Wire Transfer Fraud: Prevent It

By Charles Hall | Asset Misappropriation

Nov 04

The Theft: Wire Transfer Fraud

In one of the simplest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to a private Austrian account. In this post, I’ll show you how wire transfer fraud occurs and how to prevent it.

Wire Fraud Transfer

Stealing a Cool $6.9 Million

The nonprofit administrator originated with the wire with a fax, taking less than an hour. Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. 

The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned in her husband. He later came back to the states of his own volition. I guess, after a few boat rides down the Danube, he missed his family. Did he go to jail? Yes.

The Internal Control Weakness

The nonprofit entity did not establish appropriate controls over cash wire transfers. One person (by himself) could move funds.

Preventing Wire Transfer Fraud

The fix for this weakness is to require (at least) two persons to consummate all wire transfers.  

As you think about wire transfers, consider that they can originate with:

  • Faxes,
  • Phone calls,
  • Personal visits to banks, and
  • Computers

Determine how your bank handles wire transfers, and craft your internal controls accordingly.

Prevention Steps

Organizations should do the following to mitigate wire transfer fraud:

  • Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  • Require two persons to consummate all wire transfers to external parties (an essential control in my opinion)
  • If the wire transfer request is made with a phone or fax, require the bank to call your organization back before the wire transfer is consummated
  • The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are required to make wire transfers)
  • Restrict bank accounts so that wire transfers can be made only to bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  • Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  • Require sufficient documentation for all wire transfer journal entries; require a second-person review of these entries
  • Consider using a dedicated computer for all wire transfers; do not use this machine for any other purpose (malware is often picked up by computers as users visit tainted websites)
  • Use all bank-provided wire transfer controls
  • Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

If you’re an auditor, consider–as you audit cash–whether these controls are in place.

As you can see, wire transfer fraud can be extremely damaging. Consider whether you have sufficient controls to prevent this theft. 


About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.