BCR Publishing
We are the leading provider of news, market intelligence, events and training for the global receivables finance industry.
Working with industry leading organisations, experts, governments and universities, BCR Publications delivers expertise in factoring, receivables and supply chain finance to a global audience.
BCR has long been a beacon of innovation and excellence in the realm of receivables finance, playing an instrumental role in shaping the industry’s international landscape. Through its comprehensive conferences, insightful publications, and thought leadership, BCR has facilitated crucial dialogues and connections among industry professionals, driving forward the development of receivables finance globally.
Follow BCR Publishing
Free passes
For corporate treasurer roles/functions!
A 360 Degree View On Security
| 13-10-2021 | treasuryXL | Nomentia |
One would think data protection and security measures are baked into our identity as digital people, especially in a year where we are working remote more than ever. But is it though? The breaches show that security is too often seen as something to kind of ‘wing it’. And there is an eternal question whether the best way to a secure IT environment is to educate the employees to make the right decisions or to put measures into place.
We personally believe that security and combatting Fraud is a combination of people, processes, and tools. Security literacy is a skill everyone should have and constantly develop, and companies can further support this by making use of tools such as multi-factor authentication to mitigate risks and implementing processes to keep their corporate environments safe. We think security deserves a 360 degrees view in an organization that is implemented throughout their solution landscape.
Login & User access control
This is a simple thing organisations can implement either with Single-Sign-On and/or multi-factor authentication. Multi-factor authentication (MFA) is a method of authentication that requires the use of more than one verification method and adds a critical second layer of security to user logins. A user is only granted access after successfully passing all authentication phases. The different factors are based off of different things as opposed to a simple password which bears some vulnerability. The first authentication phase is based on knowledge. A person needs to know their username and password, and this can also be initiated through single sign on with corporate credentials for a further security increase. The second authentication phase is based on possession. A person must possess and have access to a mobile phone to for example receive a code per text message or a phone call to double authenticate the log-in.
In practice this means, even if a username and password get compromised, cyber criminals will still not be able to login to the account protected with multi-factor authentication. And neither does a stolen mobile phone as both phases are required for a successful login.
One of the potential downsides to multi-factor authentication is that it adds one extra step in the process. And I can admit myself, every time I am going through the process of logging into our internal tools, we are sometimes a bit impatient while waiting for the text message. But it’s a small trade-off for security. Especially since single-sign on also adds convenience.
Single sign on means that people can log into systems with their corporate credentials and just speed up the process on that end. It’s fast and adds an additional security layer which is extremely powerful if paired with MFA.
Integrations
This is a crucial part in terms of security. We believe that monolithic enterprise platforms are dead and best-of-breed solutions that are highly integrated are the future. This best-of breed approach however also ads emphasis on the need to ensure the integrations are safe. Which data is travelling via which channels from where to where? How is the data in transit being secured from theft and man-in-the-middle attacks?
The first step is to map out all needed integrations and systems and create a use case scenario and based on this define the needed setup. For instance, in the context of cash management you might for instance end up protecting payment information with a higher security standards than a simple accounts payable extract that is used to cash forecasting only. The key is to have a companywide and regularly maintained risk analysis process that recognizes risky areas, measures the levels of set controls (preferably audited by external experts) and constantly comes up with better and better controls.
User access control
Understanding and carefully designing which user has access to which data and processes is not bullying your employees but is a crucial step in setting processes in place that further support security. In our case, our customers need to answer questions such as: which user can approve payments, who can add a new account number to the system, who can manipulate user rights, who can make a manual payment, or who can view balance information from banks and the likes.
Infrastructure and Platforms
Making sure that you run your IT infrastructure and solutions on secure platforms is a crucial control point. One would think that in this day and age that shouldn’t be a question anymore, yet we would recommend checking this anyway. How is the user access to databases and servers or other backend artifacts controlled? Are your administrators using multi-factor authentication? Have you segregated the so-called privileged access and user accounts? Do you keep a list of such accounts? Do you collect logs from your systems and store them securely?
Many industry standards come handy here. For us relevant standards are for instance ISO 27001 and ISAE 3402 auditing framework. In our domain particularly relevant is SWIFT Customer Security Program (CSP) which is a security framework developed and derived for financial industry from such international standards such as NIST and PCI DSS. All these standards should not be considered just as acronyms but a toolbox that can help you to build a company culture that takes security seriously in every step and by every employee in every role.
Security comes from within
Above are the steps that each organization can take to ensure that their set-up is secure. Let’s face it, there is no such thing as absolute security. But by establishing a strong security culture in your organization we believe you can make it really hard for criminals to gain access to our systems.
If you want to reach have an assessment of your security measures in terms of people, processes and tools for your cash management, please get in touch with us and we will assess your set-up and provide you options how you can further tighten your security. Cash is king, but hopefully a well-protected king.
CONTACT US
Question treasuryXL Panel #2 | How is PSD2 being applied in a business context?
12-10-2021| treasuryXL | Cobase |LinkedIn |
treasuryXL is the community platform for all your relevant treasury questions.
We received the following question from one of our followers…
QUESTION
“As a treasurer, efficient and risk-free handling of payments and reporting are top of mind. In the daily news I read a lot about PSD2, but why don’t I see much of this being applied in a business context?”
ANSWER
We asked for assistance of our highly valued partners to answer the question: Joost Kevelam, Head of Sales and Head of Financial Markets & Risk Solutions at Cobase.
With his expertise he could help out our contact perfectly!
Joost Kevelam responds:
“That is a great question. Today PSD2 is very much geared towards retail users. For corporate usage, we see three key hurdles that need to be cleared.
Firstly, for reporting purposes PSD2 still demands use of bank-specific tokens; either for periodical consent (for reporting) or for each payment. For treasurers that have several banks this is prohibitive.
Secondly, corporate treasurers want to connect in such a way that they can do all their cash management tasks in their ERP and the ERP then connects (unattended) to all their banks. The banks’ PSD2 (or Open Banking) connections often do not support these patterns.”
Lastly PSD2 protocols vary wildly across banks, there is no standard yet. Developments in the right direction are unfolding slowly.
In the meanwhile there are solution providers in the market that offer much of the touted future PSD2 benefits, but with technology that is already easily available today (e.g. swift, host-2-host and other APIs). If you select a provider, please consider whether they have the license and capability to easily migrate you to the PSD2/Open Banking interfaces once they are suitable for corporate usage.
Feel free to contact me if you wish to discuss how these technologies can make your life as a treasurer easier.
Do you also have a treasury related question? Feel free to leave your question at our treasuryXL Panel. The panel members are willing to answer your question, free of charge, no commitment.
No More Excuses! It’s Time to Implement the Right Hedging Program
11-10-2021 | treasuryXL | Kantox
More than half the participants of the Kantox & TMI FX Survey describe their existing currency hedging program as inadequate. And that’s not all: 72% of participants admit the need for updates and changes to their policies and programs going forward.
How do we account for this widespread inadequacy? The answer is simple. Most managers start by assessing the available Treasury resources. Only then do they set up the firm’s hedging programs.
This is the wrong approach.
Instead, managers should start by assessing the FX needs of the business, paying special attention to the firm’s pricing parameters. Only then should they design the hedging program.
Over-hedging —the situation of a firm that has hedged in anticipation of an exposure that has failed to materialise— is a perfect example of the challenges posed by a program designed with the available technology. As the Kantox & TMI Survey shows, it is one of the most pressing concerns for treasurers.
The problem of over-hedging is often associated with a ‘lack of visibility’ in treasurers’ forecasts. The apparent solution then is to ask for more staff to be hired at the Treasury team.
At Kantox we disagree with this diagnosis.
More often than not, over-hedging is the byproduct of a hedging program that was badly designed from the start—and where the wrong tools were applied. Spreadsheets, TMSs or ERPs, were never designed with FX management needs in mind.
That’s why it is becoming more and more important to use technology that is flexible enough to allow managers to deploy FX programs that are tailored to the specific needs of the business.
Starting off on the right foot
Take the case of a company that does not update its prices frequently, yet has an FX-sensitive business model, favourable forward points, and a low degree of forecast accuracy. It would be hazardous for such a firm to rely on a traditional ‘static program’ where the whole budget is hedged at the start of the period.
Instead, the magnitude of an early static hedge should be kept within the bounds of what is nearly 100% certain in terms of accuracy. For the rest of the budget, a more dynamic combined program —based on firm commitments— can be designed.
Such hedging programs and combinations of programs can be tailored to fit any business model and pricing parameters. By applying these programs, companies make sure that situations of under or over-hedging are avoided, and that a hedge rate that is equal or better than their budget/campaign rate is systematically achieved.
But this requires technology.
A game-changer: Streamlining the end-to-end FX processes
There is a way out of the costs created by inadequate hedging programs. As Antonio Rami, Kantox’s co-founder and Chief Growth Officer put it during a recent Kantox webinar: “By using technology to streamline the end-to-end process of FX risk management —from the pre-trade phase down to the accounting tasks— companies can sidestep the pitfalls of softwareless currency management”.
Armed with a thorough understanding of the FX needs and pricing dynamics of their business, companies can deploy the Currency Management Automation solutions needed to create —and to execute— the hedging program that best suits the business.
It’s high time to ditch excuses like the ‘lack of visibility’, ‘high FX volatility’ and ‘insufficient treasury resources’.
Start off on the right foot instead. Look at the needs of the business first, and then go for the hedging program that allows your firm to take advantage of emerging growth opportunities—just about anywhere in the world.