Which Options Are There When It Comes To Bank Connectivity?

15-09-2021 | treasuryXL | Nomentia |

In this blog, we want to give an overview of the different options for bank connections from host-to host, direct connections through regional standards and SWIFT. On top of that we’ll also take a look at open banking APIs and what possibilities they might hold for the future.

Bank connections enable corporate customers to exchange messages with their banking partners. Companies need to have a relationship with at least one bank, in practice there are typically several banks involved, for example to exchange account information and sending payments. Bank connections are so to speak the backbone of your treasury department because they ensure the uninterrupted flow of information between your business process tools and banks, allowing you to create accurate cash forecasts, manage liquidity and the likes. Bank connectivity will remain a topic that corporate treasury departments need to decide how to approach. Now, let’s look at the different options for creating bank connections.

Direct host-to-host connections

One of our webinar polls showed there are still 30% of our respondents who maintain host-to-host connections with their banks. This means that typically the IT department sets up bank connections to specific banks. How those work in specific then depends on the bank. With some banks a host-to-host connection is needed for each country where the company is operating. Luckily many banks offer single point of entry connectivity which means that once you’re connected, you can use it to operate cash management messages in all or multiple countries where the bank has branches.

Since the bank is hosting the service, it also means that the bank is dictating all technical requirements and corporate customers need to adapt to changes the banks might make.

And change is imminent, especially when it comes to messaging formats, communication protocols and security requirements. There are for example client certificate renewals that come up usually every two years. Root certificates expire more infrequently but cause more maintenance work.

Another quite timely example is the Transport Layer Security (TLS) protocol version upgrade. TLS certificates not only have to be renewed from time to time, but older TLS protocol versions have known vulnerabilities and the banks are enforcing their clients to use newer versions all the time.

Maintaining direct host-to-host connection requires you and especially your IT department to make a commitment to maintain these connections day in and day out. Which requires special technical expertise from the IT department and a lot of resources, especially when you employ many host-to-host connections in your ecosystem.

Direct connections through regional standard protocols

The EBICS (Electronic Banking Internet Communication Standard) is a standard protocol that is used in Germany, Switzerland, and France. Also, banks in other countries are testing this standard.

The challenge with EBICS has been that different countries have their own versions of the standard. In 2018 EBICS 3.0 was launched with the goal to harmonize the differences and to make it easier to communicate across borders. In practice Germany and Switzerland are still using EBICS 2.5 and it will take until November 2021 until EBICS 3.0 becomes mandatory for banks in Germany.

Some international banks have adopted EBICS into wider use. Which means that corporations familiar with EBICS may use it for message exchange and authorization in other countries as well. Only the future will show if EBICS fulfils its vision of becoming the pan-European standard protocol for bank communication.

Connections through SWIFT

Companies can connect directly to the SWIFT network and with that get connected with over 11 000 financial institutions in more than 200 countries. SWIFT is hosting and maintaining the global network for that. It’s highly secure and reliable. It’s a single gateway that almost sounds like it opens the door to paradise for you, at least in the mind of someone who spends his time building host-to-host bank connections for single banks. You are empowered to change banking partners based on your business needs without having to worry about establishing new connections.

SWIFT has a sort of do-it-yourself approach by providing Alliance Lite2 to companies. And here comes the other side of the coin. A direct connection to SWIFT is costly and requires time and resource-demanding integration. In addition, you need to comply in full scope with the SWIFT Customer Security Programme (CSP) that requires all their members to protect their endpoint, because naturally, they need to protect their network.

Most corporate customers use a SWIFT Alliance Lite2 Business Application (L2BA) provider or a Service Bureau for the connection. In the L2BA model, a service provider takes care of handling all necessary requirements to connect to the Swift network and you buy your bank connections pretty much as a service. Often this is packaged with other products and solutions you might use.

Open banking APIs

Open banking APIs are one of the most interesting developments. We already see banks all across Europe offering premium APIs for corporates that go beyond what is possible today.

Open banking APIs are set to bring a real-time component to the game that hasn’t been there so far. In the past there was no way for external systems to fetch for example real time balances from banks, but this is about to change. While as previously, corporations would execute batch payments, with open banking APIs this will be possible whenever a payment is needed with instant effect. Looking at balances and payments is the beginning of new solutions that will be available to corporate treasury.

Open banking APIs is something that companies and providers such as Nomentia will need to take into account for their roadmap because this is clearly where we will be able to provide innovative solutions for our customers in the future.

What’s the verdict?

It would be great to give an easy answer to this question. But it’s just not that simple. As I outlined above, all connection methods have pros and cons It really depends on your needs and internal structures what you need.

WATCH OUR WEBINAR ABOUT BANK CONNECTIVITY

 

 

Nomentia Acquires TIPCO: A union of exceptional products and teams

08-09-2021 | treasuryXL | Nomentia |

Nomentia announced yesterday that the company has acquired TIPCO Treasury & Technology. Shortly after the news was released, we had the chance to sit down with Jukka Sallinen, CEO of Nomentia, and talk about the announcement, what does the acquisition promise for finance and treasury professionals globally, and what does the future hold for Nomentia.

The acquisition of TIPCO is the latest milestone in Nomentia’s history. What’s the reason behind the transaction?

There are a couple of reasons. First and foremost, we’ve felt that both companies share a very similar mission. We want to provide unparalleled solutions for and with our customers. TIPCO’s Treasury Information Platform (TIP) is an exceptional treasury management solution that is widely known in the DACH region, and TIPCO has been also famous for its acumen in treasury. Our combined solutions and domain expertise make us one of the strongest players in the cloud treasury and cash management space. I have no doubt that our current and future customers will benefit from our combined product portfolio. Another good reason for joining forces with TIPCO is that we’ve strongly felt that both companies have had surprisingly similar cultures – both have a very healthy obsession for providing the best solutions for our clients and we take pride in what we do.

 

Tell us more about the merged product portfolio and how treasury teams will benefit from it?

Before the acquisition, Nomentia cash management was consisting of Bank connections, Payments, Cash Forecasting, In-house banking, Bank Account Management, and Reconciliation solutions. Adding TIP to the solution mix, we can now provide robust and sophisticated cash flow forecast and cash visibility solutions, as well as solutions for trade finance, FX risk, treasury reporting and treasury workflows, and more. TIP has been always loved by the users and now all Nomentia customers will have access to TIP.

Today, it’s not feasible for treasury teams and finance teams to choose one provider for all their needs or trust that their ERP system would provide a working solution alone. Treasurers should be able to choose the solutions that can best resolve their challenges and meet their needs. To get the best outcome, finance and treasury teams often need to work with multiple vendors – taking the best solution from each. Of course, that’s not always ideal from IT’s point of view, but that’s where our team comes in to take care of the implementation plan together with the client and integrate with their existing systems and banks. We trust that a lot of our current customers will find new solutions from our updated offering that can help them to overcome their current challenges.

New customers will find that Nomentia can offer the widest cash and treasury management solution portfolio on the market to help them build better treasury processes.

 

How does the acquisition affect Nomentia’s future?

During the past year, Nomentia has taken big steps toward becoming the global powerhouse for treasury and cash management. After last year’s merger of OpusCapita and Analyste, we’ve successfully got our footprint in many new markets, and we’ve been especially growing in the DACH and Benelux regions besides continuing to be the number one choice of treasurers in the Nordics. Acquiring TIPCO and merging the two product portfolios will help us to strengthen our position in Europe even more.

Our team has been also growing significantly – it’s always great to work with people that are experts in their field and can truly help our customers to develop their operations. Together, we will exceed our customers’ expectations with our strong product portfolio and even stronger team. Personally, I am thrilled about the news and can’t wait to roll up our sleeves and get to work together with our new colleagues!

 

Read the press release to learn more

 

 

What to Consider When You choose your Bank Connectivity Strategy? 7 Important Criteria

| 01-09-2021 | treasuryXL | Nomentia |

Most organizations would benefit from some form of Bank Connectivity as a service. But just deciding on outsourcing bank connectivity won’t magically make all those connections appear. In this blog, we’ll cover 7 important criteria you should think of when evaluating different options.

1. In which banks do the majority of your payments flow?

Make a list of all banks that your organization is connected with and include all banking relationships from all your subsidiaries. We have noticed in interactions with our customers that this first step can be eye-opening at times. Often, we have an idea of the different banking relationships but then there are still local bank relations that might not be that visual to your treasury function. It also provides you with a good understanding of how many bank connections you would need and whether you would benefit from simplifying your banking landscape before implementing a bank connectivity solution. If your organization is only working with 5 banks altogether the story is very different from an organization that has relationships with 20+ banks.

After mapping this out, you might want to apply the 80/20 rule: typically, you would first set up connections to the strategic banks that cover 80% of your payment flows. A cloud-based software from a Cash Management specialist will most likely be able to provide you these connections as part of their out-of-the-box functionality.

2. Evaluate your use of local banks

Even if you expand the use of strategic banks to more countries, you might still find a set of local banks that you cannot replace. Typically, a discussion about bank connectivity increases in complexity when the long tail of local banks comes into play. That’s where you need to ask yourself why you are working with local banks. Is it for collecting money, for making payments from a regulatory point of view or because of specific needs within your local business?

Having visibility on Cash is straightforward while covering payment flows is not easily justified from a direct cost savings point of view. At the same time payment fraud plays a role in the local banks. You might want to consider a solution to replace internet banks for manual payments with a centralized solution. Then, the business case cannot be backed up by direct cost savings, but cost-efficient risk mitigation.

3. How consolidated is your banking landscape?

After mapping out all your banks in a first step, you know your strategic banks. Now it’s time to take a look at which countries are covered by these strategic banks. Would it be a good time to reduce your banking relations by using a certain set of strategic banks in more of your countries in order to reduce the number of domestic banks?

4. How many file formats and payment types do you have in use?

It is a different thing to set up credit notes and treasury payments only, as opposed to also including domestic payments, salary payments, and tax payments. We recommend having a solution for all your payment types and file formats: this is the only way to get rid of the internet banks and the tokens.

5. Are you concerned about payment fraud and information security?

You should have a solution to cover all payment types in all countries with all banks. That is the only way to have a full audit trail and control in every country. A centralized payment process enables centralized validation and control. We have covered the topic of payment fraud extensively.

In our case, having bank connectivity as a cloud service lets you benefit from a platform, which invests annually roughly 1bn$ in information security. From an information security perspective, this lets us concentrate on application-level security, which is annually audited by 3rd parties.

6. Are you interested in having transparency in your bank fees?

Modern bank connectivity solutions enable transparency in banking fees: Having bank agreements and the related fees included and matched against the banks’ reports. Even more transparency can be gained with services like SWIFT GPI: SWIFT GPI enables banks to provide bank fee information for the e2e chain. Not all banks support these features yet.

7. Choose wisely

Once you go through the questions and mappings outlined above you are at a good place in making your decision for the right bank connectivity provider. It might seem tedious at times and one might think of bank connections as a mere technical thing, but they are so much more. We feel this is a perfect moment to evaluate all your processes and look at ways to harmonize them.

It’s also a great way to work closely together with your colleagues. We recommend approaching this topic in a project team between treasury, finance and IT: From an IT perspective you want to minimize the IT-footprint, finance will run the daily operations and treasury sets the policies and controls.

DOWNLOAD OUR BANK CONNECTIVITY WHITEPAPER

 

 

How to Start Avoiding Payment Fraud from Happening

| 18-08-2021 | treasuryXL | Nomentia |

It’s 2021 and even with advancing technologies and AI detecting fraudulent behavior, payment fraud remains an ever-present Risk for any company.

The other day we met with someone who has recently been a target of Payment Fraud and is now implementing a payment factory in order to reduce the risk. We wanted to take a look at how we approach the subject with our solution. Having the right software in place is important, sure but it goes beyond technology.

Let’s start with the Software, Nomentia’s Cash Management solution has several mechanisms in place that protect you against fraud.

Here’s a Quick list

  • First of all, our software creates a single point of managing all payments. We talk a lot about centralizing, and this is just that. Our product brings all these payments into a single view. If we think of a typical case, a company might upload some payments to internet banks, some to a service bureau, use host-to-host connections for others and maybe even run some payments via SWIFT. That creates at least 5 times X channels where payments are executed. This means all payments can’t be seen from one view, which already makes it impossible to detect fraudulent or suspicious payments. But in addition, those 5 times X channels also mean 5 times X places where user rights need to be maintained and controlled.
  • This brings us also to the second point; our software comes with a comprehensive user and user rights management. Our software creates a clear structure and visibility as to who has rights to which companies and accounts and what kind of user roles they are having. We create visibility and an easy way to maintain those rights.
  • When payments are transferred from one source system such as ERP, payroll and the likes to our cloud, files cannot be altered. This creates additional security measures that protect companies from attacks.
  • Lastly, we have created capabilities to set up straight forward approval flows that ensure a segregation of duty into the way payments are done, within the users’ approval limit. Approval limits can be set for each user when working in different roles for multiple companies.

Those are the things that come built into our software. But it’s important to highlight one key fact, most fraud attempts have a human factor and that’s why it’s important to look beyond the software and take a critical look at the processes. As a matter of fact, despite all the noise about external risks, fraud and theft are more likely to be committed by an internal actor than an external actor (Source: FBI Internet Crime Complaint Center).

In other words, if you focus on validating data for possible fraud, you probably should take steps to minimize the possibility of fraud in the first place. Otherwise, proverbially speaking, it’s winter (Northern Finland winter for that matter) and you are going out in shorts and with wet hair.

Apart from controlling user access rights, we would like to share some more tips and ideas that can help to mitigate the risk of fraud.

  • Payments that are made from ERP but rejected by the bank cannot be modified by all users. In practice this means when a payment is made from the ERP system but rejected by the bank, it bounces back where users need to review the failed payment, before sending it to the bank. Fixing the payment data on ERP master data instead of manual adjustments. This would highlight and prevent for example internal fraud attempts.
  • Consider working with your system admins to install payment templates that your end users can use. This decreases the risk for fraud and error by limiting the manual work of filling in information.
  • Make use of the full audit trail that we provide. You can see the whole lifecycle of a payment from its creation to its reconciliation, including by whom and which changes were made, who has approved and sent the payment.
  • Create clear rules on manual payment creation. We enforce a 4-eye approval flow before sending it. In manual payments, there might be a reason to have more than 2 persons approval. If you are having SSC’s in use or even multiple SSC globally. Use the standard 4-eye approval flow locally but have additional approval from another SSC to reduce the internal actor.

These are a few ideas from our side. We are always happy to hear more ideas and feedback on how we can together create safe payment processes.

DOWNLOAD PAYMENT FRAUD E-BOOK