Every few months, a story surfaces somewhere about an HOA treasurer or property manager who quietly drained a community's reserve account over several years before anyone noticed. These stories share a common thread: not sophisticated fraud, but the absence of basic controls that would have made it obvious far sooner. For a self-managed board, the good news is that the controls that prevent this are neither expensive nor complicated, they just have to actually be in place before they're needed.
This is general information, not legal or accounting advice. If your association suspects fraud has already occurred, involve the association's attorney and consider a forensic accountant before taking action that could compromise an investigation or insurance claim.
Almost every reported case of HOA financial fraud follows the same basic pattern: one person has effectively unsupervised access to the association's money for an extended period. That person might be a board treasurer, a self-appointed bookkeeper, or a property manager, and the access might be online banking credentials, check-signing authority, or control over the only copy of the financial records.
The fraud itself is rarely dramatic at first. It's a personal expense paid from the HOA account "to be reimbursed later," a round-number transfer to a personal account during a slow month, a vendor invoice that's inflated with the difference kicked back to the person who approved it. What makes these schemes last for years is simply that no one else is looking, monthly statements go unreviewed by anyone but the person doing the spending, and the rest of the board trusts that "the treasurer has it handled."
The foundational principle behind every fraud-prevention measure on this page is separation of duties: the person who records a transaction shouldn't be the same person who approves it, and the person who approves a payment shouldn't be the only person who can see whether it actually went where it was supposed to. In a small, all-volunteer board this can feel like unnecessary bureaucracy, but it's precisely in small organizations, where one person often does wear multiple hats, that the lack of a second set of eyes is most dangerous.
In practice, separation of duties for a self-managed HOA means at least: the person preparing payments isn't the only person who can approve them, the full board (not just the treasurer) receives bank statements directly from the bank or through software, not relayed by one person, and reconciliation of the books against the actual bank balance happens on a schedule, not only when someone asks.
A dual-signer requirement, where payments above a defined threshold require approval from two authorized board members rather than one, is one of the single most effective controls against embezzlement, because it removes any one person's ability to both initiate and approve a payment. See our guide on HOA bank accounts for how to set up accounts with the right signers and access levels in the first place.
Practical dual-control measures include:
A fidelity bond, sometimes called employee dishonesty coverage, protects the association's funds if a board member, officer, or anyone with access steals from the association. Many states and many mortgage lenders require associations to carry a minimum amount of this coverage, particularly for communities where unit sales involve financing, see our guide on board liability insurance for how this fits alongside D&O and general liability coverage.
Even where it's not strictly required, a fidelity bond is relatively inexpensive and is one of the most direct financial backstops available, it doesn't prevent fraud, but it means a community that experiences it isn't left entirely without recourse while pursuing repayment from the person responsible.
At minimum, the full board, not only the treasurer, should receive and actually review bank statements and a summary of income and expenses every month. "Receive" and "review" aren't the same thing, a monthly report that's forwarded to an email no one reads provides essentially no protection. See our guide on the annual budget process for how monthly actuals should tie back to the approved budget.
Beyond monthly board-level review, many governing documents and some states require a periodic independent review, compilation, or full audit by an outside accountant, the specific requirement and frequency vary, but an annual independent look at the books, even a relatively light "review" rather than a full audit, is a control that an internal board, however well-intentioned, simply can't replicate on its own.
| Control | What It Prevents | How to Implement |
|---|---|---|
| Dual signers on payments above a threshold | One person moving money unilaterally | Set threshold with the bank; require two approvals above it |
| Full-board statement access | Statements seen only by the person spending | Add a second board member as view-only on online banking |
| Monthly reconciliation reviewed by the board | Discrepancies going unnoticed for months or years | Standing agenda item at every board meeting |
| Fidelity bond / employee dishonesty coverage | Total loss with no recourse if fraud occurs | Confirm coverage amount with your insurance agent |
| Resident payments via portal, not personal accounts | Cash or checks passing through one person's hands | Use a payment portal that deposits directly to the association |
| Prompt access removal when board members leave | Former members retaining banking access | Checklist item for every board transition |
Beyond formal controls, boards should pay attention to behavioral signals: a treasurer or manager who resists sharing statements or online access with other board members, financial reports that are consistently late, vague, or inconsistent month to month, reserve balances that don't match what's been reported previously, and defensiveness or evasiveness when a routine question is asked about a specific transaction. None of these prove fraud on their own, but any of them is a reason to look closer, not to assume it's nothing because "they've always handled it fine before."
In AffordableHOA: Every payment and transaction is recorded in a shared ledger the full board can see in real time, resident dues are collected directly into the association's account rather than passing through an individual, and monthly financial summaries are generated automatically so reviewing the books doesn't depend on one person compiling a report.
The most complete self-managed HOA platform. Starting at $49/month.
Start Free TrialMost cases involve one person, often a treasurer or manager, with unchecked access to the association's bank accounts over a long period with no regular review by anyone else. The fraud is usually simple, small repeated transfers or personal expenses, that goes unnoticed because no second person is looking.
It means payments above a set amount need approval from two authorized board members rather than one person acting alone. It's one of the most effective controls against embezzlement because it removes any single person's ability to both initiate and approve a payment to themselves.
Many states and lenders require associations to carry fidelity bond (employee dishonesty) coverage protecting funds against theft by board members, officers, or employees with access. Even where not required, it's inexpensive relative to the protection it provides.
At minimum, the full board should review bank statements and an income/expense summary monthly, not just the treasurer. Many documents and states also require a periodic independent review, compilation, or audit, often annually.
Software can't replace board-level controls like dual signers, but it creates a transparent, time-stamped record the full board can see in real time and routes resident payments directly to the association's account rather than through an individual.
Resistance to sharing bank statements or online access with other board members, financial reports that are consistently late or vague, reserve balances that don't match prior reports, and defensiveness when routine questions are asked about specific transactions.