Kyriba - Fraud and Security

Friday, August 28, 2015 - 19:30

Approximately half of all U.S. corporates still use spreadsheets as their exclusive treasury management tool. Although they remain a key tool in every treasury's armory, they are not the ideal long-term solution for a strategic, proactive treasury department. RB Erickson, Kyriba's global director of sales enablement, shares his views on the role of spreadsheets in the modern treasury department, and how they shape up to a treasury management system.

Why do corporate treasurers continue to use spreadsheets?

Spreadsheets are still used across practically all treasury departments, to a greater or lesser extent. Some of the more common reasons include:

Lack of time and / or resources to focus on implementing a treasury management system (TMS). Treasury departments can become so overwhelmed by their daily manual processes that they feel they are unable to spare the time to look at, let alone implement, other solutions.
The cost to switch from spreadsheets to a treasury management system is perceived as too high. Fortunately, true SaaS solutions have mitigated this concern.
Treasurers may view their operations as too simplistic to require a treasury management system.

What are the pros and cons of spreadsheets vs. TMS?

Spreadsheets certainly have their place in the treasury department. However, there are several factors that should be considered which make them less than ideal as an organization's primary tool for treasury management.

Pros of spreadsheets

Familiarity– Treasury professionals have been using spreadsheets since they were in school. It is easy, and often comforting, to stick with what you know.

Flexibility– If you know how, you can build almost anything treasury might require in spreadsheets, including writing VBA macros.

Perceived low cost– The hard-dollar cost of spreadsheets is less than a TMS. However, there tends to be a shift in cost, as can be seen in “cons” list below.

Cons of spreadsheets

Error prone– Through an evaluation of several spreadsheet-error studies, Dr. Panko at the University of Hawaii has shown that over 88% of spreadsheets have errors. This is an interesting statistic given the prevalence of spreadsheets in treasury. I can’t think of another area where this would be an acceptable risk percentage.

Familiarity– Familiarity can breed trust. Unfortunately, as shown through error-rate studies of spreadsheets, this trust may be misplaced, or at least cause unadvised action, as in the lack of best practices listed below.

Manual – in addition to increasing the likelihood of errors, manual process are generally less efficient than their automated counterparts. As a result, it is not uncommon for treasury professional to spend hours a day gathering and formatting data, prior to being able to use it for financial decision making. Interestingly, this can have the unintended consequence of low job satisfaction for the highly educated treasury professional that has to spend more time in low-value pursuits and less time analyzing the end results.

Lack of best practices– spreadsheets are a software application and, in the case of treasury, it is a software application that holds sensitive financial data. That may sound obvious. However, obvious or not, this fact makes it perplexing why we do not hold spreadsheets up to the same standards as any other financial software our companies use.

For example:

Software development best practices and controls such as change management and release testing are not generally required for spreadsheets use
Segregation of duties – Often the same person who is tasked with “coding” the spreadsheet, is the same person that uses it in their daily job
No audit trail – changes to data and programing logic cannot be tracked in spreadsheets
User authority – spreadsheets do not offer that ability to control user access by role
Business Continuity and Disaster Recovery – Rarely do treasury departments have stringent business continuity and disaster recovery processes in place for spreadsheets that are required for all other financial software
Personnel backup – It is very common that the only person who knows exactly how the spreadsheet works is the person who built it. There is traditionally little documentation on how the formulas or VBA are constructed and work. If the primary person is not available, usage is impaired, there is greater-than-normal risk of errors and maintenance is time consuming and in some case impossible

What are spreadsheets being used for among global corporates?

Treasury professionals use spreadsheets for just about everything that falls within their purview (e.g. cash positioning, forecasting, FX hedging, bank account management, netting, in-house banking and payments). This underscores the point that spreadsheets are financial software and should be under the same scrutiny and process controls as all other financial software in the company.

Will spreadsheets ever fall out of usage, and if so, what will be the driving factors?

Spreadsheets can be great tools. As such, I don’t believe they will or should completely go away. However, they should be used within the limits of their inherent strengths. Spreadsheet are not intended or suited to be the principle treasury software. Consequently, I don’t think it is a question of spreadsheets falling out of usage. We should ask, "when will spreadsheets be used within their intended and proper scope?" Unfortunately, I don’t know the answer.

This change will likely be the combined result of several catalysts, including new regulations, IT policies that more properly manage spreadsheets, greater access to low-resource SaaS solutions and even market shake-ups like in 2007.

To use an analogy, spreadsheets could be viewed as the technological equivalent to the rock. At one point in human history we used the rock to sit on, start fires, pound things into the ground, grind our food, construct our buildings, and many other things. Eventually we invented chairs, matches, hammers, food processors, and steel. Rocks are still useful and have their place, but we are no longer required to use them for everything we do.

Tags:

Cash Management

Fraud and Security

Treasury Management

Tuesday, September 15, 2015 - 13:30

I was listening to NPR while I was stuck in traffic on my way to work this morning, and there was an interesting story about cyber fraud and banks’ responsibility - or lack thereof - to reimburse organizations for payments fraud committed against them¹.

While the story focused on small to medium businesses, several of the scenarios described could quite easily be replicated with any size of organization. Here’s one alarming example from the NPR story about a complex spear-phishing incident, from the CEO of a medium-sized business in the Pacific Northwest:

(...) Cyberthieves hacked his email account, impersonated him and transferred more than $1 million through U.S. domestic accounts to an account in China. (…)

(The victim) says one of the most unsettling things was realizing that once the cyberthieves had accessed his email, they had vast and intimate knowledge of his life and business practices.

“They knew exactly how I had communicated with our bookkeeper,” he says. “They knew exactly what kinds of things that I said” in emails to her authorizing transfers. He made another disturbing discovery: When he looked back at the transfers, he found that when they were authorized he always seemed to be in business meetings.

That's because the thieves also had access to his Outlook calendar. It meant the cyber crooks could safely impersonate (the victim) and write emails telling his bookkeeper to transfer funds to their bank accounts. The thieves could respond to any questions from (the victim’s) bookkeeper and then delete all those communications from the account before (the victim) returned from his meetings and checked his email again.

And what was his bank’s response? “Sorry that this happened, but we can’t help you.” In fact, companies often have very few options in this situation, aside from what can often be a very expensive lawsuit. As long as banks can convice the courts that they offer security process that are "commercially reasonable," they aren't obliged to reimburse corporate victims of payments fraud.

Although this may seem like it couldn't happen for a larger business, if you replace the CEO in this story with a large organization’s CFO, and the bookkeeper with a member of the treasury team responsible for payment processing, the situation could easily apply to countless organizations across the world. As spear-phishing attacks are becoming both more commonplace and more sophisticated in their execution, it’s critical for treasury teams to implement strong authorization processes for payments, and not simply rely on an email from a supposedly trusted source. It's therefore critical that more robust processes and solutions are put in place to stop the fraud from taking place. While education plays a major role in combating cyber-fraud, there are also a number of technical solutions within treasury management solutions that treasury teams can take to minimize the risk to their organization. These include:

Dual-Factor Authentication
Creating a randomly generated one-time password using the user’s smartphone, a token, or a SWIFT 3SKey digital certificate.

