Steps Your Board Can Take for Cyber Fraud Prevention
As a homeowner who is a part of an association, cyber fraud prevention is doubly important. You put a lot of trust in the people designated to manage your association’s money. So it can come as quite a shock if you discover that one of those people has been stealing from your association’s funds.
No association is completely immune from being a victim of fraud. In 2015, the bookkeeper for a property management company in New England was sentenced to federal prison for defrauding 28 condo associations of nearly $1 million and filing fraudulent documents in an attempt to cover it up. This example illustrates why cyber fraud prevention is so important.
There are steps that board members can take to prevent fraud. Read on for ways your board can prevent being victimized, both internally and working with your professional property management company.
1. Protect your association’s bank accounts.
Association bank accounts should be FDIC insured and opened in the name of the association only – never in the name of a board member, community manager or any other individual. Money in these accounts should not be comingled with an individual’s money, and no one should be allowed to write checks to themselves or use funds for personal expenses.
Your reserves and your operating funds should always be kept in separate accounts as well. Choose accounts that guarantee the safety of your funds while maximizing your return.
2. Require two signatures to take funds from reserves.
Massachusetts condominium law states that all checks drawn from the reserve fund have to be signed by a member of the board, as well as the management company, unless there’s a written agreement stating otherwise. Best practices use both signatures. Following this practice when transferring funds from the reserve account to operating account will help your board keep a close eye on the reserve fund, which is critical to the financial health of your association.
3. Restrict debit card use.
Debit cards make it very easy to withdraw needed funds anytime. That convenience can also make it easy for your association to lose its operating funds. “We have a number of associations that use debit cards, but those cards have daily limits, restrictions on transactions and a ban on cash withdrawals at the bank level unless previously approved by the manager / Board of Trustees,” explains Sean Jordan, director of property management at FirstService Residential. “The cards are never linked to the full operating account. We have had instances where authorized users with the card would go to Home Depot on association business per board instructions, for example, but failed to inform the accounting team know ahead of time that the purchase would exceed the card limit. The transaction would fail, the associate would have to call a management supervisor to verify the purchase is valid and we remind them of the proper procedure for a purchase above the cards limit. Accounting will also follow up with an email to the property manager to remind them and the associate for future purchases. That definitely helps save time on follow up afterward, especially for portfolio managers with multiple properties.”
4. Implement internal controls.
The person who signs checks should not be the same person who reconciles bank statements and receipts. Keeping Separate duties is essential for cyber fraud prevention. Separate duties limits opportunities to misrepresent purchases, and creates a system of oversight and accountability. Remember that just because the treasurer of your board has been entrusted to handle finances doesn’t mean that other board members shouldn’t be involved as well. Another precaution your board may want to consider is rotating financial responsibilities so that no individuals retain control of a specific function for long periods of time.
This applies to your property management company too, if you have one. “One of the things we take pride in here is our financial reporting and internal controls,” Jordan says. “We work with many of the auditors in our area, so there are always checks and balances in place. We want to make sure that everyone is doing what needs to be done to minimize risk and continue to look for improvements. We’ve actually gotten management contracts through recommendations from auditors due to our check and balance practices and reporting methods.”
5. Reconcile transactions promptly.
“One of the most important thing a board can do is review their invoices and reconcile them with bank statements,” Jordan states. “Management should be providing invoices with the monthly financial statements or providing access to them online. That allows the board to know if anything improper was paid and to find discrepancies quickly.”
6. Work with management to vet your vendors.
“Vendors who attempt to change the agreed upon payments terms throw up huge red flags to me,” Jordan says. “If the vendor calls constantly for payments before the agreed due date, they could be strained financially. That’s when ethics can slide.”
If you work with a quality property management company, they’ll have access to a roster of vendors your community can trust and who may even provide preferential rates or levels of service. Always check with them before contracting a new vendor.
Along those lines, check invoices carefully before paying them. “Over the years, I’ve seen submitted invoices without numbers, no phone numbers, irregular invoice numbering and frequent address changes,” Jordan recalls. “All of those things should be red flags. “If the invoices are too general, just saying ‘monthly service, as per contract or part of contract,’ those should be flagged. Maybe the board knows what the contract states, maybe the manager does, but your management company’s accounting team should be catching those and flagging them. If we in accounting don’t know what the contract states, how do we know what the invoice is actually for or why we should pay it? The reason for an invoice should always be immediately obvious. Don’t make payments off statements or proposals either. Get an invoice!”
7. Use electronic payments if possible.
Electronic payments limit opportunities for theft and fraud by minimizing manual handling of money. Implementing reliable and secure property management software can make it easier for homeowners to submit their common area fees and other payments online.
8. Update financial authorizations regularly.
Since association boards are made up of volunteers, members can change frequently. Be sure to update bank signature cards and other financial authorizations immediately when there is turnover on your board.
