Payment fraud is one of the biggest threats to a treasurer’s reputation and career path in an organization. Every day, new stories emerge about how thieves successfully steal from corporates through sophisticated social engineering techniques that specifically prey upon exposures in payment workflows.
The biggest hole that hackers exploit is the inconsistent workflows between payment initiation and transmission to the bank across the different teams responsible for initiation, approval, and sending of payments for execution at their banks. It is common for corporates to have multiple payment processes – for example one for supplier payments and another for treasury payments. This creates opportunities for fraud.
There are two solutions to plug this hole:
1. Shared Services – executing a payment-on-behalf-of model
2. Implementing a payment hub
A Shared Services Center (SSC) consolidates corporate payments so that payment requests, approvals, and transmissions to the bank are made by a centralized team on behalf of all corporate entities, regardless of the type, location, amount, or currency of these payments. While at times there may be exceptions that aren’t routed through the SSC, it is in fact these exceptions that create opportunities for mistakes and fraud. Shared Services depend on centralized systems and payment hubs to ensure full efficiency and security of payments is achieved.
Payments on behalf of (POBO)
Because SSC’s make payments on behalf of corporate entities, it is typically required for intercompany transactions to made on the back of these payments. Treasury often manages the intercompany transactions in collaboration with finance and accounting, commonly leveraging in-house bank cash pools to track and reconcile intercompany transactions.
It is also common to implement a multi-lateral netting solution alongside a POBO model, to minimize redundant payments as well as reduce FX exposures. Again, treasury is often involved, especially given the linkage to managing FX exposures.
Payment Hubs integrate the multiple payment systems, including ERP, which are used within the organization so that all corporate payments, regardless of department or technology, can be approved and transmitted centrally to payment banks. Approved payments are routed from the Payment Hub to each payment bank regardless of payment type, format or geographic location. Payment Hubs can also support outsourced and peer-to-peer payments through non-bank channels.
Benefits of a payment hub
Cost savings – a payment hub reduces the number of systems which must connect to a bank. Each system that connects to a bank incurs additional bank service fees, software costs, and in the case of on-premise solutions, significant IT resources. Some organizations even manage duplicate payment channels – such as multiple SWIFT solutions. For any payments that are still manually initiated, time savings are also factored into the ROI.
Risk reduction – Multiple systems managing payment approval and delivery means additional exposure points due to inconsistent payment policies. Standardization of payment policies is being mandated by many internal audit teams (not to mention recommended by external auditors) to reduce the success of spear phishing attempts and social engineering schemes.
Global visibility – centralizing all payments via a payments hub allows complete visibility of all outgoing cash flows so that treasury can optimize cash balances and make effective decisions of where to deploy cash and liquidity. It allows the organization to run leaner, minimizing excess balances so that cash can be more efficiently deployed where it is needed most.
Central responsibility – because a payment hub centralizes payments prior to final transmission to the bank, the CFO can ensure that all payments – regardless of amount, location, currency – can be the responsibility of a single team. Often the Treasurer takes this responsibility as they control cash balances and are the last line of defense for payment fraud.
Features of payment hubs
Global bank connectivity – Payment hubs connect to banks globally via direct connection, country banking networks (e.g. EBICS, Zengin), and via SWIFT, including SWIFT Alliance Lite2, Alliance Access, and Service Bureau offerings. Payment hubs can leverage the least costly connectivity channels based on your global payment profile – banks, type of payments, volumes per type. Payment Hubs can also combine connectivity channels to optimize your cost while always offering full security and automation of your straight through process.
Digital signatures – Digital signatures, such as SWIFT 3SKey, offer personal digital encryption to better authenticate payments transmitted to the bank. Authenticating payments with digital signatures will increase the security of payments and will reduce payment processing times, especially for exception items, as the banks can be sure from whom the payments have been originated by. Digital signatures can also be used for internal payment approvals to create a more consistent straight through process from origination through to release to the banks.
Multiple levels of acknowledgement – A key capability to combat payment fraud and streamline the payment workflow is to review multiple levels of acknowledgement to ensure a) payments were successfully remitted and b) payments received by the bank match to payments sent to the bank. Multiple acknowledgements improve transparency in the process. It is common, especially when leveraging SWIFTNet, to receive the following acknowledgements confirming the workflow:
- Payment file sent from TMS to payment hub
- Payment file sent to bank from payment hub
- Payment file received by bank
- Payment instructions sent from receiving bank to beneficiary bank
With a fully integrated treasury management system, these acknowledgements would be imported directly into a payment dashboard so each individual payment can be monitored and managed for exceptions.
Payment routing – when importing payments into a payment hub it is important to offer flexibility based on a variety of workflow needs. Some A/P payments may be pre-approved, while others require additional levels of approval. A/P payments may also be formatted exactly to the specifications of the bank, while others may require alignment to bank specified format standards – based on delivery channel, payment type, and location where the payment is sent.
A good payment hub will fully support blind routing the pre-approved, pre-formatted payments directly to the bank channels without additional workflow; while at the same time offering dynamic routing for payments requiring additional levels of approval or format transformation. Additional approvals can be performed at a batch or transactional level and may be supported through the use of digital signatures, such as SWIFT’s 3SKey.
Format transformation – a key part of a payment hub is to deliver dynamic routing, meaning that format transformation may be required. The payment hub will reformat payments based on:
- Bank channel (e.g. SWIFT, host-to-host, or regional network such as BACS, Zengin, EBICS etc.)
- Payment type (e.g. wire, ACH, SEPA)
- Receiving location (banks will require different formats for wires to Egypt vs. wires to Romania, for example)
A format transformation service is fully automated so that no additional user intervention is required.
Payment hubs – used independently or in collaboration with Shared Services – improve payment efficiency, increasing visibility and standardizing payment workflows to reduce the propensity for payment fraud. Payment hubs deliver significant organizational value with compelling ROI.
For more information about payment hubs, please read Kyriba’s ebook, The Business Case for a Payment Hub.