Lost in Transaction: Overcoming Payments Pitfalls

From simple errors to duplicates, fraud, and sanctions violations, there are several areas where payments can go wrong – particularly in the real-time environment. A recent TMI webinar in partnership with Kyriba examined common pain points and outlined ways to improve payment workflows through better connectivity, control, and optimisation.

Failed payments can be the bane of a treasurer’s life. There are many reasons why payments might be rejected by a bank during the payment flow. These include human error, losing data between systems, incorrect data from suppliers, and the incorrect rule set being used for a specific currency or country. These failures might make up just a tiny portion of a corporate’s overall payments activity, but they take a disproportionate amount of time to manage. The treasurer has to identify the errant payment, correct it and send it out again, which involves repeating the entire approvals process.

Andrew Ferrao
Group Treasurer, Sonnedix

Andrew Ferrao, Group Treasurer at global solar power producer Sonnedix, explains: “The real cost of payment failure is not in the bank fees, it is in the administration time that goes into managing and resolving it. For example, with one of our local French banks, we send them multiple payments of the same amount for the same supplier but relating to different invoices. The bank has rejected these payments as duplicates, even though they’re genuinely different payments. There are all sorts of reasons why this happens, but the administration time and cost involved in sorting it out is the biggest frustration.”

Failed payments are estimated to have cost the global economy $118.5bn in fees, labour, and lost business in 2020, according to July’s True Cost of Failed Payments study from Accuity ^[1]. The report also put the average corporate spend on the issue at around $200,000 last year. While most corporates report a payment failure rate of up to 5%, almost one fifth (18%) acknowledge a failure rate of 5-10%.

Failed cross-border payments can be particularly troublesome for treasurers, as foreign exchange (FX) costs, transaction charges, FX exchange rates, and time taken can quickly add up. Getting the funds back can take several days or even weeks and it is unlikely that the intermediary fees paid when the money flowed out will be refunded. Consequently, treasurers will typically receive less money back than they sent in the first place.

There are many causes for corporate payment problems, but duplicate payments, fraud, and sanctions screening are three main culprits. The webinar drilled down into how these issues might arise and the steps treasurers can take to ensure a smooth end-to-end payment process.

Dealing with duplicate payments

Duplicating a payment in error is one of the biggest pitfalls that treasurers seek to avoid, as the outcome can be exceptionally expensive. Barry O’Sullivan, Strategic Payments Director, Kyriba, quotes figures from Capgemini ^[2] that between 0.1-0.5% of payments globally are paid twice, so if a company has a transactional volume of £1bn per year, they are probably at risk of spending up to £5m a year in duplicate payments.

Barry O’Sullivan
Strategic Payments Director, Kyriba

Obviously, there is an impact on the payee – its team has to reconcile the data to confirm payment has been received twice and then action the refund to the corporate payor. The payee also has to tell the payor that payment was received twice without the payor noticing. This is just the start of the problem for corporates.

“For business, it means lost revenue and cash flow, and it can be a drain on profits that accumulates over time,” explains O’Sullivan. “There’s also the reputational risk to the business, where suppliers may perceive inefficiencies in a corporate’s processes. The real risk occurs if a payment file is duplicated, rather than just one single payment, particularly if this involves high-volume, low-value payments. The funds have to be recalled and that needs the beneficiary to initiate. Suppose it went to consumers, for example. In that case, the likelihood is they won’t return it, and the legal costs of trying to recover smaller funds actually outweigh bringing the funds back in, so corporates may have to write off a considerable amount of business. It could be huge.”

While treasurers are often left cleaning up in the wake of a duplicate payment, it could be argued that the organisational processes in place should prevent these issues from even making it to the treasury department, as Ferrao points out:

“Duplicates should be picked up in the accounts payable [AP] reconciliation process, whether that’s on a supplier statement or just checking versus invoices that have already been received,” he says. “Duplicates should be picked up before they even come to treasury and the payment goes out of the door. If a duplicate has been missed, it is because that reconciliation process has not worked somewhere.”

Making it mandatory for all invoices to have purchase order numbers, and not allowing an invoice to be paid without one, is a way to prevent duplicate payments. Another action that corporates can take is to standardise the invoicing process. Rather than having different methods of receiving invoices, such as by post, email or fax, setting up a policy that mandates vendors to send invoices through only one channel can also help ensure duplicates are not paid out.

Alroy D’Cruz
Value Engineer, Kyriba

“Centralised processes can also help to stop duplicate payments, such as by having a centralised location where invoices come into,” notes Alroy D’Cruz, Value Engineer, Kyriba. “This could be a shared services centre, or at the group level. Additionally, on the system side, there are solutions that help identify duplicate payments. These typically hold all historical payments that have been made and which each outgoing payment is checked against, with an alert if there are duplicates.”

Fighting fraud on two fronts

Fraud provides a critical threat to the successful operation of a corporate payments programme. Treasurers face both internal and external fraud challenges that need to be addressed. The Association of Certified Fraud Examiner’s 2020 Report to the Nations study ^[3] found that a majority of fraud (86%) was caused by asset misappropriation. This includes actions such as falsified expenses and altered pay, for example.

Regarding external fraud, challenges include fake invoices not backed by purchase orders, collusion between internal stakeholders and external vendors, and business email compromise (BEC). The 2021 Association for Financial Professionals’ Payments Fraud and Control Survey, underwritten by J.P. Morgan, found that 62% of external fraud was due to BEC ^[4], and that a majority of it was targeted at the AP department.

