Manual payments are a significant and growing fraud risk for enterprises. These are payments that:
- are one-off payments made to vendors or private individuals
- are not added to your ERP system, despite manual inputting being time-consuming, at risk of human error and a fraud risk
- are difficult to track and easy to manipulate in an enterprise environment, making them a target for auditors
Auditors, quite naturally, want to see that you have monitored all points in the payment process where data can be altered. Changing the payment details or falsifying invoices are just a couple of mishandling examples, leading to massive fraud cases like this.
There is, however, a transparent and secure way to handle these payments as quickly and efficiently as the typical accounts payable invoice automation process.
Let’s look at three preventative solutions to reduce the risk of fraud.
1. Enforce approval workflows: The four eye principle.
Much payment fraud originates in transferring small sums rather than large payments. Such transactions are much harder to identify and match over a long period. Many large companies choose to implement the four eye principle. Each step of the payment process is separated and must be approved by at least two people, hence “four eyes”.
However, having no means to enforce payment approval workflows across the group’s companies with little to no visibility into initiated payments is a challenge many enterprises struggle with.
A platform that enforces systemic payment approvals is essential. And so is the ability to easily customise these workflows and apply them to the whole enterprise in line with your internal and external compliance guidelines.
You may want to enforce one or two-step payment approvals based on value or frequently recurring IBAN details. A mandatory requirement to add supporting evidence as an attachment to the payment is another possibility. These are just some examples of how a modern software solution like Aico can help you minimise corporate treasury fraud risk effectively.
Aico is a hyper-configurable suite of solutions for complex enterprises on one complete, powerful platform that allows you to create your ideal manual payment entry process to match your unique organisational structure and internal processes. The core of the Aico workflow is a role-based authorisation model. This means that you can predefine:
- who can create different types of manual payments
- what kind of approvals are needed
- who can transfer manual payments to your ERP systems
Users can be assigned multiple user roles in Aico. For example, they can be a creator, preparer and approver. However, strict segregation of duties prevents them from performing any role twice for the same payment.
2. Secure PAIN file creation and bank transfers.
A holistic approach is essential for effectively implementing internal controls against payment fraud. Payment approvals alone will make it harder to start a fraudulent payment, but they won’t secure you from deception further along the process.
However, once one or more people have approved the payment, a secure file is created and sent to the bank in a PAIN (payment initiation) file format. The data in the approved payment request must be identical to the one in the PAIN file.
In the case of the Aico Manual Payments solution, the system will create the PAIN file automatically in the background using the master data of the approved payment request. Once approved, the PAIN file goes automatically to the bank for the payment without any further human interaction.
3. Corporate Treasury: Automate journal postings.
Eliminating any possibility to create or alter the PAIN file manually is the single most effective protection in this part of the process. So ideally, PAIN file creation and transfer to the bank should be fully automated.
Just as we want to ensure the bank receives the approved payment document, it is equally important to match the returned bank statement with the original payment order.
Once again, an automated process is the safest solution. By automatically creating and posting a journal entry into the ERP system, the possibility of tampering is dramatically reduced. In Aico, for example, every action on a journal entry is logged, with the date, time and individual recorded. Automation also saves time and ensures that subsequent journals are posted to the correct accounts with the right value that matches the master data of the initially approved payment request.
In addition to the smart workflows and powerful automation, the Aico Manual Payments solution automatically archives the entire activity log and documents related to the specific payment. This extra mile of effort will significantly simplify the audit process and help identify any irregularities.
Is it possible to take one more step to safeguard this process?
When a risk is identified, many financial teams will try and add a new piece of software to their existing process. However, these disparate solutions can also leave gaps in the end-to-end process.
By implementing a complete platform solution, you can get total visibility over the entire manual payment process. For example, Aico Manual Payments automates the creation and approval of manual payment entries. Once the payment is approved, Aico creates the standard PAIN XML file and sends it to the bank. Aico confirms that the payment has been made and then automatically creates a journal which is then posted to the ERP via the Aico Journals module.
By using Aico’s fully integrated platform, you can add more safeguards and transparency. Not just to all your manual payments, but to your entire financial close.
Watch this webinar, and learn how you can safeguard your manual payments: