Financial institutions often require the involvement of more than one or two people to complete a large financial transaction or approve a change to sensitive account information. Guarding against one person being in control of all aspects of payment processing is a "best practice" followed in many sectors of the financial industry. Dual control, a security feature enabled by the FI, ensures that a change to a user's record must be approved by another person in addition to the user that made the changes.
Note: If dual control is required, another customer user with Customer Users: Add, Edit, Delete permission will have to verify the user record changes before they become effective.
The dual control process suspends the change to a user's record and lists the pending user record(s) as a link at the application home page. Another person should navigate to the user list (or click the link from the home page), select the modified user, and review the altered fields. The application lists the modifications to the record in red next to the previous state of the updated field(s), allowing the user to compare the two settings. For example, if you changed the password expiration date, the new date will be listed in red to the right of the previous date. After reviewing the change(s), the approving user may accept or reject them. Accepting or verifying the changes to the user record finalizes the changes the first user made, while rejecting will return the user record to its original state.
If dual control is enabled for your organization, user changes including the following require an additional person's approval to be finalized: adding/editing/deleting fields in the user detail section, user authorities, user permissions, user file load rights, user report rights, and notifications (if applicable), as well as unlocking a user.