IP Filtering
A security feature that allows clients to restrict login to a pre-defined set of IP addresses – or ranges of addresses – which are set up and maintained by the system security administrator.

Virtual Private Network
Ensures that users can only access their treasury solution through a dedicated network.

Enterprise SSO
Single sign-on with a client’s internal security environment, meaning that all password controls are managed internally by the corporate IT team and policies.

Digital Signatures
Personal identity tools that allow the user to digitally sign messages and electronic documents, as well as approving transactions within the system.

For more information about the risks that treasury teams face from payments fraud, as well as some of the steps that organizations can take to protect themselves, check out some of the articles below.

Simple Steps Can Stop Sophisticated Fraud

Treasury Strategies shows how proper planning and protocols can stop business email compromise in its tracks.

Due to forward thinking and the implementation of a multistep fraud prevention program, one company dodged a very expensive bullet. New York City-headquartered Rockefeller Group, a property development, management, and investment company, was hit last year by a highly sophisticated business email compromise (BEC) scam--one that could very well have succeeded if measures weren’t thought of ahead of time.

As described in a recent webinar arranged by Treasury Strategies and treasury management systems provider Kyriba, a treasury executive at Rockefeller received an email purportedly claiming the company’s CEO was involved in confidential negotiations to acquire a company in the UK and requested an $8 million wire transfer. Sam Pallotta, the treasurer, explained that the request was meticulously constructed and appeared to be coming from the CEO’s email account, even mimicking his writing style and targeting an assistant treasurer on a day when Mr. Pallotta was on vacation. What’s more, the company had a history of acquisitions in the UK.

Noting the importance of the discretion of the deal, the email specifically instructed the executive to tell no one else of the request. Mr. Pallotta said it is uncertain how the fraudster knew he was out of the office, but he suspects his Outlook calendar was hacked. “The fraudulent payment may have been made were it not for the payment protocols that our organization has in place to ensure all wires are legitimate and accurate,” Mr. Pallotta said.

He then provided a lengthy list of protocols, noting the primary one leading to the discovery of the scam required signoffs on every payment by four employees on physical and electronic forms; and when a wire transfer is over $1 million, the CEO must sign for it. “Knowing the CEO would eventually have to sign the physical payment form, the executive walked down to the CEO’s office to discuss the payment with him directly, and at that time we realized this was a fraud attempt,” Mr. Pallotta said.

Requiring the segregation of duties, for instance so that wire payments cannot be released by just one employee, was also key, as was the authorization limit requiring the CEO’s signature. The Rockefeller Group’s Kyriba treasury workstation, which has built-in limits requiring specified employees to input and release wires, also limits the amount an individual can release. No one, for example, can release wires over $25 million, and such a wire requires an exception approved by Mr. Pallotta, and it must be executed by the IT department’s security administrator.

The company also takes advantage of bank controls such as positive pay and ACH debit block, and top management has expressed full support for programs to train employees across the company and widely communicated written policies. RB Erickson, director, global sales management at Kyriba, and also a member of the webinar’s panel, noted that check fraud remains the most common form of payment fraud, but wire fraud is quickly gaining. In 2013, 14% of organizations reported being the target of attempted or actual wire fraud, and by 2015, it was 48%, while check fraud fell to 71% from 82%. Much of the wire fraud is conducted via BEC scams. Mr. Erickson noted that the FBI recorded 17,000 victims of BEC scams between October 2013 and early this year, resulting in $2.3 billion in losses.

In terms of reviewing payment fraud protocol, said Jeff Diorio, managing director at Treasury Strategies, a first step is looking at the components of the company’s payment process and the procedures currently in place.

“We recommend starting with evaluating the company’s current level of security and its existing exposures,” Mr. Diorio said during the webinar, adding a review of payment procedures and payment initiation controls is next on the list. “We’ve consulted with several companies and found their controls are either not sufficient or not adhered to.”

Also important is putting together a team to respond to instances of payment fraud that comprises a range of executives, such as those from treasury and the controller’s office. And companies should evaluate the potential avenues to attack, whether by perpetrators inside or outside the company. Mr. Diorio recalled talking to the head of cyber security at a large package-delivery company who flat out acknowledged that fraud attempts aimed at treasury simply weren’t a concern, particularly when an attack bringing down the company’s core systems could render it unable to track packages and threaten its overall business.

He added that a BEC attack that succeeds in prompting a treasury executive to wire $10 million to the fraudster was up to treasury to deal with.

“You have to put risks in perspective,” Mr. Diorio said. “In this case, I’ve worked with has taken on the responsibility themselves and brought appropriate parties in to help.”

This article orginally appeared on iTreasurer

Tags:

Monday, June 6, 2016 - 14:15

Five payments fraud management questions you should ask or risk peril

In the 2016 AFP Payments Fraud and Control Survey, 48 percent of surveyed Corporations declared to have had Wire transfer fraud or fraud attempts in 2015, skyrocketing from only 27 percent in 2014.

Additional reading: The Business Case for a Payment Hub: Centralizing Corporate Payments to Improve Efficiency and Reduce Fraud

It is also amazing to see that 49 percent say that these successful fraud attempts or reported fraud attempts could be above 50 thousand dollars (USD) and up to two million dollars. In fact, the Kyriba / ACT 2016 Annual Survey found the “[r]isk of fraud is growing (along with potential financial & reputational loss), with 2016 revealing a 20% increase from the previous year in the number of companies having been the target of attempted fraud. The largest actual loss reported was $2.5m from a single incidence.”

Beyond these financial risks, the reputational risk became concrete with a few articles in the press regarding famous public companies. The frauds which were revealed in 2015 ranged from one million dollars (USD) to more than 17 million dollars.

Despite these very high numbers, many corporations today report that they have more than 10 payment initiation systems and no central visibility on payment processes, payment initiators and signatories. The lack of centralization and transparency significantly increases the opportunity for fraud and cybercrime.

In order to help you evaluate your risk, we have put in place these five questions:

1) How many payment initiation systems do you have at a corporate level?

The ideal scenario is to have one centrally controlled initiation system or to cover at least 98 percent of your payments with one initiation system or payment hub.

2) Are payment workflows consistent in every department for domestic and international payments?

In a large corporation, regardless of payment bank, entity initiating payment, or country of initiation or receipt, the workflows and matrix of approvals must be standardized to minimize fraud.

3) Are payment workflows centrally managed and controlled?

Disaggregated systems or payment procedures create opportunities for fraud due to lack of visibility. Even if people are decentralized, visibility and control of payments should be centralized through a global set of payment initiators, approvers, and signatories.

4) Can you report and certify your reports about approvers?

Implementing standardized and centralized payment procedures is important, but so is documenting payment controls. Audit trails, dashboard ‘control centers’, and defined reconciliation procedures are critical to prove that fraud prevention techniques are employed but also that fraud detection features are utilized.

5) Is treasury linked to your payments systems?

Treasury requires visibility into outgoing payments to optimize deployment of cash and liquidity. Further, without transparency on all outgoing payments, treasury is unable to reconcile authorized payments with payment confirmations – a key fraud detection best practice.

Payment fraud is unfortunately becoming more of a probability than a possibility. Spear phishing and impostor fraud schemes are increasing in sophistication, targeting exposure points such as disparate systems and lack of centralization. Integrating payment policy with payment technology will reduce the risk of fraud, which is starting to translate to quantifiable financial value.

Tags:

Wednesday, July 27, 2016 - 19:00

Managing corporate payments is becoming a riskier proposition. The threat level, primarily due to fraud and cybercrime, is growing in volume and sophistication. The AFP Payments Fraud and Control Survey found that 73% of organizations were the target of payment fraud in 2015, with 42% reporting that fraud attempts were successful.

Fortunately, there are best practices that corporate treasurers can implement that will reduce the risk of fraud occurring – and increase the timeliness that fraud is detected should an event occur.

1. Securing access to payment systems

The first level of defense is to ensure that only authorized users are logging in to systems that can initiate, approve, and transmit payments. Depending on the technology used, this may include bank portals, treasury management systems, or ERP solutions. Two-factor authentication – either by hard (e.g. key fob) or soft token (e.g. digital key messaged to your smartphone) – is the minimum any treasury team should rely upon.

Additional reading: eBook: Six Ways to Prevent Financial Fraud with Kyriba

Further safeguards include IP Filtering, Virtual Keypads, Encrypted VPNs, and Single Sign-On (SSO) with internal systems. SSO requires some collaboration with internal IT, but often this remains the preference of the CIO’s office. Whatever the methods chosen, combining multiple security protocols is recommended to maximize protection, ensuring that more than a UserID and Password is required to access payments systems.

2. Encrypted data

There are typically two areas of encryption necessary in treasury. The first is encrypting data at rest. This simple technique prevents any user (or criminal) that gain control of the data within the database from being able to read or understand that information.

If treasury systems are hosted on premise, this will be the responsibility of the CIO’s office. If payment systems are in the cloud, this is 100% the responsibility of the software vendor. It should never be assumed that encryption at rest is offered; this must be validated as not all payments systems offer data encryption at rest.

The second encryption requirement is to ensure that data in transit is encrypted. “In transit” may mean in between treasury system and bank, or it may be between ERP and payment aggregator/hub, such as a SWIFT solution. At no point should a human readable file containing payment instructions be accessible to any users - authorized or unauthorized.

3. Standardized payment workflows

Many organizations manage payments that are initiated by multiple people in different geographies. Whatever the level of decentralization, it is important to have a global payment policy that encompasses payments initiated in different countries, across all banks, for all payment types, and for various notional amounts.

Cybercriminals and internal fraudsters prey on inconsistency in payment procedures. If there are payments that don’t require approval or certain scenarios where payment initiation is not followed by review of supporting documentation, fraudsters will find those weaknesses through BEC schemes and imposter fraud. Standardizing workflows provides the consistency needed so that CFOs and treasurers can be assured that all payments are initiated, approved, and transmitted in alignment with corporate policy – which will increase transparency and reduce risk.

4. Central control center

Large treasury operations with significant payment volumes are challenged with reviewing every single workflow, limit, and approval change – which is why a central dashboard for change management is a best practice. The need for proactive monitoring has never been higher, especially as spying cybercriminals are increasingly able to uncover opportunities to exploit treasury’s overall lack of visibility and control over payments.

While every treasurer will have slightly different activities to be monitored, common requirements include tracking new account signatories, changes to user duties, updates of approval limits, acknowledgements of all imported and exported data, and - especially for payments – acknowledgements (ACKs) of payment transmission through the different stages of the workflow from payment system to payment hub to transmission protocol (e.g. SWIFT or FTP) to initiating bank.

A central dashboard or control center offers the visibility across all of these changes and updates, enabling treasurers to be more in control of their cash and payment workflows.

5. Watchlist screening

Every bank will compare payments received from corporate customers against industry watchlists, such as OFAC in the US or EU and UN lists globally. However, Treasurers are taking unnecessary risk by relying on their banks as the exclusive determinant of which payments pass or fail this check. Integrating watchlist screening into your payment process and technology will not only identify suspect payments – which may have been initiated through fraudulent behavior – but will also give treasury teams advance notice that the bank will be requesting more documentation to support legitimate payments. This advance notice should not be underestimated, as even a valid payment that is flagged by an OFAC check can be tied up for many days as the bank performs their due diligence. Reducing this wait time reduces costs, never mind offering reduced risk.

6. Multiple points of reconciliation

In addition to all the fraud prevention and detection mechanisms and processes that are implemented to make payments less risky, it remains an absolute must to perform reconciliation of payments sent to the bank versus the payments the bank confirms they received. This is a current day activity that can identify a fraudulent payment in sufficient time to take corrective action.

In addition, prior day reconciliation of all disbursements is important as the prior day transaction file (BAI, MT940, XML CAMT, etc.) will provide sufficient detail to automatically match expected payments to recorded transactions, meaning that exception reports can also be automatically generated.

These checks and balances are necessary even if all payments are centralized through the ERP or treasury management system to ensure that no payments were transmitted by other means.

Reducing payment risk is an objective for every treasury team to minimize the likelihood that unauthorized payments are transmitted to the bank as well as enabling uninterrupted payment workflows. Technology can play a key role to offer visibility, control, and validation of change management so that treasurers remain efficient and productive at managing corporate payments.

Tags:

Friday, November 4, 2016 - 18:45

Cloud treasury Kyriba, business man walking up stairs

The 2016 annual AFP conference in Orlando, Florida was all about breaking boundaries. For those of us who attended and who have practiced treasury, we were reminded of just how treasury continues to evolve. Treasury continues to be asked to provide more, high-level analyses to guide our organization through the torrential shifts in economies, adapt to regulatory shifts that affect even basic cash management practices, and continued vigilance in our fight against fraud and cybercrime. We were also exposed to great case studies on how technology can enable us to achieve more with less, driving us to simultaneously create and protect value in treasury. Below are five themes that popped out from AFP 2016 and which will continue to be treasury priorities throughout 2017:

1) Treasurers are Risk Managers

Everything we manage in treasury is driven by mitigating risks. Good cash management and forecasting practices prevent liquidity risk. Hedging may soften the effects of currency and interest rate risk. Eliminating spreadsheets to manage treasury reduces operational risk, as does improving fraud prevention and detection.

The more treasury thinks in terms of what risks they are mitigating, the more valuable they will be perceived within the organization and the more likely treasury projects will be prioritized in the budget.

Additional reading: Making strides with the help of technology

2) Cash Forecasting is always No. 1

Every year at AFP and other conferences, attendees flock to sessions discussing cash forecasting. A good, accurate forecast seems to be like the end of a rainbow – always sought after, never found. But here’s a hint – if you want to be a treasury leprechaun that finds the forecasting pot of gold, then focus on these three steps:

Collaboratewith the right people to find the best data for each line item. Collaboration is key as people own data.
Measurethe accuracy of forecasting and feed those variances back to your extended team.
Review this webinar on forecasting:Perfecting the Cash Forecast: How to Add Business Value to Your Organization.

3) Fraud and Cybercrime

We are tired of hearing about fraud and cybercrime. Unfortunately fraudsters are relentless, so letting our guard down is the worst possible scenario. Fraud prevention in treasury can be reduced to these three simple steps:

Application security– protect your treasury applications with more than a UserID and Password.
Data security– make sure 100 percent of data is encrypted and safe from internal and external fraudsters. Remember, the majority of CIOs mandate the use of cloud applications to improve data security. The right cloud provider – i.e. those that align with your organization’s information security policy – will make your treasury data more secure.
Standardize workflows– there shouldn’t be any exceptions from a global, standardized payment policy or bank account management procedure. Fraudsters prey on exceptions, so don’t make it easy for them to gain access to your accounts.

4) Regulatory Compliance

In the past couple weeks alone, two regulations were again vaulted to the forefront:

Section 385– while carve outs were offered for cash pooling and in-house banking, there remains a need to properly document intercompany transactions including payments related to intercompany balances. Operating on Excel or using a TMS that doesn’t offer these compliance checks and balances means a significant amount of work to satisfy auditors’ requests for information. Those with a more modern TMS don’t have this worry.
Money Market Fund reforms– particularly floating net asset value as well as the threat of redemption fees and gates has pushed most cash managers to seek the safe havens of government funds and time deposits. However, this large shift into “govvies” has increased the relative yield possible through investment in prime funds, which continue to be a composition of low risk money market securities. Those with the right treasury management systems benefit from automation of floating NAV calculations, making the reforms minimally impactful. And in return, they get a greater return on excess cash.

5) Payment Aggregation

At this month’s AFP Conference, a significant discussion point was increasing the efficiency and reducing the cost of payments. While in the US much of that discussion involves migrating from checks to ACH, many conversations also focus on aggregating corporate payments across treasury, accounts payables, and other teams into a single payment hub – sometimes called a payment factory. While payment factories can also be linked with shared services, in-house banks, and even multi-lateral netting – at its core the proposition to centralize corporate payments through a single technology portal is driven by three things:

Minimizing costs– multiple systems sending payments to the bank means duplicate costs, much of which is absorbed by internal IT to connect the ERP to bank.
Increasing visibility– Treasurers struggle with transparency into upcoming vendor payments, meaning that liquidity decisions are too short term. Centralizing payments increases visibility, which improves working capital.
Reducing risk– there are two big risks that can be mitigated through payments centralization. Messaging standardization transfers the risk of generating the correct payment formats for each payment type, bank, and geography from internal IT to a payments provider, who have payment format libraries. Standardizing payment workflows also helps reduce the threat of fraud and cybercrime, which is becoming as big a threat as anything Treasurers have faced in the past decade.

In summary, it’s an exciting time to be in treasury. The challenges continue to mount, and yet the opportunity to provide strategic value to the organization is increasing. Technology will enable that success so I hope you are armed with the right technology to take advantage of this great opportunity to be successful.

Tags:

Friday, November 11, 2016 - 17:15

Kyriba selected seven of the best recent articles that demonstrate how treasury professionals can be more strategic in their thinking, often with the help of effective policies, payments workflows, and technology. To save you some time sorting through the abyss of information, Kyriba selected these treasury management articles which provide beneficial insights to treasury, cash and risk management professionals world-wide.

Treasurers have more strategic role but still struggle with core tasks - survey -- CTMFile

Treasurers are taking on a more strategic role within their organisations, with half of respondents noting that they provide strategic financial analysis, compared with 39 per cent a year ago, while 30 per cent are acting as counsel to the executive team (2015, 24 per cent).

5 Reasons Why Treasurers Should Adopt Multilateral Netting -- AFP

Treasurers are always looking to simplify their payments workflows, and ensure they have the most secure methodology. Multilateral netting is a great way for treasury management professionals to mitigate tax and compliance risks among many added benefits.

Planning for a successful future in Treasury: What we learned at AFP Orlando 2016 -- Kyriba Blog

Treasury continues to be asked to provide more, high-level analyses to guide the organization through torrential shifts in economies, adapt to regulatory shifts that affect even basic cash management practices, and continued vigilance in the fight against fraud and cybercrime.

Technology: standing at the crossroads -- Treasury Today

Your competition is accelerating, and technology is one reason why competitive advantages have propelled the role of global treasury manager. The strategic value of treasury management software today and in five years time should be better understood.

Four Keys to a Successful Supply Chain Finance Program -- AFP

Financial security is among the highest priorities for CFOs, but though supply chain finance programs can demonstrate strategic value, they are often overlooked. The successful SCF program is one that adheres to these four key tips.

Amex GBT Pursues T&E Via M&A -- Pymnts.com

The strategy for many high growth global organizations is aquisition. In this article, the opportunity to grow through acquiring the right technology is discussed.

Managing risk with effective treasury policies and technology -- Kyriba Blog

Effective treasury policies and technology can increase efficiencies that lead to more time spent on meaningful analysis for capital allocations structures, risk management insight, supplier or customer finance programs, or new or better business intelligence.

Whether you are starting out on your path to treasury transformation as a practitioner or deep into your treasury tenure and guiding your team through the process, Kyriba offers these articles to pique your ability to succeed. Follow us for more treasury tips and related news on our blog and social media pages, Twitter, Linkedin, Facebook.

Tags:

Tuesday, December 20, 2016 - 18:30

Digital lockdown - best practices for connectivity and payments

Fraud and cybercrime have been a concern for corporate treasurers for several years, and this past year showed us that there is a new risk to consider: connectivity. The stories of banks being hacked and losing millions through unauthorized payments shook the industry, since protecting payment connectivity workflows was low on the priorities list for treasury.

While unfortunate for those involved, there are valuable lessons to be learned for the rest of us in treasury:

1) Protect payment systems from unauthorized access. Corporates have many options – bank portals, treasury management systems, ERPs – that offer the ability to initiate and approve payments. Each and every one of these systems should be protected by more than a UserID and password. The CIO in every organization has likely set a standard for user authentication protocols; treasury needs to align with that to ensure that financial systems are secure from unauthorized entry. Sometimes that minimum standard is multi-factor authentication, but oftentimes it is a combination of safeguards. The CIO will have already set a policy that treasury should follow.

Additional reading: Centralizing corporate Payments to Improve Efficiency and Reduce Fraud

2) Standardize payment processes. Unfortunately, it is not uncommon to see payment policy inconsistencies. Payment policies should be aligned to all types of payments, the systems used to initiate/approve payments, to specific geographies and banks. There must be one payment policy that is then applied to each of these scenarios. Inconsistency in payment controls creates exposures that can be exploited. While every treasurer employs separation of duties and likely assigns limits to those duties, it is important to ensure that the payment policies are global – across the entire organization, covering every payment scenario. Integration and/or consolidation of payment systems can help that, of course. The key is to ensure that you do not have a “weakest link” that is beyond the visibility of treasury.

3) Secure payment files in transit between systems. Whether payment information within files are sent directly to the bank or exchanged between internal systems first, it is always important to keep this information secure and away from internal or external threats. The more systems involved, the more risk: for example, ERP + TMS + Service Bureau. Reducing the number of systems used to approve and release payments is one solution; applying digital signatures to authenticate payment files is another. The important point is to ensure that what the bank receives was securely transmitted from initiation all the way through the entire payment workflow.

Additional reading: Reducing the risk of fraud with Kyriba

4) Review acknowledgements and reconcile outgoing payments. Every bank provides confirmation that payments have been received. Some payment channels (e.g. SWIFT) offer more acknowledgements than others, but whatever level of confirmation is received it is critical to review and confirm that what was received and processed by the bank matched what your systems sent to the bank. Running intra-day and prior-day bank statement reconciliation reports are also recommended to offer an additional checkpoint so that treasury can confirm what was sent matches what was processed.

5) Implement an internal control center. While difficult to implement in a spreadsheet environment, most treasury and payment systems will have some sort of control center that monitors outgoing payment files as well as any system workflow changes – such as modifications to approvers, changes to limits, or updates to payment instructions. Active monitoring of transactions is important, but just as critical is your visibility into the workflow changes. Ideally this would be presented in a dashboard as well as an email friendly format to more easily identify exceptions.

While 2016 introduced us to risks in payment connectivity that we may not have previously thought about, there are best practices to keep your payments safe. For more information, please feel free to review our webinar with the AFP as well as the AFP’s Treasury in Practice guide on Securing your bank connectivity.

Tags:

Banking and connectivity

Fraud and Security

Payments

Risk Management

Friday, January 13, 2017 - 09:00

Opportunities for financial professionals in 2017

The start of January is most definitely the time for bold (or not so bold) predictions for the upcoming year. In the past weeks we have seen predictions suggesting that advanced business intelligence will be the number one priority for CFOs in 2017, predictable analytics will effectively replace hedge fund managers, and that blockchain is ready to emerge as the next coming of the internet for finance – in 2017. None of these things are going to happen – in 2017, or maybe at all.

Additional reading: Keeping your payments safe

To be more realistic for us in corporate treasury, 2017 will present many challenges for treasurers; and equally as many opportunities for treasury teams to add value to their organizations.

Regulation

In 2017, it will be one of those years where we seem to be buried by regulations. While 2016 saw the introduction of regulatory changes such as Money Market Fund reform (in the US), 2017 sees several new areas where regulatory compliance will consume much of our time:

IFRS 9– Hedge accounting is usually a treasurer’s least favorite topic. Yet, the implementation of IFRS9 at the beginning of 2018 means that treasury and accounting teams must implement solutions in 2017. However, the good news is that IFRS9 (or ASC815 in the US) actually makes hedge accounting easier in some cases. While this is especially the case for commodities, benefits are also seen for FX and Interest Rate options. The net result: there is an opportunity to hedge more effectively with less back office complexity.
Lease accounting– IFRS 16 / ASC842 may not be fully in effect until the start of 2019, but that does not absolve corporates from ignoring it until the end of next year. Leases held in 2017 will need to be reported on, which means that understanding the lease provisions and potential effects on future reporting and accounting are important. Some organizations may choose to change the types of leases they use to minimize effects of future compliance, meaning that some of this decision making will have to occur in 2017. This is a good opportunity to have a seat at the board room table in order to discuss the most strategic approach to avoiding lease accounting issues in 2018 and beyond.
PSD2– The Revised Payment Services Directive isn’t in effect until Jan 1, 2018; yet the preparation to comply with the new regulations will consume much of 2017. While banks and payment service providers are those burdened with compliance, the effects (such as required two-factor authentication) will be felt by corporates. In theory, the result of PSD2 will be more secure payments with more transparency and a lower cost. It sounds great when phrased like that, at least.
GPII– While SWIFT’s Global Payment Innovation Initiative isn’t technically a regulation, it is an opportunity to increase transparency of payment tracking and quicken the settlement of cross-border payments. As more corporates adopt SWIFTNet for some or all of their global payments, these are welcomed benefits that will begin to be realized later in the year.
Greater effects of Basel III– while Basel III doesn’t affect corporates directly, banks must comply, and thus have begun to refine their services in order to optimize their balance sheets. This means that banks will continue being more selective about which deposits they want (i.e. operational cash) and will tighten the extension of credit, increasing the cost to borrow. The opportunity for treasurers is to more efficiently pool and mobilize internal cash to better predict borrowing requirements; and similarly identify more diverse, low-risk investment opportunities that don’t rely on leaving operational cash in the bank.

Additional reading: Managing risk with effective policies and technology

Interest Rates

While interest rates remain low in North America and Europe, we are starting to see a divergence in monetary policy between the US and other countries. Stimulated by post-election financial optimism, US markets continue to perform well, which has led to one – with the expectation of more – interest rate hikes. Relatively higher US interest rates and interest rate hike speculation drives FX volatility, creating more challenges for corporates who are underhedged.

At the same time, in the US especially, there is an opportunity to gain more yield as even incredibly safe investments will return slightly more interest. Those that chose SMAs as a means to escape prime money market funds last year will see greater returns; and it is conceivable that the attraction of higher returns from prime funds will be a carrot too big to ignore for those who are completely invested in government funds or have left money sitting in bank accounts.

Fraud and Cybercrime

I wish 2017 was the year that we could stop talking about fraud and cybercrime. It is not, however. In fact, we should be preparing more across the financial operations of the organization because cybercriminals are continuing to invest in their own efforts to steal money and information. Banks continued their investments in preventing fraud and cybercrime in 2016, which may unfortunately make corporates appear as the low hanging fruit. Thus far, corporates have been exposed to the relatively obvious (in hindsight, of course) imposter fraud schemes. That said, there are more sophisticated hacking examples we saw in the banking community last year that most corporates are ill-prepared for.

