Targeting local government entities with increasingly severe cyberthreats is the latest focus of some cybercriminals. Because the scope of the threat is vast, Public Trust Advisors (NYCLASS Administrator and Investment Advisor) strongly urge our local government clients and Participants to help protect their accounts and institute best practices internally to keep their NYCLASS account up to date.
Dual Approval on Transactions: What It Means, Why It Matters
Dual approval requires one authorized signer to input an order in the portal and another authorized signer to approve the order. By doing so, no single person, alone, has total authority over transaction activity.
- Once the initial authorized signer submits the order, all other authorized signers on the account will receive a notification that an order needs approval. Even though only one other signer is required to finalize authorization for a transaction, this action creates even more transparency for your account.
- Orders must be approved by the pool’s cut-off time (12:00 p.m. ET), on the effective date of the order, to allow for the transaction to be processed.
- If an approver attempts to approve an order after the pool has closed on the trade date, they will be provided with the option to cancel the order or resubmit for the next business day. Resubmitted orders do not require new approval.
- An order with no cancellation or resubmission by the end of the business day will be removed from the system, and no transaction will occur.
To register your entity for dual approval, please reach out to the Client Service Team today!
NYCLASS has released a new feature to help Participants audit account activity more easily.
Now, when certain changes are made, all authorized signers on your account will be notified of the updates via email. Changes to bank instructions, bank account information, and certain contact information will autogenerate an account update email for ease of use.
Keeping Accounts Updated: Best Practices
Review your accounts periodically (but at least yearly) to ensure your contacts and banking information are current. Select a date, and formally add it to your operating calendar. Whenever something changes, update the account as soon as possible, and immediately when access terminates. Examples may include an individual leaving your entity that should no longer have access and/or a bank needing to be removed or added.
- Have multiple (not fewer than two) authorized signers on your account. Multiple authorized signers ensure more people are notified of changes. System vulnerability increases when sole individuals are the only ones with access; having additional signers allows for more transparency.
- When you do receive a notification of changes, review those reports in the portal. A minute’s review now could save hours later. Simply navigate to the NYCLASS Reports section of the portal and select Audit Report to download activity on your account.
As you can see, internal self-assessment is always a good first step toward identifying system vulnerabilities and buttressing information security protocols that protect and defend against the potential loss that accompanies cyberthreat. Public Trust Advisors is committed to helping and is pleased to offer our latest cybersecurity blog and whitepaper by clicking here.