as a contract that conveys control of the right to use another entity’s nonfinancial asset (the underlying asset) as specified in the contract for a period of time in an exchange or exchange-like transaction.

There are five points to this definition:

First, the lease must be a contract. 

Second, the contract must provide control of the right to use.

Third, this control is in relation to a nonfinancial asset.

Fourth, the control of the nonfinancial asset must be for a period of time.

And finally, the lease is an exchange or exchange-like transaction.

I think the terms contract, period of time, and exchange are easily understood. But the terms control and nonfinancial assets might cause some confusion. So let's clarify those.

Control

​A government controls an asset if it has the right to the present service capacity and the right to determine the nature and manner of use of the asset.

In other words, the government must have the right to the benefits generated from the asset. A city can drive a leased police car. That is the benefit, the present service capacity.

Additionally, Nature and manner address whether the government controls the use of the asset. A city police officer can, for example, drive a leased police car at 3:00 a.m. And she can drive it as far as she likes. The police department determines the nature and manner of use.

Nonfinancial Asset

And what is a nonfinancial asset? It's generally anything that is not a financial asset (e.g., cash, receivable). Examples of nonfinancial assets include buildings, land, vehicles, and equipment. There are exceptions, however. 

GASB 87 Scope Exclusions

GASB 87 does not apply to:

  • Leases of intangible assets (e.g., rights to explore for oil and gas)
  • Leased biological assets (e.g., timber)
  • Inventory that is leased
  • Service concession arrangements
  • Leases in which the underlying asset is financed with outstanding conduit debt (unless the underlying asset and the conduit debt are reported by the lessor)
  • Supply contracts (e.g., power purchase agreements)

Now let's see how to determine the lease term.

Lease Term

Prior to GASB 87, the minimum lease payments determined the lease term. Not so any more. In some cases, GASB 87 provides for a more subjective determination of a lease's term, one based on what is reasonably certain.

Lease Options

Under GASB 87, lease terms are not just the noncancelable portion of the agreement. Governments add the following to the noncancelable period:

  • Periods covered by a lessee’s option to extend the lease if it is reasonably certain, based on all relevant factors, that the lessee will exercise that option 
  • Periods covered by a lessee’s option to terminate the lease if it is reasonably certain, based on all relevant factors, that the lessee will not exercise that option 
  • Periods covered by a lessor’s option to extend the lease if it is reasonably certain, based on all relevant factors, that the lessor will exercise that option  
  • Periods covered by a lessor’s option to terminate the lease if it is reasonably certain, based on all relevant factors, that the lessor will not exercise that option.
Reasonably Certain Factors

In determining what reasonably certain is, the government considers factors such as the economic impact of not exercising an option or how the government has acted in the past.

Once the lease term decision is made, document your basis for doing so. Why? So there is a record of the decision. (Your auditors may want to see this. Additionally, the record provides valuable information regarding future lease term decisions.)

Fiscal Funding Clauses Affect on Term

Additionally, you may be wondering if fiscal funding clauses affect leases. (Fiscal funding clauses allow a government to cancel a lease if the government does not appropriate funds for the payments.) If a government is reasonably expected to exercise such a provision, then this factor can impact the lease term. Personally, however, I've never seen a government terminate a lease through such a provision. Fiscal funding clauses will usually not affect lease terms.

So, should governments ever reassess the term period?

Reassessment of Term

Government will generally not reassess the lease term decision. 

Nevertheless, reassessment will occur in some cases. Consider this example. The government enters into a fifteen-year lease with a five-year lease extension. The government believes that it will not exercise the five-year extension. But then in year fifteen, it does so. Now the government binds itself for another five years. Therefore, the lease is extended. And the additional five years is added to the lease term. 

Now that you know about lease terms, you may be wondering about short-term leases. How does a government account for those?

Short-Term Leases

Treat leases with a maximum possible term of twelve months or less as short-term leases. And do not capitalize such leases. 

One word of caution: if there are renewal options, include those in making the short-term lease classification decision, regardless of probability. If, for example, the lease is for twelve months with an option to renew for another six months, then the lease is not short-term. Even if the government believes it will not exercise the option.

So, how do you record short-term lease payments? As expenses.

Contract that Transfers Ownership

If an agreement transfers ownership of the asset to the lessee by the end of the contract, then the contract is a financed purchase. For the lessee, the government records the purchased asset (not an intangible) and the related debt (not a lease liability).

So, what about a lease agreement with a bargain purchase option? Should it be treated as financed purchase? The answer is no. The presence of a bargain purchase option in a lease contract is not the same as a provision that transfers ownership of the underlying asset.

Multiple Components of a Lease Contract

If an agreement has lease and non-lease components, split the transaction. 

A government might, for example, lease floors four and five of a ten-story building. In doing so, it is required to pay for common area maintenance. Split this transaction into a lease and a maintenance contract. Record the lease exclusive of the maintenance payments. If, however, it is not practicable to determine the separate price allocation, the government should account for the transaction as a single lease.

If a lease involves multiple underlying assets (say a police car and a water tank), the government should account for each as a separate lease component. 

Lessee Accounting

If the government is leasing an asset, then it will use the following guidance. (An exception exists if the lease is short-term as explained above.)

GASB 87 Lessee accounting

Initial Recognition

At commencement, the government recognizes an (1) intangible right-to-use asset and (2) a lease liability. 

So the government does not recognize the asset itself (e.g., tractor), but the right to use the asset. This is an intangible asset.

Now let's see how to compute the lease asset.

1. Lease Asset 

So. what goes in the lease asset calculation?

The government should include:

  • Initial lease liability (see below)
  • Payments made to lessor at or before commencement less any lease incentives received from the lessor at or before the commencement of the lease term
  • Initial direct costs that are ancillary charges necessary to place the lease asset into service

So what costs are not included in the intangible asset? Governments should exclude any debt issuance costs.

Notice that the lease asset can be greater than the lease liability. The lease asset starts with the lease liability and increases if, for example, the government makes a payment to the lessor prior to commencement of the lease term.

In governmental funds (e.g., general fund), the initial accounting entry is a debit to capital outlay and a credit to other financing sources. In full accrual funds (e.g., enterprise fund), the initial entry is a debit to the intangible lease asset and a credit to the lease liability.

So, how should the lease asset be amortized?

Lease Asset Amortization

Amortize the lease asset in a systematic and rational manner over the shorter of the lease term or the asset's useful life. Usually this will be straight-line amortization.

And what are the journal entries for recording the lease asset?

Lease Asset Accounting

The government records the lease asset and then amortizes it using an entry such as the following (for full-accrual funds; e.g., water and sewer fund):

Account
Amortization Expense
Accumulated Amortization - Right-of-Use Asset
Debit
XX


Credit


XX

GASB 87 says to report the amortization as an outflow of resources (e.g., amortization expense). The amortization expense can, for financial reporting purposes, be combined with the depreciation expense of other capital assets. 

Modified accrual funds (e.g., general fund) will not record an amortization entry. Why? The asset does not appear on the balance sheet.

2. Lease Liability 

How does a government compute the lease liability?

Simply put, the lease liability is the present value of everything you think you're going to pay. Prior to GASB 87, governments used the present value of minimum lease payments. Now governments include payments that are reasonably certain. (See information above regarding what is reasonably certain.)

The computation is made up of the present value of:

  • Fixed payments
  • Variable payments that depend on an index or a rate (e.g., consumer price index) measured using the index or rate as of the commencement of the lease
  • Variable payments that are fixed in substance
  • Amounts that are reasonably certain of being required to be paid by the lessee under residual value guarantees
  • The exercise price of a purchase option if it is reasonably certain that the lessee will exercise that option
  • Payments for penalties for terminating the lease
  • Any lease incentives receivable from the lessor
  • Any other payments that are reasonably certain of being required based on an assessment of all relevant factors
Variable Payments Based on Future Performance

Governments will not include payments based on future performance or usage in the lease liability. Expense such payments in the period incurred. 

For example, if a government leases a vehicle with a provision for 12,000 miles annually but the car is driven 15,000 miles, expense the payment for the additional mileage as incurred.

So, where does the discount rate come from?

Discount Rate

Use the rate charged by the lessor if specified in the agreement. If not specified, use the incremental borrowing rate for the government. This is the estimated rate the government would pay if, during the life of the lease, it borrowed the funds for those lease payments.