Two thousand and seventeen should be a year of convergence between treasury controls and the rest of their organization’s information security policies. It is when treasury’s protections differ from the CIO’s policy that problems will arise. Collaboration is the key opportunity for treasury to lead the organization along with the CIO to defend against fraud and cybercrime attempts.

Additional reading: Reducing the risk of fraud with Kyriba

eBAM

After everyone has stopped rolling their eyes, they will see that there is actually some potential promise on the horizon. Many banks – including large tier institutions in the US – have made progress in providing eBAM within their own bank portals. While a large corporate with many banking relationships justifiably would say “so what,” banks are starting to look to corporate TMS providers to link with their eBAM services directly – as they do with bank reporting or payments.

While the promise of an eBAM central utility is still theoretically possible, the reality is that most large institutions already have mechanisms in place for host-to-host connections and these banks are also investing in new technologies to increase the efficiency of this communication. Believe it or not, we may actually see progress in multi-bank eBAM in 2017!

Treasury technology disruption

In 2016, we saw intriguing consolidation in the treasury management space, causing further angst for TMS users that didn’t wish to be a customer of a multi-TMS holding company.

In 2017, we will see the fallout from that and prior consolidation, which means that treasury systems will fall squarely into two categories:

1) Growing and evolving – treasury systems that benefit from a high percentage of revenues and new capital directed to the technology, enabling many new features and modules for treasury end users

2) Profit taking – investment will flat line or even decrease, as system owners look to protect bottom line margins to help repay acquisition loans or prepare for their own exit from the market

Identifying where your TMS provider fits requires more than just listening to the sales people (who always wish for scenario #1, but themselves may not even be aware of the true strategy).

Will 2017 be a great year?

Yes, 2017 will undoubtedly be an interesting year for corporate treasurers. For those treasury teams that successfully collaborate internally, proactively plan for changes in market conditions, and think ahead about the impacts of regulatory compliance – 2017 will be a great year!

A version of this article originally appeared in AFP, Treasurers, Are You Ready for New Opportunities in 2017?

Tags:

Compliance/Regulations

Fraud and Security

Hedge Accounting

Treasury Innovation

Thursday, March 9, 2017 - 16:15

Global finance professionals in the Asia Pacific region are challenged by time consuming and error prone manual data entry, and implementing financial controls with enhanced security against fraud and cybercrime. With increasing danger of loss from fraud and difficulty of tracking data across multiple tools and spreadsheets, leadership is asking treasury for a solution to better manage and protect their organization. The problem is that many organizations are using spreadsheets as their primary treasury management tool in spite of their lack of security, controls, and auditability.

Additional reading: T&R report: Making Strides with the Help of Technology

Transitioning from spreadsheets to a solution with proper controls is not the challenge today that it may have been five years ago. Technology innovation and implementation best practices have reduced the implementation process down from years to months, and the cost of a treasury management system is far less expensive because of the cloud. The value of implementing technology is different for each organization, and for those who are exploring the possibility of bringing on a treasury system for the first time, we have outlined several key points to protect the organization and limit the risk of fraud.

Treasury Information Security

UserID and Password aren’t enough to protect your systems, especially when payments are being initiated and approved. Multi-factor authentication, IP Filtering, virtual keyboards, and single-sign-on (SSO) help ensure that only authorized users are accessing treasury systems and information. The right cloud solutions will also offer safeguards that spreadsheets or on-premises solutions simply cannot do at scale, such as full data encryption and application level encryption. Decisions on what safeguards to employ should be made in alignment with the CIO/CTO/CISO to ensure that treasury is aligned with the organization’s information security policies.

Treasury will also be asked to align with organizational policies around business continuity planning (BCP), whether treasury systems have been evaluated for penetration testing, what sort of SLAs exist to support treasury’s 24x7 operation. Treasury will also be asked to supply a SOC2 Type II audit report for each treasury system vendor, so IT can assess the security behind each vendor’s controls.

These are the standards of security a best in class technology vendor can provide at an economical cost, and one reason why the cloud is admired among information security experts.

Reduce Payments Risk

Reducing payment risk is a primary goal for treasury teams, including unauthorized payments and enabling uninterrupted payment workflows. Technology enables visibility, control, and validation of change management so that treasurers can securely manage corporate payments.

The key to substantially reducing the risk of unauthorized payments is to develop and maintain standardization of payment policies throughout the organization. Payment policies govern how payments are initiated, approved, and transmitted to the bank – and should also document how technology is used and where encryption of information should occur. These payment policies must align with the workflows implemented in treasury technology to ensure that policies are not simply written on paper but actually executed on a daily basis. With cloud technology, payment workflows can be enforced in all global regions, across all banks, and for all payment scenarios. To be effective in combatting payment fraud, there can be no exceptions as these carve outs from standard process are the very risk exposures that internal fraudsters and cybercriminals prey upon to be steal money.

Payments and Watchlist Prescreening

Another way to improve the efficiency of business operations is to have an integrated watchlist screening solution integrated into your payments system, for notification of potential compliance issues before payments are sent to the bank. The old way of managing this issue was simply to send payments early, as treasurers knew that response times from banks measured in days if notification was received at all. While sending payments early may ensure that there is sufficient time for problem payments to be researched and cleared by the necessary date, this ‘workaround’ has a negative effect on working capital by shortening days payable outstanding (DPO). The more efficient method is to integrate payment screening against industry watchlists into your treasury and payments technology, enabling pre-notification of potential issues.

Additional reading: Reduce payments disruption and meet regulatory mandates

Improve Bank Account Controls and Reduce Fees

Bank account management is increasingly important for any organization who manages multiple accounts across several banks. As banking relationships become more decentralized and locally managed, the demand for a centralized bank account management solution increases dramatically. Without the requisite audit and controls, spreadsheets are limited to provide a proper single system of record and reliable source of electronic banking information for internal reporting and external compliance.

With a strong treasury management solution, managing signatories is not only simplified, but visibility is increased to better manage exceptions and change requests. Corporate signatories, approval levels, and bank account access all require policy controls and auditable oversight. This is important for all organizations, especially those with high turnover or those with a sudden increase in new hires due to expansion. In the absence of an eBAM solution, an organization is open to risk. Additional support from treasury technology includes automated bank fee analysis, which can enable treasury to reduce its fees with a better understanding of their monthly fee variances and enable a review of bank fee structures across banks.

The opportunity for Asian treasury to streamline their manual tasks and reduce risk of payments fraud while securing bank accounts is more achievable today with advancements in technology than it has ever been. Finance leaders should empower their teams with the right tools to improve financial controls and with the added time their teams save in automating treasury operations, they can be more strategic about compliance.

