At Morrison, Clark & Company CPAs, we help clients utilize best practices to keep their companies safe and growing. If your company utilizes wire transfers we recommend company-wide policies designed to increase employee awareness about the prevention of wire transfer fraud that incorporate some or all of the following best practices:
- Education is key! Understanding email scams and educating your employees is critical to protect your financial assets.
- Requests for changes, immediate action, or lack of availability by phone should be met with intense scrutiny. Don’t be pressured, slow down and follow your company process.
- Always verify the authenticity of each wire transfer request by implementing a two-step verification process. Call the person, using a number you have previously called — not one from the current wire transfer request — to verbally verify it.
- Do not email wiring instructions. Use regular mail, phone or fax instead.
- Scrutinize all email correspondence regarding wiring funds: Who is requesting $ and Why are they requesting $.
- Do not use public domain email accounts (i.e. @gmail.com) for business purposes. Require wire transfer requests come from company domain email accounts.
- Implement dual control (2 people authorization) and segregation of duties (i.e. one person receives the request for funds, a second person authorizes the release of funds).
- Use encrypted email for correspondence of sensitive information.
- Implement two-factor authentication for employee email.
- Implement a cybersecurity policy and review it often.
- Review your business insurance policy. Does it cover financial losses due to cybersecurity fraud?
- Know your customers, their reasons for initiating or requesting wire transfers, and their habits regarding such wire transfers
If you suspect your business is the victim of wire transfer fraud, contact your financial institution immediately, and request that it contact the financial institution to which the subject wire transfer was sent. If your financial institution declines to contact the recipient, you should contact the recipient institution, notify it of the suspected fraud, and request that it not further transfer the funds. In some cases, funds wired fraudulently can be returned. However, an ounce of prevention is worth more than a pound of cure when it comes to wire transfer fraud. Pay attention to red flags and implement policies designed to prevent wire fraud.
Most importantly, before any wire transfer is initiated, stop, review and confirm that the information and the situation is consistent with your policies, and only then release funds.
If you would like to discuss this further, call the Morrison, Clark & Company team at 480-424-7855.