How global enterprises can finally end the cycle of redundant IT-related payments projects

30-08-2021 | TIS |

This article begins by examining the current state of enterprise treasury and finance technology implementations, including the standard project timelines, core challenges, and ultimate outcomes. This is followed by an analysis that outlines an improved methodology for enterprises to follow as they seek to ensure the global optimization and standardization of their payment systems, workflows, and technologies.

Modern enterprises are stuck in an endless cycle of payment technology upgrades

 

For enterprise finance and treasury professionals, why does it feel like the road to payments automation and technology optimization is never complete?

If you’re an active practitioner, you’ve likely asked yourself this very question (or at least a variation of it) within the past few years. Perhaps it was during a very long and arduous TMS or ERP implementation, a major acquisition of a new entity, or a rationalization of your global bank relationships. In any case, your musings were probably due to the fact that these types of projects have become an all-too-regular occurrence (and a subsequent thorn in the side) for enterprises around the world.

As recently as 2018, data showed that the average corporate timeline for a SaaS-based TMS implementation was 10-18 months. Technology overhauls involving larger and more widely used systems, such as global ERPs, may have taken up to 3-5 years. And although these respective timelines continue to grow shorter as cloud services and other innovations rise to the forefront, projects of this magnitude still represent a massive undertaking.

During these periods, it’s common for practitioners to wind up collaborating with dozens of internal and external stakeholders, joining hundreds of calls, and spending countless hours training, testing, and configuring the new system – all while continuing to perform their core list of daily responsibilities.

The ultimate result being?

Although seasoned professionals will tell you that every implementation is different, let’s think about the bigger picture. Of course, the results of each specific project can vary drastically, sometimes for reasons far outside of anyone’s control. There may be budget constraints, bandwidth constraints, technical limitations, and even geopolitical or environmental obstructions. Employee turnover may cause undue delays as well. And yet other times, the entire project may flow smoothly and on budget from start to finish.

But looking beyond the individual success or failure of any single project, how long after each project’s completion will it be until a new technology implementation is required?

One year? Two years? Five years?

Or, in the case of global enterprises, perhaps you are simultaneously working on numerous financial technology implementations all at once, and the completion of one only results in your reprioritization of another.
Unfortunately, this endless cycle of new technology and payment upgrades is what most enterprise treasury and finance teams find themselves dealing with today, and it has become one of the primary sources of confusion and headache for global companies.

Let’s quickly evaluate the underlying complexities in more detail.

Why does global expansion often lead to excessive payments complexity?

 

Although domestic companies operating in a single country or region undoubtedly face their own degree of technology and payments complexity, the level of difficulty associated with managing a global network of systems, data, and information is exponentially greater.

What are the main reasons for this?

To begin, consider the sheer volume of payments being made across a global enterprise, including all the various locations, currencies, and payment types. For the largest companies, there may be millions of inbound customer payments occurring every day through a combination of cash, check, card, and account-to-account options like ACH and SEPA. At the same time, an equally large and diverse variety of outbound payments must be generated by the enterprise to compensate employees, vendors, and partners. And every time a new entity, industry, or market vertical is added to the mix, these volumes intensify.

Adding further complexity, consider how the payment channels and formats in use across each world region can vary broadly as well. Just to name a few, there is EBICS in Europe, NACHA in North America, SWIFT for international payments, and H2H (direct) connections that may be utilized globally. Local variations of these channels also exist in other regions, and going a step further, each of the specific banks used by an enterprise will have its own connectivity preferences for payments and information reporting. Individual clients, partners, and vendors may also request payment data to be created in specific formats such as SWIFT MT, ISO 20022, EDI, BAI, and BAI2.

Measure Payments Complexity

Finally, the diverse compliance and security standards that exist across various countries require unique filtering and monitoring workflows to be established in different regions. Although U.S. companies may be familiar in dealing with OFAC sanction lists, FBAR statutes, and data privacy laws like GDPR, the regulatory landscape in Asia, Africa, and the Middle East looks quite different. In fact, each specific country within these regions might have its own distinct set of rules and restrictions, and these protocols must closely adhere to any time that payments data and technology solutions are managed locally.

But despite all these challenges, perhaps the largest source of headache and confusion for enterprise practitioners stems from attempting to manage a disparate and unintegrated web of back-office payment solutions.

What do we mean by this?

The back-office conundrum: too many solutions and not enough integrations

 

In 2016, research from Fortune highlighted that global enterprises were undergoing merger and acquisition (M&A) activity at incredible rates, with the five most active companies absorbing 122 new entities between them on the year. Data from more recent years showcases a similar story, and at the same time, organic growth is also driving these enterprises to open new offices, enter into new markets, and expand into new world regions.

The challenge?

As these new acquisitions and locations ultimately go on to form new company entities and subsidiaries, the underlying systems used at each locality must be connected to the enterprise’s main technology stack in order to facilitate data transmission, cash and payment visibility, and other core financial functions. But for enterprises with hundreds of already-existing entities and a steady stream of new acquisitions, consider how many systems must be connected to the enterprise’s core technology stack each year. Also consider the amount of maintenance, upkeep, and investment that managing this global network of technology requires. And finally, reflect on how each of these systems will gradually become a legacy over time and need to be replaced as new technologies and solutions rise to the forefront of the industry.

We know from experience that not all of these global systems are able to connect or integrate with one another. Perhaps some solutions are too old, the budget too insufficient, or IT bandwidth is stretched too thin to prioritize the development of proper connections. As a result, it may take days, weeks, or even months for the data and information contained within these local systems to be made available across the entire enterprise. And if these siloed systems are not isolated occurrences but actually comprise a significant portion of the enterprise’s back-office infrastructure, then almost every single financial and payments-related function will be impacted.

EPO Payments Complexity

Without automated connectivity and integration, visibility to cash balances and payment statuses will take a hit. Creating a standardized compliance and security process will be almost impossible, and stewarding the company’s liquid assets will be hampered by a lack of transparency to global data.

Today, these siloed entity technology stacks and legacy systems are often the unintended result of sustained business growth. In fact, it’s almost natural for them to occur. However, with today’s speed of change in commerce and technology, it is no longer an option to leave each of these functions, systems, and geographies unconnected. Siloes trap data, reduce communication and visibility, and ultimately stifle growth. And in the world of payments and technology, a lack of visibility and automation will directly impact liquidity, profitability, and exposure to risk across the entire enterprise.

