How to control changes on Bank accounts in D365F&O. (4-eye principle of Bank accounts)
To reduce risk of fraud on Vendor payments, new solution is made by Microsoft. In the past is was already possible to Approve the selected Bank account on the Vendor master, but a new feature is now also available for tracking changes of Bank details in the Bank account form related to the VendBankAccount table.
The Approval of a new or updated Bank account should be done by using “Vendor bank account workflow”. The solution can be used after enabling the Feature “Vendor bank account change proposal workflow”. Available from system version 10.0.32 or higher.
After enabling the feature and activating the Workflow all the changes on Vendor bank accounts should be approved conform the organization standards and policies! For most companies that is the “4-eye principle of Bank accounts”.
Using Vendor bank account approval (new Feature)
Activate:
New option in Accounts payable parameters
Setup and activate “Workflow to approve the proposed vendor bank account changes” in Accounts payable workflow.
Using Vendor approval
Out of the box Microsoft have a solution for having control of some changes on Vendor master. This works with “Accounts payable workflows”. Control changes on Bank accounts is one of the options.
For using this solution “Workflow approval for propose vendor change” should be Created. And related settings on Accounts payable parameters should be set.
On Vendor level, the system will therefore require an approval when the field “Bank account” (this is the default bank account) is edited on the vendor form. However, the system does not validate the changes on the bank accounts form. As a result, a user could alter the actual bank account number / IBAN on the default bank account of the vendor without any approval required by the system if the additional workflow for bank account changes is not configured.
Both workflows should be used to ensure the bank account changes are fully tracked.
4-eye principle of Bank accounts (Modification created by Dynamic People in D365F&O)
For several customers who didn’t want to use the Workflow option from Microsoft, we made a modification to create a “4-eye principle of Bank accounts” in D365F&O.
This option is really flexible and efficient to stay in control of you Vendor bank accounts. This solution is made by modification on the VendTable and the VendBankAccountTable, but the main part is still using the Standard D365F&O.
When a New bank account is created or bank account details are updated, the Vendor “On hold” Status will be changed from “No” to “Payment”. From that moment it isn’t possible to do (Electronic) payments to that Vendor by the system.
Based on UserID with or without using User groups it’s possible to change the Vendor “On hold” status to “No”. From that moment this Vendor can be used for payments from the system.
So the modification in the code is that the “On hold” status can only be changed to “No” by any other user (in User group) than the user who created the changes into the Vendor Bank account.
The same solution you can also be used for changes on Default Bank account on Vendor master.
The new workflow functionality ensures that no unapproved bank account changes can be used in the system. However, there is no ability of setting the vendor on hold while the approval takes place.