treasuryXL announces partnership with Kyriba to strengthen dissemination of the latest trends about treasury

| 22-4-2020 | treasuryXL | Kyriba |

VENLO, The Netherlands, April 22, 2020 – treasuryXL, the community platform for everyone who is active in the world of treasury, and Kyriba in the Netherlands, the global leader in cloud treasury and finance solutions today announced the signature of a premium partnership.

The partnership aims at offering a continuous flow of treasury content, making treasury knowledge available. This partnership includes:

  • collaboration on messaging, content production, and visibility
  • mutual distribution on select items of interest
  • collaboration on larger themes: event promotion, speaking and experts contribution, publications

Treasury management is currently experiencing a revolution under the effect of digital transformation. With this partnership, treasuryXL and Kyriba are striving to make sure that treasurers are always up to date with the latest news and events in their field.

According to Kendra Keydeniers, treasuryXLWe are happy to welcome Kyriba in our community. Kyriba is recognised by leading analyst firms, treasury and finance trades for its innovation and its leadership in cloud finance solutions. Kyriba will have a prominent role in the Treasury Topic environment with coverage in Cash Management, Risk Management, Treasury Software, Payments & Banking, Fraud & Cyber security and Working Capital Management which is a considerable contribution to our ecosystem.”

With an increasing focus on digital transformation, financial leaders must be empowered with insights into all the latest treasury trends. They need rapid access to on-the-pulse information around the latest industry news, plus new services and products to support their initiatives for innovation and competitiveness. With this partnership, treasuryXL, Kyriba has access to a well -established communications forum and a wide treasury ecosystem.says Luuk Linssen at Kyriba.

About treasuryXL

treasuryXL started in 2016 as a community platform for everyone who is active in the world of treasury. Their extensive and highly qualified network consists out of experienced and aspiring treasurers. treasuryXL keeps their network updated with daily news, events and the latest treasury vacancies.

treasuryXL brings the treasury function to a higher level, both for the inner circle: corporate treasurers, bankers & consultants, as well as others that might benefit: CFO’s, business owners, other people from the CFO Team and educators.

treasuryXL offers:

  • professionals the chance to publish their expertise, opinions, success stories, distribute these and stimulate dialogue.
  • a labour market platform by creating an overview of vacancies, events and treasury education.
  • a variety of consultancy services in collaboration with qualified treasurers.
  • a broad network of highly valued partners and experts.

About Kyriba

Kyriba empowers CFOs and their teams to transform how they activate liquidity as a dynamic, real-time vehicle for growth and value creation, while also protecting against financial risk. Kyriba’s pioneering Active Liquidity Network connects internal applications for treasury, risk, payments and working capital, with vital external sources such as banks, ERPs, trading platforms, and market data providers. Based on a secure, highly scalable SaaS platform that leverages artificial and business intelligence, Kyriba enables thousands of companies worldwide to maximize growth opportunities, protect against loss from fraud and financial risk, and reduce costs through advanced automation. Kyriba is headquartered in San Diego, with offices in New York, Paris, London, Frankfurt, Tokyo, Dubai, Singapore, Shanghai and other major locations. For more information, visit www.kyriba.com.

How to simplify Procurement and Finance in the Supply Chain

| 21-04-2020 | Wim Kok | treasuryXL

Accelerated by the Corona pandemic, an unforeseen global crisis affecting us all, digitalisation, transparency, efficiency and real time settlement has moved dramatically up north on the priority scale of all global industries. At least it makes an important move to rethink sustainable business models in the post Corona era.

Secured (cyber proof) Platform connectivity bolstering strategic supply chains will become a very important aspect in the future survival of trading companies globally.

More and more initiatives are seen to phase out the “old school” handling of paper-based settlement. Rain forest of papers are being used to settle payment out of export and import contracts. Its cumbersome processes to settle payments through bank using old payment methodologies like Bills of Exchange, Cash Against Documents and Documentary Letters of Credit. Do not misunderstand my objective, nowadays contract settlements are strongly embedded in society supported by different legislation countries by country. This is also the reason why things are moving so slowly. Institutions like ICC, Swift, Customs & Harbour authorities (to name few) are constantly trying to move the needle in digitising processes. The reality is that the transformation goes to slowly. Maybe when COVID19 is behind us there will be an acceleration after reconsidering existing business models of supply chains dependent from documentary evidence.

