This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Jean-Yves Gilg

Editor, Solicitors Journal

Look before you sign on the line

Feature
Share:
Look before you sign on the line

By

If you sign cheques make sure that you limit the number of signatories . In a recent fraud investigation, a long serving accounts clerk used seven different signatories to sign petty cash cheques on a rotational basis.

If you sign cheques make sure that you limit the number of signatories. In a recent fraud investigation, a long serving accounts clerk used seven different signatories to sign petty cash cheques on a rotational basis.

Each signatory was thus unaware of the level of cash being drawn and the fraud was hidden by the payments being analysed as 'postage'.

This went on for several years until, as is often the case, one day the clerk was sick and a bank employee casually mentioned to another clerk that money had been drawn out only the day before.

Electronic transfers

There has also been a significant shift of risk to the customer from the bank in the era of electronic transfers.

For years, bank customers have used cheques as a means of transferring funds from their bank accounts to payees. Bank mandates formed the security procedures for validation of signatures, giving the customer the comfort that the bank would only pay on properly signed instructions.

In recent years, due to the volume of cheques and other documents, banks have almost discontinued the practice of verification of signatures on many transactions, choosing to save the high cost of such procedures and to bear the expense, and the risk, of payment under a false signature in the few cases that actually present themselves.

However, they have been keen to find a method to limit their risk of exposure in this regard.

The dramatic increase in electronic transfers and internet banking provides this opportunity.

On receipt of electronically transferred instructions with the appropriate authorisation code, the bank makes transfers to the specified accounts, providing these accounts had previously been set up under an appropriate authority. This authority is still a signed document, which is one of the steps taken to limit risks.

Where risks still remain

A system had been set up for a company whereby both employees and suppliers were paid by electronic transfer. All of the employees supplied their bank details to the employer, as did the company's suppliers.

These were forwarded to the bank under the signature of the directors. Each of the directors was issued with a password for use when making payments by electronic transfer.

The task of bookkeeping, accounting and the payment of bills had been delegated to the long-serving accounts manager who, in the past, had written out the cheques and presented them to the directors for signature.

Therefore, the directors, instead of handling the process themselves on the computer, gave their password, which had been issued for the protection of the company, to the accounts manager to use for payment of the accounts.

The accounts manager started to create duplicate purchase ledger accounts for existing customers, together with duplicate invoices which were then paid by electronic transfer.

In this way, an examination of the genuine purchase ledger would show nothing unusual and the fraudulent accounts would always have no balance.

The duplicate invoices were created by the use of photocopies and, to avoid detection as a duplicate and to avoid HM Revenue and Customs requesting the original on inspection, no VAT was claimed so that the invoices looked different.

However, the payment of the duplicate invoices was not paid to the account of a supplier but to the bank account of the accounts manager himself who was already a registered payee. Had the old system of paying by cheques still been in place, the accounts manager's only means of such misappropriation would have been by a forged signature, on discovery of which the bank would have been liable to reimburse the company.

Under the new system, because the directors gave away the password, the company suffers the loss unless it can obtain restitution from the accounts manager.

Disguising payments

A self-employed accounts manager was responsible for a business's electronic transfers and cheque payments. Autopay forms were presented to management to sign, as authorised, as in the case above.

The forms did not show the names of the beneficiaries, only the reference numbers and amounts to be paid. As the accounts manager was trusted (a familiar story), no crosschecking was carried out. The accounts manager was normally paid by cheque for his services but also added his bank details to the Autopay list. The additional payments were disguised as disbursements in the accounts, as similarly hidden in the first case.