Tuesday, June 18, 2013

Managing Deposit Account Liabilities

In this issue, I want to point out some potential liabilities if your staff fails to properly handle routine tasks.  I recently learned about a case involving employee theft from a business. This was a classic case, whereby a "trusted employee" leveraged his autonomy in the bookkeeping arena to steal, and cover his tracks.  Discovery was delayed by well over a year, and then, as is often the case, only by accident did the owner realize what was done.  The business, of course, claims that the bank should have found the fraud, and stopped it.  The bank, in like fashion, feels, and frankly has the strength of the UCC (article 4-406) behind it, that discovery should have come more quickly, that the business owner was effectively complicit by not providing proper oversight.  It will be interesting to watch. It is noteworthy that the employee actually went to the trouble (and thus had ample opportunity) to alter the images of checks written to himself once the statements arrived.  Also noteworthy: the bank was unable to provide proper signature cards, corporate resolutions, and in some cases, images of the backs of checks (instrumental in clearly understanding what the checks were actually used for).   At issue here is whether the courts will find that the bank's failure to maintain good records creates any liability for them in what is otherwise a pretty clear case.

 Also in recent days, a court has rendered a verdict in favor of a financial institution in a case regarding loss over a wire transfer transaction.  Here, the business had actually "refused" the bank's offer of dual control technology, requiring that one person submit a wire, and another approve it.  To the bank's credit, all of this was documented, including a letter from the customer declining the dual control methods.  When the business experienced a loss, via an unauthorized wire transfer, they still looked to the bank for restitution.  The court denied it.



Here's the link to the article:


This led me consider how diligent your staff might be in ensuring that account records and documents, such as signature cards, corporate resolutions, faxed requests for wire transfers, etc, are complete and properly maintained.  It would be a good time to re-evaluate your bank's policies and procedures - and your training - around this area.  We all know that attention to detail suffers over time, unless the important of those details are re-iterated.  

Here are some key issues to consider

> Retention of Paid Checks.  Refer to your state's guidelines for record retention, but generally there is a requirement that you retain the source document, or a legible copy, for seven years after posting.  This includes legible copies of the front and back of each item.  In addition to the retention period, note the term legible.  Be sure that your check imaging system is identifying, and thus allowing you to return, any items that are not sufficiently readable to meet the IQA (Image Quality) standard. 

> Complete Signature Cards.  Often, the practice of opening a new account involves obtaining signatures over a period of time.  While this might seem understandable, especially for a larger organization that may have multiple authorized signers, it is not good banking practice.  In general, you should not begin servicing the account for which these signature cards are intended, without completely and properly filled out signature cards.  Make a trip to the business, and have management present to you each individual that will be a signatory.  Obtain and document proper ID for each.  Even on consumer accounts, resist the urge to let one spouse sign, and take the card home for the other to sign.  If you begin servicing the account without the necessary documentation, you take away your leverage for getting that documentation.

> Complete, Detailed Corporate Resolutions.  For any business concern, you should, in addition to signature cards, prepare and have signed a corporate resolution.  This should set forth the terms and conditions of the agreement, including services to be rendered, references to fee schedules, and expectations of performance for both parties.  In today's world, references to once unheard of issues like Internet Security and Virus protection, enforced dual control of access and access codes, and the like, should be in your corporate resolution.  


When adding new products and services like cash management, ACH Origination, or remote deposit capture, prepare and execute addenda that detail the terms and conditions of using those services.

> Electronic Solutions.  As referenced above, these must be appropriately deployed . . . and properly utilized by customers.  Dual control, separation of duties, proper Internet security are all matters that must be agreed to.  Rather than dictating operating practices too closely, be sure that you give broad guidance, and then assess compliance.  Banks must be careful not to exert "management control" particularly if there is a lending relationship, but can certainly give good guidance.  You can also (this is difficult to think about, but becoming a reality) turn off access to all or part of your electronic solutions if you feel a customer is a risk.  This would include customers without proper Internet Security and Virus Protection on their own networks, or those who refuse to utilize the security measures your system provides. 

>  Bank Controls Over Internet Activity.  The software that drives your commercial banking solutions includes parameters by which you can monitor and manage the risk associated with such systems.  Examples include, but are not limited to, the number of ACH origination transactions, average daily deposit limits, and wire transfer dollar amounts and frequency.  Leveraging data you have from processing your customer's accounts, and working with customers to understand their legitimate business practices, you can build in these controls in such a way that you protect both your customer's and your bank's interests.

 I hope you will share this article with your staff, and in so doing, begin a process of inspecting current practices to realign them with your polices, and reduce your risks. Remember that the most successful organizations are those who identify best practices, and strive, through training and education, to execute on them well.  Should you need help in these areas, I am always available.

Remember that I am not an attorney, and the above should be construed as operational, not legal, advice.  Please involve your counsel in any decisions involving proper interpretation of rules, regulations, and laws.