In this 15 trillion USD ($) global trade market there is enough space next to the big banks and big corporates, who started to explore already after the 2008 crisis using agile inhouse innovation labs.

Initiatives like Komgo and R3 syndicates already looking at blockchain technology, however still geared toward the larger (commodity) trading community. It is interesting to see that the big Agri trading companies recently started a new initiative Covantis.

After PSD2 introducing Open banking a lot of financial FinTech’s are entering the market not having the burden of an absolute (outdated) big banking system. Big tech giants like google, Facebook and Amazon are looking into their enormous data bases trying to grasp their market share.

TransDocLink is developing a platform based upon the above ideas, capturing as much as possible stakeholders & features. Transdoclink already can make use of the TDeal concept on its platform. Creating in a supplier/buyer relationship full transparency, efficiency and trust in their contracted supply chain. A dashboard gives visibility around the whereabouts of the goods and money (triggered movements are settled through a dedicated wallet). TransDocLink aims to serve the SME market in an open (independent) platform environment.

In 2016 TransDocLink already recognised that the Letter of Credit (and its very paper heavy documentary settlement) is a “dinosaur” in the expensive settlement of payments in the banking industry. The aim was to digitise these processes and offer an alternative on a platform-based initiative. Buyer and Seller create on the platform a trusted lane (supply chain) by matching contracts. The settlement of agreed terms is being executed through an independent trust account instead of the alternative using an expensive settlement via Letter of Credit. The original concept was built around a straight through processing payment engine (exempted by the Dutch Central bank) and further enhancements are being made (escrow-TDeal , working capital, asset based & trade finance modules) to keep up with the quick changing landscape in the FinTech industry.

Curious what TransDocLink can do for your business? Visit transdoclink.com and/or contact me directly for some advice.

 

Wim Kok

International Business Consultant
Trade Finance Specialist

 

 

 

Money Transfer vs. Wire Transfer: What’s Really the Difference?

17-04-2020 | treasuryXL | XE |

And is there really a difference? The two methods follow the same process. You have someone that you want to send money to, and sending cash in the mail isn’t going to cut it. So, you take your money to another service provider, pay them, give them your recipient’s information, and let them take care of the heavy details. Within the next couple of days, they’ll receive the money and you’re all set until your next transfer.

For a lot of customers, the biggest difference is where you set up the transfer. Wire transfers tend to run through banks, while money transfers are facilitated by other providers. It seems like a no-brainer: you already go to your bank for other financial matters, and you trust them to handle your money and information.

But is that really the best option? Let’s take a few minutes to explore the difference between wire transfer and money transfer, and what that means for you (and your wallet).

Wire Transfer

Wire transfers are a form of electronic funds transfer (ETF) that travel through banks and financial institutions. And though we used the word “travel” in the previous sentence, there’s no physical money transport. Instead, your bank verifies that you have the funds for the transfer and sends information through the SWIFT system to your recipient’s bank that will tell them to credit their account with the funds.

Money Transfer

Like wire transfers, money transfers don’t transport any physical money but transmit financial information between the relevant parties. But as we said above, money transfers don’t go through banks (though), and they use their own communication systems instead of using the SWIFT system.

So, what’s the difference?

Is how they send the money the only real difference? That is the biggest difference, but it also leads to a few smaller (but important) distinctions. Traditional wire transfers and online money transfer differ in these key areas:

  • Depending on your bank, you may or may not need to set up your wire transfer in person. Electronic money transfers, on the other hand, can be initialized online, often any day or time.
  • The SWIFT system and other systems function in the same way, but SWIFT system transfers require a fee for using the system. Online money transfer can vary; some providers will have third-party fees, while others have just a small service fee.
  • SWIFT fees aren’t the only fees. Wire transfer is typically considered a premium service, and comes with a higher price tag than other services. When a money transfer provider doesn’t involve any third parties, the fees will be much lower.

Now that you know the difference between the two services, you’ll know which questions to ask your provider and what to look for in a transfer provider.

 

Get in touch with XE.com

About XE.com

XE can help safeguard your profit margins and improve cashflow through quantifying the FX risk you face and implementing unique strategies to mitigate it. XE Business Solutions provides a comprehensive range of currency services and products to help businesses access competitive rates with greater control.

Deciding when to make an international payment and at what rate can be critical. XE Business Solutions work with businesses to protect bottom-line from exchange rate fluctuations, while the currency experts and risk management specialists act as eyes and ears in the market to protect your profits from the world’s volatile currency markets.

Your company money is safe with XE, their NASDAQ listed parent company, Euronet Worldwide Inc., has a multibillion-dollar market capitalization, and an investment grade credit rating. With offices in the UK, Canada, Europe, APAC and North America they have a truly global coverage.

Are you curious to know more about XE?
Maurits Houthoff, senior business development manager at XE.com, is always in for a cup of coffee, mail or call to provide you detailed information.

 

 

Visit XE.com

Visit XE partner page

 

 

 

 

Source

How to Recognize and Avoid Online Fraud Attempts

02-04-2020 | treasuryXL | XE |

It’s safe to say that we all have a lot on our minds right now. Unfortunately, whenever there’s a situation that causes people to feel uneasy and panicked, there will be fraudsters and criminals who take advantage.

We have recently seen a surge in demand for our services, and in that surge there have also been vulnerable customers that have been manipulated by opportunists. In addition, the recent uptick in fully remote and online work has also opened doors for online scam and fraud attempts.

At XE, keeping our customers and their personal information safe is our greatest priority. We want to help you to protect yourself from fraud attempts. Take a few minutes to familiarize yourself with some of the most common online scams, and read through our tips to keep yourself and your loved ones safe from fraudulent activity.

Phishing emails

Last year, Microsoft reported that phishing attacks were the greatest online security threat by far, having increased by 250 percent since their previous report.

Usually coming by email, these attacks encourage you to click on a link or attachment and download malicious software, which attacks your device and hacks access to your files. You may also receive an email from someone posing as a trusted figure (such as your employer or a reputable company) and asking you to provide sensitive information.

How to handle these: Verify everything. Reach out to the sender or the company and confirm that this email did come from them. It takes just a few moments, but it can have a huge impact.

Banking and online account scams

Take extra caution when reading an email from a bank. Many scammers send emails or texts that appear to be sent from your bank, highlighting a problem with your account. Often, they will request a verification of your details to resolve the problem. Once they have your details…you can imagine the rest.

How to handle these: Call your bank directly to clarify the issue. Never submit your personal details to this email, or to any email. Most reputable providers will not ask you for sensitive information over email, so that should be an immediate red flag.

Online shopping scams

Online shopping was already on the rise, and now that people are taking the majority of their shopping online, scams in this area have become more prevalent. Scams include selling faulty products, attempting to sell a product to gain bank details, and promising goods at a low price (only for those goods to never arrive and the site to close down after taking your money).

How to handle these: Use your head. If it’s a site or store that you’ve never heard of, research the company and see if you can find verified reviews from other customers. Ask yourself: “Does this seem too good to be true?” If it does, then proceed with caution.

Lottery, competition and inheritance schemes

Say you receive emails stating that you have won monetary prizes in competitions you did not enter, or messages from people overseas claiming that you have inherited money. These are just attempts to obtain your personal details.

How to handle these: Ask yourself, “Did I enter a competition? Do I know these people?” As much as we’d like to believe the fairy tales, winning or inheriting money completely out of the blue is not likely to happen. Once again: if it sounds too good to be true, it probably is.

Charity scams

Scams that take advantage of good-natured individuals often make a special appearance around the holiday season, but these could be active at any time of the year. Scammers will pretend to work for a charitable cause and may even exploit news of a current crisis. Scams surrounding COVID-19 are already in circulation, and seek to prey on people’s fears.

How to handle these: Do your research. If you plan to make a donation, make sure you know who you’re donating to and what your donation will be used for. If possible, make donations only through reputable organizations’ secure sites.

How can you avoid future scams?

When it comes to avoiding online scams, there are some key precautions that everyone should take. Pass these along to your friends, family, and clients, and take a critical eye in your own online habits.

  1. Read every email carefully. Emails are the most common scam vehicle. One way to check whether the message is from a reputable source is by checking the URL before you click. Extra characters and misspellings could both point to a suspicious link. If you’re still not sure, treat it as you would any other scam email. If it’s a sender who claims to know you, check with them before sending money or information.
  2. Never agree to send money to anyone you have only met online. Sending money online is not something you should take chances on. Don’t send anyone money unless you know them personally and are certain that they are legitimate.
  3. Never make a financial decision based on a phone call you receive from a person posing as a relative of someone in prison. This is a common scam that relies on you panicking and rushing to send money as quickly as possible. Take a second to consider the situation. Odds are, it won’t make sense once you think about it. If you’re still unsure, verify the situation with another relative or friend.
  4. Never share login credentials with anyone online. No matter what they promise to do for you in return. No reputable organization will ask you for this information.
  5. Be wary of unsolicited contact. If you don’t know the person or organization who has just contacted you, be cautious while you verify who they are. Don’t respond or provide them with anything until you know they’re legitimate.
  6. Update your devices. If you haven’t been doing this regularly, now is definitely the time to ensure that all of your devices are updated with the latest security measures.

We hope this information helps you and your loved ones to stay safe online. If you need anything, our team is here to help.

Neville Lacey

Global Risk and Compliance Director at XE

Get in touch with XE.com

About XE.com

XE can help safeguard your profit margins and improve cashflow through quantifying the FX risk you face and implementing unique strategies to mitigate it. XE Business Solutions provides a comprehensive range of currency services and products to help businesses access competitive rates with greater control.

Deciding when to make an international payment and at what rate can be critical. XE Business Solutions work with businesses to protect bottom-line from exchange rate fluctuations, while the currency experts and risk management specialists act as eyes and ears in the market to protect your profits from the world’s volatile currency markets.

Your company money is safe with XE, their NASDAQ listed parent company, Euronet Worldwide Inc., has a multibillion-dollar market capitalization, and an investment grade credit rating. With offices in the UK, Canada, Europe, APAC and North America they have a truly global coverage.

Are you curious to know more about XE?
Maurits Houthoff, senior business development manager at XE.com, is always in for a cup of coffee, mail or call to provide you detailed information.

 

 

Visit XE.com

Visit XE partner page

 

 

 

Digitalization enhances the strategic position of the treasurer

| 27-12-2019 | TIStreasuryXL

Discover how you can skillfully use digitalization to play a greater strategic role in your company.

Digitalization is changing the business model of every company. In this factsheet, you will gain valuable expert insights on how you can use digitalization to enhance your strategic position. You will also learn why the opportunities of digitalization do not by any means poses a threat. Read more about:

  1. Digitalization as a horizontal phenomenon
  2. Data is the treasurer’s new gold
  3. Being a sparring partner for the CEO

New technologies are coming to the fore, which redefine the payment area. Especially treasurers will benefit from the expert insights. Do not miss this beneficial factsheet!

Request your download here.

How to stay ahead of emerging threats

| 03-10-2019 | treasuryXL | BELLIN

Cyber Fraud and Treasury
Company-wide strategies to understand and mitigate cyber fraud risk

Cyber fraud represents a rapidly-evolving threat. It is essential for treasury departments to be aware of the new types of fraud that are emerging because of online technologies. The global nature of cyber crime means every business must make sure that security systems are watertight. Gangs can now conspire to defraud corporations from different countries and jurisdictions across the globe.

Royston Da Costa of Ferguson Group assisted in drafting this immersive white paper titled “Cyber Fraud and Treasury: How to Stay Ahead of Emerging Threats,” which highlights how to prevent cyber fraud and the strategies on combating it. The white paper covers:

  • Cyber fraud consequences
  • Most common types of cyber fraud
  • How to prevent cyber fraud
  • How to respond to cyber fraud

DOWNLOAD WHITEPAPER

Internal Fraud – or how not to cheat yourself

| 22-02-2018 | Lionel Pavey |

Most companies, regrettably, experience internal fraud. The financial value of the loss can be small or large – however the impact is the same. Internal investigations, procedural reviews, the time spent on detection, possible prosecution, together with the potential loss of reputation are significant factors above and beyond the monetary loss. Fraud can never be eliminated, but the threat can be minimised through proper procedures.

Fraud is normally caused by false representation, failure to disclose information and abuse of power and position. As fraud is performed by people and their actions, a first step to prevent fraud would be to look at the current working environment within a company. If a company is putting extra stress on employees – bigger targets, loss of overtime payments, reductions in secondary benefits, no pay rises nor promotions etc. whilst the directors receive bonuses– this can lead to employees becoming aggrieved  and seeking retribution. Furthermore, employing more temporary staff and external contractors, can distance the remaining employees and challenge their allegiance and loyalty.

Internal procedures

One of the least sexy components within a company is internal procedures. They need to be drafted, amended, agreed, published, implemented and reviewed on a rolling basis. Very few people enjoy writing these manuals, but they are essential to ensure that everyone is aware of the correct procedures that have to be followed to perform any tasks. Often there is talk of a “four eyes principle”. Personally, I have always believed in a “six eyes principle” as it requires more independent control and makes fraud less easy to perform. Most of the procedures are, of course, built  around common sense. Duties should be segregated – different departments have different roles to perform in ensuring the complete procedure is followed throughout the company. Even within a single department, attention should be paid to segregating duties.

An example would be the administrative function relating to a purchase. There are 4 distinct stages – procurement, arrival, warehousing and dispatch/shipment. If one member of staff was responsible for the relevant data input for all 4 stages, there is an increased risk that fraud could take place. This is not to say that work should be segregated that one employee only ever does one function – this could also lead to fraud either through disenchantment or over familiarity of the systems and procedures used at one specific point in the production chain.

External procedures

Certain departments within a company have contact with external sources – suppliers, clients, financial institutions. Anyone who has contact with an external counterparty can be swayed by opportunity if the controls are not in place. In respect of purchasers – what contact do they have with suppliers outside the office? Are they entertained – restaurants, sports events etc? How often do they have contact? In respect of sales – are they responsible for determining the sales price? How often do they see clients and spend money on them? The same also applies to treasurers, cash managers, risk managers etc.

The necessary checks and balances need to be put into place. A record of all contact with external parties needs to be kept, updated, verified and stored. Temptation can be caused by personal hardship, flattery or grievance at how the person is perceived to being treated by the company.

Standing up to the boss

As stated, a healthy company should have procedures and statutes in place. These need to be adhered to at all times – there can be no exceptions. However, a mechanism for escalation is often missing. Example – someone sends in an expense claim approved by their manager. The treasurer or controller might question the veracity of a particular entry. A proper mechanism to escalate the discrepancy needs to be firmly established. That a manager has signed off on the expense claim does not mean it is correct.

Even directors have to make sure that their claims are signed off by other members of staff. Being at the top does not mean that the procedures do not apply. Requests for a priority payment outside of the agreed procedure should always be questioned. If everyone has agreed to the standard procedures, then there can be no justification to make a payment outside of the normal procedure, just because it has been deemed a priority. If truly deemed necessary, then authorisation must be given not only by management and directors, but also by the legal department. If this occurs, then the existing procedure needs to be examined as to why the incident occurred and where the procedure broke down. This all has to be detailed in writing – fraud can happen at the highest level as well as low down with an organisation.

Static data

Every contact both inside and outside of the company should be recognised and recorded in a data system. Static data refers to all relevant data concerning an entity – full name, registered address, bank details, contact details etc. This data should be fed into all other systems, but data input should be restricted to a small number of employees. These employees should not have access to any of the systems that are used to input data relating to daily operations.

Another key area is in the cash management side – book keeping can be complex and differences not noted until the yearly audit. However, cash movements contain plentiful details – name of beneficiary, account numbers etc. This can be reconciled against the prevailing static data – are the bank account numbers the same?

Fraud can never be eradicated, but by being open, allowing questions to be asked, even performing unexpected checks on the system and its integrity, and creating an atmosphere where staff know that they can question without fear of reprisal, then at least everyone will know that the company is alert and vigilant.

That knowledge and awareness will make a potential fraud think twice.

 

Cybersecurity & corporate treasury – not your favourite, but beware!

| 17-10-2017 | Pieter de Kiewit |

We all have these topics we know are important but never get the highest priority. Until it is too late. Cybersecurity is one of them. Do you want to be the treasurer named in the newspapers? Finding examples and input on-line is not hard. Only this morning these articles popped up through LinkedIn:

Hackers steal $60 million from Taiwanese bank using bespoke malware”. This is about SWIFT, technology used by many in the corporate treasury environment. This is not to shame SWIFT, what can happen with them, most likely can with other service providers.

Input from this mentioned article specifically has a focus on corporate treasury. What I think is interesting in their input: it is not only about malware. They also mention “social engineering”.

