Bank statement review is a top-notch fraud-fighting tool. Here’s how to do it
One of the best tools in your fraud-fighting toolbox is a bank statement review. Whether you are a finance professional, a department head, or even an elected or appointed official, reviewing the bank statements can greatly increase your odds of deterring and detecting fraud.
Why is bank statement review important?
Your government’s bank account activity is how anyone can see where your money is coming from and where it is going. This is why many fraud schemes show themselves – boldly or subtly – on the bank statements. For example, statements can reveal:
- Key information about the government’s financial position, including the amount of cash in the bank and the level of monies flowing in and out.
- Details for risky transaction types, such as wire transfers, automatic withdrawals and other electronic payments.
- Unusual activity, such as duplicate check numbers clearing the bank.
Reviewing bank statements each month also will help you build expectations of what is “normal” – typical transaction types, payees and activity levels – to apply in your future reviews.
The Office of the Washington State Auditor has investigated many losses that governments could have detected sooner through simple a bank statement review. Our staff have detected several misappropriations when reviewing bank statements as part of a regular audit.
Even a short, 15-minute scan by an independent reviewer can be the difference between deterring loss and identifying it early, or having it go undetected for a long period of time.
Your bank statement review playbook
If you aren’t sure what to look for in a bank statement, or aren’t confident you’d notice anything risky – don’t worry! We’ve made a five-part playbook for you to follow.
Playbook chapter 1: Obvious red flags
Keep an eye open for these transactions, which are high-risk indicators for potential fraud schemes:
- Electronic payments to employees, such as wire transfers. Direct wire transfers to employees are hardly ever valid. Employees should be paid only through your normal payroll and accounts payable process. Reimbursements, travel advances and any other payments also should follow a normal process.
- Cash and ATM withdrawals. Governments don’t withdraw cash from ATMs. If a government needs cash, staff should write an accounts-payable check and cash it at the bank. Any cash withdrawals should be scrutinized thoroughly.
- Payments to unknown or unusual vendors. You will likely recognize most of your government’s vendors – especially ones receiving electronic payments and/or high-dollar amounts. If you see a vendor you don’t recognize, ask staff for payment support documents (not just a verbal explanation).
- Payments to non-traditional banks and money servicing apps that are unlikely to be used by those doing legitimate business with a government. Governments generally don't make payments using, for example, PayPal or Western Union; nor do they typically pay vendors who use GoBank or GreenDot. Question those if you see them.
- Check if the payee is unexpected or doesn’t match the endorsement. If your bank statements include scanned copies of checks, glance at the payee line to look for unexpected or suspicious payees, such as the names of employees or their family members, for example. If the statement also includes a scan of the check’s back, look at the endorsement to see if it matches the payee.
Playbook chapter 2: Altered bank statements
Because bank statements are so revealing, fraudsters often alter them before someone else independently reviews them. That’s why original bank statements are best. If possible, access the statements directly from the bank. But even if you get the statements from staff, be on the lookout for red flags indicating the statements may have been altered. Some examples:
- Inconsistent formatting or alignment of rows, sections or columns
- Missing bank header, footer or page numbers
- Mathematical errors
- Nonsequential checks without notation. Banks often indicate a gap in check sequence with an asterisk or other marking. Missing marks could indicate someone altered the statement to remove a check they didn’t want seen.
Playbook chapter 3: Trends
Reviewing bank statements over time helps you gain an understanding of normal activity, and allows you to notice suspicious trends. Some examples:
- Declining account balance
- Repetitive payments that don’t make sense. Most vendors expect to be paid monthly at most. Paying the same vendor more than once in a period can be a red flag for disbursement fraud.
- A new vendor payment that you haven’t seen in prior statements. While this activity could be appropriate, you should ask to see supporting documents. New electronic payments to vendors can be a red flag for either fraud by an employee or an external cyber-related loss.
- A high volume of transfers to other accounts. Ask to see the statements for those accounts, and inquire what the transfers are for.
- Multiple payments for things that usually are renewed annually or quarterly – things like software licenses, insurance or taxes.
- Decreased frequency or dollar amount of deposits. This can indicate a cash-receipting fraud.
Playbook chapter 4: Overdraft fees and other oddities
Here are other items you should notice if you review bank statements regularly.
Governments should have sufficient cash in the bank to cover expenses. Declining financial condition can be an indicator that a fraudster is diverting cash receipts or creating inappropriate payments. Be on the lookout for:
- A negative account balance at any point in the month
- Overdraft fees or other penalties
Another red flag is deposits made in even-dollar amounts, especially if you collect fees from customers. When was the last time you paid a bill without any “cents” at the end of the amount?
Playbook chapter 5: Your judgment
Apply your knowledge of your government, its operations and activities to the bank statements. Do you see payments to a contractor when your government isn’t doing any construction? Payment to an escrow company when your government hasn’t purchased any real estate? Combine your knowledge and judgment with a healthy level of skepticism when reviewing the statements.
Recent case studies
Our Office has issued some fraud investigation reports for cases in which a simple secondary review of the bank statement activity could have identified the fraud sooner. We’ve included a summary of each case and links to the full reports below.
- City of Kahlotus, issued Feb. 16, 2023. The Clerk/Treasurer withdrew $1,237 in cash from the City’s bank account, and used the City’s credit card for personal purchases totaling $4,464. We also identified an additional $6,538 in questionable purchases.
- Town of Springdale, issued March 7, 2022. The Mayor used the Town’s bank account and related debit card to make personal purchases, cash withdrawals, and mobile payments to her personal bank account. Additionally, she wrote a $5,000 receipt for a donated item, but never deposited the proceeds. Total misappropriation was $15,252.
- City of Tenino, issued Jan. 13, 2022. As a result of a phishing email appearing to be from a local government association, the Clerk/Treasurer made 20 electronic payments totaling $336,968 to multiple out-of-state bank accounts. When the Clerk/Treasurer eventually asked for the Council’s preapproval to write some checks to the association, he did not disclose that he had already sent $45,090 through electronic payments.
- Camas Washougal Economic Development Association, issued May 14, 2020. The Executive Director obtained a debit card to make purchases without approval, misappropriated $19,311 in purchases, and made questionable purchases of $45,029 from February 2013 to March 2019.
- Pierce County Housing Authority, issued Dec. 16, 2019. Between July 2016 to February 2019, the Finance Director misappropriated $3,237,712 in vendor ACH disbursements. She did this by changing vendors’ bank account information in the accounting system to her personal bank account information. She also wired $3,050,000 to her personal bank account from January 2019 to July 2019, and wired $635,000 to make personal property purchases in 2018.
- City of Mossyrock, issued Dec. 14, 2017. The Clerk/Treasurer used the City’s bank account to set up a monthly automatic withdrawal for her personal mortgage payments, resulting in a $56,981 misappropriation.
SAO’s other fraud-prevention resources
We have several other resources to help you prevent, detect and deter fraud in your government. Here are just a few from our Resource Library and Audit Connection Blog:
How to prevent ACH and bank fraud, published Sept. 18, 2020
Start the year off right: New best practices and tools for bank reconciliations, published Feb. 7, 2020
Positive Pay can help protect your organization from check fraud, published June 30, 2017