As Your Company Expands, So Does Your Fraud Risk [Q&A]
-
bookmark
-
print
- Keywords:
- fraud
- strategy
- technology
Fraud is a persistent threat within all organizations and affects businesses of all sizes and across all industries. But the more your business grows, the more it has to lose -- and the more stakeholders you have to answer to.
I recently sat down with Derek Vernon, Head of North American Treasury Product Management, BMO Financial Group, to discuss what businesses need to know about mitigating their fraud risk and improving their internal processes. He made it clear that fraud requires a response grounded in strategy and encompasses various business processes, including account access and transaction authority, employee education, and sound tools and technologies.
LESLIE ANDERSON: As a company grows, how does security become more of an issue in terms of cash management?
DEREK VERNON: They have to think about segregation of duties. That is, having one person or group of people tasked with initiating a payment and another tasked with making the approval. Otherwise, if the same individual is responsible for both, that could be a risk for internal fraud. Or if that individual is manipulated in some way through phishing or social engineering, that individual won’t be able to send out a payment on their own.
You also have to consider the security of your IT infrastructure. That includes ensuring your anti-virus and anti-malware software are up to date, and using a firewall to help protect against unauthorized access. It also includes building internal controls around managing check stock, and making sure you’re keeping documents up to date with your bank so they’re not acting on instructions from people who may have left the company.
Is this because these systems and processes become more complex as you grow?
Sure. You might be growing geographically, for instance, so now you have to think about people in different offices where you don’t have the same level of control you would have if they were in the same building. You also have to think about different regulations for the jurisdictions you’re operating in.
There’s also management accountability. A smaller company might have a treasurer who oversees everything. As that company grows, beneath the treasurer you now might have multiple managers looking over different facets of the treasury function, and that adds a whole level of complexity of its own for the treasurer.
For some businesses, the more they grow, the more checks they end up handling. What are the risks involved with handling large amounts of checks on a regular basis?
The biggest risk is the theft of your check stock, which can then be used to defraud the company. A big value of moving to a comprehensive payables solution is that you don’t have to order check stock, you don’t have to handle check stock, and you don’t have to worry about maintaining expensive printers, since checks have to be printed on special type of printer.
Why does it make sense to use automation to replace manually depositing checks?
For starters, you can save time and money. You can also make more timely deposits. With remote deposit capture you’re able to scan and send checks on your own, meaning you’ll get faster availability of your funds. You can also gain far better productivity because you’re not sending people out of the office during business hours.
This also has security implications. Fewer manual touch points mean fewer opportunities to intercept a check. If you can deposit it electronically right away, you’re decreasing the chance for the check to be used fraudulently.
What else can companies do to minimize fraud?
They can use a chip and PIN corporate credit card, which is considerably safer than using a swipe-and-sign card. You’ll also get reporting tools that let you monitor your spending patterns and more easily spot anomalies, which can tip you off to a fraudulent transaction. Companies can also implement multiple controls, which can limit how and where that card is used, further minimizing your exposure to both internal and external fraud.
When do you know you’re ready to move to the next level of cash management?
It’s different for every company. But through conversations with your banker, it probably will become evident that you’ve reached a certain level of size or sophistication where you should be taking advantage of certain products and solutions. Those conversations could be a trigger to realize you’re now too big to have Sally or Mark examine every check every day; that your volume has grown to a level that you now need to utilize a Positive Pay-type solution where the bank and this technology are doing that for you. And many of these techniques will also help improve a business’ cash flow efficiency.
How can you make sure your processes are aligned with your company’s plans for future growth?
It’s critical that as a company grows, you organize the treasury function in such a way that it will be difficult for a fraudster to penetrate it. And this strategy needs to evolve along with your evolving treasury practices. A business should periodically evaluate its fraud management policy in light of changes to its business practices, such as the distribution of payment disbursements. The evaluation should address all aspects of fraud prevention, such as employee training and code of conduct, detection and prevention tools, and processes for investigation and recovery in the event of a fraud incident.
And you should have these conversations with all your key internal stakeholders from the treasury, IT and risk management departments. That way you can look at your fraud mitigation strategies holistically and bring together the stakeholders who otherwise may not always be in sync with everyone’s activities and objectives.
How can your bank be the first line of defense in your anti-fraud strategy?
As online fraud and identity theft continue to grow, banks are increasing their security standards and taking strong measures to protect their customers against fraudulent identity and account access. However, one of the biggest risks is actually the individual computer or workstation used to conduct payment transactions. Your bank representative can help you understand how your business may be vulnerable and assist you with adopting solutions that can help minimize your exposure to fraud. They can also help you identify stronger controls in the initiation and execution of financial transactions, which can strengthen your payment processes.
Steve Pedersen, Vice President, Corporate Payment Products for Canada and Corporate Cards for North America, contributed to this article.
For more information about this content, contact Oscar Johnson.
Leslie Anderson
Head of U.S. Metropolitan Treasury and Payment Solutions Sales
Fraud is a persistent threat within all organizations and affects businesses of all sizes and across all industries. But the more your business grows, the more it has to lose -- and the more stakeholders you have to answer to.
I recently sat down with Derek Vernon, Head of North American Treasury Product Management, BMO Financial Group, to discuss what businesses need to know about mitigating their fraud risk and improving their internal processes. He made it clear that fraud requires a response grounded in strategy and encompasses various business processes, including account access and transaction authority, employee education, and sound tools and technologies.
LESLIE ANDERSON: As a company grows, how does security become more of an issue in terms of cash management?
DEREK VERNON: They have to think about segregation of duties. That is, having one person or group of people tasked with initiating a payment and another tasked with making the approval. Otherwise, if the same individual is responsible for both, that could be a risk for internal fraud. Or if that individual is manipulated in some way through phishing or social engineering, that individual won’t be able to send out a payment on their own.
You also have to consider the security of your IT infrastructure. That includes ensuring your anti-virus and anti-malware software are up to date, and using a firewall to help protect against unauthorized access. It also includes building internal controls around managing check stock, and making sure you’re keeping documents up to date with your bank so they’re not acting on instructions from people who may have left the company.
Is this because these systems and processes become more complex as you grow?
Sure. You might be growing geographically, for instance, so now you have to think about people in different offices where you don’t have the same level of control you would have if they were in the same building. You also have to think about different regulations for the jurisdictions you’re operating in.
There’s also management accountability. A smaller company might have a treasurer who oversees everything. As that company grows, beneath the treasurer you now might have multiple managers looking over different facets of the treasury function, and that adds a whole level of complexity of its own for the treasurer.
For some businesses, the more they grow, the more checks they end up handling. What are the risks involved with handling large amounts of checks on a regular basis?
The biggest risk is the theft of your check stock, which can then be used to defraud the company. A big value of moving to a comprehensive payables solution is that you don’t have to order check stock, you don’t have to handle check stock, and you don’t have to worry about maintaining expensive printers, since checks have to be printed on special type of printer.
Why does it make sense to use automation to replace manually depositing checks?
For starters, you can save time and money. You can also make more timely deposits. With remote deposit capture you’re able to scan and send checks on your own, meaning you’ll get faster availability of your funds. You can also gain far better productivity because you’re not sending people out of the office during business hours.
This also has security implications. Fewer manual touch points mean fewer opportunities to intercept a check. If you can deposit it electronically right away, you’re decreasing the chance for the check to be used fraudulently.
What else can companies do to minimize fraud?
They can use a chip and PIN corporate credit card, which is considerably safer than using a swipe-and-sign card. You’ll also get reporting tools that let you monitor your spending patterns and more easily spot anomalies, which can tip you off to a fraudulent transaction. Companies can also implement multiple controls, which can limit how and where that card is used, further minimizing your exposure to both internal and external fraud.
When do you know you’re ready to move to the next level of cash management?
It’s different for every company. But through conversations with your banker, it probably will become evident that you’ve reached a certain level of size or sophistication where you should be taking advantage of certain products and solutions. Those conversations could be a trigger to realize you’re now too big to have Sally or Mark examine every check every day; that your volume has grown to a level that you now need to utilize a Positive Pay-type solution where the bank and this technology are doing that for you. And many of these techniques will also help improve a business’ cash flow efficiency.
How can you make sure your processes are aligned with your company’s plans for future growth?
It’s critical that as a company grows, you organize the treasury function in such a way that it will be difficult for a fraudster to penetrate it. And this strategy needs to evolve along with your evolving treasury practices. A business should periodically evaluate its fraud management policy in light of changes to its business practices, such as the distribution of payment disbursements. The evaluation should address all aspects of fraud prevention, such as employee training and code of conduct, detection and prevention tools, and processes for investigation and recovery in the event of a fraud incident.
And you should have these conversations with all your key internal stakeholders from the treasury, IT and risk management departments. That way you can look at your fraud mitigation strategies holistically and bring together the stakeholders who otherwise may not always be in sync with everyone’s activities and objectives.
How can your bank be the first line of defense in your anti-fraud strategy?
