eBAM: An Opportunity to Integrate Bank Mandates into Risk Management

For corporates and banks, the challenge and complexity of integrating any localised and paper-based process is well understood. Establishing who can do what and where, bank processing delays, and bank mandates updates are familiar concerns for treasurers. Knowing local bank subsidiaries, ensuring compliance with local regulations, and standardising local risks will never be handled by any central treasury, while local input will always be necessary to ensure good management of bank mandates. Specific to bank mandates is a structural issue – and here the interests of corporates and banks diverge.

Corporates tend to build their own bank mandate management systems according to internal regulations and local practices. However, banks tend to receive bank mandate updates through their own systems. The result is a room full of operators whose main occupation is to find a match between the client and the bank organisation. The risk here is obvious – banks have to achieve quick updates of bank mandates, and they are accountable for any error in this ‘translation’ process.

The eBAM Promise

The electronic bank account management (eBAM) project promises to put an end to this 100 year-old management process by creating a standard message type for communicating in an ISO format, even with attachments for bank account management (BAM) updates (opening, closing, creating new signatories). Corporates are implementing these systems under pilot programmes, including the potential for clients to customise messages according to local regulations. The final goal, of course, is to rid the system of paper circulation entirely, and ensure real-time processing for BAM. The next 12-18 months will show if eBAM succeeds in coping with local regulations, government intervention, and the force of inertia.

Combined with electronic signature and accurate security rules, eBAM would be a process, like the others, that would help secure the pipeline. Yet many corporates, because they faced huge bank mandates challenges, created complex systems of signatories, based on groups of signatories. For example: being an ‘A’ member is not sufficient to issue payment orders above €500,000. This would require the signature of another ‘A’ member. In some instances, as many as 50 people are authorised to sign on behalf on a company. Combined with a single database storing all types of bank mandates, that describes everything signatories can do and is often locally updated, it appears that there is much more to bank mandates management than simply opening and closing bank accounts and binary sending authorisations to accounts operators on behalf of a company. eBAM, though, tends to level this issue, by assuming that since the new sent messages will ensure full security, complex bank mandates rules will disappear within the next years. While this is certainly true, successful changeover is also a management challenge.

The ability to send standard messages using existing secured networks will come eventually – there is too much at stake for it not to. Nevertheless, sending an XML message is the end of a long process, which applies to both new employees and those departing.

Confirming the Mandate

Defining workflow processes is another solution offered by BAM. By spreading the risk of error into a process, from the submission of the request to the transmission to the bank, companies usually lower the risk of fraud and implement the well-known principle of segregation of duties. For example: a bank mandate authorising its owner to pay orders greater than €50,000 is to be validated by a local administrator, whereas usual payments are considered validation-free. Such validation rules will also surely survive eBAM.

At the local level, with eBAM, the replacement of a treasurer will result in the following process:

  1. Information received from HR services (for operational functions).
  2. Internal workflow process to create the signatory.
  3. Security checks (digital or written signature uploaded).
  4. Newcomer (according to function, seniority, and local regulations) is granted authorisations to sign on behalf of the company on one ore more accounts.
  5. Corresponding messages are sent to bank to update the account(s).
  6. Update is done by the banks, and a new signatory can now operate on the account(s).

At the central level, the process is the same, except that hundreds of accounts have to be updated. This whole process integration also means that vendors’ software solutions will have to manage much more than just a message. The challenge is to provide banks with immediate and accurate information, but also a comprehensive view of the present and past situation for any internal or external auditors.

Finally, let’s not forget that the authorisation to pay is the final step of another process. And what if the ability to transfer money could be stored in the same place as the ability to bind the company? What if the ability to drive the reality of BAM can be merged with monitoring the related risks?

eBAM and Risk Management

Considering the potential risk level of bank mandates (as the final step of a payment process) and the standardisation eBAM will bring, having an ‘authority matrix’ – a file where all possible authorities are referenced, updated by action plans made by the auditor – will be a huge asset. Furthermore, if all underlying processes (delegation of authority) are also stored in the same place, it becomes easy for corporates to benefit directly from auditors, lawyers and operational personnel who are in direct touch with business processes.

The eBAM project, as a technology-driven process, authorises the integration of BAM into enterprise wide risk management. This way, signing a file that contains any type of bank mandate will be constantly evaluated by auditors, without any intervention of the cash management department. Moreover, auditors will be able to give input on all processes leading to a bank mandate – whether the process owner is part of the HR, legal, or support team.

Prerequisites to making eBAM more than just a pipeline for information are:

  • Creating a single database regrouping all types of bank mandates.
  • Connecting it to business process management (BPM).
  • Ensuring compliance of bank mandates.

Communicating in an ISO format, as time-saving and cost-killing as it is, is only the last step of a wider project.


Related reading