This article appeared in Treasury Management International: Improving Financial Controls with Treasury Technology

Tags:

Monday, March 27, 2017 - 17:30

Fraud and compliance, top priorities for treasury and CFOs

Fraud and Compliance have begun replacing Cash Forecasting and Liquidity Management as the top priorities for Corporate Treasurers. While Risk Management has always been a priority for Treasurers, managing risk typically meant implementing a good hedging policy or ensuring sufficient liquidity to meet cash obligations.

The prevalence of fraud and cybercrime has raised the bar for the CFO, and their entire team. While every finance professional is aware of Sarbanes-Oxley’s (SOX) impact on treasury compliance for the past 14 years, less has been written about the recent changes to SOX requiring greater technology controls, which the CEO and CFO are now signing-off on as part of Section 302 and 404 compliance.

Additional reading: How Treasury Technology Supports Business Continuity Planning

The emphasis on technology controls within regulatory compliance is primarily due to the success of internal fraud schemes and cybercriminal penetration of finance systems. CFOs and Treasurers often had technology at their disposal, but continued to use spreadsheets and manual processes in place of more secure information platforms. Spreadsheets, as we know, can easily hide a multitude of errors due to their lack of audit trails. But they also lack controls such as separation of duties, digital signatures, and other workflow tools to prove the treasury team is following a secure process.

When signing off on regulatory compliance such as Sarbanes-Oxley, CFOs want to ensure that they are signing off on something more robust than a spreadsheet. As a result, the Treasurer now has to step up and take ownership of their own information security requirements.

While it is the Treasurer’s responsibility to prove treasury operations are governed by robust controls and auditability, a big challenge for the Treasurer (a.k.a. the Chief Treasury Information Security Officer) is that treasury has historically been on an information island. Treasury often had its own systems, generally refusing to be part of an ERP implementation. Treasury required more demanding service levels, due to their requirement for 24x7 attention should a payments or cash system fail. And, to be fair, few in the organization truly understood what treasury actually did. The end result was that treasury was disparate as a department and treasury technology operated under a different set of rules.

With the rise in fraud and cybercrime – along with the recent need for CEOs and CFOs to attest to financial technology controls – the need for treasury to align with the rest of the organization’s information security policies is more critical than ever. Most treasury systems operate in the cloud, although few treasury system providers have invested sufficiently in their cloud technology to offer adequate application and data protection to meet the CIO, CTO, and/or CISO’s security requirements.

However, without coordination between the Treasurer and the CIO/CTO/CISO, treasury does not have enough information to know what standards they must comply with. This collaboration is therefore critical to treasury information security – and to the CFOs confidence in agreeing that sufficient technology controls exist in treasury.

Yet, surprisingly, information security representatives are influencing security requirements in little more than 50% of treasury technology selections. When I’ve asked why IT isn’t in the room, the response is typically “we’re flying below their radar” or “every time they get involved it ends up costing us money because they ask for more security features from the software provider.”

My response is always the same: that is exactly why they should be in the room.

The Treasurers’ job is to reduce risk, not take more on. By refusing collaboration with the CIO/CTO/CISO to align treasury information security with the entire organization’s information security, the treasurer is increasing operational risk and putting the CFO’s reputation and compensation on the line. Clearly that is not a risk worth taking.

Tags:

Cash Management

Compliance/Regulations

Fraud and Security

Risk Management

Thursday, July 13, 2017 - 12:30

Global organizations are moving to the cloud for their treasury management, and Kyriba has helped companies like Rockefeller Group, a New York City-based real estate developer, owner and investor, transition to the cloud so they can take advantage of modern technologies.

A new special report from Treasury & Risk magazine, “Treasury Systems in the Cloud,” talks about how Kyriba’s client, Rockefeller Group, is benefitting from cloud-based treasury automation after using traditional systems for many years.

According to Sam Pallotta, Rockefeller’s vice president and treasurer, Kyriba freed the treasury team from the work of upgrading, maintaining and beta testing its application systems - a huge burden for the team.

“The cloud allowed us to have all of that done virtually, behind the scenes, and let us not be involved on the day-to-day implementation of that,” Pallotta was quoted as saying in one of the articles, “A Treasury Perspective"*.

The move to the cloud meant the treasury team members could access their treasury system in real time from anywhere in the world, according to the article. “There are multiple examples where the cloud allows us to process payments and communicate information, and we don’t have to be tied to the New York headquarters,” Pallotta said.

The company has even placed some of its continuity processes in the cloud in case of an emergency.

Before selecting Kyriba, Pallotta said, the company did its homework, assessing the security of its cloud system and visiting Kyriba’s data centers, and came away convinced that the Kyriba solution was as secure as a traditional system. Pallotta said the move to Kyriba also introduced the company to a valuable community of users: “We can more easily leverage the best practices of other treasury organizations, meet with them, hear how they’re using the application.”

The special report also had two articles featuring thought leadership from Bob Stark, Kyriba’s vice president of strategy.

In “Why CFOs and CIOs Want Treasury in the Cloud,” Stark said it’s easy to forget that we rely on the cloud in our everyday lives, for online shopping, email and a host of smartphone apps, “yet many treasury professionals suffer without the cloud,” he stated, “because they either still rely upon spreadsheets, or they have the misfortune of working with legacy technology that is installed somewhere in their organization’s IT server.”

CFOs and CIOs seek the numerous advantages of the cloud, such as reduced costs, stronger cyber defense, better protection for business continuity, and access to new technology that accelerates business value.

Development and deployment of cloud technology is faster and better than with desktop software. Stark notes that at Kyriba, “the young millennials writing code with these new technologies are innovating like crazy, pushing the boundaries to constantly do more. The net result: the software evolves with new features and ideas at a quicker pace than we’ve ever seen.”

Another article, “Cloud Takes the Lead,” details the advantages of the cloud for treasurers, CFOs and CIOs, not the least of which is dramatically reduced costs. The cloud allows providers like Kyriba to shoulder the responsibilities of software upgrades and IT maintenance and security. An initial barrier to relying on the cloud was the fear of cyber risks, a fear overcome in recent years by the realization that cloud providers can devote more resources to cybersecurity than any one company can.

Other advantages include expanded offerings and global connectivity to the same system. Treasury staff members are no longer tied to their laptops and can use their cell phones to respond quickly.

The days of spreadsheets and outmoded software are gone. “Nobody’s buying installed software anymore,” Stark noted in the article. “What people are buying today, and have been for the last five or 10 years, has all been cloud.”

As this sampling of articles from Treasury & Risk indicates, Kyriba is helping organizations around the globe streamline key processes and drive more strategic value.

*registration might be required if you are not a Treasrury & Risk member.

Tags:

Wednesday, July 19, 2017 - 15:00

business continuity planning - stacking blocks

Kyriba recently held a webinar attended by more than 500 treasury professionals that focused on the critical importance of business continuity planning (BCP) for treasury.

