Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home



Print Friendly! Email This Article! Discuss NOW!




Are your Internal Controls like Swiss Cheese?
Part 9
by Gene Bucciarelli, MBA CPA

"Our Privacy statement indicates we will protect your privacy, this includes the times that you make it difficult for us!"


Customer Statements
The methods of delivery of customer account statements include mail, estatements, and held at the branch for pick up (Hold Mail). Each of these creates internal control and information security issues that need attention. This article will discuss the key control issues you might consider in each of these delivery methods.

Mailed Statements
Verify mail returned with address changes by sending a letter to the customer at the new address. A good verification procedure would be to include a request to call the bank or to return the attached address change form. Check the ID if the customer calls the Bank or verify the signature if the address change form is received. If no response from the customer then follow the same procedure as undeliverable mail.

Place undeliverable mail under dual control. After two or three cycles change the address line to no address and put the mail status on hold. Too often undeliverable mail is placed in a drawer that has single or even no custody during the day and the statements are mailed out month after month for long periods of time. As a result employees have access to a group of accounts that may have no customer review. In addition putting these accounts on hold will save the cost of the unnecessary mailing.

Estatements
In addition to ESIGN requirements, the bank needs to ensure proper setup and access ID procedures. The best procedures focus on one or more non public ID's such as mother's maiden name. One of my clients uses five ID questions to verify the owner. Some banks use only one such as the social security number or address; however I find this questionable, as these are readily available with a little effort.

Hold Mail
Only authorized signers or those authorized by those signers should pick up mail at the branch. Business accounts will sometimes send bookkeepers or other personnel to pick up the statements.

The signers on the account should authorize these personnel in writing. I usually recommend placing a list of signers and those authorized in the same file as the hold statement. This will assist any employee helping a customer picking up mail ensure that the person is authorized in an efficient manner.

Don't let the simple and time honored process of delivering statements create information security leaks or internal controls weakness in your system of internal controls and information security program. Review and test your customer statement controls regularly.

-----------------------------------------

Gene Bucciarelli, MBA CPA is the principal of Internal Control Systems, a community bank auditing and consulting firm. He can be reached at genebucc@aol.com and 925.828.7360.

Access the previous articles in the Swiss Cheese series: First published on BankersOnline.com 9/22/03


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.