UC IRVINE ADMINISTRATIVE POLICIES AND PROCEDURES
Business and Financial Affairs
Sec. 701-21: Updating Vendor Electronic Funds Transfer (EFT) Information
Responsible Administrator: Assistant Vice Chancellor, Accounting and Fiscal Services
Revised: September 2019
References / Resources
- UC Policy
- UCI Resources
Contact: Accounts Payable at (949) 824-6788
A. Purpose and Scope
UCI routinely processes thousands of payments via electronic funds transfer (EFT) to vendors every year. As a public institution, these payments are particularly targeted by criminals who seek to fraudulently redirect them to a bank account under their control.
This type of fraud typically begins with an email or phone request — purportedly from a valid source — asking to update a vendor’s banking information. These fraudulent requests can come either as an update to existing EFT information or as a request to change payment from check to ACH. To significantly reduce the possibility that a criminal can successfully redirect a payment to the wrong recipient UCI Accounting & Fiscal Services has established financial controls to verify any request to change a vendor’s payment information.
- All UCI employees must comply with the procedures listed below when making any changes to vendor ACH information
- Reporting Suspected Redirection of Vendor Payments: Anyone who suspects that a payment has been fraudulently redirected should immediately report it to the campus Accounts Payable manager.
- Vendors doing business with UCI are responsible for requesting changes to their EFT information and for supplying necessary information to verify the validity of their request.
- UCI Accounts Payable is responsible for verifying:
- the vendor’s name;
- the vendor’s tax ID;
- other information as described in the Procedures below; and
- monitoring bank reports for unusual activity.
- UCI KVO Coordinator is responsible for following the procedures listed below.
- Campus Business Offices should protect their vendors and reduce the possibility of fraud by encouraging their vendors to follow appropriate processes.
- Procedures for ACH Setup and Changes
- At this time, UCI is not accepting any new Vendor ACH setups or changes to existing ACH, except as detailed below. In lieu of electronic payments, new vendors or vendors needing to change their ACH will receive checks mailed to the address on file.
- If vendors cannot accept payment by check, ACH will only be setup or changed if the payee physically comes into the Accounts Payable office and provides the following:
- ACH form filled out completely, dated and signed;
- Voided check or bank confirmation letter that matches what is listed on the ACH form;
- W-9 form filled out completely, dated and signed;
- Photo Identification – either a driver’s license or passport; and
- If a company is requesting ACH setup or change, the individual must show proof of their affiliation with the company.
Accounts Payable staff will review all the documents and complete a multi-step UCI Checklist and Approval form including obtaining the Campus Controller’s signature of approval on the ACH form.
- EFT in KFS
- EFT Form Saved
The EFT form is saved for future reference in an electronic system used by UCI for the retention of digital documents and supporting materials.
- Accounts Payable or Division of Finance and Administration (DFA) Approval
Documents are submitted to the Accounts Payable manager or DFA for approval.
- Confirmation to Vendor
- A confirmation email is sent to the vendor after the EFT is changed in KFS with instructions to immediately contact UCI Accounts Payable if the vendor did not initiate the EFT changes.
- The confirmation email will be sent to the email addresses on file in the vendor portal.
- Routine Review of Bank Reports
- The UCI Accounts Payable team reviews the daily ACH reject report from UCI's bank to detect any unusual activity such as closed accounts.
- Additionally the UCI Accounts Payable team receives a weekly report from Office of Information Technology (OIT) with all EFT changes and management reviews this report upon receipt.
- Response to Reports of Suspected Redirection of Vendor Payments
- If suspicious activity and/or fraud is detected, the vendor’s current ACH setup will be deactivated by Accounts Payable immediately.
- Upon receipt of a report, the Accounts Payable manager will begin investigating the incident and immediately inform Accounting & Fiscal Services senior management, who will in turn coordinate with other campus organizations as appropriate.