cash handling policy - staffordshire university · finpol 106 cash handling policy 3 of 24 equality...

Finpol 106 Cash Handling Policy

CASH HANDLING

POLICY

Policy Ref: Finpol 106

Author Head of Finance

Version 1.0

Date approved by Employment and

Finance Committee 18 November 2014


2 of 24

Equality issues have been taken into account during the development of this policy and all protected characteristics have been considered as part of the equality analysis undertaken

CONTENTS

Introduction ........................................................................................................................... 4 Summary of key points ............................................................................................... 4

PAYMENT METHODS ............................................................................................................... 4 Bank Transfer/BACS ................................................................................................... 5 Payment by Cheque (Financial Services only) ................................................................ 5 Bankers Draft (Financial Services only) ......................................................................... 5 Payments by Cash ...................................................................................................... 5

CASH HANDLING .................................................................................................................... 5 Storing Cash .............................................................................................................. 5 Accuracy.................................................................................................................... 6 Cheques .................................................................................................................... 6 Tills ........................................................................................................................... 6 Reconciliation of Income ............................................................................................. 7 Vending Machines/Student Card Top up/Library Fines ................................................... 8 Banking Preparation ................................................................................................... 8 Cash banking (GBP coins and notes) ............................................................................ 8 Cheque Banking (Financial Services only) including sterling travellers cheques ................ 9 Overseas Cheques/Drafts ............................................................................................ 9 Transportation of Cash ............................................................................................. 10 Security Company Cash Collection ............................................................................. 11

ANTI-MONEY LAUNDERING RULES ........................................................................................ 11 Cash Payments ........................................................................................................ 11 Refunds (Financial Services only) ............................................................................... 12

SAFES AND INSURANCE ........................................................................................................ 12 Safe - Locations ....................................................................................................... 12 Safe - Insurance Limits ............................................................................................. 12 Safe - Checks ........................................................................................................... 12 Safe – Keys & Combinations ...................................................................................... 13

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) ......................................... 13 Petty Cash (Financial Services only) ........................................................................... 14 Floats ...................................................................................................................... 14 Requests for change (Coins) ..................................................................................... 15

Appendix 1: Petty Cash Voucher ........................................................................................... 16 Appendix 2: PCI DSS ........................................................................................................... 17 Appendix 3: CC/DC Information Security Policy ...................................................................... 21 Appendix 4: Safe Check Sheet .............................................................................................. 22 Appendix 5: Change Request Form ....................................................................................... 23 Appendix 6: High Risk Countries – HE Sector ......................................................................... 24


3 of 24


VERSION CONTROL

Version Date of effect Summary of amendment

1.0 26 Nov 14 This is a new document, formally part of Financial Regulation Policy. Cash Handling now has its own policy


4 of 24


INTRODUCTION The University deals with large volumes of cash and in order to protect both staff and the University it is important that cash is handled in a secure manner. This document provides the rules and instructions governing all types of payments made to the University. This includes payments from individuals, customers and other corporate bodies. The aim of the policy is to provide a reference for consistent treatment. The cash handling policy should be adhered to at all times and is mandatory for all staff. Failure to comply with this policy may result in disciplinary action. Faculty Directors and Heads of Service are responsible for ensuring that their staff read the policy and ensure that they adhere to it. If you suspect any financial irregularities or fraud concerning cash you should notify your Line Manager immediately.

Summary of key points

Where ever possible the taking of cash should be restricted as much as possible, alternative methods of payment i.e. credit/debit cards via the web, bank transfers, or drafts/cheques (Financial Services only) should be offered and encouraged as preferred methods of payment.

It is essential that all monies are kept in a secure environment until they can be collected and transported to the bank.

The location of safe keys and knowledge of safe combinations should be restricted to key staff only.

The following procedures must be adhered to when handling any amount of income. Each Dean or Director shall be responsible for ensuring that their staff adhere to this policy.

PAYMENT METHODS Income can be received by the following means: Credit/ Debit Card Payments

Online Payments Payments can be made via our secure web page at www.staffs.ac.uk/payhere. All major credit/debit cards are accepted

Dynamic Currency Conversion Customers who wish to pay via credit/debit card in a currency other than GBP can come along to the Finance Office at either Stafford or Stoke. Their payment will be converted from their chosen currency using the best available rate offered by the bank on that day.

Over the phone (Financial Services only) Payments can be made over the phone by contacting Financial Services on 01785 353536/01782 294412. We must speak to the cardholder to get permission for the card to be used. Customers should have their account number and invoice number to hand.