“Speaking to several organisations, we can see similarities in the kind of set-up they have that exposes them to fraud,” says D’Cruz. “Typically, they might have several different enterprise resource planning [ERP] systems across the globe with different versions, several different payment bank branches, as well as non-standardised and non-centralised processes. Rather than have direct connectivity between those ERPs and the payment banks, users are downloading files from the ERP and then either uploading them or manually keying them into bank portals. That is increasing the risk of fraud.”

For treasurers, having a list of counterparty bank details is important, as this is something that they can control and is secure. Referencing this list will flag up if payment beneficiary details have been changed, either innocently or nefariously. Establishing human contact with the supplier is another way to reduce fraud risk, as Ferrao explains.

“If a new supplier comes in, just do a call back and speak to them,” he advises. “This way, you are not purely relying on email communication to verify who they are. These are the basic things that can be done: lock down the beneficiary list, use purchase order numbers, and make callbacks. If a company does all of those, they should have a good base of a control framework to prevent payment fraud from happening.”

Technology offers other options for fraud prevention. Tools such as treasury management systems (TMSs) or payment hubs tend to have inbuilt fraud-detection capabilities and offer approval limits, payment templates, and segregation of duties. These systems have rules that they use to scan payments to detect anomalies. Machine learning (ML) can also be applied to detect fraud. One of the significant benefits of ML in this area, particularly for organisations with hundreds or thousands of vendors, is that it can relieve the pressure of setting up and updating fraud rules.

D’Cruz adds: “Machine learning can automatically study payment patterns and, as business changes, it will produce reports based on new patterns all the time. This is very efficient for organisations.”

Tackling sanctions screening difficulties

Sanctions screening can pose another challenge for some firms. One reason is that sanctions lists are constantly evolving. New entities and individuals are continually being added to and removed from lists.

“The nature of sanctions is getting more complex,” notes D’Cruz. “They used to just focus on entities, but now it is sectors and even specific activities that are being identified. Additionally, there’s not just one sanctioning body, but multiple bodies with their own sanctions lists, for example, UK’s HM Treasury’s Office for Financial Sanctions Implementation, the US’s OFAC [Office of Foreign Assets Control], the UN, and the EU. Keeping track of all this, and making sure payment is not being made, can be quite a challenge if the right solution isn’t in place.”

Ferrao agrees: “Keeping track of everything that’s going on regarding the different rules is vital. This is complicated by the fact that while you can look at where the account is based, you might not know where the corporate or individual is based. I’m lucky enough to work for a company with a strong ESG mentality, where all of our suppliers are vetted before we engage with them, that’s probably a basic thing that can be done for signing contracts and making sure you are comfortable with companies you’re doing business. Maintaining a sanctions list is another action treasurers can take.”

Taking a holistic approach

Treasurers should aim for an overarching approach to payments management to ensure that duplicates, fraud, and sanctions violations are not addressed in isolation. Having the proper connectivity and controls in place is essential to make end-to-end improvements.

O’Sullivan comments: “Companies that have grown through acquisition or organically at pace often have disparate platforms, they’ll have multiple finance functions, and they’ll have different controls in place globally. Ask yourself if all your ERPs and banks are disparate or if they talk to one another. If they are all disparate, there are ways to centralise. A payment hub, for example, is a perfect way to streamline all the processes and give complete transparency over all the payment processes. Having a global set of standard controls also significantly reduces risk for a business.”

Improving a corporate payment process starts by understanding it. This can often involve treasurers having to look outside the function to follow the complete payments flow across the organisation.

Ferrao suggests: “Treasurers need to take an end-to-end approach right the way from payment origination – the contracts and the invoices that it comes from – all the way through the ERP systems through to the TMS, if applicable, through to the bank. “Treasurers need to look at whether they can rationalise the process, which means really understanding the workflows from beginning to end, because it’s not just one department. Treasury teams must therefore work with the accounting department and, if the payment has originated from a contract, then perhaps the construction or development department as well. It really is an end-to-end process and treasurers need to understand it all.”

Once treasurers have an overview of their banks and ERPs, and have the necessary controls in place, there are many ways to optimise payment processes, as O’Sullivan highlights.

“Treasurers can use business intelligence and data to be more strategic,” he says. “Are you, for example, paying the same supplier in different ways across the business? Do you have multiple entities paying the same supplier through multiple payment methods? Having centralised the process and gained visibility, corporates could look at something like payments-on-behalf-of [POBO], for example, to use a single domestic account to make all the payments for that supplier.”

Treasurers can also optimise bank fees through least-cost routing. With all banking partners pulled into one system, that visibility enables treasurers to identify all charges and then analyse the best ways to optimise. Bank rationalisation also becomes an option, maybe new bank accounts need to be opened to improve the payments process. Visibility and control over the entire payment process enables treasurers to make such decisions.

Ferrao sums up: “My key takeaway is that to have successful payments, treasurers need to not just look at the end point at which they are keying in the payment, they should have a look at the end-to-end processes and review the controls the whole way through. If they do that, they should have more successful payments with a reduced risk of fraud.”

O’Sullivan notes: “Small changes make a big difference if you’re addressing all the areas at once. If you don’t already know what your payment failure rates look like, do a review to get a clear picture of what they are, where they’re happening, and if there are common themes. If you don’t have a set of standards, look to put them in place, ensuring that they align globally. Consider looking into a payment hub to centralise processes and controls if you’re not already doing this.”

And D’Cruz concludes: “It’s imperative for organisations to have a long-term perspective. To solve these issues, they should look at putting together a solution that would solve all of them, even if the instinct is to solve each one in a piecemeal approach. That’s really important.”