By Laurent Colombant, Continuous Controls and Fraud Manager at SAS
When we think of financial crime, few would consider procurement fraud to be one of the most pressing threats facing their business. Yet according to PwC, this form of fraud is the second-most commonly reported economic crime in the world, ranking above bribery, corruption and even cybercrime.
The question is – who should lead counter-fraud efforts? Worryingly, businesses seem unclear on the answer. Our latest research report, Unmasking the Enemy Within, found there was no clear leader or common approach to procurement fraud prevention across businesses. Indeed, almost a quarter (23 per cent) of business leaders have no clear owner assigned to the task or can’t say who is responsible.
Finance in the firing line
What’s not in question, however, is who’s held responsible for the damages that fraud inflicts. While CFOs might not be involved in day-to-day anti-fraud operations, they are frequently first in the firing line when procurement fraud is uncovered. In 2014, for example, Sino-Forest Corp CFO David Horsley was fined C$700,000 by regulators for failing to prevent fraud under his watch. Furthermore, he was permanently banned from being a public company officer or corporate director, and was ordered to pay $5.6 million to the company’s investors following a class action settlement.
While they are unlikely to coordinate fraud efforts single-handedly, 31 per cent of companies place ultimate responsibility for fraud in the CFO’s hands – more than any other role. That’s hardly surprising, given that fraud has a direct impact on the bottom line, with over half of businesses (55 per cent) reporting losses of up to €400,000 per year.
While we are not arguing that the finance department should be the command and control centre for anti-fraud efforts, it’s clear that the CFO has a crucial role to play in tackling procurement fraud. They are the ones who guide purchase decisions, who oversee risk management or audits and, ultimately, have the final say in what anti-fraud capabilities a company is equipped with.
Even so, it’s unfair to expect the finance department to shoulder the entire burden themselves. Just as IT security in the organisation is everyone’s responsibility, so too must accountability and responsibility for fraud be embedded throughout the workplace.
Invest for success – modernising the detection process
Yet there is much that the finance department can do to help uncover incidents of fraud – not least conducting regular audits. Around half businesses (46 per cent) claim to hold regular internal audits, but many of these exclude procurement fraud from their remit. More worrying still, more than one in 10 (11 per cent) organisations admit to either doing nothing to audit for procurement fraud or are unable to say what they do. A further fifth (22 per cent) fail to audit for procurement fraud at all.
That one in three companies aren’t actively searching for procurement fraud, or don’t know what processes cover it, suggests a blind spot that potential fraudsters could easily exploit.
Finance needs to look at areas where existing auditing process are letting them down. When we look at how organisations deal with procurement fraud, 29 per cent validate procurement applications manually while a further 30 per cent rely on staff to inform them of any wrongdoing. Both carry a high risk of human error, potentially minimising or masking the true scale of the problem.
Ultimately, the buck stops with the CFO, which is why they should consider a new approach to auditing based on continuous and automated detection. This is only possible with a strong foundation of advanced analytics that assists investigators in pinpointing the needles in the haystack. A company’s ability to identify and prevent fraud rests, to a very great extent, on the good judgment of the CFO in selecting the right systems to prevent fraud from happening in the first place and deterring anyone with ill intentions.
Continuous, data-driven detection represents the best way to fight procurement fraud and identify errors, enabling companies to pre-empt signs of fraudulent activity rather than discover it after it’s taken place. This limits costs, saves time as well as reputation and prevents losses.
Yet only a small minority of organisations are using advanced analytics (14 per cent) and AI (nine per cent) technologies in their anti-fraud efforts. The most common obstacle to adoption is the perceived cost of the technologies, but this could well be short-term thinking on the part of the CFO. While there is an upfront cost implicit in any implementation, an effective fraud detection tool will quickly make its money back in the losses it prevents and the monies it helps recoup.
The finance department should not be afraid to make the case for investment in the latest advanced analytics and AI solutions. Procurement fraud is too serious and too costly to make short-term capex savings in favour of the long-term ROI offered by analytics-enabled security. After all, the buck stops with them.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS firms must address the data issues flagged and created by the Covid-19 pandemic
When the pandemic started, organisations within the financial services sector were faced with three key questions. How do we do homeworking? How do we go remote? How do we manage this?
In trying to answer these questions, the business continuity measures taken by FS firms were not up to scratch. Mistakes that could have been avoided were made. To start off with, users had to be given the necessary equipment to make remote working happen and they had to have access to the infrastructure needed, such as broadband. Users also had to have access to the information and data needed to do their job. And this is where they started to run into trouble. While software applications like Zoom and Microsoft Teams made it possible to stay connected, the systems in place were not adequate to facilitate secure data management practices en masse.
These are the downsides that need to be addressed.
Where’s the governance?
Historically, firms operating in the financial sector have been slow to adopt cloud technology, preferring to store sensitive data on premise, in order to mitigate perceived risk. As such, through the lockdown, much of the data people need access to is not in the cloud, but is stored in applications or file servers.
Adding to the issue, the VPNs of many organisations don’t have the capacity to allow large numbers of users online. This lack of VPN availability has forced FS firms to allow users access to GDPR sensitive data multiple times, with little or no method of tracking in place.
In order to acquire the information they need to do their jobs while out of the office, employees have been copying, downloading and sharing files that now exist outside of the corporate firewall, without any governance or security considerations. Such data is now, for all intents and purposes, in the wild, making it harder to bring back under control. Teams working remotely don’t have the corporate governance and security protocols that they would have when working in the office.
So, being forced to work remotely, at short notice, has impacted compliance and governance in a very negative manner. The way data is being handled greatly increases the chance of a data breach occurring. It also flies in the face of FCA regulation, and in particular GDPR where personal data is being used. While the FCA might be a little more lax in light of the current challenges right now, this will change when data breaches start to occur and customers start asking questions. Poor choices now will not be a reasonable excuse to avoid future fines.
If this crisis has shown us one important thing, it’s that the slowness of financial services firms in adopting cloud technology, which made it significantly harder for them to access and use data, has hurt business continuity, security and privacy.
Better Data Practices
So, how can organisations take control of their data? For many this means deploying it to the cloud in a rapid manner, whilst retaining security and governance practices. It is possible for organisations to make data accessible if the technology is deployed correctly, allowing all the necessary controls to remain in place. Having the short-term decisions correctly in place and making them under an umbrella of good governance and accountability, ensures that you don’t suffer knee jerk reactions and risk losing control of data.
By keeping on top of your data as much as possible, you significantly reduce the opportunity for chaos to happen. That starts with making it available on a safe and secure platform. At a time like this, it is imperative that organisations have a good understanding of their data. Information asset registers should be kept up to date to track where their information is, where it’s being used and the purpose for which it’s being used.
For our clients, we are now using AI to help them assess and understand their data, flag any risks their data is posing to their organisation, and help them mitigate that risk. By implementing the right systems this can all be automated, and there is nothing stopping organisations from doing this with next to zero impact on their userbase.
Remote working is becoming the norm: It has been proven to work and organisations will start reflecting on how much office space and connectivity they really need. As such, organisations are being forced to act now and adapt their data governance and compliance practices to suit the ‘new normal’. Waiting until the pandemic passes is not an option.
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions
Instant payments are the ‘new normal’. The last decade saw a ramp-up in adoption as regulation, customer expectation and technology dovetailed to create immediate, 24/7 demand for financial services.
This means that banks and payment service providers (PSPs) who rely solely on speed of payments as a competitive differentiator will struggle to get ahead. The focus is now on leveraging instant payments rails to deliver value-added services that can drive a return on investment. Understanding where these opportunities lie, therefore, is crucial.
- Request to Pay for more control
Perhaps the most valuable new way to leverage instant payment rails is Request to Pay (R2P). R2P is an umbrella term for various scenarios in which a payee takes the initiative to request a specific payment from the payer.