Recurring Credit Card Payments (RCP) Recurring card payments can be set up via the web for accommodation or tuition fees. RCP payments are not allowable on some types of card e.g. Solo cards and therefore these are not accepted. Customers should check with their card issuer in advance to ensure their card is

http://www.staffs.ac.uk/payhere


5 of 24


suitable for recurring payments.

Point of sale All major credit/debit cards can be used to pay for good/services in our Finance Office at Stafford/Stoke and in our various University outlets, e.g. Catering, Library, Sports Centres, using chip and pin card terminals.

Contactless – Point of Sale All major credit/debit cards can be used to pay for good/services in our various Catering and Sports outlets using the contactless card terminals for all payments under £20.

Bank Transfer/BACS

Payments for student fees can be made directly into our bank account by bank transfer. All payments made must include the student’s full name, student number and invoice number. Please be aware that transfers can take up to a week to be received and processed by the University. Please keep a copy of your transfer documentation as your proof of payment. Please contact Financial Services for our bank account details. BACS payments can be made directly into our bank account. Please ensure you quote your customer number and invoice number when paying by BACS. Please contact Financial Services for our bank account details. Remittance advices should be sent to Staffordshire University, Financial Services Beaconside, Stafford, ST18 0AD or via email to [email protected].

Payment by Cheque (Financial Services only)

All cheques should be made payable to “Staffordshire University” or the relevant subsidiary Company. Please ensure your full name, customer number and invoice number are quoted when sending them through the post. All cheques must be drawn on a UK bank account and be paid in Pounds Sterling. Cheques are only accepted at Financial Services through the post to Financial Services, Beaconside, Stafford, ST18 0AD or in person at the Cashiers Office at Stoke or Stafford.

Bankers Draft (Financial Services only)

All bankers drafts should be made payable to “Staffordshire University”. Please ensure your full name, customer number and invoice number are quoted on all correspondence. Banker’s drafts are only accepted at Financial Services through the post to Financial Services, Beaconside, Stafford, ST18 0AD or in person at the Cashiers Office at Stoke or Stafford.

Payments by Cash

Payments in cash can be accepted where payment by the above option are not available and in our Catering outlets, Sports Centres, IS Helpdesks, Libraries and Art Shop. We strongly advise students against carrying large amounts of cash and therefore wherever possible payments should be made via credit/debit cards or via bank transfer.

CASH HANDLING

Storing Cash

Cash taken at any outlet should only be stored overnight in a safe. It should not be kept in cash boxes, left lying around on desks or in filing cabinets. Cash boxes can be used to store petty cash floats, cash taken at outdoor/fundraising events but these must be kept in a locked safe overnight.

mailto:[email protected]


6 of 24


Accuracy

When physically counting cash always take your time and if you are unsure count the cash again. If you are handed a large volume of mixed notes it is easier to split the notes into their denominations before counting to avoid confusion. Don’t be distracted or intimidated by customers and if the notes look or feel differently than usual check them with a counterfeit detection pen before accepting the notes. These pens are available from the University’s stationery supplier. If a counterfeit note is detected it should be removed from the customer so that it is no longer in circulation. The note should then be sent to the bank, in the security bag, separately from the genuine notes. It should not be entered onto the paying slip, or processed through the tills. Counterfeit bank notes are rare but any notes taken and not detected at source will be charged back to the original source. If you are struggling or the customer is disputing the value of cash handed over then ask a colleague to double count it for you. When keying debit/credit card transactions, ensure the correct amount is entered and checked by the customer before being processed. It is advisable to process the payment through the credit card terminal before processing it through the till so that you are sure the payment has been authorised. This is not possible in the Catering/Sports outlets.

Cheques

When taking a cheque from a customer (Financial Services only) check the following:

The date is valid ( i.e. not post-dated) Correct Payee (Staffordshire University, or other subsidiary Company) The amount in words and figures match The cheque is signed Any amendments are initialled by the customer

Tills

Tills should only be operated by members of staff or those employed through Unitemps. Cash handling should not be carried out by individuals on work experience placements. This Cash Handling Policy should be read in conjunction with the Data Protection Act. The PCI

DSS Compliance forms (See Appendix 2) must be signed by all staff before they commence cash handling.

Any member of staff using a till system must receive the appropriate training. Each till operator must have their own login. Till logins should not be shared and operators

must always log out of their session in order for each transaction to be identifiable for reconciliation and audit purposes.

If it is necessary to leave the till unattended it must be locked (where appropriate) and the key should always be kept with the Operator until they return to the counter.

