Posts

Why You Should Say Goodbye To Spreadsheets

| 29-09-2021 | treasuryXL | Nomentia |

A recent Cash management survey that we did showed that 43 percent of respondents continue to experience issues with their Cash flow forecasting. Unsurprisingly, more than half of the market still use spreadsheets to execute this business-critical function. The million-dollar question is, why?

According to the European Spreadsheet Risks Interest Group, the reliability of a spreadsheet is essentially the accuracy of the data that it produces and is compromised by the errors found in approximately 94% of spreadsheets.

If accurate cash flow forecasting remains one of the key priorities for treasury and finance professionals alike and the market has easy access to affordable, cutting edge forecasting applications, why do we continue to rely on outdated, ineffective forecasting tools?

Common myths prevail that spreadsheets save money, are easy to use & flexible. In the spreadsheet’s defence, it’s a nifty tool, that ticks many of the aforementioned boxes and can work very well with cash forecasting solutions. But, for a growing business looking to mitigate risk and plan for the future, risks run high if you’re relying on a system that’s almost surely flawed, demands hours of manual input effort, prone to human error, exists largely undocumented and which no one really knows how it works.

“After the clever intern, who developed the nifty macros and formulas is no longer around……nobody knows how the application generates the numbers.”

Penny wise, pound foolish 

Spreadsheeting is, by and large, the manual process of gathering, inputting and administrating data. Typically, spreadsheets have been built up and added to over a period of years, becoming cumbersome to manage and share. In an eye-watering number of cases, the person originally responsible for constructing the spreadsheet has long since left the department. No one knows the algorithm behind the macros and no one assumes responsibility for its maintenance, let alone documenting changes and adaptations. The whispered precedent remains, “if it’s not broken, then leave it alone”……… Ouch!

Alternatives are perceived to be more expensive. Excel, for example, is cheap to acquire whilst Treasury Management Systems are expensive with lots of added features that SME’s in particular, don’t require.

Busting the myths

Cost is no longer a plausible reason to rely on spreadsheets for cash flow forecasting. Cloud-based solutions such as Nomentia Cash Forecasting, offer competitive pricing. Modular, on-demand, SaaS solutions have revolutionised application choice. Simply choose the modules you need, pay by the month and no IT involvement required. Free up more departmental time by reducing the number of resource hours required to maintain a spreadsheeting process and the cost-saving just got bigger.

Spreadsheet errors and inaccuracy are by far the most compelling reasons to consider a move to a specialist cash forecasting application. Finance and treasury cannot afford to make mistakes. Inaccurate cash flow forecasts can literally lay to ruin to a company’s business reputation and/or result in a financial loss or penalty. No scare tactics needed.

Mini Case-Study: Conviviality a ‘Spreadsheeting Horror Story’

(Source: The Guardian UK, 21 March 2018)

At first, the drinks retailer Conviviality said profits would be 20% lower than the £70m expected by the City, with £5.2m of the £14m hole that had opened up in its forecast, down to a spreadsheet error. The remainder was a reflection of weakening profit margins.

On 21 March 2018, the Guardian (UK) reported “Firm issues third profits warning; says it will meet investors to raise funds via a share placing’’. The company, in a stock exchange announcement, said it was holding meetings with investors to raise £125m via a share placing that would help it pay a £30m tax bill due at the end of the month, fund overdue payments to creditors and repay a £30m loan.

The company blamed the first shock profit warning on a spreadsheet arithmetic error made by a member of its finance team and weakening profit margins, and then admitted it had not budgeted for the £30m tax bill due this month.”

Conviviality has since gone into administration

Whether or not the use of spreadsheets was the sole cause of this bankruptcy is not clear, but it seems to have been a major contributor. Such cases are exceptional, but they do illustrate how relying on spreadsheets is not a sensible course of action for any finance & treasury team anywhere.

Many spreadsheets also contain, quite clever but complex, macros and apart from keeping these up to date, finance & treasury is responsible for ensuring their integrity. This is something that is not always feasible. Even when errors are spotted it is often very difficult to decode them, especially given the sheer size of the spreadsheets many finance and treasury folk utilise.

Embracing future-proof change

Readily available and affordable cash forecasting applications have, for those organisations who have embraced the benefits of technology, reduced risk exposure exponentially, facilitated real-time & accurate cash visibility, minimised human resource demand, and liberated finance leaders to take a more strategic role across the business. No-brainer.

Sometimes taking a leap of faith, moving away from the old and onto the new, can be a daunting decision. Historical hang-ups, ranging from less than favourable experiences with legacy systems, pre-conceived assumptions around cost implications, and work-flow disruption make it all too easy to decide to ‘leave well enough alone’. Before you take the decision to stick with the spreadsheet that’s done what it apparently ‘says on the tin’ for many years – let’s consider the following:

Back to the future

In a world where cyber security is of the utmost concern and data privacy, e.g., GDPR, is a regulatory requirement, can finance and treasury really afford to run their operations on spreadsheets? Spreadsheet security cannot and does not compare to the advantages of specialist systems that have been built with security in mind. Indeed, some spreadsheet applications lack even basic authentication security, can be easily copied and distributed outside the confines of the business without the knowledge or prior agreement of management.

Spreadsheets were built for convenience-only in a pre-internet world where cyber-attacks and data security were unknown and of no consideration. Spreadsheets were not built with security in mind.

Square peg in a round hole

Spreadsheets don’t grow with your treasury and finance needs. Organisations often try to adapt their spreadsheets to a growing business but soon realise that the complexity of doing so is almost impossible. Adding new accounts and deleting old accounts becomes challenging at the best of times, but managing this critical process in a spreadsheet, whilst trying to drive the business forward, is often a step too far, leading to errors and oversights.

Treasury and finance, by its very nature, consists of a number of different individuals performing a variety of activities, sometimes at the same time. This results in the sharing of valuable company information between several people and departments in any one day. Managing this process on spreadsheets can be difficult and nigh on impossible, even if some automation is achieved. Typically, only one person can update a spreadsheet at any one time so the workload that needs to be shared becomes inefficient and confusing. Maintaining full transparency around additions, edits, and alterations are off the table. Once an edit, or error, is made on the spreadsheet, it remains invisible and untraceable until something goes wrong. In addition, identifying the point of error-impact is often a time-consuming, futile, and frustrating exercise for some unfortunate departmental executive, even if they have the necessary investigative skills.

Doomed to repeat the same mistakes

Spreadsheets are not that good at quantifying or qualifying historical data, and treasury & finance needs this data regularly. That is not to say data cannot be stored in earlier spreadsheet versions, but due to the way they work, it is not a simple task to access, view, assess, and report this data as efficiently and effectively as modern cash management applications. Losing valuable historical data for comparison and variance purposes is a high-risk consideration. Accidentally saving over historic files, or indeed losing files altogether, is a terrifying experience we’ve probably all experienced at some stage in our careers. Notifying management of a spreadsheet faux pas is just as bone-chilling, remaining undisclosed and causing further inaccuracy to forecast outputs.

As alluded to in an earlier blog ‘Five expensive myths in Cash Forecasting’, there is a very real chance that the person who created the original spreadsheet has moved on and left the company. How many finance and treasury departments have found themselves in a position where a mega spreadsheet, long lauded as a ‘work of art,’ is no longer sufficiently supported and documented with non-existent instructions on how to maintain or update the worksheet.

Cassette recorders, big hair, leg warmers, the Rubik’s cube, Walkman, and mobile phones the size of small suitcases are all legacies from the 1980’s. Technology and hairstyles have moved on….. so should cash forecasting applications.

 

 

 

Readying Treasury for Hybrid Work

20-09-2021 | treasuryXL | Kyriba |

To say that the COVID-19 pandemic changed the way treasury departments and companies operate is a massive understatement. Treasury, a function already accustomed to ‘doing more with less,’ began operating remotely—often with a skeleton crew as companies were forced to reduce headcount.

Once mass distribution of the COVID-19 vaccine began, companies quickly began to strategise over what their post-pandemic workforce might look like. While the rise of the Delta variant has thrown a wrench into many organisations’ plans to reopen, eventually, that new work model will take shape. And it might look drastically different than what has come before.

Here are a few things to consider.

A hybrid work environment will very likely be the new normal.

Research from Harvard Business Review found that 70 percent of companies—including giants like Google, Citi and HSBC—are moving to a hybrid model. Just as treasury teams needed to adapt quickly to operating from home, now they’ll have to adjust to having some team members in the office while others are remote.

CFOs have an eye on emerging technologies.

The remote working environment brought on by the pandemic prompted, or perhaps forced, many organisations to digitise their processes. In a hybrid work environment (that could revert back to a fully remote one if COVID-19 variants continue to emerge), finance chiefs will continue to call for better technological solutions. New research from Gartner found that 82 percent of CFOs plan to increase investments in digital capabilities. CFOs named artificial intelligence (AI) as the technology that they expect to have the most impact over the next three years. Kyriba users can apply AI and machine learning (ML) to key cash management tasks like reconciling prior day bank files with their expected cash positions. For organisations that process high volumes of transactions, handling this process manually can take hours. Kyriba’s solution can identify and resolve discrepancies in minutes, and it learns from the data so that eventually, little to no human interaction is required.

Treasury’s role expanded considerably throughout the COVID-19 crisis. 

More than 80 percent of treasury professionals said that greater value was assigned to treasury during the pandemic, according to the 2020 AFP Strategic Role of Treasury Survey. Furthermore, nearly 70 percent of respondents believe that treasury’s role will continue to be of greater significance. To maintain that influence over other, other departments, treasury professionals may need to revisit their soft skills. Just as employees may have faced difficulty giving presentations over Zoom, they may also find presenting in-person or to a mix of in-person and remote employees to be equally challenging.

Regional treasury centers might no longer need to be regional. 

While it can be convenient to house a treasury center to manage cash and FX hedging in a region with unique regulations, the COVID-19 pandemic may prompt organisations to rethink that approach. Since the onset of the pandemic, those remote working has surged; the Stanford Institute for Economic Policy Research found that 42 percent of the U.S. labor force currently works from home. And perhaps more importantly, it’s been incredibly successful for both employers and workers, according to PwC’s U.S. Remote Work Survey. Ultimately, this could mean that treasury teams may no longer see a need to centralise their operations regionally even after the pandemic ends.

Continuous remote work means fraud threats will remain elevated.

According to the 2021 AFP Payments Fraud and Control Survey, business email compromise (BEC) scams increased last year. This was likely due to the remote work environment making it more difficult to verify emails with colleagues. Security will continue to be paramount for treasury, particularly if it moves to a permanent model where some employees regularly work from home. Treasury teams will need to continue to use strong controls like multifactor authentication, single sign-on and virtual private networks to ensure that only the appropriate people have access to their systems. Additionally, treasury employees must be even more meticulous about setting approvals for payments so that fraud attempts will be thwarted. With Kyriba Payment Fraud Detection, treasury can stop fraud in real-time. Users can set pre-defined detection rules, to screen for suspicious transactions. Additionally, ML algorithms can identify and quarantine dubious payments for further review.

The cloud provides a failsafe for business continuity planning (BCP). 

Cloud-based treasury management systems aren’t only efficient modules to help treasury teams track cash and liquidity. They are also a key cog in BCP. Cloud-based solutions like Kyriba’s are hosted offsite in multiple locations, allowing your treasury department to function regardless of whether your team is working in the office or from a dozen different locations. So even if a new COVID-19 variant emerges, treasury teams can continue to function without interruption.

Making a Game Plan

While it’s unclear how soon offices will begin opening back up en masse, now is the time for treasury teams to begin planning for the shift. When the pandemic first hit, treasury functions had to respond quickly, and they did as best they could. Pivoting in this next phase won’t be seamless, but with the right protocols and technology in place, treasury teams can make smooth transitions.

Which Options Are There When It Comes To Bank Connectivity?

15-09-2021 | treasuryXL | Nomentia |

In this blog, we want to give an overview of the different options for bank connections from host-to host, direct connections through regional standards and SWIFT. On top of that we’ll also take a look at open banking APIs and what possibilities they might hold for the future.

Bank connections enable corporate customers to exchange messages with their banking partners. Companies need to have a relationship with at least one bank, in practice there are typically several banks involved, for example to exchange account information and sending payments. Bank connections are so to speak the backbone of your treasury department because they ensure the uninterrupted flow of information between your business process tools and banks, allowing you to create accurate cash forecasts, manage liquidity and the likes. Bank connectivity will remain a topic that corporate treasury departments need to decide how to approach. Now, let’s look at the different options for creating bank connections.

Direct host-to-host connections

One of our webinar polls showed there are still 30% of our respondents who maintain host-to-host connections with their banks. This means that typically the IT department sets up bank connections to specific banks. How those work in specific then depends on the bank. With some banks a host-to-host connection is needed for each country where the company is operating. Luckily many banks offer single point of entry connectivity which means that once you’re connected, you can use it to operate cash management messages in all or multiple countries where the bank has branches.

Since the bank is hosting the service, it also means that the bank is dictating all technical requirements and corporate customers need to adapt to changes the banks might make.

And change is imminent, especially when it comes to messaging formats, communication protocols and security requirements. There are for example client certificate renewals that come up usually every two years. Root certificates expire more infrequently but cause more maintenance work.

Another quite timely example is the Transport Layer Security (TLS) protocol version upgrade. TLS certificates not only have to be renewed from time to time, but older TLS protocol versions have known vulnerabilities and the banks are enforcing their clients to use newer versions all the time.

Maintaining direct host-to-host connection requires you and especially your IT department to make a commitment to maintain these connections day in and day out. Which requires special technical expertise from the IT department and a lot of resources, especially when you employ many host-to-host connections in your ecosystem.

Direct connections through regional standard protocols

The EBICS (Electronic Banking Internet Communication Standard) is a standard protocol that is used in Germany, Switzerland, and France. Also, banks in other countries are testing this standard.

The challenge with EBICS has been that different countries have their own versions of the standard. In 2018 EBICS 3.0 was launched with the goal to harmonize the differences and to make it easier to communicate across borders. In practice Germany and Switzerland are still using EBICS 2.5 and it will take until November 2021 until EBICS 3.0 becomes mandatory for banks in Germany.

Some international banks have adopted EBICS into wider use. Which means that corporations familiar with EBICS may use it for message exchange and authorization in other countries as well. Only the future will show if EBICS fulfils its vision of becoming the pan-European standard protocol for bank communication.

Connections through SWIFT

Companies can connect directly to the SWIFT network and with that get connected with over 11 000 financial institutions in more than 200 countries. SWIFT is hosting and maintaining the global network for that. It’s highly secure and reliable. It’s a single gateway that almost sounds like it opens the door to paradise for you, at least in the mind of someone who spends his time building host-to-host bank connections for single banks. You are empowered to change banking partners based on your business needs without having to worry about establishing new connections.

SWIFT has a sort of do-it-yourself approach by providing Alliance Lite2 to companies. And here comes the other side of the coin. A direct connection to SWIFT is costly and requires time and resource-demanding integration. In addition, you need to comply in full scope with the SWIFT Customer Security Programme (CSP) that requires all their members to protect their endpoint, because naturally, they need to protect their network.

Most corporate customers use a SWIFT Alliance Lite2 Business Application (L2BA) provider or a Service Bureau for the connection. In the L2BA model, a service provider takes care of handling all necessary requirements to connect to the Swift network and you buy your bank connections pretty much as a service. Often this is packaged with other products and solutions you might use.

Open banking APIs

Open banking APIs are one of the most interesting developments. We already see banks all across Europe offering premium APIs for corporates that go beyond what is possible today.

Open banking APIs are set to bring a real-time component to the game that hasn’t been there so far. In the past there was no way for external systems to fetch for example real time balances from banks, but this is about to change. While as previously, corporations would execute batch payments, with open banking APIs this will be possible whenever a payment is needed with instant effect. Looking at balances and payments is the beginning of new solutions that will be available to corporate treasury.

Open banking APIs is something that companies and providers such as Nomentia will need to take into account for their roadmap because this is clearly where we will be able to provide innovative solutions for our customers in the future.

What’s the verdict?

It would be great to give an easy answer to this question. But it’s just not that simple. As I outlined above, all connection methods have pros and cons It really depends on your needs and internal structures what you need.

WATCH OUR WEBINAR ABOUT BANK CONNECTIVITY

 

 

Nomentia Acquires TIPCO: A union of exceptional products and teams

08-09-2021 | treasuryXL | Nomentia |

Nomentia announced yesterday that the company has acquired TIPCO Treasury & Technology. Shortly after the news was released, we had the chance to sit down with Jukka Sallinen, CEO of Nomentia, and talk about the announcement, what does the acquisition promise for finance and treasury professionals globally, and what does the future hold for Nomentia.

The acquisition of TIPCO is the latest milestone in Nomentia’s history. What’s the reason behind the transaction?

There are a couple of reasons. First and foremost, we’ve felt that both companies share a very similar mission. We want to provide unparalleled solutions for and with our customers. TIPCO’s Treasury Information Platform (TIP) is an exceptional treasury management solution that is widely known in the DACH region, and TIPCO has been also famous for its acumen in treasury. Our combined solutions and domain expertise make us one of the strongest players in the cloud treasury and cash management space. I have no doubt that our current and future customers will benefit from our combined product portfolio. Another good reason for joining forces with TIPCO is that we’ve strongly felt that both companies have had surprisingly similar cultures – both have a very healthy obsession for providing the best solutions for our clients and we take pride in what we do.

 

Tell us more about the merged product portfolio and how treasury teams will benefit from it?

Before the acquisition, Nomentia cash management was consisting of Bank connections, Payments, Cash Forecasting, In-house banking, Bank Account Management, and Reconciliation solutions. Adding TIP to the solution mix, we can now provide robust and sophisticated cash flow forecast and cash visibility solutions, as well as solutions for trade finance, FX risk, treasury reporting and treasury workflows, and more. TIP has been always loved by the users and now all Nomentia customers will have access to TIP.

Today, it’s not feasible for treasury teams and finance teams to choose one provider for all their needs or trust that their ERP system would provide a working solution alone. Treasurers should be able to choose the solutions that can best resolve their challenges and meet their needs. To get the best outcome, finance and treasury teams often need to work with multiple vendors – taking the best solution from each. Of course, that’s not always ideal from IT’s point of view, but that’s where our team comes in to take care of the implementation plan together with the client and integrate with their existing systems and banks. We trust that a lot of our current customers will find new solutions from our updated offering that can help them to overcome their current challenges.

New customers will find that Nomentia can offer the widest cash and treasury management solution portfolio on the market to help them build better treasury processes.

 

How does the acquisition affect Nomentia’s future?

During the past year, Nomentia has taken big steps toward becoming the global powerhouse for treasury and cash management. After last year’s merger of OpusCapita and Analyste, we’ve successfully got our footprint in many new markets, and we’ve been especially growing in the DACH and Benelux regions besides continuing to be the number one choice of treasurers in the Nordics. Acquiring TIPCO and merging the two product portfolios will help us to strengthen our position in Europe even more.

Our team has been also growing significantly – it’s always great to work with people that are experts in their field and can truly help our customers to develop their operations. Together, we will exceed our customers’ expectations with our strong product portfolio and even stronger team. Personally, I am thrilled about the news and can’t wait to roll up our sleeves and get to work together with our new colleagues!

 

Read the press release to learn more

 

 

Strategic Treasurer’s Analyst Report Series: Treasury and Risk Management Systems

06-09-2021 | treasuryXL | Kyriba |

This document contains a comprehensive illustration of the current state of treasury technology and the exciting future direction using new tools that are already with us. This FinTech analyst report from Strategic Treasurer takes a look at the current health of the TMS space and what benefits can come from implementing a treasury management system in your operations. Additionally, this report covers emerging technologies within treasury, such as the use of robotic process automation, artificial intelligence, and more.

Understand the current TMS space and its benefits

The Treasury and Risk Management Systems Analyst Report offers a thorough evaluation of the TMS space by covering the emerging uses of AI/ML (artificial intelligence and machine learning), RPA (robotic process automation), and API (application programming interface) technologies in treasury.

It also discusses:

  • The place of a TMS/TRMS in business continuity planning and preparing for disruption and volatility
  • The best practices and proper mindsets for avoiding pitfalls in selecting, making a business case for, and implementing treasury technology
  • The varied ways in which these solutions address the day-to-day pain points and inefficiencies of treasury departments

Download it now!

What to Consider When You choose your Bank Connectivity Strategy? 7 Important Criteria

| 01-09-2021 | treasuryXL | Nomentia |

Most organizations would benefit from some form of Bank Connectivity as a service. But just deciding on outsourcing bank connectivity won’t magically make all those connections appear. In this blog, we’ll cover 7 important criteria you should think of when evaluating different options.

1. In which banks do the majority of your payments flow?

Make a list of all banks that your organization is connected with and include all banking relationships from all your subsidiaries. We have noticed in interactions with our customers that this first step can be eye-opening at times. Often, we have an idea of the different banking relationships but then there are still local bank relations that might not be that visual to your treasury function. It also provides you with a good understanding of how many bank connections you would need and whether you would benefit from simplifying your banking landscape before implementing a bank connectivity solution. If your organization is only working with 5 banks altogether the story is very different from an organization that has relationships with 20+ banks.

After mapping this out, you might want to apply the 80/20 rule: typically, you would first set up connections to the strategic banks that cover 80% of your payment flows. A cloud-based software from a Cash Management specialist will most likely be able to provide you these connections as part of their out-of-the-box functionality.

2. Evaluate your use of local banks

Even if you expand the use of strategic banks to more countries, you might still find a set of local banks that you cannot replace. Typically, a discussion about bank connectivity increases in complexity when the long tail of local banks comes into play. That’s where you need to ask yourself why you are working with local banks. Is it for collecting money, for making payments from a regulatory point of view or because of specific needs within your local business?

Having visibility on Cash is straightforward while covering payment flows is not easily justified from a direct cost savings point of view. At the same time payment fraud plays a role in the local banks. You might want to consider a solution to replace internet banks for manual payments with a centralized solution. Then, the business case cannot be backed up by direct cost savings, but cost-efficient risk mitigation.

3. How consolidated is your banking landscape?

After mapping out all your banks in a first step, you know your strategic banks. Now it’s time to take a look at which countries are covered by these strategic banks. Would it be a good time to reduce your banking relations by using a certain set of strategic banks in more of your countries in order to reduce the number of domestic banks?

4. How many file formats and payment types do you have in use?

It is a different thing to set up credit notes and treasury payments only, as opposed to also including domestic payments, salary payments, and tax payments. We recommend having a solution for all your payment types and file formats: this is the only way to get rid of the internet banks and the tokens.

5. Are you concerned about payment fraud and information security?

You should have a solution to cover all payment types in all countries with all banks. That is the only way to have a full audit trail and control in every country. A centralized payment process enables centralized validation and control. We have covered the topic of payment fraud extensively.

In our case, having bank connectivity as a cloud service lets you benefit from a platform, which invests annually roughly 1bn$ in information security. From an information security perspective, this lets us concentrate on application-level security, which is annually audited by 3rd parties.

6. Are you interested in having transparency in your bank fees?

Modern bank connectivity solutions enable transparency in banking fees: Having bank agreements and the related fees included and matched against the banks’ reports. Even more transparency can be gained with services like SWIFT GPI: SWIFT GPI enables banks to provide bank fee information for the e2e chain. Not all banks support these features yet.

7. Choose wisely

Once you go through the questions and mappings outlined above you are at a good place in making your decision for the right bank connectivity provider. It might seem tedious at times and one might think of bank connections as a mere technical thing, but they are so much more. We feel this is a perfect moment to evaluate all your processes and look at ways to harmonize them.

It’s also a great way to work closely together with your colleagues. We recommend approaching this topic in a project team between treasury, finance and IT: From an IT perspective you want to minimize the IT-footprint, finance will run the daily operations and treasury sets the policies and controls.

DOWNLOAD OUR BANK CONNECTIVITY WHITEPAPER

 

 

A Culture of Fraud Prevention: It’s Everyone’s Responsibility

23-08-2021 | treasuryXL | Kyriba |

It seems like every day there is a new fraud headline. As a result, companies are learning that preventing fraud needs to be a responsibility of all employees in the organisation. To prevent fraud, an organisation needs to focus on education through training, standardized controls, and IT policies on top of a strong technology solution.

The threat of fraud has grown dramatically in recent years. In fact, according to the 2021 AFP Fraud and Control Study, overall, 74% of companies have experienced fraud or attempted fraud. Your organisation needs to be prepared and Treasury activities need to support identifying and preventing fraud. Recently, I had a conversation with a Treasurer who said, “if it’s (fraud) not on your mind in Treasury, you’ve already lost”. He went on to talk about how much more difficult it is to manage fraud when you have a decentralized Treasury team.

Best in class fraud prevention is about having a strong overall ecosystem, culture and technology – the fabric of an organisation. Fraud prevention must be top of mind for everyone in the company. Specific training should be included in introductory orientation as well as ongoing training and annual awareness campaigns. Individuals need to be able to identify potential phishing and Business Email Compromise (BEC) campaigns to ensure they don’t become victims.  It only takes one person to make a poor judgment call to allow access into a company’s system. It’s also important to consider cultural differences for offices in other parts of the world. Fraudsters are taking advantage of cultural norms. In some Asian countries it’s natural to defer to individuals with seniority. For example, receiving a message from the CFO to make a payment wouldn’t normally be questioned. Make sure that all individuals have a way to share, escalate and/or stop a transaction when there could be potential problems.

Standardised procedures are essential. With BEC, fraudsters assume that using the name and email of senior members of the management team, such as the CEO or CFO, will cause employees lower in the organisational hierarchy to do as instructed without question. To combat this, it is imperative that the procedures set up require strict adherence, and that senior management provides an environment where fewer senior members of the team are comfortable asking whether a payment is legitimate. If multiple ERP systems exist, ensure that consistent approval processes are in place across all systems. For smaller regional offices, set up procedures and approvals to ensure that separation of duties is in place and that you have visibility to the activities in remote offices. Some fraudsters like to target attacks on regional offices in hopes of bypassing some of the more stringent processes that are in place at headquarters.

 

Having an IT focus on fraud prevention and policies that support these efforts is also essential. IT should ensure that employees are password protected and that their passwords aren’t easily guessed. They should maintain strong firewalls and keep current on technology to identify potential hacker activity. In addition, it is helpful to randomly test employees with phishing emails to assist employees in recognizing fraudulent emails.

Finally, technology solutions to identify fraud are a critical component of fraud prevention. Solutions should include rules-based fraud detection that identifies multiple scenarios, for example situations where a vendor bank account number has changed. These transactions should be flagged and sent for validation. An individual should call the company using a phone number that is listed in the system of record. Or, the transaction should be sent for account verification allowing for confirmation that the bank account is owned by the organisation that is to be paid, and not some fraudulent entity. Account verification is a new tool that is being added to rules engines. It allows you to increase your confidence that the account is owned by the entity with which you have a relationship without having the time-consuming process of having to reach out to the entity directly to verify. The verification is quick and doesn’t slow down legitimate payments. Your fraud technology solution should also identify other fraud situations that you and a community of your peers have experienced or considered.

Machine learning to identify payment anomalies based on transaction history is also critical. It allows for patterns to be identified in the immense amounts of transactional data that your organisation has accumulated and then to match that in real-time to your specific transactions to identify potential fraud. This added layer of protection looks for behaviours that may not be identified by the human eye – timing of invoice receipt or change in the frequency of payment requests. The system continually adapts based on the information that it is tracking and provides suggestions when it identifies potentially fraudulent behavior.

Fraudsters continue to attack since they only need to find that one weak link on one day with a single person in your organisation. It’s up to you to make sure that the individuals in your company are prepared for the attack. Ensure that you have a training program that helps your employees identify potential fraud attempts. Define, monitor and enforce policies that support segregation of duties and consistent processes throughout the organisation. Confirm that your IT department is staying on top of technology that identifies and prevents hackers and supports best practices when establishing policies across the organisation. Last, but certainly not least, make sure that you are utilizing best-in-class technology to identify potentially fraudulent payments to stop those payments from going out your door. Some treasury solution providers use the terminology fraud detection tools to refer to having sanction screening or workflow tools in place while others notify you of a fraudulent item after the transaction is sent to the bank. A best-in-class technology solution combines workflow tools and approvals in addition to a robust rules engine and machine learning to identify potentially fraudulent transactions in real-time. Giving you an opportunity to stop any transaction before it leaves your organisation.

Preventing fraud is something that everyone in your organisation needs to commit to in order to prevent fraudsters from being successful.

How to Start Avoiding Payment Fraud from Happening

| 18-08-2021 | treasuryXL | Nomentia |

It’s 2021 and even with advancing technologies and AI detecting fraudulent behavior, payment fraud remains an ever-present Risk for any company.

The other day we met with someone who has recently been a target of Payment Fraud and is now implementing a payment factory in order to reduce the risk. We wanted to take a look at how we approach the subject with our solution. Having the right software in place is important, sure but it goes beyond technology.

Let’s start with the Software, Nomentia’s Cash Management solution has several mechanisms in place that protect you against fraud.

Here’s a Quick list

  • First of all, our software creates a single point of managing all payments. We talk a lot about centralizing, and this is just that. Our product brings all these payments into a single view. If we think of a typical case, a company might upload some payments to internet banks, some to a service bureau, use host-to-host connections for others and maybe even run some payments via SWIFT. That creates at least 5 times X channels where payments are executed. This means all payments can’t be seen from one view, which already makes it impossible to detect fraudulent or suspicious payments. But in addition, those 5 times X channels also mean 5 times X places where user rights need to be maintained and controlled.
  • This brings us also to the second point; our software comes with a comprehensive user and user rights management. Our software creates a clear structure and visibility as to who has rights to which companies and accounts and what kind of user roles they are having. We create visibility and an easy way to maintain those rights.
  • When payments are transferred from one source system such as ERP, payroll and the likes to our cloud, files cannot be altered. This creates additional security measures that protect companies from attacks.
  • Lastly, we have created capabilities to set up straight forward approval flows that ensure a segregation of duty into the way payments are done, within the users’ approval limit. Approval limits can be set for each user when working in different roles for multiple companies.

Those are the things that come built into our software. But it’s important to highlight one key fact, most fraud attempts have a human factor and that’s why it’s important to look beyond the software and take a critical look at the processes. As a matter of fact, despite all the noise about external risks, fraud and theft are more likely to be committed by an internal actor than an external actor (Source: FBI Internet Crime Complaint Center).

In other words, if you focus on validating data for possible fraud, you probably should take steps to minimize the possibility of fraud in the first place. Otherwise, proverbially speaking, it’s winter (Northern Finland winter for that matter) and you are going out in shorts and with wet hair.

Apart from controlling user access rights, we would like to share some more tips and ideas that can help to mitigate the risk of fraud.

  • Payments that are made from ERP but rejected by the bank cannot be modified by all users. In practice this means when a payment is made from the ERP system but rejected by the bank, it bounces back where users need to review the failed payment, before sending it to the bank. Fixing the payment data on ERP master data instead of manual adjustments. This would highlight and prevent for example internal fraud attempts.
  • Consider working with your system admins to install payment templates that your end users can use. This decreases the risk for fraud and error by limiting the manual work of filling in information.
  • Make use of the full audit trail that we provide. You can see the whole lifecycle of a payment from its creation to its reconciliation, including by whom and which changes were made, who has approved and sent the payment.
  • Create clear rules on manual payment creation. We enforce a 4-eye approval flow before sending it. In manual payments, there might be a reason to have more than 2 persons approval. If you are having SSC’s in use or even multiple SSC globally. Use the standard 4-eye approval flow locally but have additional approval from another SSC to reduce the internal actor.

These are a few ideas from our side. We are always happy to hear more ideas and feedback on how we can together create safe payment processes.

DOWNLOAD PAYMENT FRAUD E-BOOK

 

 

Does your business need a DNB license? You need to take these 8 steps

07-02-2020 | treasuryXL | Enigma Consulting

Anyone that provides payment services in the Netherlands must either hold the appropriate licence issued by DNB or be excepted or exempted from the licensing requirement. A payment service provider may start operations only after DNB has issued its licence or after it has entered the provider in the register as an exempt payment service provider, unless it is excepted from the licensing requirement by law.

Do you need help in your DNB License application process?

The consultants at Enigma are highly experienced in license applications. Their clients often have widely divergent reasons for applying for a licence. For example:

  • Innovative companies that wish to utilise the opportunities offered by new payment rules for account information services and payment initiation services, such as fintech businesses and accounting software providers.
  • UK-based businesses that have decided to apply for a license in the Netherlands and to serve Europe from here because of the consequences of Brexit.
  • Asian and American companies that wish to use the Netherlands as a base for setting up their worldwide Payment Gateway.
  • Companies that can no longer utilise exceptions that were possible in PSD1 because of PSD2 and are therefore applying for a license to operate as a payment service provider.

Enigma has a multidisciplinary team, which offers the benefit of us being able to offer all areas of expertise required for license applications. The result is an application of which all elements meet the quality criteria of the supervisory body, which means a quicker assessment and granting of a license by the DNB.

You no longer need to be a bank to offer payment services. The Dutch Act on Financial Supervision applies in the Netherlands for the purpose of increasing competition and protecting consumers. This law makes it possible for payment institutions to offer payment services.

The law differentiates between 8 different types of payment service providers.

There are the classic payment service providers and electronic money institutions, but since the introduction of the PSD2 European payment guideline, there are also newer variants of account information service providers (AISPs) and payment initiation service providers (PISPs). Payment services offered include the administration of bank accounts, the transfer, deposit or receipt of funds, or the issuing or acceptance of payment instruments (such as cards).

So when is a licence required for a service? And what are the criteria that must be met?

A successful licence application for each type of payment institution is a question of thorough preparation and adequate quality assurance.

The steps required for an efficient, successful application at a glance:

1. Check whether a licence is required to offer the service

A payment service does not necessarily require a licence. Exceptions include services in which payment is made with a payment instrument with limited options for use. Neither is a license required if transactions take place in cash only and no bank account is involved.

2. If a licence is required, check whether an exemption applies

If step one indicates that a licence is required, check whether exemptions apply. A number of conditions need to be met in order to make use of that exemption. We have listed 3 below.

  1. Payment services are intended exclusively for people living in the Netherlands
  2. The monthly volume is less than 3 million Euros
  3. Asset segregation is managed by means of a trust account, bank guarantee, or comparable guarantee

If the conditions for an exemption appear to be met, then this also needs to be applied for from DNB. This application is also subject to considerable requirements. If these requirements can be met and the application for a licence has been submitted, the DNB will assess whether an exemption should be granted. If so, they will enter the exempted payment service provider into the public register.

3. Prepare the file and make the necessary organisational changes

Having completed the first 2 steps, it is clear that a licence is required and that the service does not qualify for an exemption. In that case, the payment institution must meet various criteria to be able to offer its services. These include:

  1. Demonstrating the reliability and suitability of policy makers
  2. The integrity of the company’s operations
  3. Controlled governance
  4. Surety of the funds
  5. Evaluation of the day-to-day policy makers
  6. Minimum equity and solvency requirements
  7. No Objection certificate

This is about managing operational processes and business risks, such as safeguarding the funds of the payment institution’s clients. Policy and procedures, such as a client acceptance policy, transaction monitoring, a compliance charter, and a procedure for reporting irregular transactions need to be formulated. In most cases, a ‘risk management’ policy needs to be formulated and a risk & compliance officer needs to be appointed.

4. Submit the application to De Nederlandsche Bank

All the supporting documentation for the application then needs to be submitted to the DNB. The application form that must to be completed and signed serves as the basis. The DNB decides whether to grant a licence within three months of receipt of a license application from a payment institution. Note that the three months only start once all the necessary documentation has been received. There are costs involved in applying for a licence from the DNB.

Enigma Consulting’s experience is that the DNB usually asks various questions and that the lead time for a licence application normally exceeds 3 months.

5. Implement the new policy and corresponding procedures in the organisation

When compiling the file, the implementation of specific policy and corresponding procedures in the payment institution is already a big step. Ensure these activities have actually been implemented by the company before the licence is granted. Do not underestimate this process, because depending on the size of the organisation, this step can be moderately to very resource intensive.

Experience

Thanks to Enigma Consulting’s extensive experience of the application procedure and short lines of communication with DNB, they can advise and support you in each step of the application process, whether it involves an application for an exemption, or a licence for a payment services provider, electronic money institution, account information services provider, or payment initiation services provider.

