Bank Reconciliation Process

BANK ACCOUNT RECONCILIATION PROCEDURES 

In the July/August 2008 column, I discussed the bank reconciliation process that's essential to thwart the check fraud threat posed by outsiders. (For a brief review of these procedures see the sidebar on page 12.) I can't overemphasize the role of the independent reviewer or business owner in scrutinizing redeemed checks. He or she must determine if the organization actually issued all the redeemed checks and look specifically for check fraud, warrant fraud, and debit card fraud (that is, false transactions outsiders have created using the organization's bank account number). The reviewer must be aware that bogus checks might be practically identical to the original checks and also determine if all redeemed checks were issued to authorized employees and official vendors for a legitimate business purpose. 

 

We'll continue our discussion of bogus financial instruments in this column, focusing on the importance of reporting or filing claims on time. A missed deadline ensures you'll suffer a loss. Auditors and fraud examiners also should consider these requirements about the timely reporting of bogus checks, debit card transactions, and warrants. In any case, the organization should notify its bank immediately when bogus financial instruments are detected. 

 

30-DAY RULE FOR CHECKING ACCOUNTS 

The U.S. Uniform Commercial Code states that organizations issuing checks normally have a responsibility to notify the bank about check fraud no later than 30 days after the closing business date shown on the bank statement. (Don't confuse that date with the date that the bank mailed the statement or the date the organization received it.) Even with this grace period offered by banks, organizations should implement procedures to promptly identify check fraud thus improving the chances of a successful prosecution of the perpetrator. All organizations should review the bank statements and their enclosures immediately upon receipt to identify any fraudulent financial transactions such as bogus checks, debit card transactions, or warrants. Don't wait, and certainly don't imitate the following example. 

 

I read a newspaper article about a small city that hadn't reconciled its primary bank account in more than a year. That government was flirting with danger and truly didn't understand the risk of loss posed by the check fraud menace despite the fact that the external auditor included this internal control weakness in two consecutive audit reports and a councilperson warned that a backlog of more than a month put the city at risk. The city finance manager responded that he hadn't spotted any obvious fraud or incurred any loss of public funds while working with the staff to reduce the backlog of delinquent bank reconciliations. I hope check fraud doesn't happen to them. But it certainly could with the city finance manager's unfortunate position. 

 

24-HOUR RULE FOR DEBIT CARD TRANSACTIONS 

The U.S. Uniform Commercial Code states that governments, private businesses, and individuals have a short time span to report bogus debit card transactions posted on their bank statements; they must act within 24 hours of the posting. Outsiders first target the organization's treasury funds when they pass fraudulent debit card transactions through the banking system. If bad debit card transactions are promptly reported to the bank, these losses revert to the vendor where the bogus transactions originated. Therefore, all organizations should perform daily debit card bank reconciliations to protect against the possibility of loss from this threat. 

 

Waiting for the monthly bank statement to arrive simply isn't good enough when it comes to avoiding losses from bogus debit card transactions. Organizations that ignore this 24-hour rule suffer the consequence of losses of funds with no possibility of a claim against the bank for reimbursement when bad debit card transactions occur. If you get hit, you automatically lose your hard-earned money. To avoid this, a small organization might use a bank's online inquiry system so it can reconcile every day and report bogus transactions on a timely basis. One caveat: Small organizations shouldn't use debit cards if they can't perform the bank reconciliation daily because the risk of loss is just too great. Large organizations might obtain a daily CD-ROM from the bank, which lists all financial transactions that have occurred. 

 

24-HOUR RULE FOR WARRANTS 

The U.S. Uniform Commercial Code also applies to warrants. Most governments in the state of Washington (where I worked as the audit manager for special investigations for the Washington State Auditor's Office) issue warrants instead of checks. Warrants move through the banking system just like checks until they reach the organization's bank. The bank notifies the organization that its warrants are ready for pick-up each business day. Once warrants are presented by the bank, the government issues a check to the bank to redeem them. 

