Wire Transfer Fraud: Prevent It
The Theft: Wire Transfer Fraud
In one of the simplest thefts Iโve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to a private Austrian account.ย In this post, I’ll show you how wire transfer fraud occurs and how to prevent it.
Stealing a Cool $6.9 Million
The nonprofit administrator originated with the wire with aย fax, taking less than an hour. Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late.ย
The fraudster landed in Austria, called his wife and said, โIโm not coming home.โ Interestingly, the wife called the police and turned in her husband. He later came back to the states of his own volition. I guess, after a few boat rides down the Danube, he missed his family. Did he go to jail? Yes.
The Internal Control Weakness
The nonprofit entity did not establish appropriate controls over cash wire transfers. One person (by himself) could move funds.
Preventing Wire Transfer Fraud
The fix for this weakness is to require (at least) two persons to consummate all wire transfers. ย
As you think about wire transfers, consider that they can originate with:
- Faxes,
- Phone calls,
- Personal visits to banks, and
- Computers
Determine how your bank handles wire transfers, and craft your internal controls accordingly.
Prevention Steps
Organizations should do the following to mitigate wire transfer fraud:
- Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
- Require two persons to consummate all wire transfers to external parties (an essential control in my opinion)
- If the wire transfer request is made withย a phone or fax, require the bank to call your organization back before the wire transfer is consummated
- The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are required to make wire transfers)
- Restrict bank accounts so that wire transfers canย be madeย only to bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
- Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
- Require sufficient documentation for all wire transfer journal entries; require a second-person review of these entries
- Consider using a dedicated computer for all wire transfers; do not use this machine for any other purpose (malware is often picked up by computers as users visit tainted websites)
- Use all bank-provided wire transfer controls
- Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO
If you’re an auditor, consider–as you audit cash–whether these controls are in place.
As you can see, wire transfer fraud can be extremely damaging. Consider whether you have sufficient controls to prevent this theft.ย
Learn from my CPA Hall Talk newsletter!
Get my free accounting and auditing digest with the latest content.