Lease Liability Accounting

Once the initial lease is recorded as a liability, the government will begin making periodic payments to the lessor. The effective interest rate method will be used. Record the payments as follows (for full-accrual funds; e.g., water and sewer fund):

Account
Lease liability
Interest Expense

Cash

Debit
XX

XX

Credit


XX

Post the payments to principal and interest expenditures in modified accrual accounting funds (e.g., general fund).

GASB 87 Disclosures

The following disclosures are required for lessees:

  • A general description of its leasing arrangements 
  • The total amount of lease assets, and the related accumulated amortization, disclosed separately from other capital assets
  • The amount of lease assets by major classes of underlying assets, disclosed separately from other capital assets
  • The amount of outflows of resources recognized in the reporting period for variable payments not previously included in the measurement of the lease liability
  • The amount of outflows of resources recognized in the reporting period for other payments (e.g., termination penalties) not previously included in the measurement of the lease liability
  • Principal and interest requirements to maturity, presented separately, for the lease liability for each of the five subsequent fiscal years and in five-year increments thereafter
  • Commitments under leases before the commencement of the lease term
  • The components of any loss associated with an impairment 

Transition

Apply GASB 87 retroactively, if practicable, for all periods presented. Use the facts and circumstances existing at the beginning of the implementation period to record the leases.

The notes to the financial statements should disclose the nature of the restatement and its effect. 

GASB 87 says that the provisions of this statement need not be applied to immaterial items.

GASB 87 Effective Date

The effective date of GASB 87 is for reporting periods beginning after December 15, 2019. 

Early application is encouraged. 

Fraud Prevention for Small Governments
Feb 06

Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

Fraud Prevention for Small Governments

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

  • Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
  • Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
  • Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
  • Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
  • Provide monthly budget to actual reports to mayor and council
  • Provide monthly overtime summaries to mayor and council
  • Do not allow Dale to sign checks
  • Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
  • Require Mayor Chester and Dale to authorize any wire transfers
  • Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
  • Don’t provide Dale with a credit card
  • If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
  • Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

  • Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
  • Have an outside CPA or CFE map your internal control system and make system-design recommendations
  • Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
  • Install a security camera to record all of Dale’s collection and receipting activity
  • Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

Yellow Book Independence
Feb 02

Yellow Book Independence and Preparing Financial Statements

By Charles Hall | Auditing , Local Governments

Yellow Book independence is a big deal. And if you prepare financial statements in a Yellow Book audit, you need to be aware of the independence rules. Below I tell you how to maintain your independence—and stay out of hot water,

Yellow Book Independence

Yellow Book Independence Impairment in Peer Review

Suppose that--during your peer review--it is determined your firm lacks independence in regard to a Yellow Book engagement.

What could happen? Well, I can't say for sure, but I think it would be nasty. At a minimum, you would probably receive a finding for further consideration. The engagement is definitely nonconforming (not conforming to professional standards).

Then, you'd need to provide a response--explaining what you intend to do about the lack of independence. And this could get very interesting. Not where you want to be.

Preparation of Financial Statements is a Significant Threat

If you prepare financial statements (a nonattest service) for your audit client, you have a significant threat. Why? You are auditing something (the financial statements) that you created. There is a self-review threat. 

When there is a significant threat, you must use a safeguard (to lessen the threat). Such as? A second partner review. So, for example, you might have a second audit partner (someone not involved in the audit) review the financial statements. Since the second partner did not create the financial statement, the self-review threat is mitigated.

Notice the safeguard (the second partner review) is something the audit firm does--and not an action of the audit client. Therefore, it qualifies as a safeguard.

2018 Yellow Book

The 2018 Yellow Book states the following in paragraph 3.88:

Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors' independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level...or decline to provide the services. 

But My Client has Sufficient SKE

You've heard your audit client must have sufficient skill, knowledge and experience (SKE) and that they must oversee and assume responsibility for nonattest services. This is true and is always required when nonattest services are provided to an audit client. 

Even so, the client's SKE does not address the self-review threat

Think of the SKE issue as a minimum requirement. Do not pass "go" if the client does not assign someone (with SKE) to oversee the nonattest service. You are not independent. End of discussion. (If the client does not have sufficient SKE, see section below titled Inadequate Skill, Knowledge, and Experience.)

SKE is not a safeguard

The January AICPA Reviewer Alert distinguishes the SKE requirement from safeguards saying, "Client SKE should not be viewed as a safeguard, but rather a mandatory condition before performing any nonaudit services."

Once the client SKE issue is dealt with, consider if auditor safeguards are necessary. Why? A self-review threat may be present. 