When processing a transaction, the till drawer should not be left open any longer than necessary.

Cash held in the till should be kept to a minimum. Cash uplifts should be done as appropriate during buy periods. These should be recorded on

the till.


7 of 24


Reconciliation of Income

Each Outlet across the University is responsible for reconciling and banking their own Income. At the start of each day the float should be checked by the Operator and any discrepancies

should be brought to the attention of their Line Manager/Supervisor.

All sales transaction must be processed through the till. This includes vouchers, hospitality vouchers, credit/debit cards and cashless card payments.

An official University receipt (produced by the till) must be issued if requested by the Customer.

Notices must be displayed near the point of sale informing customers that receipts are only given on request.

At the close of business each day a “Z” reading must be taken by a Supervisor (where possible) on each till. Supervisors responsible for taking “Z” readings should not (where possible) operate the tills.

“Z” readings must be recorded as consecutive numbers. Missing readings must be reported to the Supervisor immediately.

Cash must be counted discreetly in a secure area and aware from public view. Where ever possible two staff must be present when cashing up.

All cash should be counted and the value of the float removed from the total. A cash reconciliation form should be completed for each till which should be checked and countersigned by a supervisor. The form should include the following:

o “Z” Number o “Z” Reading o Cash transactions o Credit/Debit Card Transactions o Vouchers o Hospitality vouchers o Cashless Card Transactions o Float o BGC Slip Number (added when banking is completed) o Signature of staff member completing the form o Authorised signature from Supervisor checking the form

The actual cash balance should be reconciled to the theoretical cash balance (the Z reading) and any variances recorded. Any variance or discrepancy should be investigated immediately whatever the value. Any discrepancy over £10 should be reported to the Supervisor and Financial Services immediately. The completed forms should be taken to Financial Services in a sealed envelope on a daily basis and should have the “Z”readings from the till, the credit card terminal readings and slips attached to the form. The forms must be hand delivered to Financial Services to ensure we comply with PCI DSS data in transit regulations. These will be entered onto Oracle Financials by the Cashiers and will be retained for audit purposes for 7 years.


8 of 24


Vending Machines/Student Card Top up/Library Fines

University maintained cash machines are subject to this policy. Vending machines maintained by a third party are subject to the terms of the conditions of that contract. When accessing the cash box in a vending machine there must be two members of staff present where possible. The vending machine cash box must never exceed £300 for insurance purposes. Vending machines should be emptied as required and the money banked along with the normal daily takings. Vending cash income must be reconciled to the vending stock or readings from the machine.

Banking Preparation

Following the daily reconciliation of income, Income should be prepared for banking ready for collection by the Security Company for transportation to the bank. The staff responsible for cash handling in each outlet are responsible for the banking preparation. Cash must be counted discreetly in a secure area and away from public view. Cash and cheques (Financial Services only) must be banked daily and a Bank Giro Credit (BGC) slip completed. The BGC slip number must be entered onto the cash reconciliation sheet for bank reconciliation purposes. BGC books can be obtained from Financial Services at Stafford or Stoke. The books will be assigned to each outlet within the University and will have unique paying in numbers which will allow identification of takings sent to the bank.

Cash banking (GBP coins and notes)

Separate cash from the till into coin and note denominations.

Coins o Coins should be bagged into the clear plastic coins bags adhering to the denomination

limits on the front of each bag (see below). Bags can be obtained from Financial Services.

£20 of £2’s £20 of £1’s

£10 of 50p’s £10 of 20p’s

£5 of 10p’s £5 of 5p’s

£1 of 2p’s £1 of 1p’s

o Remaining coins not equalling the denomination limit should be treated as oddments

and placed separately in clear bank coin bag. o A breakdown of denominations should be filled in on the right hand side of the BGC slip

and the total for the banking entered in the £ box. The date should be entered as the date you are completing the slip. The counterfoil should be completed in the same way. Any alterations must be initialled by the staff member completing the BGC.

Notes o All notes should be face up with the largest value at the bottom (£50 on the bottom £5

on top) o Notes must be flat, not rolled or folded with the heads on the notes all facing up. o Notes must be banded and sealed in the correct bank stationery.


9 of 24


o A breakdown of denominations should be filled in on the right hand side of the BGC slip and the total for the banking entered into the £ box. The date should be entered as the date you are completing the slip. The counterfoil should be completed in the same way.

Completing the banking:

On the cash bag supplied by the Security Company affix a site label for your outlet Enter the total value of the cash (from the BGC slip) in to the “Total Value £” box on the

outside of the bag. Remember the limit for each bag is £15,000 so if the cash you need to bank is more than £15,000 you should split it over the appropriate number of BGC slips and bags.

