Call Back Procedures - Exceptions?

We are getting a new wire system and in the discussion, a person that has just joined the bank stated that if the customer is not available, they will override the Call back. Say, the customer is heading into a meeting and calls about initiating a wire and because they are a good customer that they 'know' they will override the policy for callbacks. I strongly disagree that there would ever be a reason we would not follow proper procedures especially in these cases because of the risk. The person made the remark the CEO should be allowed to override. I pointed out that situation of, " you can't reach me because I am going into a meeting or catching a plane out of the country' is the classic scam scenario. Feedback, please?

Any non-in-person wire transfer is subject to "commercial reasonable" security procedures or the bank is going to be on the hook for any unauthorized wire transfer.

Ask them if they are volunteering to stand in front of the judge and explain how waiving your normal procedures are reasonable (which I am sure are also outlined in your written wire transfer agreement with the company) when the person that they thought ordered the wire said everyone was too busy for a callback. Plus, if you are calling back the person that placed the order - there is no security in that.

We call back to a number that is on the system. Also, we are looking to see if this customer ever sent a wire out. Another thing that was brought out was that if the officer on the account is the only one that has the cell phone number, they could use that. Again, I said 'no'. Callbacks are to use the telephone numbers that are on the system that the customer told us at account opening. I also stated that the customer, at account opening is to keep us informed of any new telephone numbers or changes to their email addresses so we always have the most current information.

Just a warning, callbacks to numbers on the system can be defeated, too. All the bad guys need is to phish the credentials to access the customer's telephone account and they can forward the customer's phone number to a disposable cell phone. Your wire room then receives the call back authorization from the bad guys. Again, the bank will be on the losing end.

I agree with your objection to this idea. One step further- any legitimate contact number for your customers should be in your system. A culture where these types of practices are acceptable, or even normal, is going to look quite attractive to a malicious insider.

we have a requirement for callbacks, we have a procedure for callbacks, we also have an exception process for the RARE instance that a callback will be waived. It takes a VP or higher AND a LOB Executive signature to override the callback. we process over 33k wires per month, last month we had 2 overrides.

I am not in favor of overriding any, but the bank has made a decision and accepts the risk when certain conditions are met.

We have a similar process to Happy. If there is a loss, it's on the P&L of the Executive that approved the override. We don't get many requests for overrides approved.

We have had several where the CEO has said "send it" but a persistent bank officer pushed further, only to find out they were a victim of a BEC, or had the instructions switched on them last minute.

I would highly discourage doing any sort of workaround from your callback without having an explicit written agreement that states they understand the risk and will hold the bank harmless.
Even then, Id' probably still have an unacceptable amount that a callback is non-negotiable.

In a prior bank life, I saw a real-life 6 figure loss occur because call-back procedures were weak or not followed as others have described above. The loss was unrecoverable. Careers were affected.