Wire Transfer Internal Controls
Examiners should review a credit union’s internal controls over wire transfer activity. These controls can help protect against fraudulent activity and should ensure compliance with regulations and policies. At a minimum, examiners should confirm that:
- Employees receive training upon appointment to a position within the wire transfer department and thereafter receive annual training to reinforce the credit union’s security and control policy.
- Credit unions employ controls, including passwords, PINs, and/or security tokens, to authenticate employee identities. Passwords and PINs are changed frequently.
- Segregation of duties is implemented. Credit unions with many employees segregate wire transfer responsibilities (for example, initiator, approver, and reconciler) among different employees. A credit union with limited staff may rely on a member of the board or Supervisory Committee to approve wire transfer requests.
- Management requires the use and enforcement of exposure limits. Ensure software control has limits for the overall credit union account and user accounts.
- Credit union assigns specific employees the authority to either request or approve wires.
- Requirements for effectively identifying the member originating a wire are clearly defined. This includes requirements for controls such as call-backs and defined authentication methods.
- User access reports are accurate and up to date, and that user access levels are appropriate based on user’s roles.
- Call-back and/or dual factor authentication procedures are used when appropriate.
Last updated September 25, 2017