Sign and date the bag Add the number of containers, for example if you have 1 bag to send to the bank 1 of 1, if you

have 2 bags 1 of 2, 2 of 2 etc.

Place the BGC slip, cash and notes in the bag and seal it ready for collection. Always ensure that the sealing tape has made contact along the width of the bag. If a bag is incorrectly sealed or torn, a new bag must be used. The Security Company will refuse to collect any bags which are torn or appear to have been tampered with.

Store the cash bags in the safe until they are collected by the Security Company Security bags should not be re-opened after they have been sealed unless approved by a Supervisor.

Cheque Banking (Financial Services only) including sterling travellers cheques

Carry out validation checks to verify that the cheque is okay to be banked That the date is valid (i.e. not posted dated) Correct Payee (Staffordshire University, or other subsidiary Company) The amount in words and figures match The cheque is signed Any amendments are initialled by the customer All cheques should be listed on the BGC slip Completing the banking: On the Security Plus Limited cash bag affix a site label for your outlet

You are not required to enter the value of the cheques on the outside of the cash bag, this is for cash only. The £15,000 limit stated on the bag does not apply to cheques.



Place the BGC slip and cheques in the bag and seal it ready for collection. Store the cash bags in the safe until they are collected by the Security Company It is okay to complete a BGC slip that contains both cheques and cash, just remember not to add in the value of the cheques on the outside of the bag.

Overseas Cheques/Drafts

A cheque is deemed as overseas if it is either drawn on an overseas bank or has been drawn on account held overseas. An example would be a draft drawn on Lloyds TSB but with an account name of The People’s bank of China, China. There are some overseas cheques/drafts that require to be signed “for & on behalf of Staffordshire University” on the back of the cheque. It will be obvious on the cheque that this is required as


10 of 24


there will be a pre-printed space for the signature. This must be completed by a cheque signatory (Members of Executive) Completing the banking:

On the Security Company cash bag affix a site label for your outlet You are not required to enter the value of the drafts on the outside of the cash bag, this is for

cash only. The £15,000 limit stated on the bag does not apply to drafts.



Place the BGC slip and the drafts in the bag and seal it ready for collection. Store the cash bags in the safe until they are collected by the Security Company

Transportation of Cash

Cash will be collected daily by the Security Company however it may be necessary to move cash from where it is taken to where it is counted. This activity is a particular risk to the University, however steps can be taken to minimise the risk. Before any cash is transported around the University it is the responsibility of the Dean/Director to undertake a risk assessment of the procedure. These must be retained for audit/insurance purposes. For help completing a risk assessment contact Nigel Price Health & Safety Officer on ext 2726. If the risk is deemed too high then please contact Financial Services who will liaise with the Security Company to move the cash around for us. If the risk is deemed low, the following procedures should be adhered to: Cash can only be transported in a sealed cash collection bag from the Security Company.

It must then be concealed within an unmarked bag. A receipt must be written out with the bag numbers on it before leaving the office and taken

with the cash to the receiving outlet. The receipt must be signed and kept by both parties as proof that the cash arrived at its

destination. These receipts must be retained for audit purposes.

The number of people required to move the cash depends on the value of the cash involved.

Amount Carried Minimum Number of Persons

Up to £2500 1

£2501 to £5000 2

£5001 to £10000 3

Over £10,000 Security Firm only

The staff carrying the money should do so as discreetly as possible, varying times and routes as appropriate. They should remain alert and beware of complacency. If threatened or attacked, the following procedure should be used:

Personal safety of the members of staff is paramount Using professional judgement, consider the risk to yourself and others with you If judged at risk of injury or harm, surrender the cash immediately Make a note of the description of the individuals responsible and methods and direction of

travel


11 of 24


Report to Security, Police and your Manager immediately

Security Company Cash Collection

The University employs a Security Company to ensure the safe transit of cash to the bank. Please ensure that all cash is ready in sealed bags at the designated collection times. The Security firm will not collect any bags that are damaged or look like they have been tampered with. When a Security Officer arrives to collect the cash please perform the following checks:

1. Check their ID – Every member of the Security Firm carry an authorised collector’s card (ACC) and are required to display their personal identity card at all times.

2. Check the Uniform – Every Security Officer will be wearing full uniform including their helmet and body armour with the firm logo clearly visible.

