While Hanes's actions were criminal, another big story is about systemic failures in their banking controls and how they contributed to this failure:
Board allowed a single individual to wire tens of millions without additional approvals
No automated systems flagged the unusual transaction patterns
Previous red flags from Hanes's 2011 firing for questionable loans didn't lead to enhanced oversight
Board continued considering his requests for more money ($18M) even after learning of the initial theft
Reliance on personal trust and reputation substituted for proper institutional controls
No separation of duties or multi-party approval requirements for large transfers
Community banks need strong governance regardless of size or personal trust relationships.
"personal trust and reputation" often means back-room shenanigans.
And the unimpeachable accountability of cryptocurrency ledgers means .. an epidemic of fraud
I respect the spirit, but I can't think of a system of controls, or a matroyshka doll of sign-offs, that ends up with the small bank CEO not being able to give orders, at least, without the bank being O(1000s) of employees as opposed to...10s, optimistically.
The general mechanism to prevent abuse is that the person giving the order is distinct from the person performing the action. This ensures that a second set of eyes inspects the order and notes any inconsistencies. Such a control was lacking in this case.
I understand the general concept of two people enabling a sign off system.
However, I'm absolutely unconvinced the CEO of a small bank wouldn't be able to convince a subordinate in an office of 20, max, to "verify it has no inconsistencies" rather than "gee this sure does seem stupid"
The CEO can give orders, but there should be literally no way for a single person to transfer that much money without approval.
Even our accounting system is integrated with a vendor management platform that first verifies the recipient is a known vendor, and tied to the banking part that actually issues an ACH/wire transfer such that it can't happen until approved.
The fact that there's essentially zero governance at a bank is unacceptable.
> but I can't think of a system of controls that ends up with the CEO not being able to give orders unilaterally most of the time
The primary system of control for small shops is going out of business when you're dumb enough to lose $47M and getting replaced by more competent people running the competition