Wire Transfer Test Keys

Posted By: Popsicle

Wire Transfer Test Keys - 05/08/06 09:11 PM

I have been assigned the task of creating the internal audit program etc. from scratch, with lots of years of operations experience, but no hands on audit training. Having provided that preface, I am about to expose my ignorance and hope you all will be gentle! Wire transfer is probably the first audit they will have me do, so I'm studying my little hiney off, and came upon ICQ's about test keys. Apparently our bank does not use/require this, and I don't know exactly what test keys are, or if we should be doing this. Could someone give me a Test Key 101 course? I'd sure appreciate it, as I can't seem to find anything like a definition anywhere. Thanks!
Posted By: Hrothgar Geiger

Re: Wire Transfer Test Keys - 05/08/06 11:38 PM

Here is an example of how one might be used.
Posted By: Popsicle

Re: Wire Transfer Test Keys - 05/09/06 02:47 PM

Thanks Barbarian, this wire agreement mentions that the bank will provide the customer with a "Test Key Algorithm Value Table..." Where does this algorithm table come from? And how does it work? You know, maybe we are so small (<$100 million) that the wire volume we do would not indicate the need for test keys and I could stop hurting my head about it. What do you think?
Posted By: Ms Auditor

Re: Wire Transfer Test Keys - 05/09/06 04:45 PM

There are other controls that could be used instead of test keys, such as: call backs, passwords, passphrases, etc. Does your bank allow customers to call in wires or do they need to come into the office to sign a wire transfer form. In this case a test key as well as the controls I've listed might not apply.
Posted By: Popsicle

Re: Wire Transfer Test Keys - 05/09/06 07:03 PM

Right now if they are not here in person, they can authorize a wire by fax, including a signature, or if by phone, we have set up a pin # or password. If they don't have a pin/password they are required to come in person. I don't think we do any kind of call back unless we have a problem.
Posted By: rlcarey

Re: Wire Transfer Test Keys - 05/10/06 11:28 AM

This is not area to fool around with and no matter how small your bank is, you need to have proper procedures in place. I think it is probably especially important for a smaller banks that could not absorb a huge loss. You need to look at your State's version of the UCC-4A:



"Security procedure" means a procedure established by agreement of a customer and a receiving bank for the purpose of (i) verifying that a payment order or communication amending or cancelling a payment order is that of the customer, or (ii) detecting error in the transmission or the content of the payment order or communication. A security procedure may require the use of algorithms or other codes, identifying words or numbers, encryption, callback procedures, or similar security devices. Comparison of a signature on a payment order or communication with an authorized specimen signature of the customer is not by itself a security procedure.

As you can see, the comparison of a signature on a fax is not a security procedures. What this is saying is that if you wire out $250,000 based on a fax and the customer comes in and says - "I didn't authorize this" - the bank is going to take the loss.
Posted By: Popsicle

Re: Wire Transfer Test Keys - 05/10/06 03:36 PM

Randy, thanks for the caution, but then I am back to my original question. Where do we get a test key algorithm value table, how does it work etc? Would our CPA firm help with this? I'm totally at sea here about the process of using test keys or codes.
Posted By: Kathleen O. Blanchard

Re: Wire Transfer Test Keys - 05/10/06 03:52 PM

I have seen manual internally generated test keys using things like a secret number (sent securely to users monthly, new secret number for each day of the month in a chart), date, loan amount and a total of last 3 digits of the loan amount.

The key entered on the form as verification of authenticity would look like this:


That is

43 secret number
05102005 date
157125 loan amount
8 total of last 3 loan digits

That of course is just one way...you can come up with any method you want.

The "formula" is of course treated as highly confidential.
Posted By: Popsicle

Re: Wire Transfer Test Keys - 05/10/06 06:22 PM

Thanks kaybee, that's helpful. I guess if they don't have a loan we could add say the last three digits of their account number or something like that, and maybe use their date of birth instead of loan amount? Or just leave that part of it out? Anyway, that helps me understand what kind of thinking goes into the test. Thanks so much!
Posted By: Kathleen O. Blanchard

Re: Wire Transfer Test Keys - 05/10/06 09:11 PM

Really any combo you come up with as long as some "secret" info is needed to complete the key. You could just use the amount of the wire where I said loan (I see I used loan amount - that is because we were wiring loan proceeds, so that just came naturally!)