Except these sort of transfers almost always happen with, at a minimum, dual approval where exceptions cannot be made because it's software defining the rule.
1 employee submits the transaction for review, and a 2nd (and sometimes a 3rd, 4th) person must approve it before the payment initiates. There isn't typically a bypass function.
Also, CFOs are typically responsible for setting up and enforcing these controls. A big part of a CFO's job is to manage risk. If you work under a CFO, you would be more likely to be rewarded for following the process than be punished.
Obviously there are exceptions to this, but by and large no CFO would punish a finance person for disobeying an order to bypass a process intended to prevent financial fraud.
When I say “no CFO” would punish someone doing things that mitigate fraud… it’s the same as saying “no software engineer intentionally introduces bugs on purpose”.
Obviously the statement isn’t literally accurate. Hopefully it’s 99% accurate (otherwise none of us would have jobs if all we did all day was sabotage our employers). Likewise, not every CFO is to be trusted, nor are all software engineers… but most can be.
I think there's a lot of people here making the wrong assumption about how their CFO would react to being told no.
These people aren't stupid. I'd expect them to understand risk better than your average senior software engineer and if you tell them "Sorry boss, too risky to do that right now. I can't be 100% sure this message is genuine. Let's sync on this after your meeting", your chances of promotion at this company would likely rise, not fall.
