Main Menu


CFO’s Guide to Reducing the Risk of Fraud



Companies are increasingly being targeted by fraud attacks—and the techniques used by fraudsters are becoming ever more sophisticated.

Business Email Compromise (BEC) scams, in which fraudsters send emails to employees pretending to be the CFO or CEO, are becoming increasingly common. Other attacks prey on weak user authentication procedures to gain access to essential systems.

At the same time, CFOs should be aware of the fraud risk arising from inside the organization— from compromised data to sub-optimal trades made for personal gain. Successful fraud attacks can be costly, but the other consequences of fraud can be even greater. Damage to the company’s reputation can have a detrimental effect on relationships with investors, customers and partners. The knock-on effects can also include a reduction in the company’s stock market value, lawsuits and fines.

This guide outlines the types of threat that CFOs need to look out for and how companies can use cloud financial management solutions to prevent internal and external fraud. It also includes a comprehensive fraud prevention checklist to help companies identify vulnerabilities.

AFP Payments Fraud

Understanding the Risks

Understanding the Risks

CFOs face a number of internal and external risks, including the following:

  • Spear phishing – Fraudsters may gain access to the company’s financial systems by exploiting weak login and user authentication procedures
  • Business email compromise – A form of spear phishing, BEC attacks attempt to convince employees to send payments to an unauthorized recipient. This is done by sending an email supposedly from the CEO or CFO.
  • Data compromise – Employees may exploit shortfalls in the company’s data security when data is hosted on-premises.
  • Bank account signatory risk – Former employees may continue to be named as signatories on current bank accounts after leaving the company. CFOs may also lose track of current employees who are signatories.
  • Trading risk – Settlement instructions may be used to direct funds to unauthorized accounts. Sub-optimal financial trades may also be made by employees in return for personal gain.

The bottom line is that to ensure secure financial processes, CFOs must first understand the different areas in which fraud can arise.

Business Email Compromise

Business Email Compromise

A popular spear phishing tactic is business email compromise (BEC) schemes.

In a typical BEC attack:

  • Employees will be sent emails purporting to be from the CEO or CFO
  • Emails can seem very authentic
  • Emails are often sent while the relevant executive is out of the office and unreachable
  • The requested payment is usually urgent

Vulnerabilities can arise when companies have different payment procedures in place for different countries or for different banks. Separating the payment workflow by using separate internal systems and bank portals for initiation and approval also increases the risk of exploitation. Crucially, such schemes rely on the targeted person making an exception to policy, often by mentioning a confidential transaction, such as an M&A deal.

The Importance of Standardized Workflows
BEC attacks can be thwarted by standardizing payment workflows. These procedures should give CFOs the confidence that all payments are initiated, approved and transmitted in line with corporate policy. Payment procedures need to be followed consistently—it only takes one mistake to create a fraud opportunity.

Best practice is to manage the complete workflow for all payments in one system that offers a complete electronic paper trail for each payment, from initial request to transmission. Many organizations also centralize treasury and supplier payment transmission via a central payment hub. Digital signatures, such as SWIFT’s 3SKey, may be used as part of the payment approval workflow. Kyriba helps prevent fraud, not only by implementing these procedures for payments initiation and approval, but also by ensuring that the entire workflow is within the control of treasury and finance.

Payments Fraud Detection

Fraud Detection

Payments fraud is on the rise, becoming a top issue among CFOs and even the board of directors.

But how can senior financial executives protect themselves against this growing threat? One key requirement for CFOs to protect against payment fraud is to implement real-time screening of payments against sophisticated, company-defined scenarios. Setting up detection rules will flag suspicious transactions for further attention.

Key Considerations

  1. Create detection rules that scan payments in real time or on a historical basis, if auditors are looking for fraud patterns over time. Examples of rules may include:

    • A first payment to a new or modified bank account
    • A payment that is not consistent with the payment history to that counterparty
    • Payments to a country where there is no known supplier
    • Changes to a payment that was imported from the ERP
  2. Create and maintain KPI dashboards, proactive alerts and a custom scoring system to determine appropriate actions.

