Are there any privacy concerns to attaching bank information in the payee profile in Workday?

Workday has dual-factor authentication and is tokenized. Per NACHA's Supplementing Data Security Requirements, encryption, truncation, tokenization, destruction, or having the financial institution store, host, or tokenize the account numbers are among the options for Originators and Third-Parties to consider.

Is DocuSign an acceptable form of verification?

Yes, but only if the bank information provided is supported with additional verification. Because DocuSign requests remain vulnerable to business email compromise (BEC) and rely on the same communication channel as the original request, additional independent verification is required. This may include the official bank documentation included in the DocuSign file or a callback to the payee using contact information already on file.

 

Are approvers expected to review both MPE and MPs before approval?

Yes, approved must review both MPE and MPs if the ACH transaction is $5,000 or greater AND either of the following conditions applies:

  • The payee is a new payee, OR
  • The payee is an existing payee and their banking information is being updated

If both the transaction threshold and one of the conditions mentioned above are met, review of both the MPE and MP is required prior to approval.

I purchased non-travel expenses during business travel. What is the expense date for the non-travel expenses? What exception applies?

The expense date will remain the purchase date for non-travel expenses. The user may select "the employee was on business travel status for over 60 days" exception and obtain documentation in the form of trip pre-approval and/or documentation substantiating continuous 60-day travel.

How does this apply to aggregating expenses/multiple trips into one ER?

Aggregating expenses into one Expense Report is not recommended. Best practice is to reimburse one trip per ER. If the travel does not fit into any of the specified exceptions and is aggregated, the request will be sent back to update to follow the policy.

There may be selected scenarios for mileage aggregation, and those should still be submitted monthly.