Authorized Signatories and Signing Mandates: Getting the Account Mandate Right
Authorized signatories and signing mandates explained — mandate types (singly, jointly, either-or-survivor), per-account control, and how to get the account mandate right at onboarding.
The signing mandate is the part of a corporate account-opening file that decides who can move money and under what rules. Get it right and the account has clear, enforceable controls; get it wrong and you have created either a bottleneck that frustrates the customer or an opening that a single person can exploit. This article explains authorized signatories and the operating instructions that govern them, the mandate types a bank should support, and how to capture both accurately at onboarding.
Signatories and mandates are two different things
It is worth separating two ideas that are often blurred. An authorized signatory is a named individual the company has empowered to operate the account. A signing mandate — sometimes called the operating instruction — is the rule that says how many of those signatories, and in what combination, must act before an instruction is valid. A company can name four signatories and still require any two of them to authorise a payment; the four names and the "any two" rule are separate facts that the bank must record together.
The authority for both comes from the company itself, usually expressed in a board resolution. The resolution names the people and sets the operating instruction, and the account mandate the bank holds should match it exactly. This is why the mandate cannot be treated as a standalone form: it is the operational expression of a governance decision. We look at the governance side in detail in our guide to board resolutions for a company bank account, and the broader onboarding journey in the complete guide to business account opening.
The mandate types a bank needs to support
A corporate banking platform has to handle the full range of operating instructions a company might require, because real ownership and control structures vary widely. A sole proprietor needs a single signatory acting alone; a family business may want either of two directors; a larger company may insist that any two of four signatories act jointly on every instruction. The Creodata Business Account Opening System captures the operating instruction in step 6 of its application wizard and supports the mandate types banks actually use:
| Mandate type | What it means in practice |
|---|---|
| Singly | Any one named signatory can operate the account alone. |
| Jointly all | Every named signatory must sign before an instruction is valid. |
| Jointly any two / three / four | A defined number of the named signatories must act together. |
| Either-or-survivor | Either signatory may act, and on death of one the survivor continues. |
| Special | A bespoke instruction the company has agreed with the bank. |
The right choice is a control decision, not an administrative one. Tighter mandates — jointly all, or any two of four — distribute authority so that no single person can move funds unchecked, which is one of the most effective internal-control safeguards a company has against both error and fraud. Looser mandates trade some of that control for speed and convenience. The bank's job at onboarding is not to make the choice for the customer, but to record the choice precisely and make sure it is enforceable.
Capturing signatories with identity and a photo
A mandate is only as reliable as the identity behind each signatory. If the bank cannot show who a signatory is, the operating instruction means little. The Creodata BAOS signatories step captures up to four authorized signatories, each with their identification details and a passport photo, so the people named on the mandate are documented rather than merely listed. That identity record sits alongside the rest of the application and feeds the bank's downstream controls.
Signatory identity is also where the mandate intersects with financial-crime checks. Signatories frequently overlap with the company's directors, shareholders and beneficial owners, so the people you record here are often the same people you must screen and verify. Step 4 of the wizard captures significant stakeholders — the directors, shareholders, partners or sole proprietor behind the entity — and the platform's compliance screening service runs PEP, FATCA and KYC/AML checks across the relevant individuals. For the underlying discipline, see our pieces on beneficial ownership at onboarding and PEP and sanctions screening at account opening, and the deeper treatment of screening in the AML guide to sanctions and PEP screening explained.
Recording the mandate and the terms that bind it
Capturing names and a mandate type is not enough on its own; the customer also has to accept the terms under which the account operates. The signing-mandate step in BAOS records the operating instruction together with acceptance of the bank's terms and conditions, so the file shows both what the company instructed and that it agreed to the rules governing the account. Because the wizard auto-saves to draft between steps, a company that needs to confirm the operating instruction with its directors before committing can leave and return without losing the rest of the application — the same save-and-resume behaviour that helps reduce drop-off across the whole journey, which we discuss in reducing account-opening abandonment.
The mandate also connects to the facilities the company selected earlier. Whether the account has a cheque book, debit card, or mobile and internet banking changes the channels through which signatories will actually issue instructions, so the operating instruction has to make sense against those facilities. Capturing the two together in a single guided journey, rather than across disconnected paper forms, is part of what makes a digital business account-opening process more controlled than its paper predecessor — a theme that runs through the whole corporate account-opening process.
Why the mandate matters for control and audit
The mandate is a front-line internal control, and like any control it needs an evidence trail. A bank should be able to show, after the fact, who was named as a signatory, what operating instruction was set, that the named individuals were identified, and that the terms were accepted — all tied back to the board resolution that authorised them. Creodata BAOS supports this with append-only audit logging of actions taken on an application, so each step in the file, including the signatory and mandate capture, leaves a record that cannot be quietly altered.
This evidence discipline is the same one banks apply across onboarding and ongoing compliance. The principle of separating authority so that no single person controls a transaction is closely related to the four-eyes principle used in financial-crime workflows; we explore that connection in audit-ready onboarding and, on the AML side, in audit-ready AML and four-eyes. Within the bank, role-based access control with branch scoping means staff only see the applications for their own branch and segment, so the people reviewing a mandate are themselves operating under defined authority.
The signatories and beneficial owners recorded against a mandate do not stop mattering once the account is open. The same individuals carry forward into the ongoing monitoring a bank performs over the life of the relationship, which is where the Creodata AML Compliance Platform picks up after onboarding. Capturing identities cleanly at the mandate stage means the people behind the account are already documented when continuous screening and risk assessment begin, rather than being reconstructed later from a paper file.
Frequently asked questions
What is the difference between an authorized signatory and a signing mandate?
An authorized signatory is a named individual the company has empowered to operate the account, while the signing mandate is the rule that governs how those signatories must act together — for example singly, jointly all, or any two of four. A company can name several signatories and still require a specific combination of them to authorise each instruction, so the names and the operating rule are recorded as separate but linked facts. Creodata BAOS captures both in the same guided step, alongside acceptance of the bank's terms and conditions.
How many signatories can be recorded, and what details are captured for each?
The Creodata Business Account Opening System captures up to four authorized signatories on a corporate application. For each signatory it records identification details and a passport photo, so the individuals named on the mandate are properly documented rather than simply listed. Because signatories often overlap with directors, shareholders and beneficial owners, the same individuals may also be captured as significant stakeholders in the compliance step and run through PEP, FATCA and KYC/AML screening, keeping the identity behind the mandate consistent across the file.
Why does choosing the right mandate type matter for fraud prevention?
The operating instruction decides how authority is distributed. A tighter mandate, such as jointly all or any two of four, means no single person can move funds without a second party acting, which is one of the most effective internal controls a company has against both error and internal fraud. A looser mandate, such as singly, trades some of that control for convenience. Recording the choice precisely and tying it to the authorising board resolution gives the bank an enforceable, auditable control rather than an informal understanding.
Getting the mandate right is one decision in a longer onboarding journey that has to be controlled end to end. See how the Creodata Business Account Opening System captures signatories, operating instructions and the board resolution within a single audited, compliant wizard, and book a demo to walk through the signing-mandate step on your own account products.