Optimizing payment security using a group-wide user rights model
Westfleisch is among the top five meat marketers in Germany and Europe. The company slaughters, cuts and processes meat at nine production sites in north-west Germany. More than 40 percent of the goods are exported to 40 countries worldwide. It is an internationally active farmers’ cooperative with over 4,300 member-owners. The Westfleisch group employs around 5,000 people and recorded sales revenue of more than EUR 2.7 billion in 2017.
The Challenge: working together to ensure payment security
When Westfleisch decided to introduce a TMS, the priority was to revamp its payment processes – up until then divergent, decentralized arrangements among the entities, based on different payment solutions from various banks. The aim was to create a structured, transparent and secure process which would give the cooperative oversight and visibility of all payments and at the same time allow the subsidiaries to take responsibility for executing payments and view the status of the individual payments.
The Solution: a sophisticated user permissions model and collaboration
BELLIN configured the rights options in the tm5 treasury management system using a carefully thought-out model which cleverly combines three fundamental principles: the functional and organizational permissions model with dual approval (the four-eyes principle) for master data. With the web-based tm5 system, both central treasury and all subsidiaries participate in the payment process – everyone can contribute via the collaborative platform using our Load Balanced Treasury® approach and carry out specific tasks securely and efficiently.
The functional permissions model determines what individual users can see and do in the tm5 system based on their role. The organizational permissions model governs which entities individual users can be active for in the system. Westfleisch sorted its divisions into 11 client groups based on the legal structure of the 30 entities. The two authorization models together – the functional and organizational permissions model – enable the subsidiaries to set up payments, provide an appropriate signature (German Class A signature) and monitor payment status. Central treasury adds the second signature required (second Class A signature) for the payment and sends the payment.
The signing and transmission authorities for payments are managed by account from within the master data management hub. Users and signing authorities are specified for each account in the master data management hub. Master data is always created using the dual approval process: management at Westfleisch instructs IT admin to set up accounts, users and rights in tm5 which are then approved by central treasury.
Westfleisch conveniently operates with a quasi-corporate seal for sending information to the 13 banks it communicates with via EBICS, approving payments with two signatures. However, within the Westfleisch group, each payment must also pass the series of complex checks which form part of the user permissions model before leaving the company. This offers Westfleisch the best possible protection against fraud, errors and cyber-attacks for its payments.
This structure has enabled Westfleisch to establish an optimal security strategy and to assign the appropriate resources at exactly the right points in the payment process. The users involved in the payment process are those with the responsibility for the relevant step: the subsidiaries set up and check the payment, central treasury has visibility and oversight of all financial transactions and senior management remains able to step in and act at any stage. tm5 allows Westfleisch to ensure segregation of duties at every step of the payment process without restricting its ability to act and the finances of the entire group to be managed securely and efficiently.
Let’s get in touch!
Interested in learning more about our solutions? That’s great.
Because we’d like to learn more about you. So give us a shout.