Skip to content
 

Are your Internal Controls like Swiss Cheese?

Are your Internal Controls like Swiss Cheese?
Part 5 - control over wire transfers for community banks

by Gene Bucciarelli, CPA
Internal Control Systems

"The speed of monetary transmission and the risks of that transmission are equals."

The Fedline terminal in a community bank does and should get a fair amount of attention. Funds sent by Fedwire are considered collected balances immediately upon receipt by the other institution. As a result, preventive and detective controls are crucial to maintaining the security of the process. The FFIEC manual for Data Processing Examinations lists a number of preventive controls for the set up of the Fedline software. These include:

  • Wire prepare and verify/transmit segregation
  • Password change time frames (30 day)
  • Time out standards (10 minutes)
  • Number of password error retries (3)
  • Dollar verification limits set to zero
  • Local security Administrative (LSA) job restrictions - no operational Fedwire duties or singular access to the Fedline terminal
  • Master ID and password storage requirements
  • Physical security - separate locked room if possible
  • If locked room not possible then screen saver with password.

Detective controls, that is, the manual and administrative procedures an institution sets up around Fedwire activity are just as important. The standard controls you should consider and compare to your current process include:

  • Daily printout of each Fedline wire both incoming and outgoing
  • A daily log of each incoming and outgoing wire. This log to include the amount, sender, beneficiary and total for the day.
  • Daily printout of the Fedline totals of wires to compare to your daily totals
  • Evidence of OFAC procedures for both incoming and outgoing wires
  • Evidence of funds available review for outgoing wires
  • Verification for fax and telephone requests. (Many banks do not allow fax requests)
  • Approval authority levels for wires
  • Branch/department call back procedures -when a wire request is received from a branch or other department that wire should be verified by the wire department
  • Evidence of timely processing of incoming wires
  • Wire in process GL account daily review and clearing
  • BSA/SAR wire procedures
  • Non customer wire requests procedures or policy
  • Agreements with business customers stating the rights and responsibility of the parties and verification procedures.
  • Annual audits of wire procedures.

While the list of controls is extensive, so are the risks. A single fraudulent wire can wipe out a Bank's hard earned capital and reputation in a heartbeat!

Are your wire procedures sufficient? Is it worth it to take another look?

Access the previous articles in the Swiss Cheese series

Gene Bucciarelli, CPA is the principal of Internal Control Systems, a community bank internal audit and internal control consulting firm. He is an expert witness for employee frauds. He can be reached at 925.828.7360 or via email at genebu@home.com.

First published on BankersOnline.com 8/13/01

First published on 08/13/2001

Filed under: 
Operations
Filed under operations as: 
Examinations
FFIEC
ID
Internal Controls
SAR

Report a problem with this page

Search Topics