Joint Authority Fails Differently

Two signatures do not automatically create two independent decisions. Design joint authority for absence, conflict, coercion and compromised channels.

The answer

Joint authority is meant to reduce unilateral error. It can also create deadlock, false reassurance and a larger impersonation surface. Two approvals may originate from the same compromised inbox.

Joint authority is meant to reduce unilateral error. It can also create deadlock, false reassurance and a larger impersonation surface. Two approvals may originate from the same compromised inbox. One signatory may routinely follow the other. Both may depend on the same assistant, adviser or device. A transaction may stall because one person is unavailable, pushing staff into an improvised exception. The number of signatures says little about the independence of the decision.

Identify the purpose of joint control

  • Judgment: two people assess the substance independently.
  • Integrity: one person cannot alter and execute an instruction alone.
  • Representation: different interests or constituencies must consent.
  • Continuity: more than one person can keep the institution operating.
  • Evidence: the act requires a stronger record of authority.

Different purposes require different designs. Two-factor approval by one person may protect integrity but not judgment. Two directors may satisfy representation but fail continuity if they always travel together.

Value object — The Joint Authority Stress Test

Test each joint rule against:

  • Absence: one authority holder is unreachable.
  • Conflict: one has a personal interest or disputed capacity.
  • Compromise: one identity or device is controlled by an adversary.
  • Coercion: an apparently valid approval is given under pressure.
  • Dependency: both rely on the same adviser, assistant, channel or evidence.
  • Urgency: delay creates material loss.
  • Disagreement: each person reaches a defensible different conclusion.

For every scenario, define whether the action pauses, escalates, substitutes or narrows.

Make approvals independently sourced

If both approvers receive the same fraudulent package from the same channel, two approvals can reproduce one deception. For high-consequence actions, require at least one approver to obtain critical facts independently: known beneficiary details, registered contact, authoritative contract or direct counterparty confirmation.

Design the exception before the emergency

An exception created under urgency usually weakens the purpose of joint authority. Predefine substitute authorities, evidence thresholds, spending ceilings and expiry. The substitute should not be the person who prepared the instruction unless the consequence and mandate explicitly permit it.

Detect ceremonial approval

Review how often the second approver changes, rejects or questions an instruction. A zero-challenge pattern may reflect excellent preparation—or a rubber stamp. Interview approvers about the evidence they use. Ensure the interface gives them enough information to decide rather than a single approve button.

Keep dissent

Joint authority produces value when disagreement becomes visible. Record material dissent and the basis on which the institution proceeded or paused. Do not force consensus into a misleading clean record. The existence of a contested fact may be the most important information for the next decision-maker.

Shared authority must remain genuinely plural

Joint control works when no single compromised person, channel or assumption can produce the whole decision. Count independent authority paths, not signatures. Two approvals generated by one trust chain are one decision wearing two names.

Sources

  1. FINMA: Revised circular on operational risks and resilienceFINMA: Revised circular on operational risks and resilience

    Primary authority

  2. Swiss NCSC: CEO-FraudSwiss NCSC: CEO-Fraud

    Primary authority

  3. NIST Digital Identity GuidelinesNIST Digital Identity Guidelines

    Primary authority

Jonathan P. De CollibusFounding Partner, Svperior / Cyber

Ross Belhomme

Ross leads Legal within Svperior GmbH. His work draws on more than two decades across international fiduciary, wealth-structuring, and private-client environments, combining legal, financial, and technical judgment around governance, privacy, assets, authority, and cross-border operating conditions.

Legal strategy / Governance / Private-client structuring / Digital assets

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry