Protection against cybercrime is a major priority for CFOs and corporate treasurers in organizations of all sizes and geographies. Payments management is the most vulnerable financial process of all – and it is the most attractive target for cybercriminals. This following analysis reviews corporate treasury vulnerabilities, best practices to minimize fraud risk, centralization of payments, and implementing payments processes. Maintaining a low-risk payments environment is achievable, and senior financial executives are well advised to stay abreast of current fraud schemes; the processes that increase exposure to fraud; and solutions that can prevent loss from fraud (and possibly save their jobs).
Significant and well-known fraud events have hit banks and corporates around the globe, including major cyber heists incidents in Bangladesh, Ecuador, Vietnam, the United Kingdom, Germany and Denmark. The fallout from these incidents are downgraded earnings, significant loss of cash and, in some cases, CFO resignations. Globally, cybercrime is escalating in scope and frequency with company losses from fraud up 23 percent to €10 million Euro ($11.7 USD) on average compared to 2016, according to The Wall Street Journal.
Additional reading: CFO's Guide to Reducing the Risk of Fraud
David Stebbings, director and heard of treasury advisory at PwC London, confirms the high priority that corporate CFOs and treasurers are presently giving to the prevention of cyber fraud. In addition to implementing preventative measures, Stebbings emphasizes the importance of having treasurers define fraud liabilities and responsibilities in their agreements with FinTechs and banks.
“In the worst case, when money has been moved fraudulently out of an account, it is essential that the corporate has an agreed and effective remedial plan and process in place, working closely with their banks. The process should focus on intercepting and reversing the fraudulent payment before it has moved out of their bank – and out of reach,” Stebbings said.
The primary risk for corporate treasury is the phishing and BEC scams that plague payments workflows so that fraudulent payments can be inserted and executed.
Corporate Cyber Fraud Vulnerabilities
Treasury is an obvious target for cyber criminals, given its responsibility to execute payments. So, what are the main factors that render corporate treasuries vulnerable to fraud?
Payments risk factors commonly encountered include:
- Decentralized payments management. Without standardised methodology or control, corporates are open to multiple channels of vulnerability, administrative inefficiencies, complexities and costs.
- Lack of visibility of the payments execution workflow. No central visibility or management of cash, including limits, authorizations, approvals, controls and payment releases, inhibits real-time detection or errors and fraud attempts.
- Manual entry of payments. Home-grown solutions are not able to adequately create and track payments workflows, including request, initiation, transmission, or separation of duties. This leaves the door open to internal and external fraud.
Modern finance leaders will take heed of the warnings from consultancies, associations and other experts to lock down their payments operations.
There are several steps that finance leaders can – and should – take to minimize fraud risk. Ella Yu, financial services practice Manager at Crown World Mobility, which uses Kyriba’s cloud-based treasury management system, recommends that “technology solutions should be implemented so that automatic messages are sent to key users whenever a payment is flagged or rejected.”
Read the case study from Crown World Mobility to gain a deeper understanding of how Crown leveraged Kyriba to protect their payments and increase productivity by 20 percent.
Automated communication provides timely information support and addresses a potentially vulnerable point in the payments workflow. With critical and timely feedback, treasury can reduce risk by researching questionable activities before any loss has occurred.
Step 1: Adopt a World Class Treasury Management Platform
World-class cloud treasury platforms reduce risk for CFOs and treasury teams while aligning to the CIO’s need for corporate security requirements by:
- Eliminating the need for dedicated internal IT resources
- Simplifying bank connectivity and bank on boarding
- Streamlining platform deployment to remote users that improves financial controls for de-centralized finance operations
- Supporting shared services and on-behalf-of operations
- Incorporating sanctions list screening and real-time fraud detection and prevention
In addition to leveraging the cloud, modern treasury platforms add significant controls to payment processes to help satisfy internal compliance. Payments technology built within treasury management systems often provide better security features than bank portals with the added benefit of standardizing payment security in a single platform regardless of payment type, geography, or user.
Treasury and payments technology innovations enable greater real-time protections and communication support for corporate finance departments. Further, the most advanced treasury platforms incorporate real-time screening against complex payment scenarios to ensure that unauthorized payment activity is stopped before it’s wired to the bank.
Additional reading: Fraud in Record Numbers: Why Treasury Needs to Act Now
Step 2: Centralize Payments Through a TMS
The implementation of a modern TMS platform enables a standardized approach to payments management, eliminating vulnerabilities for corporate treasury (outlined above). Central control delivers a uniform solution that standardizes payment processes, streamlines staff training and delivers a high level of visibility to facilitate effective process management, as well as error detection and correction – including fraud handling.
In addition to standardizing payments through a modern TMS, launching a payments hub can decrease risk while improving cash flow and further increase visibility into cash. When payments are routed through a payments hub, the number of bank connections and bank service fees are reduced. This centralization of payments via a payments hub allows for complete visibility into outgoing cash flows, and gives treasurers the ability to make strategic decisions about deploying cash.
Centralizing payments or using a payments hub secures the end-to-end payments workflow for single payments or bulk payments concentrated in ERP files.
It’s worth noting that the use of a centralized solution does not require that all responsibilities be centralized. With world-class treasury platforms, local executives have the flexibility to retain origination and approval powers that may be required by internal or external compliance.
Step 3: Implement Payments Policies and Processes Best Practices
Best practices require detailed treasury policy and process standards to be maintained and regularly reviewed. The active participation from the CFO, driving an external expert and peer group, can help the process review and design activity, including the creation and documentation of a safe and effective operation.
Key areas to be addressed include:
- Full risk review of current processes to help achieve best practice standards.
- Developing a clearly defined and complete incident response plan to deploy when an actual fraud attempt is detected. This must include the individual responsibilities for contacting the bank involved to intercept and block the fraudulent payment quickly and effectively where necessary. Establishing rules for assigning payments limits, with segregation of duties and procedures for defining and securing standard instructions, and robust methods for amending and over-riding.
- Rules for validating and approving high-value payments, based on amount, counterparty and other risk factors.
- Detailed real-time process monitoring, reporting and error handling procedures; these ideally include sophisticated real-time fraud detection and prevention solutions.
Treasury professionals caught off-guard by a payments fraud attempt will appreciate having an up-to-date and tested payments policy in place. However, those who have ignored these best practices may fall behind their competitors who have.
Corporates will benefit from centralising and standardizing payments management with modern treasury and finance platforms. Reducing the threat of cybercrime requires the awareness of payments operations’ vulnerabilities and also the creation and regular maintenance of payments policies. Senior finance leaders who are empowered by real-time decision support and the confidence that cash flow is secure, have a better opportunity to improve the strategic function of their team and drive growth for the organization.