Banks are in the business of risk management — so, who better to help your ministry manage fraud and the onslaught of cybercrime making news almost every day?
By Therese DeGroot
Ministries are very familiar with the value of insuring their physical property and assets against potential loss. But, they don’t often think about their bank accounts.
Losses due to payment fraud can be so significant that it might take years for the ministry to recover. Fraud risk can be both external and internal. The management of this risk is a key issue as current estimates place payment fraud in the billions of dollars.
The 2013 Association of Financial Professional’s Fraud Prevention Survey reveals:
- 60 percent of surveyed respondents experienced payment fraud or attempted payment fraud.
- 82 percent experienced actual or attempted check fraud.
- 42 percent experienced actual or attempted credit / debit card fraud.
- $23,100 was the typical loss due to payment fraud.
Fraudsters attack from both inside and outside the organization. Ministry leadership can mitigate fraud by implementing improved controls in tandem with strategic Treasury Management services offered by banks.
- Payment fraud: check fraud
- Online attacks: account takeover, social engineering, database breach
External parties continue to prey on ministries. When you pay a business partner with a check, you are providing two key pieces of information (route & transit and account number) that could allow for unauthorized access to the ministry’s checkbook. Check fraud is still the No. 1 way in which payment fraud is attempted.
Although check volume is declining, ministries continue to use checks as the primary payment mechanism. The 2013 Federal Reserve Payment System Report states that business-to-business checks represented 28 percent of the 21 billion checks cleared in 2013.
Check fraud can occur in a variety of ways, including stealing account numbers and bank routing numbers to create fraudulent checks and check washing, which involves changing payee name and / or amount written.
Ministries can protect themselves from check fraud by considering alternate payment methods such as ACH, which reduces the number of checks written.
A daily review of transactional activity through the bank’s online banking portal will quickly catch a fraudulent item that clears the account.
To stop fraud before it occurs, ministries can use services provided by banks, such as Positive Pay and ACH Block / Filter. These services allow ministries to review certain clearing items to determine if they are valid. If items are not valid, the ministry rejects the item and stops the fraud before it can occur.
Online security attacks are an ongoing challenge. Ministries must constantly educate their staff and volunteers to be on their guard for attempts to gather confidential information which might lead to account takeover or data breaches.
Fraudsters develop sophisticated techniques in an effort to gain access to secure logon information from ministry staff, such as phishing, spearing, smishing and social engineering. Ministries must establish online protocols to block staff and volunteer access to certain websites and invest in robust anti-virus software to protect company systems from external attacks.
Staff and volunteer education is also a critical component to protect the ministry’s network. Ministries should consider a dedicated PC used only for access to the bank portal, which is a step to keeping this PC safe from unintended viruses.
- Fraudulent vendors
- Expense reimbursement
- Check tampering
- Cash theft
One of the most devastating types of fraud occurs from within. Ministries trust staff to manage payments and conduct themselves in the best interest of the ministry. Unfortunately, an employee sometimes takes advantage of that trust and misuses his or her access to defraud the ministry.
Fraud perpetrated by trusted — often long-term — employees is devastating to the morale of the ministry, as well as its reputation. With cash being such an important part of any ministry (large or small), controls must be established and monitored around cash handling.
The opportunity for internal fraud can be deterred by establishing best practices, including:
- Perform exhaustive reviews of budget reports — review journal entries, cash disbursement activity and a budget to actual analysis
- Invest in the services of a CPA to prepare an audit or review of your financial statements and perform a review of your accounting practices
- Separation of duties — Account Receivable and Accounts Payable should be handled by
- Random checking of vendors and invoices for legitimacy
- Bank account reconcilement services
- Payroll audits
- Securing and restricting access to check stock
- Establishing dual control for all online payments — including initiation, approval and validation of payments.
A culture of accountability
As important as it is to establish strong policies and controls, it is equally important to audit adherence to those polices. Doing so is a key factor in the ability to provide an environment of autonomy and manage risk.
A ministry can thwart the efforts of fraudsters trying to profit from illegal payment activities by creating an environment of awareness, vigilance and by establishing controls within the ministry. A well-organized financial team with defined roles and responsibilities, meaningful policies and consistent audits of policies and financial statements — as well as ongoing employee education — are the keys to creating a climate where everyone is aware of fraud and knows the proper steps to protect the ministry.
Therese DeGroot has developed and managed religious lending programs for 25 years for many banks that now specialize in lending to churches, nonprofits and schools. She is Managing Director of First Bank’s Community First Financial Resources Division in Lake Forest, CA.