How is treasury positioned to lead on navigating payments fraud and risk?
Treasury teams have adopted different strategies over the years to prevent and respond to payment fraud. Today, many companies are overhauling or adding to these strategies given evolving technology and heightened risk. At Aliaxis, we are in the process of updating system connectivity and payment processes, even though treasury is not soley responsible for payments.
Treasury is essential to keeping that leadership and oversight though. We are experts around new bank relationships or adopting new technology. It’s shared responsibility but the leadership comes from us in treasury.
As the custodians of cash, I believe treasury has a clear leadership role to help prevent and mitigate fraud and risk. It’s very important to keep everyone, at every level, engaged. Each year I share treasury’s objectives and priorities with our legal, IT and tax teams so they understand in advance how they can help us across all the touchpoints we have with them. Involving every team at the start of something such as a payments overhaul or fraud prevention solution, really helps break down siloes between functions and levels.
I spend a lot of time reaching out to internal colleagues to network treasury expertise in the wider business and build a treasury community with a higher skill level. I want to make sure colleagues understand my operating model and the key objectives we have around payments and the transformation going down the line.
Why is it important to work with other teams when it comes to navigating payments risk?
When treasury works with other in-house teams like IT, cyber security or even Legal it opens us up to hard questioning that improves our processes. It helps treasury push models to the extreme and should be viewed as an opportunity. I believe we should always listen to our biggest objectors – they will highlight good points and areas which can be improved on and give us the opportunity to ask all the required questions.
Treasury in turn is in a good position to educate colleagues that standardised and centralised payment controls and processes are designed to protect them from making mistakes. If there is a chain of control, mechanisms and a system, it protects them. It’s about protecting your people from the consequences of pushing the wrong button.
Why is it important to eradicate human risk in payments?
Typically, a chain of automatic controls flags when a payment is an outlier, only then should it come to the attention of high-level individuals. Aliaxis has strict rules around what types of manual payments are allowed – and only very few are permitted. All manual payments require two approvals, and even a third one from the treasury team if they are not done on the basis of preapproved payment templates. This gatekeeping process includes asking several questions, amongst which, why a payment hasn’t been generated in the ERP, as we want to eliminate every payment that is not going through the safe pipeline.
What is the role of policies and procedures preventing fraud?
Treasury needs to ensure policies are embedded into workflows and there are reports to monitor ongoing compliance. Governance on the governance is also essential. I believe that the ‘G’ in ESG is often the one we forget, but it is the easiest to improve. We of course rely on banks who have ever more sophisticated systems and controls to identify outlier payments, but the first line of control and the most efficient one will always be strong, enforced payment policies.
Policies should include that when teams see something fraudulent, they tell the treasurer, and then they tell the bank. If they think about it 12 hours later, it’s too late. In such cases, every minute can count. It is important to have a plan in place ahead of any potential occurrence.
For acquisition payments the risk spikes and policies should include a clear preapproval statement from the CEO or the CFO.
In a decentralised organisation, setting up a standardised payment process takes a lot of cooperation and communication, but it is key to allow regular large-scale trainings and easy auditability. We need to play all the cards to ensure that securing the company’s assets stays in the mind of each and every person involved in processing payments at all times.