3. Obtain a receipt for the bags collected. This must be retained for audit purposes.

4. If you are suspicious of the Security Officer in any way, do not hand over any money. Telephone the Security firm directly to have the guards identity verified. If they are a genuine crew member they will understand and welcome your due diligence.

The Security Officer will scan the bags and issue you with a receipt which shows the numbers of bags collected and the unique bag reference number of each one. The receipts must be retained and are subject to audit. Financial Services will ensure that every bag collected is banked and any discrepancies will be lodged with the Security Firm.

ANTI-MONEY LAUNDERING RULES

Cash Payments

When accepting large quantities of cash over £500 e.g. to pay for fees or accommodation, the following questions should be asked and the response recorded.

1. Why isn’t the payment being made by cheque or bank transfer? 2. If the student doesn’t have a bank account, why not? 3.

Further consideration is required regarding the country which the student is from. Is the student from a high risk country? See appendix 6 for list of high risk countries. Do not accept overpayments in cash unless you are aware that invoice is due to be raised. If you are in any doubt as to the source of the funds, you should probe further or refuse to accept the cash.


12 of 24


Refunds (Financial Services only)

All refunds must be returned to the original payment source as below:

Payments made by bank transfer Refund to originating bank

Payments made by cheque Proof required of account that cheque came from. Refund to that bank account

Payment made via the web Refund to the original card

Payment made via credit card at Cashiers Office

Refund to the original card

Payment made in cash Refund by cheque/Draft – International students cheque/draft refunds should be sent to home country address.

Safes and Insurance All cash taken by the University should be stored in a safe until it can be collected and transported to the bank by the Security Company. All insurance limits relating to money held in safes must be adhered to at all times. Financial Services are responsible for the insurance of the University and will advise on the monetary limit that can be held in each safe. All members of staff responsible for cash handling must be aware of the current insurance limit for their respective safes and to ensure that cash is held within this limit. Financial Services will annually advise each area of the safe limits and will do spot checks to ensure that this is adhered to.

Safe - Locations

All safes should be located in a secure area and easily accessible for staff to secure the income.

They should not be in an area of public access They must be out of view and not located near or visible through windows or doors. Locations of safes must not be publicised

Financial Services should be notified of any changes of locations to safes. Replacement safes should be ordered through Financial Services to ensure that they adhere to

the correct standards for the safe limit.

Safe - Insurance Limits

It is important that insurance limits are not exceeded, therefore Supervisors and Managers should be aware of the limits and if inadequate request further cover from Financial Services. In no instances should the safes be left overnight exceeding their cash limits.

Safe - Checks

A reconciliation of safe contents, Petty cash floats and till float values should be undertaken by a Supervisor/manager on a monthly basis to ensure there are no discrepancies. A Safe Check Form (example at Appendix 4) should be completed monthly and the signed document returned to Financial Services for audit purposes.


13 of 24


Random safe checks will be undertaken by Financial Services.

Safe – Keys & Combinations

Safe Keys: o The access to safe keys should be restricted and kept to the minimum required to allow for

operational requirements. Authorised key holders must not hand safe keys to other members of staff.

o Financial Services will always hold a set of keys. o During working hours keys should be kept in a locked drawer or on the person responsible

for the keys and under no circumstances should be left lying around on desks, filing cabinets or in Offices. Negligent handling of keys could invalidate the University’s Insurance.

o No information relating to the safe or its location should be attached to the keys. o The overnight storage of keys should not be kept in the same office as the safe. Keys

should be stored in a secure environment, either in a locked drawer/cabinet or a night safe. o The loss of keys must be reported immediately to the Director of Finance. o When staff leave who had access to safe keys, steps should be taken to ensure that the

locations of where keys are stored are changed. Where possible combinations/locks on the door where the safe is kept should also be changed.

Safe Combinations: o The safe combinations should be restricted and kept to the minimum required to allow for

operational requirements. o The combination of the safe should be changed every 12 months or when a staff member

leaves. o If it is not possible to change the combination of the safe, then combinations/keys to the

room where the safe is kept should be changed instead. o A log should be kept of the dates when the changes occur. o The sequence of the safe combination numbers should be selected using random numbers

rather than birthdays or anniversaries etc.

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) To combat fraud all businesses handling payment card data are required to comply with new industry rules aimed at increasing data security. PCI DSS applies to everyone that stores, processes or transmits payment data. It affects all merchants regardless of how they accept cards, face to face, mail or telephone order and via the Internet. All staff who deal with taking any form of credit card payments are required to sign and adhere to the University’s PCI DSS Policy (See appendix 2). Any new staff must sign this policy before being allowed access to credit card machines. Due to frequent changes in PCI DSS Financial Services will review this policy annually and will send out new forms each year for all staff to sign. It is the responsibility of Deans & Directors to inform Financial Services of any new staff to be added to their circulation list. If you have any concerns about credit card security or you suspect any fraudulent activity please contact Helen Holt on ext. 3542.