  3. Implement a full separation of duties for the escalation and resolution of detected payments.

The most important consideration for CFOs is to complement traditional payment controls, such as multiple approvals and payment limits, with real-time screening of payments against scenario-based detection rules. This combination offers CFOs a better defense against internal and external payment fraud.

Quote Icon

Payments are the most popular target for cybercriminals and fraudsters as they represent the most direct way to steal money from an organization. And through increasingly sophisticated spear phishing techniques, thieves are profiling the payment processes of finance and treasury to find inconsistent controls and exploitable weaknesses.”

— Bob Stark, Head of Market Strategy, Kyriba

Application Security

Application Security

Spear phishing attacks target specific individuals, preying on weak login and user authentication procedures to gain access to financial systems.

Companies should use strong password controls to eliminate points of failure. Finance teams are used to two-factor authentication for banking portals. It is critical that the same—or better—controls be implemented for all finance applications used internally. In many cases, the CTO will have a checklist to ensure that finance is consistent with the organizational standard, including:

  • Two-factor authentication – In addition to a standard user name and password, the user is prompted for a single use code generated from a hard token (e.g. USB, key fob) or soft token (SMS message)

  • Single sign on (SSO) – SSO replaces the standard username password combination provided by the vendor with an integrated login process supported by internal IT and tied to the user’s access to all company systems (e.g. Windows login)

  • Internet protocol (IP) filtering – Login is restricted to recognized devices, based upon pre-approved IP addresses. Unrecognized devices will often be subject to further passwords or security questions

  • Numeric keypad – Numbers within a password must be selected by mouse instead of being typed

Lightbulb Icon

The Kyriba Advantage

Industry best practice is to combine login controls—e.g. IP filtering or SSO with two-factor authentication—to provide the best defense against unauthorized access. Finance’s login procedures should always align with the company’s information security policy

US Companies and B2B Fraud Survey

Data Compromise

Data Compromise
Not all fraud attacks come from external parties. More than 25 percent of corporate fraud is internal—and hosting data internally within on-premise systems presents a security risk.
According to a U.S. Companies & B2B Payment Fraud survey by Treasury & Risk

With limited budgets, companies may struggle to invest in leading edge systems that provide the performance, service levels and data security needed to meet the CFO’s requirements. CIOs and CTOs are the first to agree that cloud solutions can offer better data security than systems hosted in-house, as long as the cloud solution provider makes the investments needed to protect treasury data.

Audited, certified data centers are typically protected by 24/7 security and biometric access, with firewalls in place to protect client data. This protection gives CFOs peace of mind that data is secure at all times.

Lightbulb Icon

The Kyriba Advantage

Kyriba’s servers are housed in fully redundant, secure global data centers that are protected by the following security features to keep data safe:

  • Optimal physical and data security
  • Industry leading uptime, backup and data recovery processes
  • Data encryption at rest, at all times
  • SOC1 and SOC2 Type II reporting
  • Daily penetration testing conducted by security experts
  • High-performance disaster recovery

Bank Account Compromise

Bank Account Compromise

Fraud can arise when visibility and control over bank accounts and bank signatories are not properly monitored—particularly while a company is expanding geographically or via acquisition.

In order to address these risks:

  • Companies should have a central repository of bank account information, offering visibility over the company’s accounts, a single source for documentation and a current list of authorized signers.

  • Companies should also have structured workflows in place, ensuring that no bank accounts or signatories are left under the radar. As well as reducing the risk of internal and external fraud, these processes can help companies comply with local and international regulations, such as FBAR reporting.

  • With greater visibility over their existing accounts, companies may also be able to reduce their banking costs by closing underused or dormant accounts.

