At a recent Public Funds Management Seminar hosted by the NYCLASS administrator and investment advisor Public Trust Advisors, LLC, an educational session featuring a collection of investment and consulting professionals discussed helpful tips on how to prepare for, prevent, and protect your organization from fraud. Here are five takeaways for your local government:
1. Maintain and update your policies and procedures and make sure they are being reviewed.
Consistent and accurate policies and procedures will not only save you time but potentially eliminate the fraud risk associated with errors and dishonesty. Be sure to incorporate processes that identify potential risks and provide a way for employees to report fraud or error. It is often best to allow employees to report fraud anonymously as to reduce stressful situations.
2. Use a checks and balances system for processes, particularly processes that are at risk of fraud.
If possible, there should always be more than one person handling money, transactions, and/or banking changes. At NYCLASS, we recommend the following to our Participants to provide an added layer of security to their accounts:
- Each entity should have more than one authorized signer on an account(s).
- Multiple people should receive statements and transaction confirmations.
3. Be aware of email spam, phishing scams, and malware.
Make sure your employees receive regular training on the ways to identify suspicious emails. If something feels wrong, double check with others, including coworkers and vendors, to ensure that it is not a scam.
4. Each employee should have their own login information. Do not allow employees to share passwords.
When login credentials are shared, it is difficult to track individual actions and provides no audit trail. Only provide logins or other authorizations to those employees who require them. Wherever possible, use activity logs to monitor potential inappropriate or unauthorized access. For NYCLASS Participants, the online transaction portal offers multifactor authentication. If a login somehow falls into the wrong hands, a security code sent via email or text is required before the user is able to log in as an added layer of security.
5. Use technology to your advantage whenever possible.
Distance your organization from the use of checks. Using positive pay is a good option that does not allow for one check to be cashed more than once. Avoid sending checks via the mail. Use direct deposit or a similar option that avoids the unnecessary risk of checks being lost, or worse yet stolen, in the mail.
While no organization will ever be completely risk free, taking precautions and preparing your employees can help reduce the opportunity as well as the amount of fraud that may occur.