14 of 24


Petty Cash (Financial Services only)

Petty Cash must be stored in a separate cash box inside a safe. Petty cash vouchers are only to be used for small items of actual expenditure. The maximum amount which may be claimed in respect of any one receipt through petty cash is £50. Any item claimed on a petty cash vouchers must be fully described and an original receipt provided. The process for issuing petty cash is as follows: The person making the claim must complete a petty cash voucher (see appendix 1) which needs to be signed by an authorised signatory in their Faculty/Service. The original receipt must be attached to this form. Petty cash claims will not be reimbursed to self-employed persons or non-University employees. Claims without receipts will only be accepted in exceptional circumstances. The vouchers should be taken to the Cashiers Office at Stafford or Stoke. They will check the validity of the claim, countersign it and issue the cash to the claimant who will then be required to sign for the cash. The following items cannot be claimed by petty cash:

Staff advances Travel & Subsistence Hospitality or entertaining, including tea/coffee & milk

Catering supplies, food or beverages Publications Uniforms Subscriptions Telephone costs Spectacles, contact lenses and eye tests Gifts and flowers Prizes Christmas functions and decorations

The vouchers for each request must be stored in the cash tin along with the petty cash float. When reimbursement of the petty cash float is required a manual cheque request must be completed and sent to Financial Services. The petty cash vouchers should be retained for audit purposes. A cheque will be issued which can then be exchanged for the cash amount from your daily takings and sent to the bank in the daily cash collections. The petty cash float should be verified and reconciled on a weekly basis. A monthly petty cash reconciliation should be sent to Financial Services for audit purposes. Financial Services will perform spot checks on petty cash floats without any prior warning or notice.

Floats

If a float (new or additional) is required a request must be made to Financial Services by an authorised signatory from the relevant Faculty/Service. Floats must be collected by the authorised signatory from the Cashiers Office at Stafford or Stoke, who will be required to sign and confirm receipt. The float will be charged to University Balance sheet and will be credited back should the float be returned.


15 of 24


The float must be recorded in the Outlet and all cash handling staff in the area must be made aware of the float value. Floats must be checked at the start, end and changeover of each shift. A monthly float reconciliation should be sent to Financial Services for audit purposes. If a cash discrepancy arises at the float check this must reported to the Supervisor on shift. Financial Services will perform spot checks on floats without any prior warning or notice.

Requests for change (Coins)

The Cashier’s offices in Stafford and Stoke hold a limited amount of change which can be exchanged for notes by outlets on request. Employees should complete a Change Request Form (see appendix 5) and get it approved by an authorised signatory in their Unit. They should then bring this along with the equivalent amount of notes for the coins required to the Cashier’s Office. A record of the transaction will be made by the Cashier and both the cashier and Employee will be required to sign the appropriate record to acknowledge the exchange. The cashier’s will sign the change request as proof that we have handed over the change. These forms must be retained in the Unit for audit purposes. Cashiers are responsible for the weekly reconciliation of their change floats and should ensure they are replenished as necessary with the bank. A monthly reconciliation of the change floats should be sent to Financial Services for audit purposes. Financial Services will perform spot checks on floats without any prior warning or notice.


16 of 24


APPENDIX 1: PETTY CASH VOUCHER

Date Particulars £ p

£

To be completed by school/service before claiming For Finance Use Only £ p

School Service

G/L Code: VAT

Description: Total Amount Rec'd

Payment Approved Payment Made By Received the above amount:

(Dean or Director) (on behalf of the vice-chancellor)

_________________________ _________________________ ______________________________

Date:_______________________ Date: _______________________ Date: ____________________________

Date Particulars £ p

£

To be completed by school/service before claiming For Finance Use Only £ p

School Service

G/L Code: VAT

Description: Total Amount Rec'd

Payment Approved Payment Made By Received the above amount:

(Dean or Director) (on behalf of the vice-chancellor)

_________________________ _________________________ ______________________________

Date:_______________________ Date: _______________________ Date: ____________________________

