Some states, such as Florida and Illinois, have recently mandated licensing to oversee property managers, but there are far too many loopholes and exempt associations. Unfortunately, the chances of a thief being punished for stealing a few hundred thousand dollars from an association are slim. A trusted board members or manager has to steal several million to get any real attention, and even then the case may not get to court before the accused passes through the pearly-white gates of the great HOA in the sky. This aspect of the length of legal proceedings is of special concern in senior communities.

Many cases of association theft involve check fraud – a major financial crime. The US Office of Comptroller of the Currency has reported more than 1.2 million fraudulent checks are written every day – more that 13 per second. In 2003, check fraud exceeded $20 billion, up from $12 billion in 1996 and $5 billion in 1993, according to the Nilson Report.

With advancements in inexpensive desktop publishing software, the problem is steadily increasing. A 2011 survey conducted by the Association of Financial Professionals revealed 71 percent of the organizations responding confirmed that they had been a victim of payment fraud, up 55 percent from 2005. The vast majority – 93 percent – indicated that they were victims of check fraud. All organizations – whether large or small – experienced check fraud.

Another rapidly growing- and evolving- segment of fraud involves Internet banking. Despite encrypted and secured websites, Internet banking is not safe. A USA Today report noted cyber robbers are targeting small businesses online banking accounts. Millions of accounts are hacked every year. In the report, Doug Johnson, vice-president and senior advisor for risk management for the American Bankers Association, suggests commercial bank customers take precautions when banking online.

“Each bank sets its own policy regarding a business customer’s liability related to unauthorized electronic transfers,” Johnson noted. “Banks urge business customers to be aware of their responsibility to keep computers used for online banking free of malicious programs. [sic] ACH or wire transfers should always be initiated under dual control, with one person initiating the transaction and another person approving it.”

What this ultimately means is that HOAs and condo associations will be held accountable should electronic theft or fraud occur. Under federal law, if an individual’s bank account gets hijacked, the banks must restore the funds. Business owners are not as lucky. Most banks will not reimburse a business customer – even if the customer has done nothing wrong – should an Internet security breach result in theft draining the company bank account to zero. Paula Fleming, spokesperson for the Boston Better Business Bureau, observes,: “In this day and age when practically everything is done on the Internet, it’s extremely important to take the necessary precautions.”

A private alert issued to banks by the Financial Services Information Sharing and Analysis Center warns small and midsized organization never to use a PC dedicated to Internet banking for e-mail or web browsing. “Banks typically do not publicly address this issue,” noted Jennifer Bayuk, former chief information security officer at Bear Stearns.

In it’s online Fraud Report (10th annual edition, 2009), Cybersource, a leading provider of electronic payment and risk management services that was purchase by VISA in April of 2010 for an impressive $2 billion, reported 2008 recorded losses of online sales are estimated at $4 billion for the American market alone. (Since 2008, the Federal Trade Commission no longer separates Internet-related fraud from consumer and identity theft fraud.)

Despite such staggering numbers and financial losses, according to the US Department of Justice, the imprisonment rate for check fraud alone is merely 2 percent. Capture and imprisonment of cyberfraudsters is even less. Frank Abagnale, one of the nation’s most respected authorities on the subjects of forgery and embezzlement, states: “Punishment for fraud and recovery of stolen funds are so rare, prevention is the only viable course of action.”

The post Bulletproof Your Homeowners Association’s Funds Against Fraud – Pt. 1 appeared first on Association Evaluation LLC..

Over the past few weeks, we’ve discussed

• Inheriting Old Books

• Guarding and Vigilance

• Cyberbanking Procedures

• Efficiency Maximization and Return

Let’s pull it all together, here is the complete 35-point checklist to BULLETPROOF your building association.

Inheriting Old Books

1. Open new accounts
2. Update bank signature cards.
3. Obtain a transition statement.
4. Destroy all old checks.
5. Keep new checks locked.
6. Report any theft to police.

Guarding and Vigilance

7. Keep board officers’ deeds and state-issued IDs on file.
8. Perform credit and background checks on employees.
9. Have monthly bank statements sent to two different people.
10. Require fidelity insurance and bond money handlers.
11. Require that different people write checks and reconcile books.
12. Require board members to review bank statements within 10 days.
13. Never allow the management company to access reserve accounts.
14. Never rely on computer-generated reports instead of bank statements.
15. Require budgets to conform to GAAP.
16. Require use of established financial software.
17. Require two signatures minimum on each checks, with amounts over $2,500 requiring three signatures.
18. Never allow credit or debit cards.
19. Require invoices before paying bills.
20. Use safety checks with watermarks and warning bands.
21. For sizable accounts, use an automated fraud detection tool.
22. Perform periodic audits on a schedule.
23. Do not let accounts exceed FDIC limits.

