Payment fraud and sanctions compliance:
Better safe than sorry
Technological advances and geopolitical turmoil call for corporates to re-think their sanction screening and payment fraud detection practices.
The sanctions landscape has become increasingly complex and weakly aligned among different regulatory bodies. Consequently, recognizing the ultimate beneficiaries of payments is becoming more difficult and the risk of non-compliance with sanctions is increasing. A poll by Thomson Reuters indicates that at least half of the companies surveyed have had their payments stopped by banks due to sanctions compliance.
Blocked transactions cause frozen funds and create further operational inefficiencies that are detrimental to the business. Ultimately, it is the responsibility of the corporate to comply with sanctions and, as such, the corporate cannot solely rely on its banks to execute the sanction screening process. Besides, releasing the payment to the sanctioned entity could damage the relationship with the bank and can have other significant consequences. For example, the bank could freeze all financing when the terms of the sanction compliance are laid down in the financial covenants. Not to mention the broader consequences for non-compliance such as criminal proceedings and substantial financial penalties.
According to the 2018 AFP Payments Fraud Survey, 78 per cent of polled organizations experienced payment fraud in 2018, which is a record high. AFP also reports that 53 per cent of the organizations discovered the fraud more than two weeks after the incident occurred. The increasing number of payment fraud attempts shows that corporates are more at risk when it comes to processing payments.
Given these trends, firms should have sufficient compliance and risk-minimizing arrangements in place. Such arrangements include appropriate policies and procedures, monitoring processes, use of technology or third-party providers and record-keeping. Technology is a particularly powerful tool for ensuring sanctions compliance and minimizing the risk of fraudulent payments.
Zanders surveyed corporate treasurers across the world, asking about their sanction screening and payment fraud processes. The results, presented in Exhibit 1, are somewhat surprising. Over half of the surveyed companies do have a formal process in place for both sanction screening and payment fraud detection (75 per cent and 64 per cent respectively). Similarly, 64 per cent of the respondents have a written policy for both processes. Most companies also perform sanction screening and fraud detection checks during the supplier/customer onboarding process (64 per cent and 61 per cent respectively). On the other hand, only 32 per cent of the respondents screen for sanctioned entities and only 36 per cent screen for fraud during the payment process. More remarkably, just 29 per cent of the corporates use technology for the sanction screening and a staggering 7 per cent for fraud detection, which really surprises us. The solutions that are used by the respondents that have technology in place include Bottomline, MKDenial, World-Check, SAP add-on and KYCsphere.
System landscape overview
Without the suitable technology, corporates are more exposed to fraud and to the risk of making a payment to a sanctioned entity. Besides, there are a great number and variety of systems available on the market to support these processes. We carried out a comprehensive overview of this marketplace over the past few months. This included desk research, system demo sessions and reference calls of all relevant system providers considered for sanction screening and payment fraud detection separately. The outcome is a system landscape overview that is ranking the suitable solution providers, indicating the functional coverage, implementation cost and client satisfaction.
Requirements for both sanction screening and fraud detection process are rather similar. Ideally, the organization can detect fraud or sanctioned entities early in the process and the fraud detection is automated and embedded in the overall invoice and payment process (for example SAP and Serrala when SAP is used as ERP). It is also desirable that the system minimizes the number of false positives, while it minimizes the chance of not detecting a true fraudulent payment or payment made to the sanctioned entity at the same time. Two main ways to achieve this, is having a system in place with machine learning capabilities and a system that understands the context of the transaction. Systems that include such enhanced features are Bottomline's risk and fraud management solutions, Pelican Secure, World-Check (sanction screening only) and Finscan (payment fraud detection only). Suitable solutions should also provide case management processes, including alerts and information on why the alert is generated.
Time to evaluate
Another important requirement is system-generated reports on the performed screening checks that the firm can supply to its banks and other regulatory bodies when necessary. For the sanction screening process, the suitable system should allow screening of multiple lists, including the firm’s own lists and so-called white lists.
To sum up, now is the time for corporates to evaluate their sanction screening and payment fraud detection practices. There are many systems that can automate and enhance these processes to minimize the associated risks. We believe, it’s better to be safe than sorry!