9. Conduct annual financial reviews.
A financial review is a review of your financial books that is conducted by an independent certified public accountant (CPA). It ensures that your association’s financial statements are complete and accurate. Jordan says that he recommends that all associations do a review every year. “It’s a safeguard for the association and provides a check and balance to be sure we aren’t missing anything, and the financial reporting is accurate” he explains. “Auditors are also peer reviewed which is yet another check on the quality of work being done to ensure the association reports are accurate.”
10. Obtain adequate fidelity insurance.
Fidelity insurance will protect your association in the event of criminal activity by a board member or other named person. Ask your management company about fidelity insurance that is designed specifically for associations. That management company should also provide proof that it has insurance to protect your association in the event of fraud by one of its employees.
11. Learn to recognize red flags.
Seemingly innocent behaviors can be a sign of suspicious activity if they occur frequently or in tandem. Make sure that board members are familiar with the signs of questionable activity so that they will recognize them if they occur. Possible red flags include:
As volunteers, very few board members are experts in finance or accounting. It’s important that the board have an understanding of what your manager does and what your management company does in terms of handling your association’s money. Find out if your management company offers training that can help your board members better understand these matters. “Massachusetts law doesn’t require board training, but we think it’s always helpful in building great relationships between the board and the management company,” Jordan says. “It gets everyone on the same page and hopefully having the same expectations and understanding.”
13. Know what to look for in a property management company.
The best of intentions won’t protect your community’s finances from fraud. Resources must be available to make those intentions a reality. For example, to successfully segregate financial duties, a management company will need to have employees available to staff separate payables, receivables and record-keeping departments. Ask if those employees are cross-trained within accounting and if spot checks are performed to spot rubber stamping or any other lax practices by individual employees.
Verify that the company can provide your association with a web-based platform where residents can make online payments to reduce the risk of check fraud. Be sure the company’s in-house information technology (IT) department can provide robust security for that platform as well. Cyber-attacks are a growing problem, even for small organizations like associations, so don’t underestimate the importance of cyber security in protecting financial and personal data.
“A good management company recognizes they are dealing with people’s homes, but the association functions in essence like a business.” Jordan says. “Anyone entrusted with the associations financial health needs to take the steps that any business would take to safeguard its assets, minimize risk and maximize the use of funds available, which is where FirstService Financial is a benefit. The rate of return on deposit accounts and CD’s has been very good.”
Preventing fraud may involve taking extra steps that create more work for your board. But the alternative is something that no association ever wants to face. Take the right precautions up front to avoid problems down the road. The homeowners in your community will thank you for doing your fiduciary duty.
Take a look at our guide to improve board communication to get started, or simply contact us today!
No association is completely immune from being a victim of fraud. In 2015, the bookkeeper for a property management company in New England was sentenced to federal prison for defrauding 28 condo associations of nearly $1 million and filing fraudulent documents in an attempt to cover it up. This example illustrates why cyber fraud prevention is so important.
There are steps that board members can take to prevent fraud. Read on for ways your board can prevent being victimized, both internally and working with your professional property management company.
1. Protect your association’s bank accounts.
Association bank accounts should be FDIC insured and opened in the name of the association only – never in the name of a board member, community manager or any other individual. Money in these accounts should not be comingled with an individual’s money, and no one should be allowed to write checks to themselves or use funds for personal expenses.
Your reserves and your operating funds should always be kept in separate accounts as well. Choose accounts that guarantee the safety of your funds while maximizing your return.
2. Require two signatures to take funds from reserves.
Massachusetts condominium law states that all checks drawn from the reserve fund have to be signed by a member of the board, as well as the management company, unless there’s a written agreement stating otherwise. Best practices use both signatures. Following this practice when transferring funds from the reserve account to operating account will help your board keep a close eye on the reserve fund, which is critical to the financial health of your association.
3. Restrict debit card use.
Debit cards make it very easy to withdraw needed funds anytime. That convenience can also make it easy for your association to lose its operating funds. “We have a number of associations that use debit cards, but those cards have daily limits, restrictions on transactions and a ban on cash withdrawals at the bank level unless previously approved by the manager / Board of Trustees,” explains Sean Jordan, director of property management at FirstService Residential. “The cards are never linked to the full operating account. We have had instances where authorized users with the card would go to Home Depot on association business per board instructions, for example, but failed to inform the accounting team know ahead of time that the purchase would exceed the card limit. The transaction would fail, the associate would have to call a management supervisor to verify the purchase is valid and we remind them of the proper procedure for a purchase above the cards limit. Accounting will also follow up with an email to the property manager to remind them and the associate for future purchases. That definitely helps save time on follow up afterward, especially for portfolio managers with multiple properties.”
4. Implement internal controls.
The person who signs checks should not be the same person who reconciles bank statements and receipts. Keeping Separate duties is essential for cyber fraud prevention. Separate duties limits opportunities to misrepresent purchases, and creates a system of oversight and accountability. Remember that just because the treasurer of your board has been entrusted to handle finances doesn’t mean that other board members shouldn’t be involved as well. Another precaution your board may want to consider is rotating financial responsibilities so that no individuals retain control of a specific function for long periods of time.
