What is Dual Approval?
As the name implies, Dual Approval is a control that requires two separate people to authorize a transaction. The first person is responsible for creating the request (known as the maker), while the second person checks and approves the activity (known as the checker).
Why is Dual Approval important?
Humans are not perfect. It does not matter how clever, trusted or trained we are, sooner or later everybody will make a mistake. A maker-checker process introduces a second pair of eyes and helps spot things that appear suspicious, strange or incorrect. Dual Approval clearly helps protect your business, but it also helps protect your employees from making unintended errors or deviating from process.
How does it work?
Dual Approval is quick and easy to set up, and it is offered at no additional cost on all of Citi Commercial Bank’s online platforms. The functionality is fully customizable, giving you the ability to configure the process flow, approvers and approval limits to meet the individual needs of your business.
Once Dual Approval has been enabled, any eligible transactions will be transferred to a pre-selected pool of checkers for authorization. The process is fast, secure and robust and the approver simply verifies the request on an independent device (desktop, tablet or phone) and releases the transaction.
What are the benefits of Dual Approval?
Adding Dual Approval can help strengthen your online controls and protect your business from several different types of operational risk:
- Payment Scams: Payment fraud is a growing risk, and criminals continue to deploy increasingly clever scams. While a fraudster may be able to trick an individual, a system-enforced checker ensures that a second person looks at the transaction and can help capture the attempt before any money leaves your account.
- Compromised Credentials: Fraudsters are using advanced techniques to steal people’s usernames and passwords, before logging into their victims’ accounts and diverting funds. Even if a criminal was able to compromise one of your online user’s credentials, Dual Approval would help stop the attacker from being able to make a withdrawal.
- Processing Errors: A checker can help spot a variety of mistakes, from breaches of internal procedure to typing errors on the account number or the value of a transfer.
- Internal Fraud: While all businesses want to be able to trust their staff, the reality is that a significant number of companies have been defrauded by an employee. External pressures and/ or unexpected opportunities can lead a previously trusted staff member into making a poor ethical decision. Dual Approval helps mitigate this risk by acting as an effective deterrent and also providing an opportunity for any wrongdoing to be identified early in the process.
If I have full confidence in my team, do I really need Dual Approval?
Even the most diligent of employees can make a mistake or be tricked by a fraudster. The majority of payments fraud is now completed by large, professional criminal organisations that use advanced tactics to deceive honest and trustworthy company employees.
I don’t have enough staff to check everything.
Dual Approval is fully customizable, so you can choose exactly what transactions you want to send for authorization. You have the ability to design the control to fit your business and balance the volume of approval requests by restricting the types of transactions and/or values that require checking.
What happens if an approver is busy, on holiday or off sick?
As with any business process, contingency planning is critically important. When you set up Dual Approval, you are able to nominate a pool of checkers and it is recommended to try to nominate a minimum of three approvers for each eligible transaction.