 

Government agencies must report fraudulent warrants to their banks within 24 hours of presentation. If the government fails to pick up warrants promptly at the bank and allows the 24-hour period to expire, or if it fails to report warrant fraud to the bank within 24 hours, the bank will deny any claim for losses. In those circumstances, bogus warrants automatically become the responsibility of the government, which sustains a loss of treasury funds, as the following case shows. 

 

A county treasurer makes a costly mistake. County employees redeemed warrants from the bank each business day and immediately reviewed them to ensure all documents were valid. One day, the treasurer's representative was surprised to find two bogus warrants in the batch of documents. Before finishing the reconciliation, the employee swiftly returned them to the bank, which accepted liability for them. The following day, the staff completed the bank reconciliation and discovered a third bogus warrant for $45,000 in the batch. When they returned this additional warrant to the bank, it refused to accept any liability for the transaction because the 24-hour period had lapsed. To my knowledge, this is the only time a Washington state government entity ever suffered a loss from bogus warrants. It could have been prevented if the staff had scrupulously reviewed all redeemed warrants before the 24-hour reporting period ended. 

 

On the other hand, here's a success story. In 2001, external fraudsters created three bogus warrants totaling almost $450,000 by using a county treasurer's bank account number and processed them through the banking system over several months. The county treasurer's staff promptly detected each transaction and returned them to the bank within 24 hours. The bank accepted the liability for each of these losses. 

 

LESSONS LEARNED 

Let's review some of the major points of detecting and reporting fraud in the bank reconciliation process: 

• All organizations should review the bank statements and their enclosures immediately upon receipt to identify any bogus financial transactions such as bad checks, debit card transactions, or warrants. 
• Organizations issuing checks normally have a responsibility to notify the bank about check fraud no later than 30 days after the closing business date shown on the bank statement. Governments, private businesses, and individuals have a short time span to report bogus debit card transactions listed on their bank statements - only 24 hours. All parties should, therefore, perform debit card bank reconciliations on a daily basis to protect against the possibility of loss from this threat.
• Governments must report fraudulent warrants to their banks within 24 hours of presentation. If a government fails to pick up warrants promptly at the bank and allows the 24-hour period to expire, or if it fails to report warrant fraud to the bank within 24 hours, the bank will deny any claim for losses.  

IT'S TIME TO SWITCH TO THE THREAT POSED BY INSIDERS 

In the next column we'll cover the insider threat to an organization's treasury funds. There is more information to learn about the bank reconciliation process than perhaps you've ever dreamed. Wait and see. 

 

ESSENTIAL BANK RECONCILIATION PROCEDURES 

This is a brief review of important points in detecting and preventing check fraud, warrant fraud, or debit card fraud committed by outsiders. (For a detailed discussion see the Fraud's Finer Points column in the July/August 2008 issue of Fraud Magazine.) 

• Delivery: The unopened bank statement with checks enclosed should be mailed or delivered directly to an independent party for review (such as someone other than the checking account custodian or other person responsible for the financial transactions in the account). 
• Small Businesses Owners should perform this review because they know their operation and whether checks have been issued for legitimate business purposes. 
• Completeness: All redeemed checks should accompany the monthly bank statement so the reviewer can identify check fraud and other check alterations. The reviewer should verify four elements: the check number, the date, the amount, and the payee. 
• Timeliness: The independent reviewer should reconcile the bank statement with the organization's accounting records immediately upon receipt. 
• Approval: The owner or other designated independent party should verify and sign off on the completed bank reconciliation with his or her signature and the date of the review. 
• Auditor's Role: Auditors and fraud examiners should ensure that all monthly bank statements and daily CD-ROMs the bank might provide are on file at the organization.  

Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE Fellow, is retired after more than 42 years of government service. He remains the vice chair of the ACFE Foundation Board of Directors.   

 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.