Receipting and Banking Policy

Application

This policy applies to all University members who either collect, manage, or receive monies on behalf of the University.

Purpose

To ensure that appropriate financial controls are applied to the receipting of all monies received by the University. This policy is to be read in conjunction with the Receipting and Banking Procedures.

Background

The University receives revenue from a variety of sources, including students, governments, industry and private donors. Everyone involved in collecting, receipting or holding University money are expected to operate consistently with the principles stated in this policy.

To improve security and efficiency of processing, the University encourages all payments to be made online. All online payment systems and processes are aligned to ensure that they meet agreed financial security and PCI-DSS standards at the University.

Policy

Safeguarding University monies

1. Any department wishing to receive payments, either in person or online, must engage with Financial Operations and Digital Services to discuss requirements.

2. Payment solutions must only be installed at the University in consultation with Financial Operations to ensure appropriate accounting principles and compliance with appropriate standards.

3. All monies received are to be promptly and accurately reported in the University’s revenue systems.

Cashiers’ office

4. In person receipting of monies is to be managed at an approved cashiers’ office.

5. Only a cashiers’ office can accept cash payments.

6. Cash payments must always be kept safely and securely at a cashiers’ office.

7. Access to safes and tills must be controlled and restricted to staff who are directly involved in processing payments received or the preparation of banking.

8. A senior member of staff is to check that tills and EFTPOS terminals are balanced each day and that bank deposits are accurate.

9. All payments are to be banked into the University’s bank account daily.

10. Payments related to electronic receipting systems not operated by the cashier must not be taken from the customer.

Fraud and money laundering awareness

11. Payments may not be received by University members where the card is not present either online, or in person.

12. Refunds will only be processed back into the original bank account or card it was originally paid from.

13. University members may not lodge, or permit to be lodged, private monies in an official University bank account.

14. Any requests to supply University bank account details must be directed to Financial Operations, in the first instance.

15. Official monies may not be loaned or borrowed.

16. Where funds have been substantially overpaid and refunds are requested, this must be alerted to the Financial Compliance team.

Payment Card Industry Data Security Standard (PCI-DSS)

17. All card payments must be managed in accordance with PCI-DSS requirements.

18. Online monies paid to the University must only be processed via websites that have been authorised by both Digital Services, Connect and Financial Operations and meet PCI-DSS compliance standards.

Definitions

The following definitions apply to this document:

Card is not present transactions means card details taken over the phone, email, or post, and used for manual transactions on behalf of the card holder.

Card payments means any debit or credit card payments where the card company is Visa or Mastercard.

Cashiers’ offices are approved designated departments that are approved to receive cash payments.

EFTPOS means Electronic Funds Transfer at Point of Sale.

In person means all monies handled directly by University members.

Members means those persons who make up the University as set out in section 3(2) of The University of Auckland Act 1961 and includes University employees, students, Council committee members, contractors, sub-contractors and invitees.

Online means all payments/monies handled electronically by the University’s approved provider.

Payment Card Industry Data Industry Security Standard (PCI-DSS) is a standard the University must comply with because it accepts card payments. The standard was established by the payment card industry to define an appropriate set of security standards expected to be maintained by organisations receiving card payments.

Payment solutions is a general term that applies to the entire technology needed to accept a customer transaction at your site.

University means the University of Auckland including all subsidiaries.

Key relevant documents

Document management and control

Owner: Chief Financial Officer
Prepared by: Head of Financial Operations
Approved by: Vice-Chancellor
Date approved: 27 July 2021
Review date: 27 July 2026