Contributor: Elif Kayhan (Global Fraud Risk Management Senior Vice President)
What is Dual Approval?
As the name implies, Dual Approval is a control that requires two separate individuals to authorize a transaction. The first person is responsible for creating the request (known as the ‘maker’), while the second checks and approves the activity (known as the ‘checker’).
Why is Dual Approval important?
Humans are not perfect. It does not matter how clever, trusted, or trained we are— sooner or later everybody will make a mistake. A maker-checker process introduces a second pair of eyes and helps to spot things that appear suspicious, strange, or otherwise incorrect. Dual Approval helps protect your business, but it also helps safeguard your employees from making unintended errors or deviating from approved process.
How does it work?
Dual Approval is quick and easy to set up, and it is offered at no additional cost on all of Citi Commercial Bank’s online platforms. The functionality is fully customizable, giving you the ability to configure the process flow, assign approvers, and approval limits to meet the individual needs of your business.
Once Dual Approval has been enabled, any eligible transactions will be transferred to a pre-selected pool of checkers for authorization. The process is secure, and the approver can simply verify the request on an independent device (desktop, tablet or phone) and releases the transaction.
What are the benefits of Dual Approval?
Adding Dual Approval can help strengthen your online controls and protect your business from several different types of operational risk:
- Payment Scams: Payment fraud is a growing risk, and criminals continue to deploy increasingly clever scams. While a fraudster may be able to trick an individual (with an email, phone or text message scam), a system-enforced checker ensures that a second person reviews the transaction and can help capture the attempt before any money leaves your account.
- Compromised Credentials: Fraudsters are using advanced techniques to steal people’s usernames and passwords, before logging into their victims’ accounts and diverting funds. Even if a criminal was able to compromise one of your online user’s credentials, Dual Approval would help stop the attacker from being able to make a withdrawal.
- Processing Errors: A checker can help spot a variety of mistakes, from breaches of internal procedure to typing errors on the account number or the value of a transfer.
- Internal Fraud: While all businesses want to be able to trust their staff, the reality is that a significant number of companies have been defrauded by an employee. External pressures and/ or unexpected opportunities can lead a previously trusted staff member into making a poor ethical decision. Dual Approval helps mitigate this risk by acting as an effective deterrent while also providing an opportunity for any wrongdoing to be identified early in the process.
If I have full confidence in my team, do I really need Dual Approval?
Even the most diligent of employees can make a mistake or be tricked by a fraudster. The majority of payments fraud is now completed by large, professional criminal organisations that use advanced tactics to deceive honest and trustworthy employees.
I don’t have enough staff to check everything.
Dual Approval is fully customizable, so you can choose exactly what transactions you want to send for authorization. You have the ability to design the control to fit your business and balance the volume of approval requests by restricting the types of transactions and/or values that require checking.
What happens if an approver is busy, on holiday or off sick?
As with any business process, contingency planning is critical. When you set up Dual Approval, you can nominate a pool of checkers. It is recommended to try to nominate a minimum of three approvers for each eligible transaction.