The model financial regulations include the following:
6.15. Where internet banking arrangements are made with any bank, the Clerk [RFO] shall be appointed as the Service Administrator. The bank mandate approved by the council shall identify a number of councillors who will be authorised to approve transactions on those accounts. The bank mandate will state clearly the amounts of payments that can be instructed by the use of the Service Administrator alone, or by the Service Administrator with a stated number of approvals.
Most banks now provide a facility for two people to be involved in a payment, whereby one person enters the details, but the payment must be released by another person. This simply mirrors the two signatory requirement for cheques.
There is also a paragraph regarding security of passwords:
6.11. Where a computer requires use of a personal identification number (PIN) or other password(s), for access to the council’s records on that computer, a note shall be made of the PIN and Passwords and shall be handed to and retained by the Chairman of Council in a sealed dated envelope. This envelope may not be opened other than in the presence of two other councillors. After the envelope has been opened, in any circumstances, the PIN and / or passwords shall be changed as soon as practicable. The fact that the sealed envelope has been opened, in whatever circumstances, shall be reported to all members immediately and formally to the next available meeting of the council. This will not be required for a member’s personal computer used only for remote authorisation of bank payments.
This ensures that you never lose access to your data.