Now what to do? We all know many service providers step forward to guarantee security. Your time and budget is always a restraint. 100% security is an illusion. We will not decide for you. Perhaps we can help you start by browsing through who is offering solutions:

  • The ACT is organising an event at the end of this month:
    “This highly interactive two-day course will take you through the process of building a secure treasury environment. It covers all the essentials, from the creation of a framework of policy and delegated authority, to the way treasury should be organised to ensure maximum control of its activities. You will learn about front, middle and back office functions, regulatory requirements, controls and security essential to managing treasury and you will debate the key issues of control failure. You will learn how to create a secure environment in which treasury transactions can be managed and carried out with minimum risk of fraud or error. You will, be able to judge the adequacy of any security arrangements and make or recommend necessary changes. You will also learn how to effectively plan and execute a risk- based treasury audit that adds value and helps identify early warning signals of potential problems.”
  • Software suppliers like Reval are stepping in, offering technology connected to consultancy. Their article is an easy read, gathering a first glance.
  • And of course consultants are happy to step in. This article of PwC might give you a first idea. Consultancy fees are quite steep. A known sales strategy of consultants is describing scenarios that make you stay awake at night. Are you willing to take the risk or consider “an amateur”.

We will further inform you about the topic in the future. We wish you low risk and high wisdom.

Pieter de Kiewit

 

 

Pieter de Kiewit
Owner Treasurer Search

 

 

How to combat Payment Fraud

| 29-3-2017 | Mark van de Griendt | sponsored content |

 

Payment Fraud is one of the biggest threats to a treasurers’ reputation and career path in an organization. One of the most common ways to reduce payment fraud is to reduce human intervention and to increase the levels of automation in payment structures. With cyber-attacks and payment fraud regularly making headlines, treasurers must be vigilant in safeguarding financial assets. Only 19% of treasurers list cybersecurity as a critical concern. By contrast, 45% of CFOs name cybersecurity as a priority, pointing to a significant misalignment in CFO and treasury agendas in this regard (PWC Global, 2017).


That is why it’s really important for treasurers to know what they can do to reduce payment fraud. There are two ways to lower the risk of payment fraud in payment processing:

  • Increase the level of Straight Through Processing
  • Implement a Payment Hub

Higher level of Straight Through Processing
Corporates sometimes have hundreds of banking relationships and thousands of bank accounts, all managed manually on spreadsheets. Redesigning these treasury processes based on STP creates an integrated treasury workflow that streamlines processes effectively and provides treasurers with timely access to financial information. No more manual entries, no more errors.

Implementing a Payment Hub
A centralized payment platform combats payment fraud while also ensuring treasurers of having the money they need to manage day-to-day business obligations.

Some key benefits include:

  • Centralized monitoring and control
  • Flexibility and efficiency in payments
  • Reduced banking costs
  • Global Visibility
  • Easy access and more transparency

Please refer to our company page on treasuryXL or contact Mark van de Griendt if you’d like to receive more information about reducing payment fraud by a corporate payment hub.

 

Mark van de Griendt

Cash Management Expert at PowertoPay

Payment fraud – how companies can protect themselves

|13-2-2017 | Joerg Wiemer | sponsored content |

Information about the opportunities and risks of digitalization is widely spread. In general, risks occur when there is a chance of losing a competitive advantage or falling behind.  However, one of the biggest risks is without doubt cybercrime. Attacks on IT systems worldwide increased yet again by 38 percent in 2015, according to the consulting firm PwC in their “Global State of Information Security Survey 2016”. If these attacks are aimed at the payment transactions of a company, the entire existence of the organization is easily threatened. Therefore, security measures in treasury and payments processes should be at the very top of the agenda. Jörg Wiemer, CSO of TIS, explains how companies can ensure increased security.

In general, when does a risk exist for companies during payment transactions?

JW: In principle, in any situation that involves a lack of transparency across bank relationships and activities. In these cases, cash positions and liquidity are not clear. Let’s assume that a branch transfers ten million dollars at the beginning of the month. If these bookings rely on manual processes and the balance is only checked once at the end of the month, it takes a full thirty days until the fraud is detected. Time is literally money.  By monitoring treasury in real time, it is possible to detect these procedures much earlier, thereby solving them in many cases.   

