Fraud and cybercrime have been a concern for corporate treasurers for several years and this past year showed us that there is a new risk to consider: connectivity. The reports of banks being hacked and losing millions through unauthorised payments shook the industry, since protecting payment connectivity workflows was low on the priorities list for treasury.
While unfortunate for those involved, the incidents do also offer valuable lessons to be learned for the rest of us in treasury:
- Protect payment systems from unauthorised access:
Corporates have many options – bank portals, treasury management systems (TMSs), enterprise resource planning (ERPs) – that offer the ability to initiate and approve payments. Each and every one of these systems should be protected by more than a UserID and password. The chief information officer (CIO) in every organisation has likely set a standard for user authentication protocols; treasury needs to align with that to ensure that financial systems are secure from unauthorised entry. Sometimes that minimum standard is multi-factor authentication, but often times it is a combination of safeguards. The CIO will have already set a policy that treasury should follow.
- Standardise payment processes:
Unfortunately, it is not uncommon to see payment policy inconsistencies. Payment policies should be aligned to all types of payments, the systems used to initiate/approve payments, to specific geographies and banks. There must be one payment policy that is then applied to each of these scenarios. Inconsistency in payment controls creates exposures that can be exploited. While every treasurer employs separation of duties and likely assigns limits to those duties, it is important to ensure that the payment policies are global – across the entire organisation, covering every payment scenario. Integration and/or consolidation of payment systems can help that, of course. The key is to ensure that you do not have a “weakest link” that is beyond the visibility of treasury.
- Secure payment files in transit between systems:
Whether payment information within files are sent directly to the bank or exchanged between internal systems first, it is always important to keep this information secure and away from internal or external threats. The more systems that are involved, the more risk: for example, ERP + TMS + service bureau. Reducing the number of systems used to approve and release payments is one solution; applying digital signatures to authenticate payment files is another. The important point is to ensure that what the bank receives was securely transmitted from initiation all the way through the entire payment workflow.
- Review acknowledgements and reconcile outgoing payments:
Every bank provides confirmation that payments have been received. Some payment channels – for example SWIFT – offer more acknowledgements than others, but whatever level of confirmation is received it is critical to review and confirm that what was received and processed by the bank matches what your systems sent to the bank. Running intra-day and prior-day bank statement reconciliation reports are also recommended to offer an additional checkpoint so that treasury can confirm what was sent matches what was processed.
- Implement an internal control centre:
While difficult to implement in a spreadsheet environment, most treasury and payment systems will have some sort of control centre that monitors outgoing payment files as well as any system workflow changes – such as modifications to approvers, changes to limits, or updates to payment instructions. Active monitoring of transactions is important, but just as critical is your visibility into the workflow changes. Ideally this would be presented in a dashboard as well as an email friendly format to more easily identify exceptions.
While 2016 introduced us to risks in payment connectivity that we may not have previously thought about, there are best practices to keep your payments safe. For more information, please feel free to review a recent webinar produced in partnership with the Association for Financial Professionals (AFP) as well as the Association’s Treasury in Practice guide on securing your bank connectivity.
GTNews speaks to Catherine Porter, CBRE's EMEA treasury director, about how some of the top industry trends are influencing the nature of managing and forecasting cash flow.
Big data is now a commonplace term in boardrooms across the globe and data management has never been more important. As for the teams and individuals enabling these advances? They’re the corporate rock stars of the day.
In a world where connectivity is on the rise and transportation costs have been falling, it’s a paradox that over the last decade there’s been a decline in trade as a share of economic activity. At the same time, there has been a significant slowdown in technology investment across the trade finance industry – the only exception being the technology needed to support regulatory compliance and risk management.
The future of digital treasury tech will bring about the death of shared services, payment factories and supply chain finance, argue Standard Chartered executives. They met with GTNews to discuss seeing a greater connection between treasury and the physical supply chain and the dramatic digital advances being seen in Asia, Africa and the Middle East.