Payment Health Checks to Protect Against Payments Fraud

Recent data has shown that payment fraud incidents are not slated to decrease anytime soon, so now is the time to future-proof your organization’s processes by building effective fraud prevention controls into your workflows.

The drastic 667% increase of payment fraud attempts during the pandemic has compelled many corporates to implement process-oriented health checks to effectively protect against fraud. This eBook highlights the following areas in which your business can do the same:

• Internal policies
• Standardization
• Centralizing visibility
• Daily reconciliation workflows
• Aligning cross-departmentally

Payment Health Checks to Protect Against Fraud

Coming out of the pandemic, the need to mitigate payment fraud is top of mind for opinion leaders within the treasury space. Organizations that had processes in place before or during the pandemic experienced less actual loss, compared to those who failed to recognize the immediate risk.

The AFP Payments Fraud and Control Survey reported that 90% of organizations experienced an increase or no change in the incidence of payments fraud when compared to the prior year. As has been made clear by COVID-19, payment fraud is a larger threat than many enterprise organizations anticipated.

With a drastic increase in payment fraud attempts (at 667%) during the pandemic, fraudsters are utilizing new phishing schemes to expose those at risk. Kyriba client and manufacturing company, Şişecam, implemented a fraud detection tool to benefit from alerts related to:

• Suspicious payments
• First payments to new suppliers
• Duplicate payments
• Non-purchase order or unsupported, ad hoc payments
• Larger than usual payments
• Sanction list screened countries

These alerts ultimately empowered Şişecam to proactively prevent fraud, rather than reacting to fraudulent activities as they take place. With 1 in 12 companies making or receiving payments to sanctioned parties, fraudsters are scaling their attempts with the help of readily available automation and an increase in human elements.

In addition to implementing payment fraud detection alerts, organizations can leverage the methods discussed in the remainder of this ebook to ensure payment fraud controls and compliance are in place.

62% of attempted and/or actual payments fraud
Business Email Compromise

52% of attempted and/or actual payments fraud
External Individuals

9% of attempted and/or actual payments fraud
Vendors, Professional Services Provider, or Business Partners

12% of attempted and/or actual payments fraud
Spyware or Malware from Social Networking Sites

Enforcing Internal Treasury Policies

Treasury and finance policies are the starting point for governing the procedures and embedded controls that mitigate risks from errors and fraud. As part of your checks and balances and to maintain a healthy controls framework, it is important to ensure alignment across all business units and finance functions.

In many cases, these units or functions operate autonomously due to business circumstances (i.e. M&A), statutory requirements, regional needs, the fact that systems lack technical integration, or operating models that are not centralized. The nature of autonomous business areas or functions must be well understood and part of the review and governance overseen by the Controller and Finance leadership.

Below are some starting guidelines to incorporate into your internal controls:

• Policies are reviewed by functional areas across finance
• Review policies for potential conflicts with existing models
• Create a policy impact check with business units to identify any potential risks to policy compliance
• Ensure buy-in and approval includes internal audit and/or a compliance group; treasury and finance should be aligned first
• Exceptions and regional teams/subsidiaries operating autonomously are held accountable for reviewing and being compliant with corporate policy
• Policies are reviewed and approved by the board; the CFO is ultimately responsible for ensuring compliance
• Procedural manuals are written in accordance with, and to ensure consistent support of policy

If evaluating third-party systems to automate procedural guidelines, it is important to consider the following functionality:

• Three-way match is conducted across PO, invoice and goods/service receipt
• Embedded fraud controls is part of the payments network or hub
• Acknowledgements and notifications are real-time
• Clear, tiered structures are in place for approvals and approval limits are part of the procedures or system-provided controls
• Smart routing for singular or dual/triple approvals are embedded into the process

Standardizing Payment Approval Processes and Payment Acknowledgments

Requests for the transfer of funds from seemingly harmless or “trusted” sources within the organization can unfortunately lead to successful payment fraud attempts that cost companies valuable time and resources. While special request, urgent, ad hoc, and non-purchase order types of payment requests typically garner the attention they deserve, it is important to be wary of breaches in protocol that involve the normal course of accounts payable or treasury transfers and settlements.

