How to mitigate the risk of signature and signatory fraud
Despite widespread digitalisation over the past decade, the majority of organisations are still using signatures as their primary way of authenticating a transaction. Signing cheques / checks, authorising documents and contracts, approving purchases and validating activities are just a few core business activities that usually require signatures. But, the higher the requirement for signatures, the higher the risk of signature fraud. Furthermore, this risk is only expected to increase as organisations start shifting from manual to electronic signatures.
Whilst e-signature platforms may create flexibility for signing, they are still very much exposed to the fundamental risk associated with who has permission to sign, pertinent to cases where individuals sign on behalf of an organisation.
The risk lies not just in signature forgery but also in the representation of the signature, i.e. the signatory, and more specifically whether this signatory is officially authorised to sign.
Can the apprentice sign the term sheet for a take-over?
With employees changing roles, leaving, new ones starting it’s very important to keep track of who actually is authorised to sign (for what) on behalf of the company.
So, how do you make sure all your organisation’s signatures and signatories are authorised and up-to-date?
Before we answer this question, let’s look at what is signature fraud and how it differs from signatory fraud.
What is signature fraud?
Signature fraud or forgery is a criminal offence that involves falsely replicating another person’s signature.
signatory
noun
/ˈsɪɡnətri/
/ˈsɪɡnətɔːri/
(formal)
(plural signatories)
signatory (to/of something) a person, a country or an organization that has signed an official agreement
signature
noun
/ˈsɪɡnətʃə(r)/
/ˈsɪɡnətʃər/
[countable] your name as you usually write it, for example at the end of a letter
What is a legal signature?
According to the law, signatures should be completed either in writing or via an electronic machine or device. They can consist of any mark, word, or symbol. During a transaction, if a person signs a contract without the other party's consent, the signature is deemed invalid and does not bind the document or agreement. For a signature on a contract to be valid, the intent of all parties involved in the transaction should be obtained.
Commonly forged documents
Here’s a detailed list of the most commonly forged types of documents:
Checks
Money orders
Deeds
Titles
Securities
Bonds
Court Seals
Currency
Corporate documents
Documents used in identity theft
Types of signature forgeries
Whilst signature fraud generally means falsifying a signature on a document, there are actually 3 different types of signature fraud.
Random/Blind forgery – This type of forgery usually happens when the forger has no access to the authentic signature, so the false signature has little or no similarity to the genuine one.
Unskilled (Trace-over) Forgery – This false signature is traced over, appearing as a faint indentation on the sheet of paper underneath.
Skilled forgery – As expected, this is the most difficult type of false signatures to validate. In most cases, it’s produced by a criminal that has access to one or more samples of the authentic signature and can precisely imitate it.
“The average organisation loses 5% of its revenue to internal fraud.”
What is signatory fraud?
Signatory fraud differs from signature fraud. This is when someone signs on behalf of an organisation when knowingly is not authorised to.
Examples could include:
Someone evidences their authority to sign by tampering with the register of authorised signatories, or the authorised signatory list.
Somebody who has left employed remains on the companies Authorised Signatory List and thus wrongly has authority to sign.
Arguably signatory fraud can occur without intent, due to a lack of controls, communication and awareness of signing authorities.
How to prevent signature and/or signatory fraud
Completely preventing all fraud from occurring is extremely difficult, but you can significantly reduce its effects by implementing effective early-detection and authentication internal policies and procedures.
Below are some best practices for validating signatures and signatories:
Keep an up-to-date and easily accessible authorised signatory list.
Ensure controls are in place that could prevent the signatory list or registered from being tampered with.
Create a formal internal signing procedure/policy and consider adding any specific anti-fraud control and compliance measures.
Adopt a dual control system for authorising transactions and ensure the same employees cannot both post and approve transactions. If possible, for payment transactions, have a senior finance staff member to review and officially authorise any changes to payment and bank account details.
Consider using a cloud-based e-signing platform to facilitate the process and a signatory authorisation platform to add an extra layer of security, so you can have a complete and clear audit trail of any changes made to your signatory data.
What is an authorised signatory or signer? Read blog
Signature verification just got easier with Cygnetise’s new “time machine” tool
How can organisations ensure that all their signatories are appropriately authorised and what happens if the authorities for a signatory needs to be checked at some point in the past?
Furthermore, how do signatories know what exactly they are authorised to sign?
Authorised signatory lists or registers are traditionally managed on paper or basic computer files. Cygnetise’s blockchain-based offering provides a far more efficient and secure solution, enabling organisations to properly manage signatory lists in real-time.
There is also the added advantage of having an immutable digital audit trail of all changes made to the signatory data.
Using this feature of the blockchain technology, Cygnetise’s development team has built functionality that allows users to recreate signatory lists and statuses retrospectively and therefore identify authorisation levels at a specific time (to the minute).
Why is this important?
In addition to the obvious benefits of efficiency and security this functionality greatly improves the process of dispute resolution should it occur. For example, in the situation where an individual has signed a binding document whilst not being authorised to do so.
This provides adopters of the application with assurance (and insurance) that they otherwise would not have had.
The immutable nature of the Blockchain makes the verification of the signatory data irrefutable thus generating time and money savings as well as increasing the confidence in an organisations’ governance procedures.