TREASURY MANAGEMENT SYSTEMS: A COMPANY’S FIRST LINE OF DEFENCE AGAINST FRAUD
By Andrew Burns, Director of Kyriba UK, Kyriba
Every year, companies around the world run the risk of losing millions of pounds, dollars, and innumerable other currencies to fraud. In a recent report from J.P. Morgan, it was suggested that 61 percent of companies had experienced attempted or actual payment fraud in 2012. The same report found that corporate financial fraud cases had increased by 72 percent in the seven years prior to 2012.
In many cases, the fraud detailed in the report was caused by employees using their access to IT networks and data storage to sidestep internal controls. In other cases, however, the fraud was due to malicious attacks from outside sources, as individuals or groups sought to capture sensitive financial or customer data. The recent techniques of phishing and social engineering have made headlines, showing just how simple it has been in some cases to break into companies’ secure systems and steal valuable information. Once armed with the right logins, passwords or bank account details, criminals can find it relatively straightforward to set up fraudulent transactions, and siphon cash out of corporate bank accounts.
While it is the bigger cases that dominate the headlines, the vast majority of fraud cases are on a much smaller scale. They can still have a huge impact on a company, however, damaging its profitability and potentially its reputation. The J.P. Morgan report found that companies hit by financial fraud lose on average 22 percent of their enterprise value, a chilling statistic that shows just how much is to play for in the search for effective anti-fraud solutions.
Because of the sensitive nature of the data they hold, Treasury Management Systems (TMS) are often one of the most attractive targets for the criminally minded, whether they are inside an organisation, or without and seeking to gain access to bank or payment details.. At the same time, these solutions can prove valuable in reinforcing company’s anti-fraud procedures by both enhancing processes (management of bank signatories for example) and identifying anomalous transactions or payment patterns.
Visibility – shining a light
One of the key struggles, when attempting to cut out fraud, is gaining full visibility of what is happening across a company. If you don’t know what you have, it’s not easy to keep track of it, or notice if it disappears. For this reason, treasury teams need to have an enterprise-wide view of all transactions and bank accounts, while monitoring payments and balances. This is no simple task, however, given the sheer volume of transactions, which can run into hundreds of thousands per month. An effective TMS can help with this by reconciling all actual transactions against forecasts, with any anomalies, unusual money movements, or suspicious patterns flagged and placed into a workflow process for resolution. Speed and reactivity are essential when combatting fraud, as the quicker an account or transaction is blocked, the smaller the potential magnitude of the fraud.
The right TMS will also enable treasury teams to centralise their monitoring and maintenance of corporate bank accounts. Companies with an international presence may have accounts in multiple countries across a variety of banks. For these firms, an incomplete view of banking activities could lead to phantom accounts, monetary losses and an inability to comply with local and international regulations. Tracking of bank account signatories, for example, seems like quite an administrative task, but can prove daunting when a company holds hundreds or thousands of accounts across the world. If a company does not hold a centralised repository of signatories, mapped to corresponding bank accounts, there is significant potential for fraud to take place, particularly if an employee-account relationship is not severed when the employee leaves the company.
Access – avoiding open season
It may seem like an obvious point, but passwords and authentication tools can prove a key failure point in a company’s fight against fraud. By implementing a TMS, and stringent access policies, companies can take an important step towards protecting their treasury data. For example, passwords need to be made more sophisticated, to avoid the danger of compromise. Recent surveys have shown that 90 percent of passwords are so basic that they can be cracked by hackers. Forcing users to strengthen their passwords, and change them regularly is a quick-fix to this issue.
In addition, while hosting a TMS onsite may seem like the most secure option, the reverse is often true. Few companies apply strict access policies for their server room, and in many cases do not have different access controls in place for their TMS, as opposed to the rest of their servers, despite the heightened sensitivity of the data contained within. For these reasons, removing all physical access, and moving to an externally hosted and protected cloud TMS is highly effective in eliminating fraud and maintaining data integrity, as it ensures that employees cannot gain access simply by tapping into an on-premise server.
Simplicity – cutting through the clutter
Most financial fraud will involve payments at some point. For this reason, companies should simplify their management of them. The first step to achieving this is for the treasury team to enforce the electronic initiation and approval of all payments. By eliminating paper or email requests for payments, the impact of phishing attempts and fraudulent payment requests can be curtailed as it becomes harder for outside parties to take advantage of publicly available information (names of company representatives and email addresses, for example) when targeting unstructured payment systems. Consolidating payment approvals and initiation into one centralised TMS, ensuring that all paper trails are on one single system, is also an efficient way of simplifying payments and cutting down on work processes. Finally, the introduction of digital signatures, held within a TMS and applied to all payments, can help validate payments and decrease the propensity of non-repudiation by the bank.
Streamlining of trading policies and transaction approvals will also reduce the opportunity for fraud through improper trades. While in most cases the TMS will only track a trade after it has been executed, it can facilitate procedures that help to enforce the right trading behaviours. Straight Through Processing (STP), for example, automates the transmission of trading data, speeding up the approvals process and making it significantly more secure than requiring individual users to perform tasks at each step of the process. Once a command has been entered, the system can automatically assign an account number, generate a forecast, validate delivery orders, set up a bank transfer, and reconcile the final bank transaction against the initial order. In this way, STP ensures that all transactions that are executed by the banks correspond to records within the company’s TMS.
Prevention, not cure
By controlling access to critical data, providing visibility into all of a company’s transactions and bank accounts, and simplifying the payments and trading processes, an efficient TMS can prove invaluable to a treasury team in the fight against fraud. As the technologies used by those who seek to commit fraud evolve and advance, corporate treasury teams need to choose carefully, and find the right solution to protect their company. Key factors to look for are the ability to update procedures quickly and easily, roll out upgrades across the organisation simultaneously, and keep treasurers one step ahead of those with criminal intentions.