It can take a lot of time until the head office of the branch gains knowledge about such cases.

JW: This is the heart of the problem: The prevailing regional division of labor makes it easy for fraudsters. If the account statements in paper are collected locally in each branch, it takes weeks until those responsible in the head office notice that an account statement is missing, and with it, the positions written on it. This is exactly why a company should collect all account statements from every bank account worldwide automatically and assess liquidity positions in real time with a software like TIS.

What else facilitates frauds?

JW: Fraud can occur if there is no complete overview of the electronic signing authorities, if there is no dual control principle during payment transactions or during the administration of payment recipients and, in general, during every user administration, which is particularly prone to fraud. These are the typical gateways.

How can I detect that I am at an increased risk?

JW: One reliable indicator of a low level of security in payment transactions is a high amount of manual transactions. Normally, the assumption is that every payment has to be recorded in the accounting system according to the best practices – no booking without receipt, and no payment without a previous booking. Nevertheless, under certain circumstances, there are deviations and exceptions of this principle. The key term here is “exception handling”, which results in a manual payment. An exemption is necessary for these cases, which includes comprehensive process documentation. The possibility of recording and authorization of non-automatic payments should be restricted to certain recipients of the payment and internal user groups. Furthermore, the user should only be allowed to use unchangeable payment templates that have been approved in advance.

How can companies reduce risks?

JW:  A general rule is to standardize and and automate processes across the group of companies! Payment related tasks can be executed on local level, however, based on a standardized and automated process. A central directory of every existing account and a payment governance should be mandatory for every company. Security in payment transactions begins with the professional management of the bank accounts. Otherwise, those responsible run the risk of fraudulent payments through accounts that are not registered in the ledger. The next step is to centralize the payment transactions. Digital payment platforms like TIS pool the cash flow and standardize and automate it. This way, payment procedures and the cash flow are controllable at all times.

What has payment looked like in practice up until now?

JW: Heterogeneous and confusing. Companies have a lot of different systems in each part of their organization and they use different e-banking tools to connect to the banks. The SAP system then generates payments. This is complicated and complex and there are many different protocols and formats. This is the reason for high costs as well as increased fraud risk.

In light of this, which solution approach does TIS pursue?

JW: We provide a payment transactions platform especially for medium and large-sized companies in any industry. The platform connects their accounting system with the respective bank. It then operates between the core systems – which the client does not have to change –  and the bank. Therefore, the platform is the single point of contact, allowing all automated and standardized payment transactions to be combined in a uniform way for the entire company. This makes the management, monitoring and assessment of payment transactions tremendously easier.

The TIS solution runs completely in the cloud. What about the topics of control and secure data storage?

JW: A server as such is either secure or not secure, no matter if it runs in the cloud or in your own house. It is also possible to dial into an in-house server with the banking tools of a company from anywhere as long as the person has the appropriate authorization or the right amount of criminal energy. This is why the server has to be permanently protected from non-authorized access with a high level of modern technology. The big data centers, with which TIS also cooperates, have totally different possibilities than a single company. Let me say a few words regarding the topic of online banking:  the idea that banking tools on a private notebook which runs offline are somehow more secure is an illusion. This computer provides a much bigger gateway for viruses and Trojans than any e-banking solution that runs in the cloud. It speaks volumes, that the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) has recently started receiving a much higher amount of reports from the general public regarding e-banking frauds.

The right software is one part, but what can be done to ensure risk is handled correctly and that the right methods of payments processing are put into place?

JW: Good governance must be established and implemented. Companies need globally valid rules for their payment transactions with detailed guidelines on the following: how accounts are managed, who can open new accounts, who must give permission for this, and the documentation necessary to do so. There are always bad examples for what can happen if the company does not follow the guidelines. Remember the case of the automotive suppliers Leonie mid-2016? Cybercriminals acquired documents and assumed somebody else’s identity. They were then able to divert 40 million euros from accounts of the company to accounts abroad.

My advice on how to minimize risk? Establish governance guidelines and use a central platform for the management of bank accounts and payment transactions. Through automated and standardized processes, companies can protect themselves against manipulation and fraud and, ultimately, the loss of money.

If you are interested to read more about this topic please click on security in payments

joerg wiemer

 

Joerg Wiemer

CSO and Co-Founder of  Treasury Intelligence Solutions GmbH ( TIS)