£ £ £ VOUCHER FOR PETTY CASH EXPENSES £ £ £

£ £ £ VOUCHER FOR PETTY CASH EXPENSES £ £ £


17 of 24


APPENDIX 2: PCI DSS

STAFFORDSHIRE UNIVERSITY PCI DSS COMPLIANCE

CREDIT/DEBIT CARD INFORMATION SECURITY POLICY Introduction This policy document encompasses all aspects of security surrounding the use of credit/debit card machines and confidential University information and must be distributed to all employees who use these machines. Employees must read this document in its entirety and retain it for their information, then sign the form at appendix 1 confirming they have read and understood this policy fully and return it to Financial Services. This document will be reviewed and updated by Financial Services on an annual basis or when necessary to include newly developed credit/debit card security standards into the policy. Ethics and Acceptable Use Policies All University employees are required to conduct business in accordance with all applicable laws, regulations and contractual obligations. Employees must behave ethically, with integrity and adhere to all Company policies and procedures. It is the responsibility of the employee to be truthful, honest and co-operate fully with credit/debit card information security standards and regulations set out by Staffordshire University. In addition to this an employee must report inappropriate activity or unlawful conduct by another employee to a supervisor and then to Financial Services. Consumer confidence is of paramount importance to our business and with this in mind the security and protection of sensitive information is crucial. It is imperative that employees understand the importance of safeguarding such sensitive information from third parties that do not need to have it to go about their daily business. Such information includes:

Personal client information (name, address, tel. No., email. Social Security no., driver’s license no., bank account, credit card numbers etc.) and;

Company information that is not readily available to the public (clients, financial information, employee information, schedules, technology etc.).

Disciplinary Action Violation of the standards, policies and procedures presented in this document by any Staffordshire University employee will result in disciplinary action from warnings/reprimands up to and including termination of employment. Claims of ignorance, good intentions or using poor judgment will not be used as excuses for non-compliance.


18 of 24


Protect Stored Data All sensitive cardholder data stored and handled by Staffordshire University and its employees must be securely protected against unauthorised use at all times. Any sensitive card data that is no longer required by the University for business reasons must be discarded in a secure and irrecoverable manner. Credit card information – handling specifics.

All media (e.g. paper, floppy disks, backup tape, computer hard drive, etc.) that contains cardholder information must be discarded securely and irreversibly by means such as shredding, demagnetizing, disassembly, etc. when it is no longer needed.

It is strictly prohibited to store: 1 The contents of the credit card magnetic strip (track data) on any media

whatsoever.

2 The CVV/CVC (the 3 or 4 digit number on the signature panel on the reverse of the card) on any media whatsoever.

3 All digits of the credit card’s primary account number on any media whatsoever. All digits but the last 4 numbers of the credit card account number must be concealed or masked (e.g. XXXX or ****) when the number needs to be displayed.

Protect Data in Transit All sensitive cardholder data must be protected securely if it is to be transported physically or electronically. Credit card information – handling specifics

Credit card details (PAN, track data etc.) must never be sent over the internet via email, instant chat or any other end user technologies without using a strong encryption mechanism (e.g. AES encryption).

The transportation of media containing sensitive card data to another location must be authorised by management, logged and inventoried before leaving the premises. Only secure courier services may be used for the transportation of such media. The status of the shipment should be monitored until it has been delivered to its new location.

Restrict Access to Data Access to sensitive cardholder information such as PANS, personal information and business data is restricted to University employees that have a legitimate need to view such information. No other employees should have access to this confidential data unless they have a genuine business need.


19 of 24


Physical Security Access to sensitive information in both hard and soft format must be physically restricted to prevent unauthorised individuals from obtaining sensitive data. Media is defined as any printed or handwritten paper, received faxes, floppy disks, backup tapes, computer hard drive, etc.

Media containing sensitive cardholder information must be handled and distributed in a secure manner by trusted individuals.

Media storing sensitive cardholder date (especially the PAN and other personal information such as social security numbers) should be properly logged and inventoried before being destroyed. Sensitive data should always be disposed of when it is no longer needed by the University in such a manner as to render the content irrecoverable.

Visitors must always be escorted by a trusted employee when in areas that hold sensitive cardholder information.

All computers which store sensitive cardholder data must have a password protected screensaver enabled to prevent unauthorised use.

Security Awareness and Procedures The policies and procedures outlined below must be incorporated into the day-to-day practice of the University at both Executive and Departmental level to maintain a high level of security awareness. The protection of sensitive data demands regular updates to all employees and contractors.

1. Review handling procedures for sensitive information and hold periodic security awareness meetings to incorporate these procedures into day-to-day practice.

