Improving Financial Controls with Treasury Technology
By Bob Stark, VP Strategy, Kyriba
Global finance professionals in the Asia Pacific region are challenged by time-consuming and error-prone manual data entry, and implementing financial controls with enhanced security against fraud and cybercrime. With increasing danger of loss from fraud and difficulty of tracking data across multiple tools and spreadsheets, management is asking treasury for a solution to better manage and protect their organisation. The problem is that many organisations are using spreadsheets as their primary treasury management tool in spite of their lack of security, controls, and auditability.
Transitioning from spreadsheets to a solution with proper controls is not the challenge today that it may have been five years ago. Technology innovation and implementation best practices have reduced the implementation process from years to months, and the cost of a treasury management system is far less expensive because of the cloud. The value of implementing technology is different for each organisation, and for those who are exploring the possibility of bringing on a treasury system for the first time, we have outlined several key points to protect the organisation and limit the risk of fraud.
User ID and password aren’t enough to protect your systems, especially when payments are being initiated and approved. Multi-factor authentication, IP filtering, virtual keyboards and single-sign-on (SSO) help ensure that only authorised users are accessing treasury systems and information. The right cloud solutions will also offer safeguards that spreadsheets or on-premises solutions simply cannot do at scale, such as full data and application level encryption. Decisions on what safeguards to employ should be made in alignment with the CIO/CTO/CISO to ensure that treasury conforms with information security policies.
Treasury will also be asked to conform with organisational policies around business continuity planning (BCP), whether treasury systems have been evaluated for penetration testing and what sort of SLAs exist to support treasury’s 24x7 operation. Treasury will also be asked to supply a SOC2 Type II audit report for each treasury system vendor, so IT can assess the security behind each vendor’s controls. These are the standards of security a best-in-class technology vendor can provide at an economical cost, and one reason why the cloud is so popular information security experts.
Reducing payment risk is a primary goal for treasury teams, including unauthorised payments and enabling uninterrupted payment workflows. Technology enables visibility, control, and validation of change management so that treasurers can securely manage corporate payments. The key to substantially reducing the risk of unauthorised payments is to develop and maintain standardisation of payment policies throughout the organisation. Payment policies govern how payments are initiated, approved, and transmitted to the bank – and should also document how technology is used and where encryption of information should occur. These policies must align with the workflows implemented in treasury technology to ensure that they are not simply written down but actually executed on a daily basis. With cloud technology, payment workflows can be enforced in all global regions, across all banks and for all payment scenarios. To be effective in combating payment fraud there can be no exceptions, as any carve-outs from standard process are the very risk exposures that internal fraudsters and cybercriminals prey upon.