This policy establishes requirements to ensure that outgoing electronic fund transfers (EFTs) are initiated, executed, and approved in a secure manner through effective controls in order to mitigate risk in alignment with RCW 39.58.750.
This policy complies with, and responds to, parts of the 2019 Office of the Washington State Auditor Financial and Federal Single-Audit Management Letter relating to electronic fund transfers. This is in response to increases in fraud and a similar request is being made to many governmental organizations.
“The District has not adopted official, written policies pertaining to electronic fund transfers (EFT) that establish the following required elements of BARS Manual 3.8.11 in accordance with RCW 39.58.750:
(1) Implementation of bank offered security measures to prevent unauthorized individuals from initiating or modifying a transfer. Each user initiating or approving bank transactions must have a separate banking user identification.
(2) Defining the process for creating, securing, sending and authenticating direct deposit transmittal files to prevent unauthorized modification or submission.
(3) Changes to payee bank accounts are supported by adequate, authenticated documentation. Electronic requests are validated through a second validation step. Changes to bank accounts are logged, the log is protected from alteration and bank account changes are timely monitored by a second individual.
(4) Adoption and implementation of computer standards, policies and procedures to protect the computers and computing processes used for EFTs from computer malware.”
POL 130.007 – Electronic Fund Transfers (Exhibit A) is the first known such policy for the District. This policy establishes internal controls and sets a foundation for the establishment of electronic fund transfer procedures. Content includes:
- Establishment of definitions
- Citation and linkages to related governmental accounting standards
- Alignment with current laws and District practices
The drafted policy was reviewed by Weed, Graafstra & Associates on September 28, 2021. One comment regarding adding an additional reference was received and added to the draft policy.
This policy was previously reviewed by all three committees with no comments received.