Risk Management Blog

cybersecurity

3 Essential Loss Prevention Controls for Cash Service Vendors

Share on:

  • August 5 2014
  • Lowers & Associates

3 Essential Loss Prevention Controls for Cash Service Vendors

by Lowers & Associates | August 05, 2014

In today’s integrated financial services system, Cash-in-Transit (CIT) service providers face new challenges in theft and fraud prevention. Traditional approaches to internal controls may leave risky gaps where CIT vendors and their banking customers intersect. Upgrading—and redesigning—these controls so that partners interpret outcomes accurately, and in the same way, is necessary to raise the adequacy of protections against theft and fraud risks.

The Office of the Comptroller of the Currency (OCC) has made it clear that banking institutions are ultimately responsible for the risk management performance of the third party cash vendor services they purchase. Banks cannot simply offload risks to vendors when they outsource traditional banking services.

By the same token, however, the OCC’s admonition to banks doesn’t mean that cash service vendors can simply depend on their banking customers to ensure that audit procedures and other internal controls are adequate. More to the point, both partners have a common interest to install effective controls that are jointly defined and monitored as needed.

Traditionally, internal controls in a cash vendor business have been written to best practice standards within the institution. They have reflected the business’ experiences and the skills or assumptions of employees and consultants working within the business. In particular, they have not been defined with respect to the more interdependent financial services industry that exists now.

The challenge of effective and transparent controls

Developing controls that are both effective and transparent, across distinct business entities that partner to provide services in the financial system, poses special challenges. Each partner organization brings a culture and standard practices, as well as assumptions about authority and control that have to be reconciled. It is all too easy to assume that the other partner is responsible for a specific part of the process without creating monitoring mechanisms that track actual outcomes.

There are several methods of loss prevention that cash service vendors should adopt. A core concept in these methods is that partners in the financial industry need to define and adopt a common set of effective cash handling standards.

Here are 3 controls:

1.     Assessments of operations and cash and coin audits

External audit and review is essential. Comprehensive third-party audits should be conducted on an annual basis to determine compliance with risk management procedures. External cash and coin audits should be completed quarterly. Banks and cash service vendors should make these audits part of the work contract.

2.     Vendor certification

Certification that vendors adhere to best practices standards can provide evidence that companies comply. Banks and insurance companies want assurance that cash service partners are low-risk partners.

3.     A standard audit framework

Auditing practices built on common, standardized principles, are needed to support transparency, align strategic efforts, and ensure correct interpretation of outcomes. Standard procedures help to ensure that financial performance can be accurately evaluated or compared across entities or time.

The battle against theft and fraud in cash services will always continue. But the more integrated cash service businesses of today must find ways to support their banking customers safely. OCC and other banking regulators are depending on the banks and their partners to help ensure the stability of the financial system.

Learn more about risk management in the cash management industry by downloading our whitepaper, “Banking Audit: A New World.”

ABOUT THE AUTHOR

Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >