IMPLEMENTING AN UPDATED PAYMENTS STRATEGY

In practical terms, there are a number of steps companies can take to update their payments strategy. Key actions include the following:

Payee onboarding

A key element of any payment strategy is how the organization captures and manages customer identification and payment data. Routing payments correctly requires appropriate know your customer (KYC) procedures, clear processes for collecting supplier or customer account information and secure methods for storing that data. Any changes to vendor payment information should be accepted only after a similarly robust verification process has been followed.”

Instrument selection

Each company has its preferences regarding payment instruments and rail selection, driven by factors such as customer expectations and risk tolerance. These preferences should be used to set the parameters that guide payment routing choices and be embedded into the payment initiation workflow alongside other requirements, such as individual authorization limits. Where those parameters are clearly defined, payment routing can be automated. While companies can implement payment routing internally, some banks also offer automated routing based on predefined customer criteria.

Case Study: Onboarding Vendors to a Treasury Workstation Using Template Wires

Learn more

Case Study: Switching from Checks to ACH

Learn more

Another company operates a similar process via its ERP system. Vendor relationships are managed by the business unit. They are also responsible for contract terms and having legal and procurement review the contract. Only then is the vendor registered on the ERP, allowing payments to be made via AP. Bank account details are submitted through the bank and validated with a confirmation by phone, which is made by someone other than the person who initially registered the vendor.

Tight data protection controls can complement other fraud risk management tools. In one company, supplier data is stored securely in a central database. Only authorized treasury personnel are able to change supplier details.

Payment initiation

Payee identity and settlement instructions should be validated before payment is initiated. The payment workflow should embed key controls, including segregation of duties so that payments are approved by someone other than the initiator. Individuals involved in payment initiation should have the necessary skills and access to relevant information to make effective decisions. The workflow can also include rules requiring higher-value payments to be approved by a more senior authorizer and, where appropriate, subject to additional confirmation processes.

Risk management

The new Nacha rules require companies to assess their payment processes for risk and take appropriate mitigation actions.

No single solution can completely eliminate error and fraud. Robust processes are essential, including clear segregation of duties, so that different people perform distinct roles within the workflow. Where possible, these controls should be embedded in the treasury management system, workstation or ERP system to prevent changes — such as to a payment or payee record — without appropriate verification.

There are a range of tools that can help companies manage fraud risk. Account verification services confirm bank account ownership and support automated validation processes. Microdeposits can be used to verify account details with minimal risk to the sender, and ACH positive pay helps protect against unauthorized debits.

The best protection is a layered approach, with controls applied at multiple points in the process. The key is to have a skeptical mindset, where all data and requests are verified, even when the source is a trusted partner.

Relationship building

Building strong relationships with both internal and external stakeholders is critical to project success. Internally, securing buy-in from the CFO and the wider C-suite helps drive adoption throughout the organization. Educating team members on new processes — especially when moving from paper to electronic methods — and on the use of new fraud monitoring tools is also essential.

“Everyone has a responsibility to protect the company against fraud,” said Perkins.

Santiz recognizes the importance of sharing information with his extended team. “Each business unit has a named individual responsible for fraud,” he explained. “If there’s an attempted fraud, that person is required to notify us on a specific form, providing as much information as possible. We then get information out to all the [approximately 125] treasury workstation users and to all the CEOs and CFOs of our business units, as soon as possible.”

Externally, treasury practitioners rely on banking partners and technology vendors to generate payment instructions in efficient formats that meet bank requirements. Third parties also offer a range of anti-fraud services, including account verification, AI-driven behavior monitoring and fraud indemnification in the event of financial loss.