How To Bulletproof Your Association’s Biggest Asset: The Money (Pt. 3)

This is our four part discussion of what ALL board members and officers of community associations in America should read: the 35-point bulletproof list of financial procedures detailed in “Escaping Condo Jail“, and consider it a survival manual.

It is divided into four segments:

  • Inheriting Old Books
  • Guarding and Vigilance
  • Cyberbanking Procedures
  • Efficiency Maximization and Return


Previously, we discussed Avoiding the Sting: Guarding and Vigilance.

In this post, we will discuss the third segment, Banking on the Cloud: Cyberbanking Safeguards.  


  1. Prepare a written procedure on how accounts are safeguarded. This plan should include everything the association is doing to prevent fraud and theft. It may include locking up checks in a safe, buying a dedicated computer, and having dual controls in place. Having the procedure in writing enables associations to prove that they have taken due care under the Uniform Commercial Code, which may provide additional protections under the law.
  2. Have a completely dedicated computer for financial transactions. This computer must not be allowed to surf the web, open e-mail, go to Facebook or Twitter, or chat online in any form whatsoever.
  3. Run the most up-to-date operating system, and buy good antivirus and antispyware protection and keep it up to date. If banking online, the latest and greatest protection is essential. Scan the computer daily to ensure the system is safe. Also enable firewall protection.
  4. When banking on the Internet, web addresses should always contain and s after the prefix http. Legitimate banking sites will always contain this s – as in https – which represents secure, or hypertext transfer protocol secure. A secure socket layer transmits an encrypted tunnel system, or channel, between you and the bank. If the website doesn’t have an s, it is fraudulent. Every site that deals with money should be encrypted.
  5. Initiate a “dual control” payment process with your bank and money manager. Ensure that all payments are initiated from the association’s bank accounts only after the authorization of two individuals. One individual authorizes the creation of the payment, and a second is responsible for authorizing the release of the payment. This process should be in place for all banking transactions.
  6. Change passwords on a regularly scheduled basis, and never disclose them to outside parties. Put passwords on a calendar – perhaps to correspond with regularly held board meetings. Passwords should be complex – never a word from a dictionary or a name or birth date. Passwords should contain both letters and numbers and, for extra protection, characters such as %, &, *, or @. If necessary, use a password-change chart for the year. The change chart might indicate the rotating password source. Password sources may include – in forward or reverse order – the plants in the solar system, the states in America, the periodic table of elements, the months of the year, types of gemstones, breeds of dogs; however, eliminate one critical letter, such as the second consonant, or the first vowel, etc., to avoid detection by a Trojan dictionary web spider.
  7. Always exit the bank’s website completely and clear your browser.
  8. Consider positive pay exceptions that place an automatic stop on specific types of transactions over certain specified limits – such as $1,000.
  9. Check electronic transactions every day. This step is critical because in most cases the bank’s ability to reverse wire transfers last only a few hours, even when problems are immediately reported.
  10. Exercise extreme caution when using mobile devices. Reports of virus and malware in the mobile devices. Reports of virus and malware in the mobile sector have been steadily increasing. Avoid using any mobile application not endorsed or provided by the bank. Banking applications for mobile phones often come from third-party sources, and the user doesn’t know what the application may be doing with the information. If using a mobile phone for any type of banking, configure the application by phone not to save passwords – otherwise, losing the phone or having it stolen could cause a major security breach.


Next up, Show Me the Money: Maximizing Efficiency and Return. Until then, feel free to live chat with our staff about your association!

©2024 Association Evaluation LLC. All rights reserved.
Association Evaluation® and The PARScoreTM and their related logos are trademarks or registered trademarks of Association Evaluation LLC in the United States and in jurisdictions throughout the world. The PARRegistry, PARReport report and PARScoreTM rating system are patent pending, fully insured and strictly enforced.