There is also the option of temporary deployment of a risk & compliance officer to share best practice and train your staff internally. Enigma possesses considerable experience in all stages of the application process. They can assist you in compiling the file and in setting up your organisational processes.
Contact Enigma Consulting with no obligation if you would like to discuss your objectives.

Geert Blom
Senior Consultant at Enigma Consulting

License application for payment services in 5 steps

| 27-9-2019 | treasuryXL | Enigma Consulting

License applications from DNB: Enigma knows what is required!

If a business processes payment transactions or wants to become an account information service provider (AISP) or payment initiation service provider (PISP), it requires a license from De Nederlandsche Bank (DNB).

The consultants at Enigma are highly experienced in license applications. Our clients often have widely divergent reasons for applying for a licence. For example:

  • Innovative companies that wish to utilise the opportunities offered by new payment rules for account information services and payment initiation services, such as fintech businesses and accounting software providers.
  • UK-based businesses that have decided to apply for a license in the Netherlands and to serve Europe from here because of the consequences of Brexit.
  • Asian and American companies that wish to use the Netherlands as a base for setting up their worldwide Payment Gateway.
  • Companies that can no longer utilise exceptions that were possible in PSD1 because of PSD2 and are therefore applying for a license to operate as a payment service provider.

We have a multidisciplinary team, which offers the benefit of us being able to offer all areas of expertise required for license applications. The result is an application of which all elements meet the quality criteria of the supervisory body, which means a quicker assessment and granting of a license by the DNB.

You no longer need to be a bank to offer payment services. The Dutch Act on Financial Supervision applies in the Netherlands for the purpose of increasing competition and protecting consumers. This law makes it possible for payment institutions to offer payment services.

The law differentiates between 8 different types of payment service providers.

There are the classic payment service providers and electronic money institutions, but since the introduction of the PSD2 European payment guideline, there are also newer variants of account information service providers (AISPs) and payment initiation service providers (PISPs). Payment services offered include the administration of bank accounts, the transfer, deposit or receipt of funds, or the issuing or acceptance of payment instruments (such as cards).

So when is a licence required for a service? And what are the criteria that must be met?

A successful licence application for each type of payment institution is a question of thorough preparation and adequate quality assurance.

The steps required for an efficient, successful application at a glance:

1. Check whether a licence is required to offer the service

A payment service does not necessarily require a licence. Exceptions include services in which payment is made with a payment instrument with limited options for use. Neither is a license required if transactions take place in cash only and no bank account is involved.

2. If a licence is required, check whether an exemption applies

If step one indicates that a licence is required, check whether exemptions apply. A number of conditions need to be met in order to make use of that exemption. We have listed 3 below.

  1. Payment services are intended exclusively for people living in the Netherlands
  2. The monthly volume is less than 3 million Euros
  3. Asset segregation is managed by means of a trust account, bank guarantee, or comparable guarantee

If the conditions for an exemption appear to be met, then this also needs to be applied for from DNB. This application is also subject to considerable requirements. If these requirements can be met and the application for a licence has been submitted, the DNB will assess whether an exemption should be granted. If so, they will enter the exempted payment service provider into the public register.

3. Prepare the file and make the necessary organisational changes

Having completed the first 2 steps, it is clear that a licence is required and that the service does not qualify for an exemption. In that case, the payment institution must meet various criteria to be able to offer its services. These include:

  1. Demonstrating the reliability and suitability of policy makers
  2. The integrity of the company’s operations
  3. Controlled governance
  4. Surety of the funds
  5. Evaluation of the day-to-day policy makers
  6. Minimum equity and solvency requirements
  7. No Objection certificate

This is about managing operational processes and business risks, such as safeguarding the funds of the payment institution’s clients. Policy and procedures, such as a client acceptance policy, transaction monitoring, a compliance charter, and a procedure for reporting irregular transactions need to be formulated. In most cases, a ‘risk management’ policy needs to be formulated and a risk & compliance officer needs to be appointed.

4. Submit the application to De Nederlandsche Bank

All the supporting documentation for the application then needs to be submitted to the DNB. The application form that must to be completed and signed serves as the basis. The DNB decides whether to grant a licence within three months of receipt of a license application from a payment institution. Note that the three months only start once all the necessary documentation has been received. There are costs involved in applying for a licence from the DNB.

Enigma Consulting’s experience is that the DNB usually asks various questions and that the lead time for a licence application normally exceeds 3 months.

5. Implement the new policy and corresponding procedures in the organisation

When compiling the file, the implementation of specific policy and corresponding procedures in the payment institution is already a big step. Ensure these activities have actually been implemented by the company before the licence is granted. Do not underestimate this process, because depending on the size of the organisation, this step can be moderately to very resource intensive.

Experience

Thanks to Enigma Consulting’s extensive experience of the application procedure and short lines of communication with DNB, they can advise and support you in each step of the application process, whether it involves an application for an exemption, or a licence for a payment services provider, electronic money institution, account information services provider, or payment initiation services provider.

There is also the option of temporary deployment of a risk & compliance officer to share best practice and train your staff internally. Enigma possesses considerable experience in all stages of the application process. They can assist you in compiling the file and in setting up your organisational processes.
Contact Enigma Consulting with no obligation if you would like to discuss your objectives..

Geert Blom
Senior Consultant at Enigma Consulting