Lightbulb Icon

The Kyriba Advantage

Kyriba offers targeted solutions to help CFOs reduce the risks associated with bank account signatories:

  • Central visibility into accounts, authorized signers and all bank account documentation
  • Structured workflows requiring all bank account activity to be tracked and approved using predefined controls and limits
  • Reconciliation procedures ensuring that signers are tied to current employee lists

Trading Risks

Trading Risks

The settlement of financial trades—such as investments, foreign exchange and derivatives—is increasingly being exploited as an opportunity for internal financial fraud.

Risks can arise when trades are carried out without the use of standard settlement instructions (SSIs). Typically, SSIs will avoid the redirection of funds to unauthorized accounts. However, SSIs may not be in place for non-typical trades, or trades with a non-bank counterparty.

The risk of fraud can, however, be mitigated if the right workflows and processes are in place:

  • Record financial transactions electronically in the treasury system, with a full audit trail
  • Attach payment templates to each trade automatically, with approval needed to edit or remove the payment template
  • Regularly reconcile trade tickets between counterparties and the treasury system

Kyriba supports electronic workflows and the integration of trading and payments activities, thereby minimizing the potential for internal fraud.

Sub-optimal Trades
Risks can also arise when it comes to making the right trade in the first place—when an employee doesn’t properly survey the market and only looks at one option that may not be in best interests of the company.

A trade has already taken place by the time it shows up in the treasury system, so addressing this type of risk is about enforcing the right behavior in the first place. If the trader knows the trade will have to be approved—even after the event—they will be less likely to make a suboptimal trade. Tracking multiple bids per trade can help financial teams check that the right bid has been selected—a measure which is often required by internal audit policies and external compliance such as Dodd-Frank.

Building the Right Culture

Building Right Culture

It is not enough to have robust technology and appropriate fraud prevention processes in place.

Companies may still be at risk if treasury and financial staff are not fully versed in all the relevant risks, or if processes are not followed at all times by the relevant people. CFOs need to ensure that their organization stays abreast of the latest threats, with a clear understanding of how to spot and avoid them. They also need to build a culture in which fraud awareness is second nature for the whole team.

External Fraud
Treasury and finance staff should be educated about the different scams they may encounter, such as BEC and other spear phishing attacks.

Internal Fraud
Treasury and finance staff should also understand the measures that are in place to identify any fraudulent transactions.

It should be noted that fraud prevention training is not a one-time exercise. Maintaining strong security procedures is an ongoing process, and educating teams should be approached in the same way.

Further Steps
The risks outlined in this guide are not exhaustive. CFOs should also be aware of other types of risk—such as the raising of fraudulent purchase orders and invoices. CFOs can also work with the chief security officer (CSO)—or a third-party security organization—to try and exploit flaws in the system. These results can then be fed back into the organization to strengthen treasury and finance processes.

Lightbulb Icon

The Kyriba Advantage

Kyriba delivers robust solutions to monitor and identify potentially fraudulent transactions, while also providing thorough audit trails that link each process with an individual team member.

Fraud Prevention Checklist

Fraud Prevention

Bank Account Management



Data Security


Companies are increasingly being targeted by fraud attacks—and the techniques used by fraudsters are becoming ever more sophisticated.

No organization, regardless of industry or influence, is safe from payments fraud. BEC scams in particular—despite widespread knowledge of how they are conducted and frequent warnings from law enforcement—continue to plague finance departments. For example, both the Toyota Boshoku Corporation and the Government of Puerto Rico lost millions of dollars in recent years to BEC scams. In its 2022 Internet Crime Report, the FBI noted that BEC scam losses in 2022 alone were over $2.5 billion.

The risks of fraud are considerable, but completely manageable with the right technology partner and the right processes. With this guide, CFOs can better understand corporate risk factors and how to limit exposure. Using the fraud prevention checklist, treasurers can pinpoint possible weaknesses. Additionally, this guide gives financial teams an opportunity to see how cloudbased financial management systems can be used to prevent internal and external fraud.

Check out this on-demand webinar and learn from cybersecurity experts from Corelight and Kyriba on how to build B2B payment fraud defense programs to maximize end-to-end protection.