Processing and reconciliation is not keeping up with policies, technology, or fraudsters. We are getting some interesting comments on this from the corporate treasury world.
For bank accounts that utilize Payee Positive Pay, what is the use of a check security policy that currently mandates the use of 14 features? This has become an issue with our Third Party Administrators (TPAs) who use our company owned accounts to issue checks. Having so many features prohibits TPA’s from using their own check stock, which only contains a handful of security features. Consequently, ordering low volume check orders (to comply with the security policy) becomes expensive… bordering on cost- prohibitive. In this day and age of Payee Positive Pay is utilizing security features even necessary? And if so, is there consensus as to which features would be considered mandatory to prevent fraud?
Most bank contracts that govern check-writing accounts now require “commercially reasonable” fraud-prevention measures. If you fail to exercise such “commercially reasonable” vigilance, then you will be held liable. Of course any time you have a loss, this is the first claim they make. Whether “commercially reasonable” is 14 or 40 features … who can say?
So yes: Use security features. The tough part is finding that sweet spot that constitutes “commercially reasonable” without being financially (or technologically) unreasonable. This usually requires a letter ruling from your bank – and they will squeal like a stuck pig since is not something they have done before.
A check payable to a vendor was intercepted somewhere along the way. A duplicate check was then produced with a different payee. The original check was never presented. The reproduced check was presented and not caught in positive pay because the dollar amount and check number were valid and tied to the positive pay log. Once we realized what had happened, we attempted to return the check as altered payee, however the bank of first
ÆGIS, May 2009 2deposit denied the claim stating that the check was counterfeit and not altered and we didn’t respond within the time frame for counterfeit items.
This happened to another client just last week. The only way they knew was the bank’s Loss Prevention department happened to review it, think it was fraudulent and called them to confirm the validity of the payee.
The duplicate check was of very good quality all the way to the correct “Pay Amount” down to the dollar amount box Thankfully, the bank called first thing on the morning of the day after it was deposited and the client’s bank was able to immediately return it as fraudulent. The client also put a stop payment on the original check and took it from their positive pay file. The check amount was more than USD$23,000.
The incremental costs of adding payee validation is well worth the investment when checks of that amount are being issued. Further, this scenario suggests that to effectively combat this we change the following:
1) Printing of checks remained as a function within Accounts Payable, with two designated individuals, along with one alternate as being an authorized employee for this, and that all three undergoing annual due diligence reviews, which include both background checks and evaluation of the employees’ credit report information.
2) Check distribution (stuffing, mailing and special pick up) was moved to another group, under video surveillance. Most loss was associated with these processes.
3) Consider use of ACH as the preferred payment method, especially for any items of higher value (e.g. anything over USD$10,000).
4 All payments over a certain threshold (e.g. USD$20,000) must be electronic, ACH, wire etc…
Another Current Situation
Several micro ACH payments have been hitting our deposit account. While losses associated with any one transaction is not large, losses can quickly begin to add up.
Set up a deposit account that is just a deposit account. No payments to other accounts other than a daily or week sweep to a COH (Cash On Hand) account. When it is time to pay bills, transfer only that amount necessary to pay your bills to the disbursement account. Use all of the positive pay features and move all of the employees and vendors to electronic payments. This is a good carrot since, if paid by electronic payment, they can get their payments even earlier and no hold on funds when deposited.
It takes a bit of time to get it set up, but it is so worthwhile. This saves approximately $9.50 for every check issued and mailed.
Most of the policies in effect at both the bank and at the corporate client firm are years old and probably have not been updated to fully address new payment options, changes in the patterns of frauds, and solutions to both combat fraud and reduce the cost of making and taking payments.
A thorough review of policies and processes needs to be undertaken with the Accounts Payable (A/P) and Accounts Receivable (A/R) departments to bring them up to speed with what your banks can do. Revise policies accordingly.
After you have appropriately revised you policies and procedures, please, please inform your insurance carrier. It is highly likely that when your fraud and theft insurance policy was issued, you were rated based on a policy put into effect several years ago. Now that you have updated the A/P and A/R practices, to increase speed and reduce fraud, request a re-rating or re- evaluation by your insurance carrier.. Even if you do not get the lower rating, understand that it is in your best interest to provide updates to the policy and procedures manual that you initially submitted to the insurance company at the time of underwriting. Otherwise, this might be used as a potential excuse for your carrier to deny a claim, under the guise that the changes were never submitted for approval (something your policy doubtless states in the little teeny type).