This applies to your property management company too, if you have one. “One of the things we take pride in here is our financial reporting and internal controls,” Jordan says. “We work with many of the auditors in our area, so there are always checks and balances in place. We want to make sure that everyone is doing what needs to be done to minimize risk and continue to look for improvements. We’ve actually gotten management contracts through recommendations from auditors due to our check and balance practices and reporting methods.”
5. Reconcile transactions promptly.
“One of the most important thing a board can do is review their invoices and reconcile them with bank statements,” Jordan states. “Management should be providing invoices with the monthly financial statements or providing access to them online. That allows the board to know if anything improper was paid and to find discrepancies quickly.”
6. Work with management to vet your vendors.
“Vendors who attempt to change the agreed upon payments terms throw up huge red flags to me,” Jordan says. “If the vendor calls constantly for payments before the agreed due date, they could be strained financially. That’s when ethics can slide.”
If you work with a quality property management company, they’ll have access to a roster of vendors your community can trust and who may even provide preferential rates or levels of service. Always check with them before contracting a new vendor.
Along those lines, check invoices carefully before paying them. “Over the years, I’ve seen submitted invoices without numbers, no phone numbers, irregular invoice numbering and frequent address changes,” Jordan recalls. “All of those things should be red flags. “If the invoices are too general, just saying ‘monthly service, as per contract or part of contract,’ those should be flagged. Maybe the board knows what the contract states, maybe the manager does, but your management company’s accounting team should be catching those and flagging them. If we in accounting don’t know what the contract states, how do we know what the invoice is actually for or why we should pay it? The reason for an invoice should always be immediately obvious. Don’t make payments off statements or proposals either. Get an invoice!”
7. Use electronic payments if possible.
Electronic payments limit opportunities for theft and fraud by minimizing manual handling of money. Implementing reliable and secure property management software can make it easier for homeowners to submit their common area fees and other payments online.
8. Update financial authorizations regularly.
Since association boards are made up of volunteers, members can change frequently. Be sure to update bank signature cards and other financial authorizations immediately when there is turnover on your board.
9. Conduct annual financial reviews.
A financial review is a review of your financial books that is conducted by an independent certified public accountant (CPA). It ensures that your association’s financial statements are complete and accurate. Jordan says that he recommends that all associations do a review every year. “It’s a safeguard for the association and provides a check and balance to be sure we aren’t missing anything, and the financial reporting is accurate” he explains. “Auditors are also peer reviewed which is yet another check on the quality of work being done to ensure the association reports are accurate.”
10. Obtain adequate fidelity insurance.
Fidelity insurance will protect your association in the event of criminal activity by a board member or other named person. Ask your management company about fidelity insurance that is designed specifically for associations. That management company should also provide proof that it has insurance to protect your association in the event of fraud by one of its employees.
11. Learn to recognize red flags.
Seemingly innocent behaviors can be a sign of suspicious activity if they occur frequently or in tandem. Make sure that board members are familiar with the signs of questionable activity so that they will recognize them if they occur. Possible red flags include:
- Bookkeepers or board treasurers who are reluctant to take vacations or give up their specific duties
- Managers who don’t answer questions quickly or are vague in their answers
- Late or missing vendor payments
- Frequent double payments to vendors
- Missing bank statements, invoices, etc.
- Copies rather than original receipts
- Delayed deposits
- Board members with addictions or large debts
As volunteers, very few board members are experts in finance or accounting. It’s important that the board have an understanding of what your manager does and what your management company does in terms of handling your association’s money. Find out if your management company offers training that can help your board members better understand these matters. “Massachusetts law doesn’t require board training, but we think it’s always helpful in building great relationships between the board and the management company,” Jordan says. “It gets everyone on the same page and hopefully having the same expectations and understanding.”
13. Know what to look for in a property management company.
The best of intentions won’t protect your community’s finances from fraud. Resources must be available to make those intentions a reality. For example, to successfully segregate financial duties, a management company will need to have employees available to staff separate payables, receivables and record-keeping departments. Ask if those employees are cross-trained within accounting and if spot checks are performed to spot rubber stamping or any other lax practices by individual employees.
Verify that the company can provide your association with a web-based platform where residents can make online payments to reduce the risk of check fraud. Be sure the company’s in-house information technology (IT) department can provide robust security for that platform as well. Cyber-attacks are a growing problem, even for small organizations like associations, so don’t underestimate the importance of cyber security in protecting financial and personal data.
“A good management company recognizes they are dealing with people’s homes, but the association functions in essence like a business.” Jordan says. “Anyone entrusted with the associations financial health needs to take the steps that any business would take to safeguard its assets, minimize risk and maximize the use of funds available, which is where FirstService Financial is a benefit. The rate of return on deposit accounts and CD’s has been very good.”
Preventing fraud may involve taking extra steps that create more work for your board. But the alternative is something that no association ever wants to face. Take the right precautions up front to avoid problems down the road. The homeowners in your community will thank you for doing your fiduciary duty.
Take a look at our guide to improve board communication to get started, or simply contact us today!