How Do I Set Up A Four-Eye Policy Check For Payments?

Protect your company from fraud and unauthorized payments with Qonto's Transfer Authorization feature.

This security control ensures that no single person—including the account Owner—can both initiate and approve a high-value transfer on their own. One team member creates the payment request, and a different person must review and approve it before the money moves.

You set an amount threshold (for example, €10,000), and any transfer at or above that amount automatically enters an approval queue instead of executing immediately. This separation of duties gives you peace of mind as your finance team scales.

Who can access the 4-eye policy feature?

☝🏼 Important: this is a beta version, it will be gradually rolled out to all users over the next few weeks.

The Transfer Authorization feature is available to companies with specific add-ons and plans:

Add-on requirement:

• You need either the AP (Accounts Payable) or ESM (Expense and Spend management) add-on activated on your account
• Both add-ons are available on Essential, Business, and Enterprise plans

Market availability:

• Available in all countries where Qonto operates.

Platform access:

• Policy configuration: 💻 Web only (you must use the desktop interface to set up thresholds and approvers)
• Approving and executing transfers: Both 💻 web and 📱 mobile (day-to-day approvals work on all devices)

Who can configure and approve transfers under the policy?

The 4-eye policy involves three distinct actions, each available to different roles:

Configure the payment policy:

• Only Owners and Admins can set up and modify the policy on 💻 web
• You'll define the threshold amount and designate who can approve transfers
• The policy applies only to new transfers created after activation—it's not retroactive

Initiate a transfer (subject to the policy):

• All roles (Owners, Admins, Managers, and Employees) can create a transfer request
• If the amount meets or exceeds your threshold, the transfer enters an approval queue instead of executing immediately

Approve and execute a transfer:

• Owners, Admins, and Managers with transfer permission can review and approve pending payments
• The same person who initiated the transfer cannot approve it—the system enforces this separation automatically
• Even if someone is selected as an approver in your policy configuration, they will be dynamically excluded from that approval step when they are the initiator of a specific transfer

☝🏼 Important: If you are the only eligible approver for your own transfer, the system will display a disclaimer and block you from proceeding. Make sure to assign at least two approvers in your policy to avoid being locked out of your own transfers.

How do I set up and activate a 4-eye policy?

To configure a payment policy that enforces dual approval for transfers, follow these steps on 💻 web:

1. Go to Settings → Approval Workflows
2. Select Transfer Authorization as the workflow type
3. Define your threshold amount—any transfer at or above this amount will require approval before execution (for example, €10,000)
4. Designate the approvers—select which team members can review and approve payment requests
   • You can set up multi-step approval with more than two people in the chain if needed
   • Assign at least two people at the last approval step to avoid being blocked
5. Save and activate the policy—it will immediately apply to all new transfers that meet the threshold criteria

Once activated, the workflow operates automatically: when a user initiates a transfer at or above the threshold, the payment enters an approval queue where a different person (not the initiator) must review, approve, and execute the payment.

The system enforces separation of duties between initiator and payor—the same person cannot request, approve, and execute the same payment.

💡 Note: If you already have approval workflows in place for supplier invoices or expense reports, activating Transfer Authorization will add an additional payment execution control. Your existing workflows will continue to handle business validation, while the Transfer Authorization policy will govern when the actual money moves out of your account.

What types of transfers does the 4-eye policy cover?

The Transfer Authorization policy currently applies to these outgoing payment types:

• SEPA transfers: Standard euro transfers to suppliers, vendors, or any external recipient
• SEPA transfers created by invoice upload: Payments initiated by uploading a supplier invoice
• Reimbursements: Employee expense reimbursements processed as transfers

Not currently covered (but coming soon):

• International transfers: Non-SEPA cross-border payments (feature coming soon)
• Bulk transfers: Multiple payments processed in a single batch (feature coming soon)

The same threshold and approval rules apply to all covered transfer types and to all groups of users—you cannot currently set different policies per payment type.

Understanding which transfers require approval helps you design workflows that balance security with operational efficiency for routine payments.

What are the key limitations I should know about?

While the 4-eye policy provides strong financial controls, keep these important limitations in mind:

Configuration and access:

• Policy setup and editing is 💻 web only—you cannot configure payment policies from the mobile app (though approvals work on both platforms)
• Separation of duties is strictly enforced between the initiator and the final person who executes the payment—if you initiated a transfer, you'll be blocked at the final payment execution step even if you're eligible to approve it

Policy scope and application:

• The policy is not retroactive—it applies only to new transfers created after you activate or update the policy
• Amount-based thresholds only—you cannot currently set policies based on specific IBANs, suppliers, or recipients
• Single policy for all covered transfers—you cannot create different policies for different payment types (though international and bulk transfers are not yet covered)

Approval workflow separation:

• Business approval vs. payment execution are two separate steps: Validating a document like a supplier invoice is distinct from executing the payment
• You can configure different approvers for business validation (approving the invoice) and payment execution (releasing the funds)
• This ensures clear separation of duties at both the business decision level and the financial control level

Best practice tip: Assign at least two people at the final approval step of your Transfer Authorization workflow to ensure payments can always move forward even when one approver is unavailable.