The AICPA (in its AICPA Yellow Book Practice aid) provides examples of safeguards (again, these are actions of the audit firm) including:

  • Obtaining secondary reviews of the nonaudit services by professional personnel who were not involved in planning or supervising the audit engagement.
  • Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team.

See Appendix E of the AICPA Yellow Book Practice Aid for additional examples of safeguards and how to apply them.

Independence Documentation is Required

The Yellow Book requires that your independence be documented. If it is not, a violation of professional standards exists. 

So, document the SKE of the client and the safeguards used to address significant threats. Also, document which nonattest services are signficiant threats. Peer reviewers focus on Independence documentation.

Document Significant Threats

The January 2019 Reviewer Alert (an AICPA newsletter provided to peer reviewers) provides a scenario where an audit firm performs a Yellow Book audit and prepares financial statements. Then the firm has an engagement quality control review (EQCR) performed, but it does not identify the preparation of financial statements as a significant threat. The newsletter states "the engagement would ordinarily be deemed nonconforming for failure to document identification of a significant threat." So, even if a safeguard (e.g., a second partner review) is in use, the lack of documentation makes the engagement nonconforming.

Judging Client's SKE

Here are examples of client personnel that might be available to oversee the financial statements preparation service:
  1. A 15 year mayor who is a businessman, no accounting education, no formal training in reading governmental financial statements. He understands the fund level statements but can't grasp the reconciliation between the government-wide financial statements and the fund level financial statements.
  2. Second year finance director with no prior accounting experience, graduated from a two year college with a degree in general business.
  3. Finance director with 25 years experience and is a CPA and a member of GFOA. She trains others in governmental accounting.
  4. Finance director with a high school education but has extensive governmental accounting training from the Carl Vinson Institute. He has the ability to create the financial statements from scratch.

As you can see, the Yellow Book independence assessment will sometimes be black and white, but other times, not so. Regardless, the audit client has to have someone with sufficient skill, knowledge and experience to oversee the financial statements preparation. Why? The auditor can't assume responsibility for the statements. This is a management responsibility.

Management Responsibilities

The 2018 Yellow Book (paragraph 3.75) says the following about management responsibilities:

In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonaudit services provided, or is unwilling to perform such functions because of lack of time or desire), auditors should concluded that the provisions of these services is an impairment to independence.

Additionally, paragraph 3.73 of the Yellow Book states:

Auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them.

If the government has no one with sufficient SKE, then the external auditor is not independent and can't perform the audit.

So, is there another option when the client does not have sufficient SKE?

Inadequate Skill, Knowledge, and Experience

If the auditor can't get comfortable with the client's SKE (e.g., the client's ability to review the financial statements and assume responsibility), what can be done? The audited entity can hire someone with sufficient SKE. For example, the entity could contract with a CPA not affiliated with the external audit firm to review the financial statements on their behalf.

Many smaller governments need to contract with an outside person in order to have sufficient SKE. The problem, however, is they may not have the funds to do so. If you as the auditor make this suggestion, be prepared for this question: "Isn't this why I hired you?" Regardless, the client has to have sufficient SKE before the auditor can issue an opinion. 

In Summary

Here's the lowdown to protect your firm:

  1. Document the nonattest services you are to perform
  2. Document the client person that will oversee and assume responsibility for the nonattest service
  3. Document the SKE of the designated person
  4. Consider whether any nonattest services are significant threats 
  5. Document which, if any, nonattest services are significant threats
  6. Use (and document) a safeguard to address each significant threat (examples of safeguards include an EQCR or a second-partner review)

Looking for a tool to document Yellow Book independence? Consider the AICPA's practice aid. Here is the free PDF version. You can also purchase the fillable version here. (Cost is $39 for AICPA members.) This is the 2011 Yellow Book aid. I am thinking the AICPA will create a 2018 Yellow Book version as well. 

Jul 17

Government Auditing Standards 2018 Revision (Hot Off the Press)

By Charles Hall | Auditing , Local Governments

Government Auditing Standards 2018 Revision

The Government Accountability Office just issued the new Yellow Book titled Government Auditing Standards 2018 Revision.

Government Auditing Standards 2018 Revision

Get Your Free Copy

An electronic version of the 2018 Yellow Book can be accessed on GAO’s Yellow Book web page at http://www.gao.gov/yellowbook.

