Wire Transfer Fraud: How to Understand It and Prevent It

Day 3 of 30 Days of Fraud

The Theft

In one of the simplest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to a private Austrian account. In this post, I’ll show you how wire transfer fraud occurs and how to prevent it.

wire transfer fraud

Stealing a Cool $6.9 Million

The nonprofit administrator originated with the wire with a fax, taking less than an hour. Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. 

The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned in her husband. He later came back to the states of his own volition. I guess, after a few boat rides down the Danube, he missed his family. Did he go to jail? Yes.

The Weakness

The nonprofit entity did not establish appropriate controls over cash wire transfers. One person (by himself) could move funds.

The Fix

The fix for this weakness is to require (at least) two persons to consummate all wire transfers.  

As you think about wire transfers, consider that they can originate with:

  • Faxes,
  • Phone calls,
  • Personal visits to banks, and
  • Computers

Determine how your bank handles wire transfers, and craft your internal controls accordingly.

Prevention Steps

Organizations should do the following to mitigate wire transfer fraud:

  • Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  • Require two persons to consummate all wire transfers to external parties (an essential control in my opinion)
  • If the wire transfer request is made with a phone or fax, require the bank to call your organization back before the wire transfer is consummated
  • The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are required to make wire transfers)
  • Restrict bank accounts so that wire transfers can be made only to bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  • Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  • Require sufficient documentation for all wire transfer journal entries; require a second-person review of these entries
  • Consider using a dedicated computer for all wire transfers; do not use this machine for any other purpose (malware is often picked up by computers as users visit tainted websites)
  • Use all bank-provided wire transfer controls
  • Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

If you’re an auditor, consider–as you audit cash–whether these controls are in place.

30 Days of Fraud Series

If you found today’s post helpful, consider subscribing to my blog below. I am providing 30 posts like this one showing how various frauds occur and how you can prevent them.

Learn from the CPA Scribo newsletter!

Get my free weekly accounting and auditing digest with the latest content.

Powered by ConvertKit

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *