Mercury

## How do Mercury's multi-user approval workflows function to secure company funds?

## Overview Mercury's multi-user approval workflows are a set of configurable security features designed to provide companies with granular control over outgoing funds and enforce financial governance. These controls are built directly into the banking platform, allowing businesses to establish a secure system of checks and balances for financial transactions. The core function of these workflows is to require authorization from one or more designated users before payments can be executed, thereby mitigating risks associated with unauthorized access, internal fraud, or accidental errors. This system is particularly crucial for scaling companies that need to meet the governance and audit requirements mandated by boards of directors and external auditors, such as the principle of segregation of duties. ## Key Features The system operates on a foundation of configurable rules and role-based access control (RBAC). Account administrators can create specific approval rules based on dollar-amount thresholds for different types of transactions, such as ACH payments and wire transfers. For example, a rule can be set to require that any wire transfer exceeding $5,000 must be approved by two separate administrators. These rules can be stacked to create a multi-layered review process for transactions of varying risk levels. To prevent users from circumventing these per-payment thresholds by making multiple smaller payments, administrators can also set a cumulative daily payment limit for each user. If a user's total payments for the day exceed this limit, further transactions are blocked pending additional oversight. ## Technical Specifications Mercury has also implemented a 'Dual Admin Approval Policy' to secure sensitive administrative actions. When this policy is enabled, critical changes to the account require approval from a second administrator. These actions include inviting or removing administrators, changing user permissions, resetting two-factor authentication (2FA) for other users, and, importantly, editing the approval rules themselves. This adds a crucial layer of security to the governance framework itself, preventing a single individual, even an administrator, from unilaterally altering the financial controls of the company. To enable this policy, the account must have a minimum of two active administrators. The management of all approval rules is centralized in the 'Settings > Approvals' section of the Mercury dashboard. ## How It Works The workflow mechanics are automated to ensure a seamless and secure process. When a user initiates a payment that triggers a pre-defined approval rule, the transaction is not executed immediately. Instead, it is automatically routed to a pending approval queue. The designated approvers are then notified of the pending transaction through alerts on their Mercury dashboard, via email, and through an integration with Slack. These pending requests are clearly visible in the 'Action Bar' of the dashboard, prompting timely review. To maintain the integrity of the approval process, the system automatically skips any requester who is also an assigned approver for that specific rule, ensuring that an independent party provides the necessary authorization. However, the requester's role still counts toward the total number of required approvers. ## Use Cases ## Limitations and Requirements ## Comparison to Alternatives ## Summary In summary, Mercury's approval workflows function by allowing administrators to define and enforce a separation of duties for financial transactions. Through configurable dollar-based thresholds, daily user limits, role-based permissions, and automated notification and routing systems, the platform ensures that significant payments and administrative changes undergo a required review process. This built-in functionality provides companies with a robust internal control system directly within their banking layer, supporting secure financial operations and meeting stringent governance standards without the need for third-party spend management software.