As online fraud and identity theft continue to grow, banks are increasing their security standards and taking strong measures to protect their customers against fraudulent identity and account access. However, one of the biggest risks is actually the individual computer or workstation used to conduct payment transactions. Your bank representative can help you understand how your business may be vulnerable and assist you with adopting solutions that can help minimize your exposure to fraud. They can also help you identify stronger controls in the initiation and execution of financial transactions, which can strengthen your payment processes.
Steve Pedersen, Vice President, Corporate Payment Products for Canada and Corporate Cards for North America, contributed to this article.
For more information about this content, contact Oscar Johnson.
More Insights
Tell us three simple things to
customize your experience.
Commercial
Commercial
-
Who We Are
-
Industry Expertise
- Agribusiness & Protein
- Agriculture
- Dealer Finance
- Commercial Real Estate
- Correspondent Banking
- Educational Institutions
- Engineering & Construction
- Food & Beverage
- Franchise Finance
- Futures & Securities
- Governments
- Healthcare
- Manufacturing
- Metals
- Not-for-Profit Organizations
- Private Equity Sponsors
- Professional Services
- Retail & Wholesale Distribution
- Specialty Finance
- Trucking
- Dental Practices
- Fuel Services & Convenience
- Logistics, Rail and Shipping
- Technology Banking
- Wine & Spirits
- Religious Institution Banking
- We Can Help
-
Our Bankers
- Our Podcasts
Contact Us
Banking products are subject to approval and are provided in the United States by BMO Bank N.A. Member FDIC. BMO Commercial Bank is a trade name used in the United States by BMO Bank N.A. Member FDIC. BMO Sponsor Finance is a trade name used by BMO Financial Corp. and its affiliates.
Please note important disclosures for content produced by BMO Capital Markets. BMO Capital Markets Regulatory | BMOCMC Fixed Income Commentary Disclosure | BMOCMC FICC Macro Strategy Commentary Disclosure | Research Disclosure Statements.
BMO Capital Markets is a trade name used by BMO Financial Group for the wholesale banking businesses of Bank of Montreal, BMO Bank N.A. (member FDIC), Bank of Montreal Europe p.l.c., and Bank of Montreal (China) Co. Ltd, the institutional broker dealer business of BMO Capital Markets Corp. (Member FINRA and SIPC) and the agency broker dealer business of Clearpool Execution Services, LLC (Member FINRA and SIPC) in the U.S. , and the institutional broker dealer businesses of BMO Nesbitt Burns Inc. (Member Canadian Investment Regulatory Organization) in Canada and Asia, Bank of Montreal Europe p.l.c. (authorised and regulated by the Central Bank of Ireland) in Europe and BMO Capital Markets Limited (authorised and regulated by the Financial Conduct Authority) in the UK and Australia and carbon credit origination, sustainability advisory services and environmental solutions provided by Bank of Montreal, BMO Radicle Inc., and Carbon Farmers Australia Pty Ltd. (ACN 136 799 221 AFSL 430135) in Australia.
The material contained in articles posted on this website is intended as a general market commentary. The opinions, estimates and projections, if any, contained in these articles are those of the authors and may differ from those of other BMO Commercial Bank employees and affiliates. BMO Commercial Bank endeavors to ensure that the contents have been compiled or derived from sources that it believes to be reliable and which it believes contain information and opinions which are accurate and complete. However, the authors and BMO Commercial Bank take no responsibility for any errors or omissions and do not guarantee their accuracy or completeness. These articles are for informational purposes only.
This information is not intended to be tax or legal advice. This information cannot be used by any taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. This information is being used to support the promotion or marketing of the planning strategies discussed herein. BMO Bank N.A. and its affiliates do not provide legal or tax advice to clients. You should review your particular circumstances with your independent legal and tax advisors.
Third party web sites may have privacy and security policies different from BMO. Links to other web sites do not imply the endorsement or approval of such web sites. Please review the privacy and security policies of web sites reached through links from BMO web sites.
Notice to Customers
To help the government fight the funding of terrorism and money laundering activities, federal law (USA Patriot Act (Title III of Pub. L. 107 56 (signed into law October 26, 2001)) requires all financial organizations to obtain, verify and record information that identifies each person who opens an account. When you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask you to provide a copy of your driver's license or other identifying documents. For each business or entity that opens an account, we will ask for your name, address and other information that will allow us to identify the entity. We may also ask you to provide a copy of your certificate of incorporation (or similar document) or other identifying documents. The information you provide in this form may be used to perform a credit check and verify your identity by using internal sources and third-party vendors. If the requested information is not provided within 30 calendar days, the account will be subject to closure.