One quarter of the audience admitted to not having such a plan in place, while nearly 30 percent said they had a plan in place, but had never tested it, according to webinar polling. Needless to say, audience members were eagerly looking for best practices to make their continuity planning more complete. We also learned from the audience that treasury typically manages their own planning and those plans haven’t changed much despite the movement to the cloud.

The cloud offers a very different way of thinking about BCP. The best feature of the cloud is that it takes the entire software solution (and data) off your premises. Data centers used by a cloud treasury provider such as Kyriba reside in different global locations than the company offices, so your treasury system still operates without interruption even if the company offices are disabled or inaccessible.

Further, cloud treasury providers maintain their own business continuity plans to ensure the treasury software-as-a-service is always running. They build in redundancy of operations, replicating the entire environment so that all the data, the user interfaces, the bank connections, and the security protocols are all available in the “backup location.” If done well, a treasury team should not be able to tell if they are in the primary environment or in the backup.

It is especially important that the security is identical in business continuity mode because if that were not the case, then fraudsters would simply focus their hacking efforts on putting platforms into a backup state where systems could be more easily exploited.

The other characteristic of cloud-based treasury systems is that those systems are globally accessible via the cloud. Because of this, the same workflows can be run anywhere in the world by authorized users. If set up correctly, the treasury system will feature standardized templates, processes, and visual workflow maps so that temporary and new employees can be on boarded quickly.

This ensures that treasury is run the same way no matter who is performing the tasks. This is especially important for business continuity because part of an effective BCP program is ensuring smooth operations even when treasury personnel in the main office are not available. Whether their location loses power or internet access – or the treasury team’s number came up in Powerball lottery – the reality is that the need for treasury exists whether that team is available or not. The right treasury technology deployment will have standardized workflows that can be managed by anyone that is authorized from anywhere the company operates. And it will be do so because of the cloud accessibility combined with the treasury system being a single repository for all data, documentation and visual workflows.

Not All Clouds are Built the Same

Treasury systems need to be mobile. This is more than just being available in the cloud, however. Treasury systems need to work whether the user is at home (possibly on a really old desktop with an old internet browser), via a tablet or smartphone, and with low speed web connections (e.g. having to use your iPhone as a hotspot for your laptop to get online). If a treasury system cannot support multiple scenarios, it isn’t going to be a reliable component in your treasury’s business continuity plans. And, unfortunately, there are still treasury systems that are not device independent. Make sure that your business requirements also include testing just how mobile your treasury system actually is.

Security is Really, Really Important

While we briefly discussed the importance of a vendor maintaining security protocols in both production and BCP mode, the treasury team must have the same consistency in their application security. Presuming treasury’s choice of technology aligned with the organization’s information security policies, there will be certain authentication protocols used to log into the treasury system. They may include multi-factor authentication using hard or soft tokens, IP Filtering, virtual keyboards, and/or single sign on (SSO).

Invoking business continuity plans cannot mean that these security policies are abandoned, even for a short period of time. Such exceptions to policy seriously expose treasury to risk of internal fraud or cybercrime. Login procedures to treasury systems must be part of business continuity planning because “it was a disaster” is not an excuse to resort to only using user ID and password to access your treasury system.

Maintaining effective treasury information security means that the right login controls are always in place – in normal mode and during a business continuity plan. Data must remain encrypted at all times. And treasury workflows – including setting limits, separation of duties and real-time transaction screening – must be exactly the same, no matter the scenario. Any deviation from these requirements means that your organization’s financial data and assets are at risk. Because, as we know, effective fraud attempts are well researched with many puzzle pieces put together over months or years. And if your treasury system has a weakness that can be triggered simply by making the company’s power go out or internet go offline, we would be kidding ourselves if we think that exposure wouldn’t be uncovered by the wrong people.

Business continuity is about maintaining business operations – but it is also about maintaining a consistent level of security and protection from fraud and cybercrime. The right treasury technology can make your treasury team and organization safer.

Watch the webinar and view the slides here.

Tags:

Cloud and SaaS

Compliance/Regulations

Fraud and Security

Treasury Management

Wednesday, August 16, 2017 - 13:45

Data protection is a significant priority for any organization and preventing loss of financial assets is a challenging and expensive endeavor for today’s global CFOs and CIOs. Today’s cloud operations are more specialized and require a staff of experts to maintain the highest standards in security, which is one reason why mid-market to large enterprise corporates are choosing to outsource their cloud technology. World-class cloud treasury and finance solutions are dedicated to providing a safe, secure and reliable working environment with almost zero downtime. Achieving such a standard is a complex and expensive task that few companies can or should take on with their own resources. At Kyriba, providing safe and predictable solutions is a fundamental priority, which is why Kyriba commits to maintaining four pillars of data security: physical, application, vendor and process.

Additional reading: Reducing the Risk of Fraud with Kyriba

Kyriba recently launched brand new, state of the art command centers in San Diego and Paris to monitor the security and health of its global cloud infrastructure, adding another layer of physical security to its data centers. The command centers house modern technology solutions that provide instant notifications about any perceived security threats or activities across any part of the network, and confirm that Kyriba’s software-as-a-service platform is operating with the highest possible production quality.

Kyriba Command Center

Maintaining a safe environment

The increase in cybercrime, internal fraud and socially engineered payments scams drives organizations to stay more vigilant than ever. Kyriba’s new command centers gather intelligence, analyze data and evaluate threats. A command center is an important component of any risk reduction program, enabling a rapid and effective response to a variety of risks or security situations. These security centers are staffed by a team of Kyriba cloud operations experts who monitor and communicate actionable reports between global offices. When a system alert is received, cloud operations teams leverage intelligent analytics to immediately formulate and launch an appropriate response.

Protecting the health of the infrastructure

Monitoring of the operations environment, including power, UPS, security, and network stability, is another key function performed by Kyriba’s command centers and cloud operations teams. In order to ensure 99.9 percent uptime for Kyriba’s more than 1,600 clients and 50,000 users worldwide, a regular and systematic series of checks is required. At the command centers in San Diego and Paris, cloud operations staff monitor the health of the infrastructure 24/7. System upgrades are performed behind the scenes and with no impact to the functionality of the infrastructure and are deployed and monitored by the staff. There are also major Kyriba product system upgrades several times per year, and ongoing minor updates that are monitored from the control center to ensure the system is operating as expected.

The new command centers help Kyriba ensure the highest standards of security are met so that clients can be assured their data is safe, and that their Kyriba solutions are performing at optimal levels. For more information about Kyriba’s security protocols, data or application information, visit http://www.kyriba.com/solutions/security. For more information about the advantages of cloud treasury and finance from Kyriba, visit http://www.kyriba.com/why-kyriba/treasury-cloud.

Tags: