Payments sit at the core of the treasurer’s world. Sadly, they sit at the distinctly ‘unsexy’ end of the business. We’d all much rather be working on that new, clever mezzanine-converter-capital issue and the associated back/forward roller-coaster balance swap or whatever. But, at the end of the day, if you can’t move the money, you aren’t much use to anyone.
Managing payments comes down to three things: amount, destination and timing. Can you send the right amount to the right place at the right time? Anything else is gravy. We all need management information on what goes where and the associated expected timing so that we can manage our liquidity. We need to keep costs down and we need to move the money securely.
Re-keying is considered to be the equivalent of bashing rocks together to make a spark in the age of the disposable lighter. Why would anyone ever want to do it?
The modern goal is to do this in a straight-through processing (STP) environment. Re-keying is considered to be the equivalent of bashing rocks together to make a spark in the age of the disposable lighter. Why would anyone ever want to do it? Against that is the need to do things securely. This is often encapsulated as the ‘four eyes’ principle, meaning that two people check every payment. Reconciling these two needs – STP and ‘four eyes’ – lies at the heart of getting payments right.
The other operationally important issue is to get it all done at the right level in an organisation. This is the crucial element in getting the timing right.
I once ran what was effectively the in-house bank for subsidiaries and other divisions. They all had to get their funding from – or place their surplus funds with – us. The various business units determined their own mandates for payment instructions. This was usually a list A and a list B with one signatory required from each, often with a value banding. For example, for a payment of up to £1m only one signature was needed; for one over £10m one signatory had to be a divisional head.
The complexity of the process and the seniority of the signatures required was often directly in proportion to the self-importance of the most senior person in the business unit. One list even had a requirement for the chief executive to sign all payments if the two divisional seniors were not available. Sure enough, it came to pass that an internal transfer was needed when both the seniors were off-site. An office junior was duly despatched to get the signature of the chief executive while he was in a meeting. I think it was an assets and liabilities committee.
Shortly afterwards, the mandate was revised.
This isn’t to say that you need to give the authority to pay away the entire corporation’s balance sheet to the graduate trainee. But you do need to be aware of what is practically needed in an environment where automated controls are in place. In this instance, the same mandate applied to all payments, including those to standard settlement instructions (SSIs) agreed with the division.
If the SSIs have already been agreed under appropriate mandates, the question next to be answered is how much control is needed around the amounts to be paid away? If it is simply a case of identifying an error in a calculated payment amount, then two admin officers can do that by checking each other’s work. In fact, they’re more likely to find a mistake than putting the payment request in front of the CEO.
The starting point isn’t what, when or why you want to pay, but who and where
In an STP environment, it is less about the people involved at the point of payment and more about how the system knows how and where to make the payment in the first place. With STP, you don’t want users logging on with RSA tokens or smart cards in order to release or generate payments. All the security should be done before that happens.
Of course, there are exceptions. If you have a genuine need to make one-off payments to new counterparties at short notice, and these don’t need to go through the treasury management system, then access to a payment terminal with input/verification/release stages to the process is pretty much essential. This may apply where volumes are very low and the expense of building the interface and configuring the payment messages then becomes uneconomic.
If the exceptions are not relevant, then focus on how the payments come out of the system. The starting point isn’t what, when or why you want to pay, but who and where. Control of counterparty information is central to creating an efficient payments environment. If a payment can only ever be sent to a pre-approved counterparty at valid SSIs, then fraud and error are effectively prevented.
This starts with an appropriate know your customer (KYC) process. Identifying whom you are doing business with, and where they take their funds, has to be done away from anyone who is involved in deciding what payments are to be made. That isn’t just best practice, but the front line of defence. It means ensuring only genuine clients are set up and subsequently policing them to weed out the dormant and irrelevant. Simple system controls should prevent payments going to clients that haven’t been used for a given period, say a year.
Refreshing the relevant static data through making a call or by contacting the client electronically should identify those that have changed their SSIs in the year or those that aren’t actually genuine clients. Clients that reserve the right to advise settlement instructions at the point of payment should be discouraged and told of the risks they are running, both for themselves and the paying institution. If it is something you do as a business, consider revising your practices.
Dumping a massive payment file on your banker first thing in the morning is no longer acceptable behaviour
KYC and anti-money-laundering regulations required many financial institutions and professionals to revise their business processes, introducing bureaucracy that is seen as an irritating overhead. Maybe so – until you view it as a key part of how you manage the security of your payment systems. Sometimes you can learn to love compliance.
Having set up secure payment instructions, you can think about the other elements of the payment – what and when. The ‘when’ has come under more focus over the past few years since banks are forced to manage their liquidity. Dumping a massive payment file on your banker first thing in the morning is no longer acceptable behaviour, especially in ‘second-tier’ financial institutions. It gives them a liquidity headache and also means that you cede control of your payments.
If you have a cash shortfall, they will decide what does and does not get paid. Sometimes a small payment may be more important than a larger one. Making a mortgage advance or paying a supplier early in the morning may be more important than repaying an overnight deposit that can wait until later in the day.
Then there’s the Herstatt risk in non-CLS FX deals… Who wants to be paying out the sterling leg of a cable swap at 8am London time, six hours before it is even possible for your counterparty to pay you? You can control all this by focusing on the payment-release mechanism and system. Sometimes you need a human in the loop to decide these things.
Which, in the end, means the easiest thing to deal with is actually the ‘what’. This will be generated and stamped with the right SSIs by the treasury system. As long as your dealers are keying the deals right, then you are in the clear.
But that, as they say, is another story.
Five of Kipling’s honest serving men can help to analyse the control points in any payment system:
Graham Evans is an independent treasury operations consultant with Trebian Consulting