Cyberbanking Procedures

24. Have a procedures manual for Internet banking protocol.
25. Have a dedicated computer for financial transactions.
26. Run up-to-date operating systems and antivirus protection.
27. Ensure financial websites are secure- look for an s after http.
28. Require two separate authorizations to process banking transactions.
29. Change passwords on a regularly scheduled basis.
30. Always exit the bank’s website completely.
31. Consider Positive Pay with a $1,000 limit.
32. Check electronic transactions every day.
33. Use extreme caution with mobile devices for banking.

Efficiency Maximization and Return

34. Collect assessments using ACH payments.
35. Invest association monies wisely.

Using this checklist as a guide will ensure your condo association’s health and your own peace of mind! Share your stories with us! Email us @ info@associationevaluation.com or follow us on Facebook!

The post 35 Ways To BULLETPROOF Your Condo Association appeared first on Association Evaluation LLC..

It is divided into four segments:

• Inheriting Old Books

• Guarding and Vigilance

• Cyberbanking Procedures

• Efficiency Maximization and Return

Previously, we discussed Avoiding the Sting: Guarding and Vigilance.

In this post, we will discuss the third segment, Banking on the Cloud: Cyberbanking Safeguards.  

1. Prepare a written procedure on how accounts are safeguarded. This plan should include everything the association is doing to prevent fraud and theft. It may include locking up checks in a safe, buying a dedicated computer, and having dual controls in place. Having the procedure in writing enables associations to prove that they have taken due care under the Uniform Commercial Code, which may provide additional protections under the law.
2. Have a completely dedicated computer for financial transactions. This computer must not be allowed to surf the web, open e-mail, go to Facebook or Twitter, or chat online in any form whatsoever.
3. Run the most up-to-date operating system, and buy good antivirus and antispyware protection and keep it up to date. If banking online, the latest and greatest protection is essential. Scan the computer daily to ensure the system is safe. Also enable firewall protection.
4. When banking on the Internet, web addresses should always contain and s after the prefix http. Legitimate banking sites will always contain this s – as in https – which represents secure, or hypertext transfer protocol secure. A secure socket layer transmits an encrypted tunnel system, or channel, between you and the bank. If the website doesn’t have an s, it is fraudulent. Every site that deals with money should be encrypted.
5. Initiate a “dual control” payment process with your bank and money manager. Ensure that all payments are initiated from the association’s bank accounts only after the authorization of two individuals. One individual authorizes the creation of the payment, and a second is responsible for authorizing the release of the payment. This process should be in place for all banking transactions.
6. Change passwords on a regularly scheduled basis, and never disclose them to outside parties. Put passwords on a calendar – perhaps to correspond with regularly held board meetings. Passwords should be complex – never a word from a dictionary or a name or birth date. Passwords should contain both letters and numbers and, for extra protection, characters such as %, &, *, or @. If necessary, use a password-change chart for the year. The change chart might indicate the rotating password source. Password sources may include – in forward or reverse order – the plants in the solar system, the states in America, the periodic table of elements, the months of the year, types of gemstones, breeds of dogs; however, eliminate one critical letter, such as the second consonant, or the first vowel, etc., to avoid detection by a Trojan dictionary web spider.
7. Always exit the bank’s website completely and clear your browser.
8. Consider positive pay exceptions that place an automatic stop on specific types of transactions over certain specified limits – such as $1,000.
9. Check electronic transactions every day. This step is critical because in most cases the bank’s ability to reverse wire transfers last only a few hours, even when problems are immediately reported.
10. Exercise extreme caution when using mobile devices. Reports of virus and malware in the mobile devices. Reports of virus and malware in the mobile sector have been steadily increasing. Avoid using any mobile application not endorsed or provided by the bank. Banking applications for mobile phones often come from third-party sources, and the user doesn’t know what the application may be doing with the information. If using a mobile phone for any type of banking, configure the application by phone not to save passwords – otherwise, losing the phone or having it stolen could cause a major security breach.

Next up, Show Me the Money: Maximizing Efficiency and Return. Until then, feel free to live chat with our staff about your association!

The post How To Bulletproof Your Association’s Biggest Asset: The Money (Pt. 3) appeared first on Association Evaluation LLC..