How to avoid payment fraud?
| 05-08-2016 | Udo Rademakers |
Generally speaking, most of the fraud cases don’t make it into the paper because companies are so embarrassed that they choose to keep the affair quiet instead. In some cases however, amounts are too substantial to hide and corporates (need to) publish. One case has been published some months ago by Accell, a Dutch listed company. This triggers us again and brings us to the question: how can we control / “treasure” corporate cash the best and avoid possible fraud?
Fraud case
January 2016:
Press release Accell: Accell Group confronted with theft in Taiwan
Financieele Dagblad (Dutch newspaper): Fabrikant Accell voor miljoenen bestolen door Taiwanees
Accell had to publish a fraud case: according to the Annual Report “an employee could circumvent and misuse the availability of certain payment facilities by misappropriation of systems, processes and trust”. It led to a possible loss of EUR 4 million.
In my work as Treasury Consultant, I have seen more cases where in- and external fraud (almost) took place. All cases have been settled “internally”, however, the learnings out of it were huge.
How can your company avoid losing cash by fraud, or more generally, also avoid human errors?
Without going into too much detail, avoiding fraud or mistakes is avoidable by defining clear Accounting and Internal Control Systematics and sticking to those rules. A fraud is almost never 100% avoidable, but the aim should be to find a balance between the risk on fraud, possible impact and costs (or keeping procedures still “workable”).
Define a “Static” Supplier Data process
- Separate the Master Data responsibility from the Finance area (Segregation of Duties) with clear defined restrictions
- Request supplier for original documents/data, verify and capture them
- Capturing of data should be done by a limited number of employees and with segregation of duties (4 eyes principle)
- Data should be protected and only be possible to amend via a standardized process (by limited number of employees)
- Documentation
Define a Payment process (stand-alone banking system)
- Create standardized payment templates (and make sure this cannot be amended)
- Reduce the number of banks / bank accounts (less systems, less procedures, etc.)
- No ad-hoc payments should be allowed (or only with additional secured processes)
- Define limits according to authorization matrices (per person, department, per day, etc.)
- Define clear segregations of duties
- Documentation
- Transparency
If HQ prefers having full cash control, one way could be to let payments only be released by the treasury department. Another way is to define certain limits on local level and higher limits at HQ. Still the 4 eyes principle (or 6 eyes) should be in place for accepting payments content-wise.
Define a Payment process (interfaced out of your ERP system)
- Make sure the interface from the ERP system to Payment system is secured where data cannot be amended while being stored on a server or in the payment system itself)
- Automate the process, no manual intervention should be required
Control cash outflow by comparing it to your Cash Flow Forecast
(see as well my posting of May 2016)
- Automated reporting of cash balances (MT940/MT942) to Group Treasury
- Analyze daily variations and link it to the forecast
- Link the annual budget to the annual CFFC (and analyze the delta regularly)
- Review on a weekly or monthly base your cash variations and analyze it
In case of any questions, business cases or other questions, please do not hesitate to contact me.
Treasury consultant