Key takeaways
- Treasury authority is a control map, not just a list of bank signers.
- Management should know who can view accounts, initiate wires, approve wires, release ACH batches, change templates, and access lender portals.
- Former employee access, founder-only approval, and one-person payment workflows create avoidable diligence and fraud concerns.
- A clean treasury file includes signer lists, bank portal user exports, approval thresholds, positive pay settings, payment templates, and backup approvers.
- Buyers view treasury controls as a practical test of finance maturity because weak authority design can create immediate cash loss.
Treasury authority is where finance controls become real. A company can have a polished <a href="/insights/management-package-buyers-trust" class="subtle-link">management package</a> and still expose itself to avoidable risk if former employees remain on bank portals, one person can both create and approve payments, or vendor bank changes are accepted without independent verification.
For adjacent context, compare this with Vendor Onboarding and Vendor Master Controls, Accounts Payable Discipline, and Merchant Processing Fees and Chargeback Economics. Those articles cover vendor setup, payment timing, and customer payment realization; this article focuses on treasury authority and cash-movement permissions.
For founder-owned businesses, the problem often starts for practical reasons. The founder is the only signer. The controller has broad access because someone had to get payments out. A backup user was created during a vacation and never removed. None of that feels material until a buyer, lender, insurer, or fraud event asks who had authority over cash.
Treasury control is not only about who signs checks. It is about who can move money, change payment instructions, release files, and approve exceptions.
Bank signer
Person legally authorized on the bank account
Portal user
Person with online banking access, which may or may not include payment rights
Payment authority
Ability to initiate, approve, release, or modify wires, ACH, checks, or templates
Treasury control file
Evidence showing current authority, approval thresholds, and periodic access review
The treasury authority map
The first step is to separate legal authority from system authority. A signer list shows who the bank recognizes. A bank portal export shows who can actually log in. Payment settings show whether that person can view balances, create payments, approve payments, release ACH files, edit templates, or change administrative rights.
A useful map covers every account and every payment rail. Include operating accounts, payroll accounts, sweep accounts, credit lines, lender portals, lockbox access, merchant settlement accounts, and any account used only occasionally. Dormant or low-activity accounts are often where outdated access survives.
What buyers test
Buyers usually care less about the bank relationship itself than the control evidence around it. They want to see whether access is current, whether payment authority is segregated, whether former employees have been removed, whether emergency overrides are documented, and whether someone other than the founder can operate treasury after closing.
A clean file is straightforward: current bank signer list, bank portal user export, payment approval matrix, positive pay or equivalent fraud controls, vendor bank change procedure, lender portal user list, and evidence that access is reviewed periodically. The absence of that file does not usually kill a deal, but it creates avoidable diligence friction.
A $27M business services company entered diligence with strong financial reporting but weak treasury documentation.
Two former employees still appeared in a bank portal export, the founder was the only documented wire approver, and vendor bank changes were handled by email.
The buyer required cleanup before close: stale access removed, dual approval turned on, positive pay activated, and a treasury transition memo prepared for Day 1. The issue did not change value, but it became a preventable closing workstream.
Frequently asked questions
How often should bank access be reviewed?
At least quarterly for active users and immediately after any finance, executive, payroll, or AP employee leaves. The review should include signer lists and online banking permissions, not only accounting system users.
What is the biggest treasury control gap?
One person with end-to-end authority: vendor setup, payment creation, payment approval, and bank release. That design may be convenient, but it is difficult to defend in diligence.
What should be fixed first?
Remove stale users, turn on dual approval for material payments, document payment thresholds, and create a verified process for vendor bank changes.
Work with Glacier Lake Partners
Review treasury authority controls
We help operators map bank access, payment approval rights, fraud controls, and treasury backup coverage before diligence or ownership transition.
Explore Operational Advisory →Operating workflow scan
Find the reporting or execution workflow worth automating first.
Turn the issue in this article into a ranked AI workflow roadmap with readiness gaps and estimated time savings.
Find the first workflow →Research sources
Disclaimer: Financial figures and case-study details in this article are anonymized, composite, or representative examples based on middle market operating situations, and are not guarantees of outcome. Statistical references are drawn from cited third-party research; individual transaction and operational results vary based on business characteristics, market conditions, and deal structure. This content is for informational purposes only and does not constitute legal, financial, or investment advice. Consult qualified advisors for guidance specific to your situation.

