While 20% of firms would overhaul their payment processes to improve visibility to cash and 27% to reduce costs, the great majority (33%) would go through such a project specifically to boost their capabilities for tackling fraud. That was the key finding that emerged from recent white paper Payments Market Study 2015, published by Fidelity National Information Services (FIS – previously SunGard).
In an era of heightened concerns over how cybersecurity covers internal systems, staff, customers and clients, that figure is a real sign of the times.
Payments used to be an extremely technical field, but thanks to a gradual streamlining of formats, that is no longer the case. A number of drivers have spurred this streamlining – from our banks’ use of SWIFT to initiatives such as the single euro payments area (SEPA) and the Common Global Implementation group’s work to develop the ISO 20022 standards for financial communications software.
Those factors have all helped to whittle down a lot of cumbersome complexity that has tended to clutter the field. At the same time, payment platforms themselves have evolved, becoming far more flexible, as well as easier to deploy and implement.
That greater standardisation means that setting up a payment factory has never been easier. The enhanced visibility and internal controls that a factory provides gives treasurers not just complete, end-to-end views of payment flows across their entire organisations, but significantly improved defences against fraud.
Indeed, one key benefit to corporates of the visibility provided by a payment factory’s controls is the means to prevent fraudulent transactions from even occurring.
One prime example of a common fraud threat that corporates face all too often is the forgery of a credit account number. Criminals would typically achieve this by one of two different methods:
Amid these deceptive practices, which are chosen deliberately to slip by unnoticed, what can corporates do to shield themselves against the underlying threats?
Beyond providing a high-level check that payments are not being sent to countries where the corporate does not typically have suppliers, a dedicated payment factory can offer corporates additional controls, such as a ‘whitelist’ of authorised suppliers, or even a history of payments built into the solution, including a deviation-reporting mechanism.
Those controls can highlight inconsistencies – for example, perhaps a payment is going to a supplier that has been paid before, but to a different account number. That could be the result of a forged invoice. Or perhaps a supplier payment contains an employee account number on the credit side. That could point to an internal fraud.
Having a single, centralised view of cash flows enables fraud of this type to be easily identified.
Questions of how to proactively impose and monitor internal controls, and how to prevent cases of fraud, are recurring issues for corporates – and often dominate their thinking when they are looking for solutions. We recently worked on a project with Carmeuse Group, a leading international producer of lime and high-calcium limestone. Their business case was not so much about cost savings, but about making the necessary enhancements to internal control mechanisms that would prevent cases of fraud. The goal was to ensure that all payments were being approved by the relevant people via one, standardised process.
Internal controls, and the related compliance obligations, are intimately linked with the payment workflows that corporates can implement: top-level measures designed to prevent fraud purely from a payments perspective.
Such measures could include the ‘four-eyes’ or ‘six-eyes’ principles, whereby payments have to be approved at multiple levels before the funds are actually released. While this process once tended to be inefficient – with payments being held up because one or more account signatories are out of the office, for example – the technology now exists for payments to be checked and approved on the go from a mobile phone or tablet.
As time goes on, adding analytics to payment workflows will help corporates become even more proactive in identifying and preventing fraudulent activity. Credit card processors and banks use pattern analysis to prevent card fraud, and this type of approach is also starting to look attractive to corporate money managers.
Hypothetically, a corporate could have an internal controls policy that prevents payments of more than €10m to the same account on the same day. But what if there are two, consecutive days of €7m payments to that very account? Analytics can identify patterns and anomalies in payments across an entire organisation. Credit card processors have already implemented such analytics – but in the realm of corporate payments, the demand for similar solutions is starting to rumble.
As corporate payments are evolving more towards real-time models, such as Faster Payments in the UK, that demand will only increase.
While corporates are rightly concerned about the threat that payments fraud can pose to their businesses, having the ability to identify and eliminate the threats is an achievable goal. Implementing a payments factory solution gives treasurers improved global cash visibility, with full centralisation of payments. That includes rigorous internal controls that minimise the risk of fraud.
The systems integration element of implementing a payments factory is easier today than ever, thanks to initiatives such as ISO 20022 and SEPA. With treasurers able to spend far less time spent on the ‘plumbing’ of their financial software, they can spend more time on strategic thinking. That can include bringing analytics into the process, and assessing how they can help increase internal controls across the board.
Jerome Albus is senior vice president, payments and messaging, at FIS