2. Distribute this policy document to all University employees to read and sign. It is a requirement of Staffordshire University that all employees confirm that they understand the content of this credit/debit card Information security policy document by signing the acknowledgement slip at appendix 1.

3. All third parties with access to credit card account numbers are contractually obligated to comply with Card Association Security Standards (PCI/DSS).

4. University credit/debit card information security policies must be reviewed annually and updated as necessary.

Security Management / Incident Response Plan Employees of Staffordshire University will be expected to report to Financial Services, any security related issues. The role of the Financial Services is to effectively communicate electronic security policies and procedures to employees and contractors. In addition, Financial Services will oversee the scheduling of credit/debit card information security updates, monitor and enforce the credit/debit card information security polices outlined in both this document and oversee the implementation of the incident response plan in the event of a sensitive data compromise.


20 of 24


In the event of a suspected security breach, Departments should:

1. Alert Financial Services immediately who will carry out an initial investigation of the suspected security breach.

2. Upon confirmation that a security breach has occurred, Financial Services will alert all relevant parties that may be affected by the compromise.

If the data security compromise involves credit/debit card account numbers, Financial Services will implement the following procedure:

1. Shut down any systems or processes involved in the breach to limit the extent, and prevent further exposure.

2. Alert all affected parties and authorities such as the merchant Bank, Visa Fraud Control and any necessary law enforcement.

3. Provide details of all compromised or potentially compromised card numbers to Visa Fraud Control within 24 hours.

4. For more information visit: http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_if_compromised.html

http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_if_compromised.html

http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_if_compromised.html


21 of 24


APPENDIX 3: CC/DC INFORMATION SECURITY POLICY

AGREEMENT TO COMPLY WITH CREDIT/DEBIT CARD INFORMATION SECURITY POLICY

Please retain the policy document attached to this form for your reference and return this signed

agreement form to Helen Holt, Financial Services. Thank you.

Employee Name: ............................................................................................................ Print name Faculty/Service: ............................................................... Tel ext no: ............................. I agree to take all reasonable precautions to assure that University credit/debit card information, or information that has been entrusted to the University by third parties such as customers, will not be disclosed to unauthorised persons. At the end of my employment or contract with the University I agree to return all information to which I have had access as a result of my position. I understand that I am not authorised to use sensitive information for my own purposes, nor am I at liberty to provide this information to third parties without the express written consent of the internal manager who is the designated information owner. I have access to a copy of the Credit/Debit Card Information Security Policy and have read and understood the policy. I understand how it impacts on my role and as a condition of my employment, I agree to abide by the policy. I understand that non-compliance could result in disciplinary action up to and including dismissal and perhaps criminal and/or civil penalties. I further agree to promptly report all violations or suspected violations of information security policies to Financial Services. Employee signature: .............................................................. Date: .............................


22 of 24


APPENDIX 4: SAFE CHECK SHEET

Department: Room No:

Date of Check Staff Name carrying out check

Initials Any Comments


23 of 24


APPENDIX 5: CHANGE REQUEST FORM

CHANGE REQUEST FORM

Outlet Name

Date

Cash Removed from Float/Till Coins Requested

£ £

£50

£20

£10

£5 £5

£2 £2

£1 £1

50p 50p

20p 20p

10p 10p

5p 5p

2p 2p

1p 1p

Total Total

Approved by: Received by:

Name (Print): Name (Print):

Signature Signature

Change Returned to Float/Till: Finance Office:

Name (Print:) Name:

Signature: Signature:


24 of 24


APPENDIX 6: HIGH RISK COUNTRIES – HE SECTOR

High Risk Countries Money Laundering (Nov 14)

Country Risk Afghanistan High Risk

Albania High Risk

Algeria High Risk

Angola High Risk

Argentina High Risk

Cambodia High Risk

Cuba High Risk

Democratic People’s Republic of Korea High Risk

Ecuador High Risk

Ethiopia High Risk

Indonesia High Risk

Iran High Risk

Iraq High Risk

Kenya High Risk

Kyrgyzstan High Risk

Kuwait High Risk

Lao People’s Democratic Republic High Risk

Mongolia High Risk

Myanmar (formerly Burma) High Risk

Namibia High Risk

Nepal High Risk

Nicaragua High Risk

Pakistan High Risk

Panama High Risk

Papua New Guinea High Risk

Sudan High Risk

Syria High Risk

Tajikistan High Risk

Tanzania High Risk

Turkey High Risk

Uganda High Risk

Yemen High Risk

Zimbabwe High Risk

cash handling policy - staffordshire university · finpol 106 cash handling policy 3 of 24 equality...

Documents