Improving Financial Controls with Treasury Technology

Global finance professionals in the Asia Pacific region are challenged by time-consuming and error-prone manual data entry, and implementing financial controls with enhanced security against fraud and cybercrime. With increasing danger of loss from fraud and difficulty of tracking data across multiple tools and spreadsheets, management is asking treasury for a solution to better manage and protect their organisation. The problem is that many organisations are using spreadsheets as their primary treasury management tool in spite of their lack of security, controls, and auditability. 

Transitioning from spreadsheets to a solution with proper controls is not the challenge today that it may have been five years ago. Technology innovation and implementation best practices have reduced the implementation process from years to months, and the cost of a treasury management system is far less expensive because of the cloud. The value of implementing technology is different for each organisation, and for those who are exploring the possibility of bringing on a treasury system for the first time, we have outlined several key points to protect the organisation and limit the risk of fraud. 

User ID and password aren’t enough to protect your systems, especially when payments are being initiated and approved. Multi-factor authentication, IP filtering, virtual keyboards and single-sign-on (SSO) help ensure that only authorised users are accessing treasury systems and information. The right cloud solutions will also offer safeguards that spreadsheets or on-premises solutions simply cannot do at scale, such as full data and application level encryption. Decisions on what safeguards to employ should be made in alignment with the CIO/CTO/CISO to ensure that treasury conforms with information security policies. 

Treasury will also be asked to conform with organisational policies around business continuity planning (BCP), whether treasury systems have been evaluated for penetration testing and what sort of SLAs exist to support treasury’s 24x7 operation. Treasury will also be asked to supply a SOC2 Type II audit report for each treasury system vendor, so IT can assess the security behind each vendor’s controls. These are the standards of security a best-in-class technology vendor can provide at an economical cost, and one reason why the cloud is so popular information security experts. 

Reducing payment risk is a primary goal for treasury teams, including unauthorised payments and enabling uninterrupted payment workflows. Technology enables visibility, control, and validation of change management so that treasurers can securely manage corporate payments. The key to substantially reducing the risk of unauthorised payments is to develop and maintain standardisation of payment policies throughout the organisation. Payment policies govern how payments are initiated, approved, and transmitted to the bank – and should also document how technology is used and where encryption of information should occur. These policies must align with the workflows implemented in treasury technology to ensure that they are not simply written down but actually executed on a daily basis. With cloud technology, payment workflows can be enforced in all global regions, across all banks and for all payment scenarios. To be effective in combating payment fraud there can be no exceptions, as any carve-outs from standard process are the very risk exposures that internal fraudsters and cybercriminals prey upon.

[[[PAGE]]]

Another way to improve the efficiency of business operations is to have an integrated watchlist screening solution integrated into your payments system, for notification of potential compliance issues before payments are sent to the bank. The old way of managing this issue was simply to send payments early, as treasurers knew that response times from banks measured in days if notification was received at all. While this may ensure that there is sufficient time for problem payments to be researched and cleared by the necessary date, it has a negative effect on working capital by shortening days payable outstanding (DPO). The more efficient method is to integrate payment screening against industry watchlists into your treasury and payments technology, enabling pre-notification of potential issues.

Bank account management is increasingly important for any organisation which manages multiple accounts across several banks. As banking relationships become more decentralised and locally managed, the need for a centralised bank account management solution increases dramatically. Without the requisite audit and controls, spreadsheets are limited to provide a proper single system of record and reliable source of electronic banking information for internal reporting and external compliance. 

With a strong treasury management solution, not only is managing signatories simplified, but visibility is increased to better manage exceptions and change requests. Corporate signatories, approval levels and bank account access all require policy controls and auditable oversight. This is important for all organisations, especially those with high turnover or with a sudden increase in new hires due to expansion. In the absence of an eBAM solution, an organisation is open to risk. Additional support from treasury technology includes automated bank fee analysis, which can enable treasury to reduce its fees with a better understanding of their monthly fee variances and enable a review of bank fee structures across banks. 

The opportunity for Asian treasuries to streamline their manual tasks and reduce risk of payments fraud while securing bank accounts is more achievable today with advancements in technology than it has ever been. Finance leaders should empower their teams with the right tools to improve financial controls and with the time their teams save in automating treasury operations means they can be more strategic about compliance.