A Bespoke Approach to Personal Digital Signatures

Published: May 01, 2012

Valérie Sainsaulieu
Head of Treasury Control, Lafarge

by Valérie Sainsaulieu, Head of Treasury Control, Lafarge

In 2009, TMI’s SWIFT Connectivity Guide featured an article by Valérie Sainsaulieu about Lafarge’s SWIFT connectivity project. Since then, treasury has rolled out SWIFT connectivity across 10 countries, using Kyriba and Datalog’s CashPooler systems. With 80 signatories across the banks to which the company is connected through SWIFT, Lafarge wanted to find an automated and secure means of digitally signing payment instructions that could be used across all the company’s banks.

Corporate treasury at Lafarge

Corporate treasury at Lafarge acts as an in-house bank to the group and has centralised its key treasury functions (cash management, financing and financial risk management) as far as possible with 20 people located in Paris and Brussels. In addition, there is a treasury function in each of the main subsidiaries, and country treasurers have close links with corporate treasury. The treasury is a centre of expertise for the group, publishing policy, guidelines and financial best practices. It assists and supports subsidiaries in all treasury related issues where appropriate. All major external financing is conducted by Lafarge SA, which then finances group companies on an intercompany basis. Borrowings in local currency and/or with local lenders are performed directly at country level supported by corporate treasury.

We conduct cash management centrally whenever feasible, with local dedicated cash pools in France, the UK, the US and elsewhere. We have a pan-European cash pool for most European countries, and a multi-currency cash pool for all our main currencies. In total, we work centrally with around 10 international cash management banks, with some 200 accounts. To date, we have not centralised cash management on a daily basis in Asia, Africa, Middle East or South America. In these regions, corporate treasury manages cash transfers and short- to medium-term financing via intercompany loans. Corporate treasury is also the primary counterparty for the hedging requiremenst of the business units. We combine exposures across the business and conduct external hedging transactions, and then perform back-to-back intercompany hedges.

Background to SWIFT connectivity

In 2007, we made the decision to replace the existing fragmented treasury management and bank connectivity infrastructure in our subsidiaries with one cash and treasury management system across the group, for which we selected Kyriba and Cashpooler, and a single, bank-independent bank communication platform, SWIFT. We appointed BNP Paribas to provide a ’’service bureau’’, based on our previous experience of successful technology projects with the bank. We first implemented SWIFTNet for our entities in France, and then rolled out the project internationally. Initially, we introduced SWIFT MT formats for treasury payments, and we migrated to XML-based formats for supplier/payroll payments with a view to achieving greater standardisation.

We found that implementing standard systems and SWIFTNet connection resulted in a high level of acceptance and enthusiasm across the business, with considerable improvements in cash management, process efficiency and security.[[[PAGE]]]

Leveraging SWIFT

Our SWIFT implementation project proved very successful, but one element we were lacking was the ability to add personal signatures to transactions and files, which we had previously been able to do for our entities in France. We therefore wanted to implement a consistent, transparent approach to transaction security across all our banks and all the countries in which we operated that would enable our 80 signatories across different locations to sign transactions digitally. The solution needed to be straightforward both to use and to implement, without demanding significant resources. We explored the use of 3SKey, a multi-bank personal digital identity solution developed by SWIFT, in partnership with the banking community who recognised its value in providing a very high level of encryption and authentication, and we decided to build 3SKey into our SWIFTNet processes.

As we were an early adopter of 3SKey, however, not all of our banks supported its personal signatory capabilities, and we did not want disparate solutions across banks or countries. We therefore decided to build our own, highly sophisticated upstream system (i.e., one that allowed transactions to be duly approved and signed before reaching SWIFTNet) based on Kyriba and CashPooler, to supplement the capabilities of 3SKey. Transactions are authorised in Kyriba, according to our requirement for a clear segregation of duties between payment initiator and authoriser. Authorised encrypted transactions are then passed seamlessly to CashPooler, our payment factory system, at which point no-one is able to amend payment information.[[[PAGE]]]

Outcomes to date

The project is still on-going, but the new solution offers some distinct advantages in addition to meeting our objective of achieving a simple, consistent approach to personal digital signatures on transactions globally. For example, we can audit the use of each key, and monitor which are still active. There are some challenges and drawbacks, however. We would prefer to use security keys issued by a third party, such as SWIFT, as opposed to the bank, and there are still some costs associated with this, although they are quite small. The keys have to be reset and replaced every three years, a process that needs to be carefull monitored, although there is the benefit that signatory information is kept up to date. Finally, once a key has been locked (for example, if a user has forgotten the password) it cannot be reset and a new key has to be issued.

In the future we will continue to extend our use of SWIFTNet into new territories, such as Canada, India and China and will also keep up to date with new SWIFT developments, such as eBAM (electronic bank account management), and extend our use of 3SKey to personal digital signatures. However, as a consistent approach to security is essential to us, we will not migrate to this until it is supported by all of our banks in all the countries where we operate.

Sign up for free to read the full article

Article Last Updated: May 07, 2024

Related Content