Fraudster, Fool or Financier? Who’s Controlling Your Cash?
by Helen Sanders, Editor
There is a saying that “if a man defrauds you once, he is a rascal; if he does it twice, you are a fool.” As the media headlines and crime statistics reveal, fraudsters seeking to steal our own – or our customers’ – cash or data, organisations from around the world are being made a fool of every day. Treasurers can only control some elements of the growing and changing threat posed by external fraud, particularly cyberfraud, but treasury has an important influencing role, and some aspects remain squarely within treasurers’ area of responsibility. So how can we as treasurers prevent fraud and mitigate the impact?
What’s on your Monday morning list?
Looking back over 2015 so far, there are three, or perhaps four words that have dominated the treasury media: ‘fintech’, ‘disruptive’, ‘cyberfraud’ and also ‘regulation’. There are connections between all of these, a conversation for another time; however, the immediacy of these issues are not equivalent. While fintech and disruptive business models will impact on treasurers over time, they remain issues to occupy an idle discussion on a Friday afternoon for now. Similarly, the implementation of financial regulations is subject to a clear timeline so treasurers can plan ahead. In contrast, fraud, including but by no means limited to cyberfraud, is a Monday morning issue that every treasurer needs to explore, prioritise and address.
While cyberfraud is the ‘buzzword’, it represents only a subset of the fraud risk of which treasurers need to be aware. As Marc Espagnon, Head of Payments and Cash Management, BNP Paribas comments,
“Fraud is undoubtedly becoming more technology-driven, but fraudsters will use all channels: phone; mail; email; malware; hacking; remote administration tools etc.”
Furthermore, internal fraud remains as pertinent an issue as it has ever been, so the issue for treasurers is not simply to be addressing the rather glamorous, Doctor Who-esque sounding cyberfraud, but fraud, whether internal or external.
Who are you looking at?
Treasurers who have managed the same team for a number of years are often particularly complacent about internal fraud; however, according to KPMG’s report 'Who is the typical fraudster' published in 2011, the typical (internal) fraudster is:
- 36 to 45 years old
- Commits fraud against his own employer
- Works in the finance function or in a finance-related role
- Holds a senior management position
- Employed by the company for more than 10 years
- Works in collusion with another perpetrator
Looking round the treasury department, and the wider finance function, there are likely to be a number of people that fit the profile of a potential fraudster. Obviously, the answer is to recruit more women, and over 45s, but that it is a statement that could probably be considered facetious. A more serious point is that fraudsters seeking to defraud their companies are likely to collude with someone else.
The risk of internal fraud is not new, and the risk that an employee or external party could misdirect the company’s funds has been a longstanding priority for treasurers. Controls such as segregation of duties and ‘four eyes’ controls on payment instructions and counterparty bank instructions are as valid today as at any time in the past, in tackling both internal and external fraud. However, for smaller companies in particular with lean treasury and finance functions, it can be difficult to enforce multiple levels of approval. Using specialist treasury and payments technology to enforce approvals is essential, not only for control reasons, but to accelerate and streamline workflows and connect a larger number of approvers into the process, such as by alerting them via email or SMS message, presenting transactions for approval on mobile devices and allowing remote approvals and so on.
In addition to preventing fraud via ‘traditional’ methods, treasurers need to be aware of how fraud techniques are evolving, and the additional measures that they need to take to combat these attempts.