Major Changes

The introduction to the new Yellow Book summarizes the significant changes as follows:

This revision contains major changes from, and supersedes, the 2011 revision. These changes, summarized below, reinforce the principles of transparency and accountability and strengthen the framework for high quality government audits.

  • All chapters are presented in a revised format that differentiates requirements and application guidance related to those requirements.
  • Supplemental guidance from the appendix of the 2011 revision is either removed or incorporated into the individual chapters.
  • The independence standard is expanded to state that preparing financial statements from a client-provided trial balance or underlying accounting records generally creates significant threats to auditors’ independence, and auditors should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level or decline to perform the service.
  • The peer review standard is modified to require that audit organizations comply with their respective affiliated organization’s peer review requirements and GAGAS peer review requirements. Additional requirements are provided for audit organizations not affiliated with recognized organizations.
  • The standards include a definition for waste.
  • The performance audit standards are updated with specific considerations for when internal control is significant to the audit objectives.

Effective with the implementation dates for the 2018 revision of Government Auditing Standards, GAO is also retiring Government Auditing Standards: Guidance on GAGAS Requirements for Continuing Professional Education (GAO-05-568G, April 2005) and Government Auditing Standards: Guidance for Understanding the New Peer Review Ratings (D06602, January 2014).

Effective Dates

The 2018 revision of Government Auditing Standards is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019.

Early implementation is not permitted.

The 2018 revision of Government Auditing Standards supersedes the 2011 revision (GAO-12-331G, December 2011), the 2005 Government Auditing Standards: Guidance on GAGAS Requirements for Continuing Professional Education (GAO-05-568G, April 2005), and the 2014 Government Auditing Standards: Guidance for Understanding the New Peer Review Ratings (D06602, January 2014). 

corporate account takeover
May 02

Corporate Account Takeover (the Importance of Using Bank Security Procedures)

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Some thieves gain control of company bank accounts using a corporate account takeover scheme. And with that control, they steal money. Below you’ll see how this type of theft occurs.

On March 17, 2010, cyber thieves hacked into the computers of Choice Escrow and stole the login ID and password to their online banking account. With that information, the thieves were able to submit a $440,000 wire transfer from Choice Escrow’s bank account to an account in Cyprus.

Corporate account takeover

Courtesy of istockphoto.com

When Choice Escrow and the bank were unable to resolve their differences, Choice Escrow filed suit. The back-and-forth legal battle lasted until March 18, 2013, when a court ruled the loss was the responsibility of Choice Escrow. A major determining factor in the decision was Choice Escrow’s refusal of the dual control security mechanism offered by Bancorpsouth Bank. According to Article 4A of the Uniform Commercial Code, if an institution offers a reasonable security procedure to a commercial customer and that customer turns down that security procedure, then the customer is liable in the event of a loss.

Bancorpsouth Bank offered dual control to Choice Escrow twice. Not only did the bank offer this security feature to Choice Escrow, but Bancorpsouth also documented the customer’s refusal to use the security feature. The documentation of the customer’s refusal of the security features was a determining factor in this case. From a bank’s perspective, this case underscores the importance of a written agreement with commercial online banking customers and, more importantly, the importance of documenting the security procedures offered to those customers. From a user’s perspective, the case highlights the need to use the security procedures offered.

Corporate Account Takeover

Corporate account takeover is a term which has become more prevalent over recent years. Generally speaking, corporate account takeover occurs when an unauthorized person or entity gains access or control over another entity’s finances or bank accounts. This usually results in the theft of money in the form of fraudulent wire transfers or ACH transactions.

These fraud schemes first began to be noticed in 2005 but have since become much more widespread and frequent. Recent statistics have revealed that the fraudsters carrying out these schemes are actually becoming less successful in getting money out of a bank account. This reduction is due to both increased efforts on the part of the financial institutions, as well as better education of the customer to help them avoid becoming a target.

Usually, the financial institutions themselves are not the targets of the attack but rather the corporate customers of the institution. Using malware, social engineering, and various other methods, the fraudster obtains information about the customer’s online banking credentials. Once the online banking credentials have been obtained, a request for wire or ACH transfers is placed by the thief. Any business may be targeted for these types of attacks, but those at risk mostly are small businesses, governments, and nonprofits who have limited resources to protect against such threats.

>