All above board
Before sending a payment to a bank, a check on beneficiary account changes compared to previous payments made to the same beneficiary/vendor can point to invoice fraud. Checking changes in amounts compared to a median amount of past payments - and payment frequency - can also be beneficial.
Internal fraud is usually either committed once with a high value, or regularly for smaller volumes. If treasurers know the usual process they can determine if something is out of the ordinary.
Malicious activity is difficult to detect in a cumbersome and scattered ERP and bank environment. Therefore, harmonised practices increase transparency and visibility, while uniform processes help to track cash outflows.
Eliminating manual handling of payment data removes many opportunities for fraud and also adds to the transparency, quality and speed of payments.
To prevent false invoicing, a limited number of users should have the ability to create new payees, settlement instructions, and cash transfers.
The treasurers who are at the highest risk from fraudulent activity are those with decentralised operating structures, higher transaction volumes, and fragmented/outdated technologies.
Over the last few years, corporates that have accelerated their move to the cloud have benefitted from the massive investment cloud providers have made to secure their platforms. Having systems and processes running on the cloud allows additional security measures to be taken that are very difficult to implement or are not available for deployment on site.
Corporates should establish a social media use policy to ensure fraudsters are not made aware when treasury staff are out of the office. Employees should not use their company email address to register on any social media website for personal use and any social media posting by an employee should be consistent with company policies and reviewed through a central function.
If you rely on a bank connectivity partner for all your bank connections you also need to be sure that they work in a secure and reliable way.
Sanctions have become a high profile topic following the Russian invasion of Ukraine and companies need to embrace the regulatory changes put in place to protect against international money laundering and sanction breaking.
One important tool which will assist with sanctions checking is the introduction of the ISO 20022 file format for payment messages. The richer data facilitated by the new file format will improve cross-checking, increase transparency, and reduce false positives.
Treasurers should put in place a system of fraud detection based on multiple lines of defence including automatic sanction screening as well as black-list verification. Solely relying on banks’ sanction screening is not necessarily sufficient.
Corporates also need to consider that while analysis of both the remitter and beneficiary provides a more detailed basis for screening this may slow the transaction process down, negatively impacting the user experience. It is therefore vital to use tools that flag misconduct or other issues while minimising operational impacts.
In the final blog in this series we will look at how digital transformation impacts skills requirements, the benefits to treasury in terms of becoming more strategically important, how APIs are enabling more accurate and timely decision-making, and key issues around future connectivity.
The 7 habits of highly effective treasurers
Why are some treasury teams more adept at managing the financial challenges faced by their enterprises than others? We decided to identify some of the factors that contribute to intelligent treasury management and operational excellence and created an e-book which we would like to share with you. If you follow the habits outlined in this e-book, you will be well on the way to better cash flow and working capital management.