Having standardized payment approval processes across all payment-dealing departments is essential for organizations that hope to mitigate payment fraud attempts. In the case that a special, one-off request is made, companies with approval processes in place will be able to successfully stop the suspicious payment given the existing controls and protocols. Adding another layer of control will not only provide peace of mind for CFOs, but also ensure that all outgoing payments are valid, no matter the initiation of the request.

Along with standardized payment approval processes, one should expect that a trusted solution can be relied upon to catch cases that appear to be payments generated from normal business processes but have actually been manipulated and are subject to fraud or email compromise.

A reliable solution should offer the following capabilities:

• Digitized payments policy
• Real-time screening of all payments data
• User-defined payments screening rules
• Resolution workflow to investigate suspicious payments
• Option to avoid alerting payments users who violated a payments rule
• Monitoring the status and priority of alerts in KPI dashboards
• Real-time AP payments audit
• Machine learning (ML) and artificial intelligence (AI) to identify payment anomalies
• Open API platform to integrate new fraud services

Centralizing Visibility into Banking Activities and Signatories

Modern organizations have budgets, receivables, and payables throughout global and regional entities – some of which are using disparate systems and banking partners. With many companies operating out of numerous, decentralized bank accounts, it is critically important to gain visibility into the traditional banking activities going on for any special or outlier organizations.

When teams automate and centralize their bank relationship management, organizations can gain control over the ability to open and modify bank accounts, manage signatories, and ensure compliance. Not only does this practice help to prevent fraud via invalid signatories or non-compliant banking activities, but it also ensures that leadership has full control over banking operations and policies.

Important to note, the implementation of a treasury management system (TMS) can increase the centralized visibility of the organization’s banking landscape and further improve the health and risk associated with your banking partners.

Supporting Daily and Intra-Day Reconciliations of Cash Activity

Bank accounts and balances should be reconciled daily to ensure correct bank balances are being recorded.

The leading practice for corporate and governmental agencies is to automate the daily reporting of bank statements for consolidated bank accounts into the system of record daily or on a real-time basis. Organizations can implement daily reconciliations by utilizing a dedicated, leading system that can handle real-time, intra-day and/ or prior day reporting for liquidity while integrating into the general ledger or financial reporting system of record.

This practice can allow CFOs and treasurers the peace of mind that cash balances are proper and accurately recorded when concerns or questions come up. In addition, if in the case a fraudulent transaction has been made, the appropriate team will be able to catch the discrepancy on demand without having to react to the issue later in the month.

Driving Alignment Across Treasury, Accounts Payable and IT with a Payments Solution

While payment fraud can affect all departments of an organization, 74% of companies indicated that treasury and accounts payable are the most vulnerable business units targeted.

Though this seems like common sense, the significant increase in risk makes it clear that treasury and payment teams should be auditing payment processes to achieve standardization and centralization – which can be achieved through technology such as a treasury management system (TMS).

To ensure that treasury and AP individuals are strategically mitigating payment fraud, organizations’ IT departments play a crucial role in evaluating and assessing potential payments solutions. With the number of vendors in the space today, this can often be an overwhelming project. It is critical that IT takes into consideration the ability for potential partners to perform these five main functions:

1. Workflow: the payments solution provides a workflow for payments initiated from different sources within the organization
2. Security: the payments solution layers on workflows that support payment controls, such as real-time fraud detection and error detection
3. Connectivity: the payments solution enables flexible payments through both pre-delivered, pre-tested bank connections and other non-bank channels (i.e., agency or other departmental spending)
4. Format Transformation: a leading payments solution should align with the primary treasury system to generate the payment file or payment instructions with an ERP or other system, so that payments are automatically translated into the format required by individual partner/service banks
5. Integration: it is critical that the selected solution can fully integrate with existing ERP platforms, banking partners, and trading platforms to ensure that the payments workflow will optimize and streamline daily financial processes

Leveraging Technology to Prevent Payment Fraud

While payment fraud has certainly increased with the recent advancements in technology and the COVID-19 pandemic, organizations can implement simple, standard practices to ensure their business is safeguarded from fraudsters.

Standardized policies and procedures can prove to mitigate the risk of payment fraud, while also serving to centralize business operations that may have been decentralized before.

To further protect bank balances and outgoing transactions, organizations can implement solutions to automate specific payment controls and processes. However, in the process of evaluating solutions and reducing the risk of fraud, organizational alignment is essential – payment fraud is not only a concern for treasury and finance teams, but a concern for companies as a whole.