So then, for enterprises that find themselves in this situation, what is the best approach to optimization?

Introducing a new framework for managing enterprise payment maturity

 

In a perfect world, enterprises that need to connect all of their global technology and payments solutions, including bank platforms and 3rd party solutions, would simply integrate every system with every other system. This would effectively enable complete unification and connectivity across the enterprise’s entire network, and data could flow immediately and seamlessly across any department, entity, and location for real-time visibility and control.

Of course, active practitioners understand how unrealistic this approach would be. In reality, it would require an almost endless variety of custom integrations to be established across each internal system and potentially hundreds of banks and external solutions. Despite innovations surrounding APIs and other connectivity methods, this task would still be insurmountable, from both a budgetary and bandwidth perspective. And even if an enterprise did somehow manage to connect all these solutions together, the maintenance and upkeep required to sustain each integration would require a whole army of dedicated IT personnel and even more investment.

An alternative solution?

Given the fragmented systems landscape that exists across most global enterprises, the most effective way to achieve a holistic view of (and control over) every siloed process, system, and geography is by implementing a single Enterprise Payments Optimization (EPO) layer that sits above all other solutions in an enterprise’s technology stack. Rather than connect every platform with every other, each solution need only connect to the EPO platform instead. This drastically simplifies the process of integrating new solutions with an enterprise’s tech stack, and also automates the process of transmitting payments data between any system that is connected to the EPO platform, including those used by different entities, offices, and departments.

Although the adoption of an EPO platform requires some up-front legwork, using a vendor like TIS ensures that the complexity of connecting to banks and performing other technical functions is almost entirely outsourced. This means that formerly difficult and time-consuming tasks that were managed by internal IT teams (such as configuring and maintaining the links between external banks and internal ERPs, HR systems, and TMSs) are now managed by the EPO vendor. As formats evolve or new regulations require changes in integration, EPO vendors like TIS automatically handle the upgrades and also manage the addition of new countries, banks, and users to an enterprise’s network as growth and expansion dictate over time.

Once this type of implementation has been performed, the EPO platform can become the sole channel through which all company payment workflows and data streams are managed and controlled.

TIS Eliminates Global Complexity

As payment instructions or files from ERPs and other back-office systems pass through an EPO platform, they can be quickly transferred to the appropriate bank or end party. In addition, data can be shared with 3rd party vendors and other companies and partners within the network. Subsequent bank statements and reports can also be transmitted from the bank through an EPO platform to the various internal departments and systems where payment instructions are originating from.

Ultimately, the information stored on an EPO platform serves as the single source of truth for payments data across all corporate departments, subsidiaries, and geographies, and it prevents enterprises and their IT departments from having to manage a tangled mess of disparate back-office connections.

EPO solutions provide the perfect option to support ongoing enterprise growth and expansion

 

While the EPO orchestration strategy outlined above is very effective at breaking down geographic and entity-specific siloes, it is also the ideal platform for fostering a strategic, long-term approach to enterprise payment maturity.

Today, the technology landscape continues to evolve rapidly, as do the payment solutions and methods used by global enterprises. In the current era, this means that approximately once every decade, a company’s existing technology infrastructure will need to be overhauled. However, because various internal solutions are installed at different times and for different purposes, the upgrades and maintenance schedules for these solutions are rarely conducted in an organized and timely fashion. Sometimes, these upgrades are not completed at all. And as a result, it’s very easy for an “optimized” payment workflow and the underlying technology stack to start falling behind the curve.

This is why adopting an EPO orchestration layer is so essential for maintaining a constant state of consistency and control.

By connecting all of the various internal systems that comprise your global payments technology stack to an EPO platform, you effectively ensure that regardless of where an entity is located or what local systems are being used, the data and information stored on their platforms is never left isolated or unaccounted for. And as older or outdated enterprise payment solutions are eventually replaced by newer and more upgraded systems, connecting them to the EPO platform in a similar fashion will ensure ongoing cohesion and connectivity across your global networks, even as various technology overhauls and system migrations occur at specific entities or locations within the enterprise.

So, if you’re a treasury or finance professional working for an enterprise with significant process, system, and global complexity — complexity that is ultimately hindering your ability to operate efficiently — ask yourself whether a new approach to payments technology could be the answer.

And if that answer is yes, we invite you to consider TIS and our newly introduced Enterprise Payment Optimization (EPO) platform.

About TIS

TIS is reimagining the world of enterprise payments through a cloud-based platform uniquely designed to help global organizations optimize outbound payments. Corporations, banks and business vendors leverage TIS to transform how they connect global accounts, collaborate on payment processes, execute outbound payments, analyze cash flow and compliance data, and improve critical outbound payment functions. The TIS corporate payments technology platform helps businesses improve operational efficiency, lower risk, manage liquidity, gain strategic advantage – and ultimately achieve enterprise payment optimization.

Visit tis.biz to reimagine your approach to payments.

 

Identifying Types of Fraud/Scams

26-08-2021 | treasuryXL | XE |

Knowledge is power. When it comes to avoiding scams, forewarned is forearmed. Here are a few common types of scams that criminals will use to try to steal your money or – more importantly – your identity.

1. Give Money to Get Money

If you ever receive an “official” notification that you’ve won a lottery or that someone wants to generously give you a large sum of money but first you need to send money to cover taxes, fees, clearances, or some other cost before collecting your prize, proceed with extreme caution!

The common thread with this scam, apart from the too-good-to-be-true offer, is that you must “act now” or respond immediately to the official sending the notice. This scam relies on you feeling pressured to not miss out on the deal or prize.

One of the most well-known versions of this type of scam is the Nigerian Prince (also known as the 419 Scam).

2. Phishing

Phishing is almost what it sounds like. Someone is fishing – and using bait – to obtain sensitive information to steal everything from the cash in your bank account to your identity.

Phishing scams replicate official-looking emails (or other communication types) from well-known and reputable companies. These fake emails include links or phone numbers encouraging you to change passwords or send personal documents and information (to update your account). The email will make some claim that there is an issue with your account (i.e. you need to supply documents to receive funds being remitted to you) and you need to click on the link provided to fix the problem. These links may take you to a look-alike site created by the criminals or contain malware (malicious software) which can give the criminals access to your computer (so don’t click!). Phone numbers may work the same way by directing you to a fake answering service.

There are a number of sub-species of the Phishing scam:

a) Spear Phishing

Spear Phishing is a little more sophisticated as it specifically targets you and relies on the trust you’ve built around a person, company, or brand. Most likely the communication will be personalized. Criminals target you from information they have found on sites like social media.

b) Clone Phishing

Clone Phishing differs in that it will copy a legitimate email that included an attachment or link. The attachment or link is replaced with a fraudulent version and the email is sent from a disguised address that appears to come from the original sender. The email may claim to be just a resend of the original or even an updated version.

c) Whaling

Whaling goes after the “big fish”. It targets senior executives or high-profile people within in a company. This type of fraud usually appears as a legitimate concern such as a legal request or subpoena, client issue, or corporate matter.

d) SMiShing

Cute name, not so cute fraud tactic using text or SMS. Potential victims receive an unsolicited text or SMS message with a link to a site that can contain malware or viruses. The urge to click is usually based on a “confirmation” of account activity and the risk of incurring additional charges or fees if the intended victim doesn’t take care of the problem immediately (by clicking the link).

3. Fear-Based (Service Cut Off/Jail Time)

You receive notification, usually through email or phone, that your account is in areas and you need to pay the balance immediately or have the utility service cut off. This type of fraud includes claims of unpaid taxes requiring immediate payment to avoid jail time. Criminals in this case are dependent on your fear of losing a necessity, like heat or water, or your personal freedom.

Conclusion

The ultimate goal of the criminal is to rob you. Criminals will try every sneaky tactic to get what they want and will play upon your fears, your generosity, or your trustfulness to get it.

Scammers attack when you’re least expecting it and often prey on the most well-intentioned people. Educate yourself on how to protect yourself and your loved ones from unexpected fraud. Here are several resources that provide helpful information:

Remember, no matter who is contacting you, NEVER give them any of your passwords, account numbers, or personal information without double-checking their identity first.

Be smart, be aware, and be safe!

Are you curious to know more about XE?
Maurits Houthoff, senior business development manager at XE.com, is always in for a cup of coffee, mail or call to provide you the detailed information.

 

 

Visit XE.com

Visit XE partner page

 

 

 

Helping Hand: Using Cashforce to Manage Growth Through M&A

24-08-2021 | treasuryXL | Cashforce

How one treasurer used Cashforce technology to improve forecasting and support growth.

When one treasurer saw that his team was getting too bogged down managing the company’s dozens of bank accounts across 25 entities, he sought out an automated cash management system, but he had a concern: the company is continually growing through mergers and acquisitions, and in the past, new accounts made everything muddy.

  • The process of integrating a new entity and any accounts it brings along can be cumbersome—and who knows if their ERP would even be compatible with the automated solution he chooses?
  • He said that Cashforce, a cash forecasting and working capital analytics solution that can work with multiple ERPs, was the answer. “Cashforce’s ability to take feeds from multiple ERP systems was big.”

New accounts, new problems. 

Before turning to Cashforce, the treasurer had significant capital committed to grow the business through acquisitions. He only had two or three people managing this aspect, and he said the company’s TMS offered little assistance.

  • “Cash is our lifeline,” he said. “To me, the most important thing is knowing how much cash we have and where it is.
    • “We’re not over-leveraged, but we’re leveraged,” he said, so finding a cash management solution that provides quick access to every detail was crucial.
  • But the treasurer said his company doesn’t expect accounts that come with newly acquired companies to work with its preexisting ERP system. Cashforce, which can take data feeds from new ERP systems, was the key.
  • “We needed a cash management solution that integrated with our current ERPs and future ERPs to be able to feed data into the tool,” he said.

Feel the force.

Because Cashforce can take those inputs, the treasurer said it could work. But would it actually save enough time, and free up cash through efficient management of working capital? The solution, he said, had four clear advantages that made cash forecasting “a lot more accurate” in just six months:

  1. Ease of use, with data visualization tools that teams can use without having to dig into reams of numbers.
  2. The ability to drill down into the data into transaction-level detail.
  3. The ability to take these now automatically generated data-driven insights to management instead of spreadsheets.
  4. The ability to view daily bank positions.

Feel the force. 

Because Cashforce can take those inputs, the treasurer said it could work. But would it actually save enough time, and free up cash through efficient management of working capital? The solution, he said, had four clear advantages that made cash forecasting “a lot more accurate” in just six months:

  1. Ease of use, with data visualization tools that teams can use without having to dig into reams of numbers.
  2. The ability to drill down into the data into transaction-level detail.
  3. The ability to take these now automatically generated data-driven insights to management instead of spreadsheets.
  4. The ability to view daily bank positions.

Bonus: data literacy.

 An added “unofficial” benefit of Cashforce that the treasurer added was change management—the opportunity to get a once data-hesitant team to embrace the possibilities offered by analytics.

  • Though he wasn’t intending on using Cashforce to manage credit and collections, through encouraging his team to dig into the data, “one of the biggest advantages is I got my C&C manager to give me a much more accurate forecast.

 

 

A Culture of Fraud Prevention: It’s Everyone’s Responsibility

23-08-2021 | treasuryXL | Kyriba |

It seems like every day there is a new fraud headline. As a result, companies are learning that preventing fraud needs to be a responsibility of all employees in the organisation. To prevent fraud, an organisation needs to focus on education through training, standardized controls, and IT policies on top of a strong technology solution.

The threat of fraud has grown dramatically in recent years. In fact, according to the 2021 AFP Fraud and Control Study, overall, 74% of companies have experienced fraud or attempted fraud. Your organisation needs to be prepared and Treasury activities need to support identifying and preventing fraud. Recently, I had a conversation with a Treasurer who said, “if it’s (fraud) not on your mind in Treasury, you’ve already lost”. He went on to talk about how much more difficult it is to manage fraud when you have a decentralized Treasury team.

Best in class fraud prevention is about having a strong overall ecosystem, culture and technology – the fabric of an organisation. Fraud prevention must be top of mind for everyone in the company. Specific training should be included in introductory orientation as well as ongoing training and annual awareness campaigns. Individuals need to be able to identify potential phishing and Business Email Compromise (BEC) campaigns to ensure they don’t become victims.  It only takes one person to make a poor judgment call to allow access into a company’s system. It’s also important to consider cultural differences for offices in other parts of the world. Fraudsters are taking advantage of cultural norms. In some Asian countries it’s natural to defer to individuals with seniority. For example, receiving a message from the CFO to make a payment wouldn’t normally be questioned. Make sure that all individuals have a way to share, escalate and/or stop a transaction when there could be potential problems.

Standardised procedures are essential. With BEC, fraudsters assume that using the name and email of senior members of the management team, such as the CEO or CFO, will cause employees lower in the organisational hierarchy to do as instructed without question. To combat this, it is imperative that the procedures set up require strict adherence, and that senior management provides an environment where fewer senior members of the team are comfortable asking whether a payment is legitimate. If multiple ERP systems exist, ensure that consistent approval processes are in place across all systems. For smaller regional offices, set up procedures and approvals to ensure that separation of duties is in place and that you have visibility to the activities in remote offices. Some fraudsters like to target attacks on regional offices in hopes of bypassing some of the more stringent processes that are in place at headquarters.

 

Having an IT focus on fraud prevention and policies that support these efforts is also essential. IT should ensure that employees are password protected and that their passwords aren’t easily guessed. They should maintain strong firewalls and keep current on technology to identify potential hacker activity. In addition, it is helpful to randomly test employees with phishing emails to assist employees in recognizing fraudulent emails.

Finally, technology solutions to identify fraud are a critical component of fraud prevention. Solutions should include rules-based fraud detection that identifies multiple scenarios, for example situations where a vendor bank account number has changed. These transactions should be flagged and sent for validation. An individual should call the company using a phone number that is listed in the system of record. Or, the transaction should be sent for account verification allowing for confirmation that the bank account is owned by the organisation that is to be paid, and not some fraudulent entity. Account verification is a new tool that is being added to rules engines. It allows you to increase your confidence that the account is owned by the entity with which you have a relationship without having the time-consuming process of having to reach out to the entity directly to verify. The verification is quick and doesn’t slow down legitimate payments. Your fraud technology solution should also identify other fraud situations that you and a community of your peers have experienced or considered.

Machine learning to identify payment anomalies based on transaction history is also critical. It allows for patterns to be identified in the immense amounts of transactional data that your organisation has accumulated and then to match that in real-time to your specific transactions to identify potential fraud. This added layer of protection looks for behaviours that may not be identified by the human eye – timing of invoice receipt or change in the frequency of payment requests. The system continually adapts based on the information that it is tracking and provides suggestions when it identifies potentially fraudulent behavior.

Fraudsters continue to attack since they only need to find that one weak link on one day with a single person in your organisation. It’s up to you to make sure that the individuals in your company are prepared for the attack. Ensure that you have a training program that helps your employees identify potential fraud attempts. Define, monitor and enforce policies that support segregation of duties and consistent processes throughout the organisation. Confirm that your IT department is staying on top of technology that identifies and prevents hackers and supports best practices when establishing policies across the organisation. Last, but certainly not least, make sure that you are utilizing best-in-class technology to identify potentially fraudulent payments to stop those payments from going out your door. Some treasury solution providers use the terminology fraud detection tools to refer to having sanction screening or workflow tools in place while others notify you of a fraudulent item after the transaction is sent to the bank. A best-in-class technology solution combines workflow tools and approvals in addition to a robust rules engine and machine learning to identify potentially fraudulent transactions in real-time. Giving you an opportunity to stop any transaction before it leaves your organisation.

Preventing fraud is something that everyone in your organisation needs to commit to in order to prevent fraudsters from being successful.

How to Start Avoiding Payment Fraud from Happening

| 18-08-2021 | treasuryXL | Nomentia |

It’s 2021 and even with advancing technologies and AI detecting fraudulent behavior, payment fraud remains an ever-present Risk for any company.

The other day we met with someone who has recently been a target of Payment Fraud and is now implementing a payment factory in order to reduce the risk. We wanted to take a look at how we approach the subject with our solution. Having the right software in place is important, sure but it goes beyond technology.

Let’s start with the Software, Nomentia’s Cash Management solution has several mechanisms in place that protect you against fraud.

Here’s a Quick list

  • First of all, our software creates a single point of managing all payments. We talk a lot about centralizing, and this is just that. Our product brings all these payments into a single view. If we think of a typical case, a company might upload some payments to internet banks, some to a service bureau, use host-to-host connections for others and maybe even run some payments via SWIFT. That creates at least 5 times X channels where payments are executed. This means all payments can’t be seen from one view, which already makes it impossible to detect fraudulent or suspicious payments. But in addition, those 5 times X channels also mean 5 times X places where user rights need to be maintained and controlled.
  • This brings us also to the second point; our software comes with a comprehensive user and user rights management. Our software creates a clear structure and visibility as to who has rights to which companies and accounts and what kind of user roles they are having. We create visibility and an easy way to maintain those rights.
  • When payments are transferred from one source system such as ERP, payroll and the likes to our cloud, files cannot be altered. This creates additional security measures that protect companies from attacks.
  • Lastly, we have created capabilities to set up straight forward approval flows that ensure a segregation of duty into the way payments are done, within the users’ approval limit. Approval limits can be set for each user when working in different roles for multiple companies.

Those are the things that come built into our software. But it’s important to highlight one key fact, most fraud attempts have a human factor and that’s why it’s important to look beyond the software and take a critical look at the processes. As a matter of fact, despite all the noise about external risks, fraud and theft are more likely to be committed by an internal actor than an external actor (Source: FBI Internet Crime Complaint Center).

In other words, if you focus on validating data for possible fraud, you probably should take steps to minimize the possibility of fraud in the first place. Otherwise, proverbially speaking, it’s winter (Northern Finland winter for that matter) and you are going out in shorts and with wet hair.

Apart from controlling user access rights, we would like to share some more tips and ideas that can help to mitigate the risk of fraud.

  • Payments that are made from ERP but rejected by the bank cannot be modified by all users. In practice this means when a payment is made from the ERP system but rejected by the bank, it bounces back where users need to review the failed payment, before sending it to the bank. Fixing the payment data on ERP master data instead of manual adjustments. This would highlight and prevent for example internal fraud attempts.
  • Consider working with your system admins to install payment templates that your end users can use. This decreases the risk for fraud and error by limiting the manual work of filling in information.
  • Make use of the full audit trail that we provide. You can see the whole lifecycle of a payment from its creation to its reconciliation, including by whom and which changes were made, who has approved and sent the payment.
  • Create clear rules on manual payment creation. We enforce a 4-eye approval flow before sending it. In manual payments, there might be a reason to have more than 2 persons approval. If you are having SSC’s in use or even multiple SSC globally. Use the standard 4-eye approval flow locally but have additional approval from another SSC to reduce the internal actor.

These are a few ideas from our side. We are always happy to hear more ideas and feedback on how we can together create safe payment processes.

DOWNLOAD PAYMENT FRAUD E-BOOK

 

 

The real value of Multi-Dealer FX trading platforms

16-08-2021 | treasuryXL | Kantox

(Spoiler: it’s not about trading costs)

A few years ago, PwC consultants proposed a clever analogy to illustrate the difference between single-dealer platforms (SDPs) and Multi-Dealer Platforms (MDPs). For banks looking to provide products and services to corporate clients on a platform, SDPs are like an airline’s website, where high-margin sales occur. Multi-Dealer Platforms, in turn, are the equivalent of online aggregators that let customers compare fares and schedules. While the former emphasizes customer relationship intimacy, the latter work as “transactional supermarkets” with a higher degree of automation.

When it comes to the corporate FX market, where spot and forward transactions take the lion’s share in terms of traded volumes, Multi-Dealer Platforms like 360T and SWAPs have been the venue of choice. The shared technology of Multi-Dealer Platforms has enabled them to better adapt to changing customers’ needs than the proprietary technology of most Single-Dealer Platforms. As a result, corporate treasurers have moved en masse to Multi-Dealer Platforms to improve FX trading processes and reduce spreads. As Kantox’s CEO Philippe Gelis argues, the success of Multi-Dealer Platforms has resulted in a spectacular “compression of FX spreads for vanilla products”.

Beyond trading costs: the value proposition of Multi-Dealer Platforms

Lower FX trading costs, the natural result of the Multi-dealer platform proposition, play an important role by facilitating the participation of firms who see a benefit in ‘embracing currencies’ to access new markets and grow their business. But the fixation with lower spreads is unwarranted. Going forward, treasurers will care less about paying 9 bps instead of 10 bps, if a 2% move in the exchange rate can be easily and efficiently handled by an automated hedging program.

To see where the real value of Multi-Dealer Platforms lies, let us start by briefly looking at the three phases of the FX hedging workflow: pre-trade, trade and post-trade.

The pre-trade phase involves sourcing exchange rates for the purpose of pricing as well as capturing and processing the relevant exposure. Once the FX trade is executed and confirmed, the post-trade phase kicks in with reporting and performance analytics as well as accounting and payments and collections.

In this increasingly automated series of steps, MDPs play a key role. Kantox’ partnership with 360T, for example, provides straight-through processing integration for corporates of all sizes to tailor their Multi-Dealer Platform setup to execution and routing rules of their own making. The range of functionalities includes:

  • Trading in spot, forwards, NDFs and swaps with hundreds of liquidity providers
  • Automated trade and data requests via API
  • Transparent pricing with greater efficiency in sourcing
  • Diversification in order to lower counterparty risk
  • Ability to select preferred liquidity providers
  • Complete trade history and audit trail
  • 24/6 execution capabilities
  • ‘Best price execution’ functionality that puts liquidity providers in competition with one another
  • Conditional orders setup with order management tools
  • Automated trade confirmation by API or email

What emerges from this picture is clear: the ‘trade phase’ of the FX corporate workflow is being automated at lightning speed. The reduction in spreads, while important, only tells part of the story. The real value proposition of a Multi-Dealer Platform lies elsewhere: they are an integral part of the seamless, end-to-end management of corporate currency workflows that Currency Management Automation solutions provide.

This process of automation comes with an added bonus: Application Programming Interfaces (APIs) ensure that data can flow seamlessly between different systems (ERP, TMS) without any need for spreadsheets, reducing spreadsheet risk and freeing up valuable treasury resources.

When viewed in this broader dimension, as part of a larger process that includes all the phases of an automated FX hedging program, Multi-Dealer Platforms are part of an ecosystem that allows companies to benefit not only from automating, one by one, the different phases of a hedging program but to have all these processes integrated with one another, thus creating more value than the sum of the parts.

GO TO PARTNER PROFILE

Strength in Numbers: A Community-Based Approach to Fighting Digital Payments Fraud

11-08-2021 | TIS |

This article provides a modern review of the tactics used by cyber criminals to target enterprises with fraudulent schemes and also evaluates the primary methods used by companies for defending against digital payments fraud. This is followed by an introduction to TIS’ innovative Payee Community Screening (PCS) solution, which addresses payments fraud on a global scale by curating a community-based network of trusted beneficiaries, vendors, and bank account information that enterprises can use to verify the legitimacy of their outbound payment instructions.

Enterprise Payments Fraud in 2021 is More Elaborate & Subversive than Ever Before

Within the past year alone, thousands of finance and treasury practitioners across the world have learned through bitter experience that digital payments fraud is rarely orchestrated by your average, everyday criminal.

Rather, the vast majority of today’s technology-oriented attacks, particularly those that target large enterprises, are led by sophisticated, well-funded, and innovative fraudsters.

In many cases, these software-savvy perpetrators are working on behalf of state-sponsored actors or underground “black-hat” organizations. And because these groups are well-organized and well-funded, they can provide members with the latest technology and training. Ultimately, this has led to rapid digital innovation within the criminal underworld, and subsequently to a growing frequency of highly-orchestrated payments fraud attacks against the corporate environment.

Consisting primarily of software hacks or malware attacks, many of the most prevalent forms of fraud in existence today involve numerous layers of subterfuge and deception, which is necessary for bypassing the various security controls that organizations have in place. Common examples include the use of cleverly disguised Business Email Compromise (BEC) schemes, “Man-in-the-Middle” tactics, invoicing fraud, and the use of ransomware or other forms of “system takeover” fraud.

But of course, enterprises are not entirely helpless in defending themselves.

What Payment Security Tools Does a Modern-Day Treasury Group Utilize?

If you’re operating in a role with direct access or authority over an enterprise’s outbound transactions, you could probably name a broad number of tools at your company’s disposal for detecting and preventing payments fraud.

Some quick examples?

When initially establishing internal payment protocols, most companies will require clear segregation of duties between each stakeholder in the payment process. This includes dual or multi-user approval controls for executing, reviewing, and approving payments. Other standard security components, such as the use of encrypted Wi-Fi networks or VPNs, help restrict access to the enterprise’s digital software to only trusted sources. IP safe-listing tools provide even greater control over who can access these internal systems. As users log in, configuring multifactor authentication (MFA) tokens to be used in conjunction with standard usernames and passwords is another effective technique that prevents unauthorized users or personnel from accessing payment systems via stolen credentials. Biometric versions of these MFA tokens, such as fingerprint or retinal scanners, may be leveraged for even greater security. And finally, user auditing software is often adopted by companies to help monitor the activity of various personnel within their payment systems in order to detect suspicious activity, such as a login attempt from an unknown IP address, at an odd time of day, or from an obscure world region.

Treasury Payments Security

When all combined together with regular employee testing and training, these various security techniques have proven very effective for combating most forms of digital treasury and payments fraud in existence today. And in the years ahead, these tactics are expected to remain as core features of most enterprise’s fraud prevention strategies.

However, suppose that the criminals targeting your organization are not launching direct attacks against your internal payment systems or architecture, but instead decide to infiltrate the operations of your suppliers and partners.

Their reasoning?

Although your enterprise might have the appropriate defenses in place for preventing direct hacks and internal breaches, are your controls just as effective at identifying anomalous activity that is perpetrated through the guise of a trusted vendor?

For a surprising number of enterprises today, the simple answer is no.

Successful Fraudsters Learn How to Operate Outside the Purview of Enterprise Visibility

Although many of the fraud attacks that garner widespread media attention are those that result in millions or billions of losses in a single swoop, these are not the only types of attacks that organizations should be worried about.

In reality, many of the attempts perpetrated by criminals are not targeting billions of dollars. Instead, they focus on extracting smaller amounts of funds over time, often by disguising their activity through the lens of normal business operations.

Take, as an example, fake invoices submitted by criminals that are designed to mimic one of the thousands of vendor or supplier payments that a global enterprise makes every month.

Usually, vendors are submitting invoices to enterprises via email, an online e-commerce platform, or via an ERP system. Subsequent payments are then delivered from the enterprise to the various recipients whose invoices have been approved, usually as an account-to-account transaction that goes directly to the bank account listed in the invoice.

However, suppose that a criminal is able to infiltrate the email account, e-commerce platform, or payment system used by one of your vendors. And over time, the criminal monitors the activity and communication that occurs between this vendor and your enterprise and learns how to mimic the workflow, presentation, and delivery of new invoices for payment.

In this scenario, the criminal knows that your company is receiving hundreds, if not thousands, of new invoices from a variety of vendors every day. They also know the average dollar amount of each invoice delivered by particular vendors, as well as the frequency and timing of their submissions. And if an email account or e-commerce platform has been hacked, they have also probably been studying the language and messaging that the vendor uses to correspond with you.

After taking time to evaluate these invoicing and communication processes, the criminal will create a falsified invoice using the same email address or payment platform that you’re familiar with. The invoice will probably be for the same amount and to the same beneficiary that you’re used to paying, but with a slight variation to the underlying bank account details.

The typical result being?

Unless you are actively tracking and inspecting the vendor records, bank account numbers, and beneficiary details for EVERY payment initiated by your enterprise to your global network of partners and vendors, then catching these attempts will be incredibly difficult.

But if your company cannot catch this errant invoice the first time, then what is going to stop the criminal from submitting numerous invoices over and over, or even going on to target other vendors within your network and duplicating the process on a broader scale?

It might sound like an Ocean’s 11 heist on paper, but in reality, these types of attacks occur all the time. In fact, a single instance of invoice fraud cost Amazon nearly $20 million in 2020. Other forms of fraud, such as BEC schemes, cost a combined $12.5 billion for organizations in the same timeframe, and these numbers are not decreasing over time.

Instead, they are continuing to rise.

Introducing a New Way to Quickly Identify Suspicious or Fraudulent Payment Details

Although subversive types of fraud attacks like the invoice example above are difficult for large companies to identify, suppose there were a way to quickly scan all vendor and supplier payments in real-time against a global library of beneficiary and bank account data?

Going a step further, what if you could also scan outbound transactions being delivered to first-time vendors against a community ledger of payments data in order to verify that the underlying account details and remittance info have never been flagged as suspicious or fraudulent by other enterprises?

With this functionality, the threat of fraud being perpetrated through more obscure and subversive channels become much easier to identify, and they go a long way in protecting your enterprise against attacks that spawn through exposures related to your partners, vendors, and suppliers.

This suite of tools is exactly what TIS is now providing enterprise clients with our innovative Payee Community Screening (PCS) solution.

Developed in direct response to a noted increase in invoice and BEC fraud, TIS’ PCS network works by aggregating payments data across our trusted community of global enterprises and bank partners. As new payments are submitted by various enterprises through TIS, this module compares the underlying beneficiary and bank account information against a comprehensive record of all other transactions executed through the system, including those made by other enterprises in the network.

In practice, this validation process effectively protects against four fundamental threats:

  1. If you are making payments to a new beneficiary or bank account for the first time, an alert will be generated by the system warning you that an additional review of the information is recommended.
  2. If you are making payments to a beneficiary which is completely unknown to other members of the PCS network, then the payment is flagged and a review workflow is initiated.
  3. For new vendors that you are paying for the first time, if the invoice and payment details do not match what other enterprises in the network have used to pay the vendor (i.e. a different bank account number was provided to your enterprise than what was provided to other enterprises in the network), then the payment is flagged and a review workflow is initiated.
  4. If the beneficiary or bank account details provided in an invoice ever match with a known criminal, sanctioned, or otherwise fraudulent party, the payment is automatically flagged and a review workflow is initiated.

In this way, by inspecting every outbound payment initiated by your enterprise in real-time against a global library of payments information, enterprises can strengthen their security controls by accessing a much broader pool of data and information than what is available in-house. To date, TIS’ network has managed over 11 billion payments globally across 11,000+ banks and 15 million+ distinct beneficiaries, which makes our library of payments information virtually unparalleled in the market. And now with the addition of PCS to our solution suite, we can better protect our enterprise clients from fraud by confirming the validity of every outbound transaction they are attempting to make.

TIS Payee Community Screening

In an environment where subterfuge and deception are a criminal’s main assets, these community screening techniques are essential for ensuring that fraudsters cannot bypass your controls simply by infiltrating those of a different company within your network. They also ensure that as soon as fraudulent or suspicious payment info is identified by one enterprise, the data can be quickly shared across all other enterprises in the network for purposes of quickly halting subsequent payments to that account or beneficiary.

For TIS’ enterprise clients, these tools are already becoming a pivotal component of their core security structure, and we are excited to continue deploying the solution across more global enterprises in the months and years ahead.

Learn More About How PCS Can Bolster Your Treasury & Payments Security

Although no single tool should ever be relied upon to defend against all forms of fraud, it is strongly recommended that enterprises making hundreds or thousands of vendor payments every day undergo a thorough evaluation of their payment controls. More specifically, treasury and AP teams should take time to analyze whether the threat of invoice or BEC fraud leaves them exposed, especially if a vendor or supplier within their network is compromised.

For enterprises that identify gaps, we invite you to learn more about how TIS can help.

For more information about TIS’ PCS tool, the associated benefits, and the technical aspects associated with its architecture, download our latest factsheet. You can also request a meeting with one of our payment experts or learn more about the other security-related components of our solution suite.

Stay vigilant, stay safe, and as always, thank you for reading.

About TIS

TIS is reimagining the world of enterprise payments through a cloud-based platform uniquely designed to help global organizations optimize outbound payments. Corporations, banks and business vendors leverage TIS to transform how they connect global accounts, collaborate on payment processes, execute outbound payments, analyze cash flow and compliance data, and improve critical outbound payment functions. The TIS corporate payments technology platform helps businesses improve operational efficiency, lower risk, manage liquidity, gain strategic advantage – and ultimately achieve enterprise payment optimization.

Visit tis.biz to reimagine your approach to payments.

 

Partner Interview Series: Ramon Helwegen of EcomStream, specialized in optimization of online payment solutions

10-08-2021 | treasuryXL | EcomStream |

treasuryXL are delighted to share the interview with Founder and Managing Director of EcomStream, Ramon Helwegen.

EcomStream is an independent consultancy and is specialized in optimization of online, omnichannel and marketplace payment solutions, and optimization of checkout flows.

Meet Ramon

treasuryXL are delighted to share the interview with Founder and Managing Director of  EcomStream, Ramon Helwegen. Ramon has over 20 years of experience in E-Commerce, Online Payments and IT Managed Services outsourcing at organizations such as: Verizon, GlobalCollect (Ingenico e-payments), EMS (ABN AMRO/Fiserv) and Newgen.

Ramon has then founded EcomStream in 2017. A consultancy specialized in adding value by assessing the client’s checkout and payment solution, to sell more and pay less. For online, omnichannel and marketplace businesses.

International corporates (B2C & B2B) and Twinkle100 is the main target market. Clients include: Bax Music, Kwantum, Leen Bakker, Staples Solutions and vidaXL.

Let’s wait no longer and take the deeper dive with Ramon and his personal story about EcomStream. We asked him 8 interesting questions, let’s go!

INTERVIEW

1. What is the main goal of EcomStream?

EcomStream has been founded in 2017 and provides optimization services in the field of payment and checkout for online, omnichannel and market places. Both functionally and from a cost perspective. The goal is to provide clients the opportunity to sell more at lower costs.

Many times a client is not fully aware of optimization features that can be provided by their existing providers. This is often low hanging fruit. I also make sure that clients get value for money by benchmarking and renegotiating their rates and fees. Furthermore I’m often asked to optimize the end-to-end checkout flow to make sure the risk of drop offs is reduced to a minimum, and conversion is optimized.

2. Why are clients choosing for your services?

Assurance. Clients never have to worry again about having the best deal and set-up regarding cost and conversion, and often the service is performed on a no-cure no-pay basis.

3. What would be the biggest benefit for clients when working with EcomStream?

The payment market is very dynamic and todays knowledge gets outdated quickly. With EcomStream clients have access to up-to-date knowledge and expertise, just when they need it, and are assured of having the best deal (costs and features) with their providers at all times.

4. What client profile benefits from your services?

Rule of thumb says that most value can be generated for clients in online, omnichannel or market places, who have established mature volumes for a few years already. Clients within the Twinkle250 rankings or large corporates in B2B with direct distribution models would benefit greatly. But frankly, every merchant is very welcome to have a chat to see where I can help.

5. What is the common ground between treasury and EcomStream?

Many of the decision makers that I work with are from treasury departments. However not every treasurer understands payments, fintech, checkout and conversion as much as they would like to. Treasurers are often challenged by other stakeholders in the company to come up with cost savings or additional features, or they are pro-actively looking for opportunities to improve their KPI’s. I’m there to help them and to deliver.

6. What has been your biggest challenge with EcomStream so far?

When managing your own business you don’t have the luxury where you can rely on a large established corporate, with an enormous historical track record, that backs you up. This can be challenging. Especially when getting trust and commitment from the stakeholders and decision makers at a client side, it is your own performance that counts, for each and every project, time and time again.

7. What has been your best experience since the start of EcomStream?

First of all the strength lies within the fact that EcomStream operates an independent business model. I only work for merchants, so there are no projects taken onboard for providers or other parties in the value chain. There is never a conflict of interest but always a full commitment to the merchant.

Furthermore, I’m very pleased that I have received quite some positive work references from clients. Together with an explanation of the merchant business case, these are showing on the website.

8. What will the future hold for EcomStream?

Direct (online) distribution models are getting mainstream more and more. For B2C companies but also for B2B. Often these companies originate from traditional business models and evolve towards digital / omnichannel companies with business challenges they were not aware of before. EcomStream is there for them to unlock opportunities in the field of payment and checkout optimization, so they can sell more at lower costs.

Contact EcomStream directly

Curious to know more? Ramon Helwegen is happy to tell you more about EcomStream and his experience. Contact him directly via [email protected].

 

Go to Partner Page

Are You Still Thinking About Virtual Accounts or Already Implementing POBO and COBO?

| 04-08-2021 | treasuryXL | Nomentia |

Companies are increasingly focusing on harmonising their banking landscape to obtain better visibility of Cash balances, to mitigate Fraud Risks and to improve automation and security in their treasury processes.

In a world where the next fraud attempt is lurking around every corner, no company wants to create processes with different banks, tokens, and user lists for each of their different local entities. With this harmonisation, companies start to rethink their processes, and this naturally leads to in-house banking, including POBO and COBO. This is because the question soon arises as to why, for example, not all euro payments should be handled from one account, if that were possible within the regulatory context.

Setting up an in-house bank doesn’t happen overnight. It’s the result of several steps taken to centralise an organisation’s cash management. The six steps are:

  1. Managing corporate bank account structure. You can read more in our bank connectivity guide.
  2. Harmonising and centralising payment process. It’s also a way to mitigate the risk of payment fraud. You can read more in our payment fraud ebook.
  3. Streamlining internal payments. This is a logical next step after managing your corporate bank account structure.
  4. Establishing POBO.
  5. Establishing COBO.
  6. Centralising control over financing.

Today we would like to focus on POBO and COBO. They are the ultimate goals of a payments project because they create transparency and make cash management processes more efficient and automated. This sounds great, right? So why, then, aren’t all organisations just setting up POBO and COBO and calling it a day?

Moving from disparate processes, tools and a varied (if you want to be positive) banking landscape to a centralised treasury doesn’t happen easily. Companies might even feel hesitant about implementing on-behalf-of structures because their set-ups are too complicated. That’s an interesting point and I’d like to stress that the more complex a company is in its cash management or enterprise resource planning (ERP) structures, the more they will benefit from an on-behalf-of set-up.

Increased control, transparency, and efficiency

In the POBO model, the subsidiaries process the payment data in their systems according to internally harmonised processes, and the group treasury decides on the most cost-efficient payment method and banking connection. The group treasury is able to centralise cash outflows, which significantly enhances the safety of and control over the payment process.

COBO and POBO make it possible for the group to reach the highest level of independence from banks and maximise cost efficiency.

The benefits of POBO and COBO can be summarised into increased control, transparency, and efficiency. But there are also challenges associated with on-behalf-of structures that need to be evaluated before setting them up.

Where there’s a benefit there’s a challenge

POBO is possible for most payment types, but some are regulated in such a way that they cannot be completed by the on-behalf-of method. This is often related to tax or salary payments. Legal restrictions specific to each country can make it difficult to set up POBO and companies need to assess whether the benefits they will gain are worth the effort. There is no one true answer for all companies; it really depends on the level of complexity they are facing.

Another reason why companies might feel hesitant about implementing POBO is because they use multiple ERP systems. If that is the case, the mere idea of POBO is simply far too complicated. To be honest, when we hear that ‘excuse’ we see it as a challenge, and it makes us happy. Because this then means we can talk about payment factories –especially our payment factory solution. We can create a process that makes it possible for all entities to pay with internal bank accounts as payments-on-behalf-of. I’d even go so far as to say that the more ERP systems a company has, the more benefits it will get from POBO.

When it comes to COBO, the main challenge is that companies are dependent on their buyers to know what to collect from whom. Companies need to retrieve all accounts receivable (AR) information and maintain an overall view of account balances. In some countries that might be relatively easy, as invoices generally have a reference number. But that’s not the case in all countries. It comes back to identifying incoming payments correctly. For example, this can be achieved by matching payments to open invoices. A solution for automatic bank account reconciliation would be able to automatically match incoming payments based on information provided, for example in the message to the right AR account. We took a closer look at the topic in this blog post about how an in-house bank with modern matching solves the COBO challenge.

That said, of course, it’s not an easy task to create on-behalf-of structures, but it’s something that organisations will greatly benefit from if done correctly.

 

 

 

Cloudiness in Libor Transition?

03-08-2021 | treasuryXL | Kyriba | Bob Stark

With less than 6 months to go until the transition from Libor to new overnight risk-free rates, uncertainty lingers as to which rate indices are to be adopted in countries such as the United States.

While regulators remain steadfast in their recommendations that risk free rates such as SOFR in the United States and SONIA in the United Kingdom should be the only choice to replace LIBOR, credit-sensitive rates (CSR) including Bloomberg’s proposed BSBY index remain in the conversation for some market participants and influencers. There are several examples of banks offering new contracts based on the BSBY and other CSRs instead of SONIA, in fact.

Arguments for alternative rates

Proponents of credit-sensitive rates such as Bloomberg’s BSBY, AMX’s Ameribor, and HIS Markit’s CRITS suggest that adopting risk free rates such as Sonia does not solve the underlying transparency issues that plagued Libor in the first place. Bloomberg market experts, such as Umesh Gajria, Global Head of Linked Products, have been referenced arguing that robustness of the highly liquid market instruments supporting their calculated index make BSBY, amongst other proposed indices, resilient to manipulation. Regulators in the UK and US do not agree, stating that the market only needs one replacement for Libor and that replacement must be free of risk and market influence.

Time is running out

Whether SOFR prevails or whether a mix of Libor replacement options remain available to corporate CFOs, with less than 6 months remaining until Libor is discontinued, this rate uncertainty is one of the contributing factors explaining why corporates have yet to transition most of their USD contracts away from Libor. While certain Libor USD tenors will continue to be published into 2023, no new contracts in the United States can be based on Libor effective January 1, 2022. Corporate CFOs are running out of time for a solution to move away from Libor.

Treasury systems support all outcomes

Despite the challenges that corporate treasury teams will continue to experience as they sort out which rates should be used in collaboration with their banks and counterparties, FinTech firms including treasury management systems are prepared for any outcome.

Kyriba offers complete Libor transition support within its cloud solution, including backward-looking compounding calculations, amortizations, and online availability for in-advance and in-arrears risk-free and credit-sensitive rates.

If you have questions or concerns, please reach your dedicated Kyriba representative to setup a consultation with our market teams.