Corporates have two key challenges in that they only receive funds when a customer wants to pay them, and they only receive the information the customer chooses to provide. This makes reconciliation difficult and can even negatively impact workflow and working capital.
However, the R2P options for bill presentment and payments solve these problems, significantly reducing operational cost, liability for chargebacks and fraud risk, as well as improving reconciliation and liquidity. A secure R2P service also has the potential to simplify managing receivables and reduce processing costs.
R2P also benefits consumers. As they are presented with a payment request rather than funds being debited automatically, they can enjoy more autonomy and control over their money across various channels.
As a result, several solutions have emerged under the R2P banner, such as the IDEAL scheme in The Netherlands and PromptPay in Thailand. Further traction will be gained, with EBA Clearing gearing up to launch a pan-European R2P solution in 2020. Certain banks in the US have also begun to go live with The Clearing House ISO 20022 R2P messages using instant payments infrastructure.
- Amplify the power of QR codes
QR code solutions have surged in popularity in recent years as a simple, low-cost alternative payment method, offering consumers and merchants more choice at checkout.
We are now seeing various banks and payments industry players reviewing their strategies to take full advantage. QR code-based solutions, combined with instant payments rails, can extend utility beyond the physical point-of-sale to include online and bill payments.
Thailand, India, China, Singapore, Malaysia and Hong Kong have all established payment services that leverage QR codes to initiate real-time payments. And although Europe and the US have been slower to adopt QR codes, some European countries such as Sweden and Switzerland have already embraced the technology with country-wide schemes for both retail and corporate payments. In the US, adoption is market-led with several retailers such as Target and Walmart implementing proprietary QR code payment systems.
- Leverage valuable real-time data with ISO 20022
While instant payments does not inherently provide enhanced data opportunities, most of today’s instant payments systems are built using the ISO 20022 data standard. This is due to the extended data-carrying capabilities and the added value this messaging standard can offer banks’ customers. For data to be truly valuable, it needs to be machine-readable, consistently structured and standardised – ISO 20022 enables all that.
However merely collecting data is not enough. Mining and extracting value from this data will be a decisive differentiating factor for banks and other players looking to take their customer propositions to the next level.
The good news is that banks and PSPs are well-positioned to collate and leverage data to deliver tailored interactions, unlocking new revenue opportunities while remaining compliant to stringent regulation.
- Deliver convenience for corporates
The combination of instant and enhanced data-carrying capabilities is extremely attractive to large corporates, and in turn, greater corporate usage of an instant payment system will increase volumes and lower costs.
Instant payments give corporate treasurers greater control over their payments, allowing them to make on-the-spot payment decisions and hold on to liquidity for longer. Instant payments enable informed and timely views on cash positions, enabling management of treasury risk. ISO 20022 data- carrying capabilities also allow corporates to attach invoice data to a payment, allowing for more efficient reconciliation.
Benefits are not only limited to corporate treasurers, but also B2C treasury departments. Instant payments offer new ways to make payments to customers. As mentioned, R2P can also lower cost, reduce risk of fraud, and increase information around each transaction, all of which are key requirements for modern treasury departments.
Moreover, as domestic instant payments schemes grow, there is an opportunity to line these systems together to deliver cross-border real-time movement of both funds and data for corporate and commercial transactions.
- Embrace new channels
As payments become increasingly embedded in our daily lives and interactions, it is inevitable that instant payments will become more ingrained in the social media experience.
This is already the case across many Asian countries, but momentum is slowly building in Europe and the US as well. For example, First Direct’s Fdpay service allows customers to make P2P payments within social media apps. In addition, Instagram, WhatsApp and Facebook are all actively exploring instant payments and checkout options. Watch this space.
Building on strong foundations
It is clear that building a foundation for innovation now will enable banks to create points of differentiation and tap into new revenue streams through R2P, QR codes, leveraging enhanced data, corporate instant payments and new channels.
But to fully realise the return on investment, banks will need to overcome the legacy payment environments many are encumbered with, and will need to develop a powerful transformation strategy to ensure their payments landscape is equipped to fully harness the benefits.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions Instant payments are the ‘new normal’. The last decade saw a ramp-up...
THE BEST PATHS TO SECURE AUTO FINANCING IN 2020
The previously flourishing economy has taken some dramatic turns in the last few months due to the health and economic...
TIPS FOR BUSINESS EXPANSION
Alan Sutherland, CEO of Kind Consumer Every successful business had a beginning. Its founders usually looked for ways to...
THREE QUESTIONS FINANCE LEADERS SHOULD BE ASKING THEMSELVES DURING THE PANDEMIC
Chris Pope, Global VP of Innovation at ServiceNow We’re living through unprecedented times, dealing with a situation completely out...
HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?
By Kerstin Engler, Senior Wealth Manager, Geneva Management Group. Sustainability is a trend on the rise in every sector...
EIS LAUNCHES IN THE UK AS INSURANCE COMPANIES LOOK BEYOND PROTECTION TO DELIVER MORE VALUE TO CONSUMERS
Leading digital insurance platform expands global footprint to meet UK insurance market demands EIS, a core and digital platform provider...
TINK TECHNOLOGY ENABLES MULTI-BANKING FOR NORDEA’S NORDIC APP CUSTOMERS
Tink’s account aggregation, data enrichment and personal financial management technologies have been integrated into Nordea’s mobile banking app to deliver...
BITCOIN COMES OF AGE
Katharine Wooller, Managing Director, UK and Eire, Dacxi The Bitcoin halving event, which occurred on the 11th May, has...
KEEPING PAYROLL SAFE AND SECURE IN LOCKDOWN” – HOW FINANCE FIRMS’ PAYROLL TEAMS CAN MAKE IT HAPPEN
by Richard Dutton, account director, Symatrix With companies across the UK switching to remote working since the pandemic took...
EMERGENCE PARTNERS LAUNCHES TO HELP BUSINESSES NAVIGATE A NEW WORLD OF EMERGING TECHNOLOGY
Consulting firm will partner with clients to transform their businesses using disruptive technologies Emergence Partners, has today launched to provide strategic counsel...
BEFORE THE INK IS DRY: CORRECTING BIOMETRIC SPOOFING MYTHS
Eric Setterberg, System Design Engineer at Fingerprints Biometric authentication is highly robust, and the latest solutions offer considerably greater security...
DIY SOS: FIXING-UP THE FINANCIAL SERVICES HOUSE
By Edwin Abi, CMO, Modulr It has been 11 years since the 2008 financial crisis. And in that time,...
ARE WE AT THE TIPPING POINT FOR GLOBAL BIOMETRIC PAYMENT CARD ADOPTION?
By Vince Graziani, CEO of IDEX Biometrics ASA Following the coronavirus outbreak, consumers are ready to go cashless more...
KEEPING DATA IN THE VAULT: INSIDER BREACH RISK IN FINANCIAL SERVICES
by Tony Pepper, CEO. Egress Financial services organisations are trusted with far more than just money; they are also responsible...
MOBILE MONEY MOVED THE NEEDLE ON FINANCIAL INCLUSION – BUT NEEDS SCALED INFRASTRUCTURE TO FULFIL AFRICA’S POTENTIAL
Dare Okoudjou, Founder and CEO, MFS Africa Africa is gearing up to become of the great success stories of...
WHAT WILL SALES LOOK LIKE IN A POST COVID-19 WORLD?
Max Eaglen, Director at Platform Group, looks at how businesses will need to re-shape their sales techniques in a post COVID...
HOW HAS THE CORONAVIRUS LOCKDOWN IMPACTED THE MANUFACTURING SECTOR?
As thousands of people have headed back to work, the manufacturing industry will need to have safety guidelines set out...
CAN AUTOMATION HELP BUSINESSES GET PAID ON TIME?
By Magali Michel, Director at Yooz Procurement process costs account for an average of 60% of turnover for most...