the state of being inert; disinclination or disinterest to move or act in a way that would be vital for personal or professional gain.
Independence is more important than ever, yet still many corporates are bound to the payment software provided by their bank, resulting in exceptions to ease of use, company policy and sometimes even security. Every group company has their own environment and processes, most likely outside the control of headquarters. The technology is there to allow us to have freedom of banking and payments, all on our own terms and with one single platform--yet many are still tied to archaic and restrictive setups they are traditionally used to. If this sounds like your global setup when it comes to payments, reconsideration is required on electronic banking communication to ensure security and compliance for the future. It is time to act, time to act now – before it is too late.
The Multiple Banking Platform Jungle
Payments are transferred to banks using multiple distinct platforms, with many group companies around the world still using proprietary platforms provided by their local banks– or even worse, fat client applications. Their use is outside the reach and control of the central treasury, resulting in potential for non-compliance at the subsidiary level.
The use of different banking platforms is cumbersome, requiring different security devices like tokens, smart cards, eTAN, mobile TAN, USB keys of some sort and other gadgets. It is almost impossible to know how to apply them correctly, and very often they are not even labeled - for “security” reasons. Is it really the most efficient use of a C-level executive’s time to manage a dozen different ways of adding individual authorization codes? Wouldn’t it be more productive to reduce this to one?
Our current paradigm is even worse when your banking relationships change. Suddenly you need a new banking application, new tokens, new logins, new passwords, the list goes on. Is this really necessary? Not on a local level... and also not on a global one. Such a change should be invisible to users of the software, which should be agnostic to what banks are connected.
In addition, every platform requires its own username and password with differing complexity requirements, durations and use. By the way, how does your staff remember passwords? Do they write them on a list, just waiting that they will be stolen? Wouldn’t it be easier and more secure to use just one single and secure password with powerful verification, than to keep an unsecure list around?
Banks in Control
Authorization of payments are still controlled by the banks when using banking platforms, and are executed according to their external regulations and internal requirements--not yours. This means that if you have more sophisticated or individual requirements, you are simply out of luck.
The maintenance of signature cards exchanged with banks is a time consuming process. Fewer people on these cards means fewer changes are necessary as the organization changes. If you were using a platform under the control of the corporate – instead of the banks – there would be no reason to update these cards at all when there is a change in the payment authorization process.
The reduction in the number of people allowed to physically sign for payment authorization would directly lead to increased security, and reduce the risk of fraud. If only one platform is used to transmit payments globally with signatures maintained on it, the overview of payment authorization is automatically kept up to date and is never incomplete (or even wrong), resulting in a significant increase in accountability. In addition, reporting on such information would be more reliable and dramatically reduced. A fundamental step to ensure that eBAM really reports correct results.
Most likely, people authorizing payments can release them to the bank afterwards. Are you signing for payments where you don’t have the ability to verify the background information on line item level? Is this compliant with your internal procedures? The release and authorization of payment orders must be separated and is too often not. What if this would be separated? AP payments can be authorized by AP, and HR by HR directly. But none of these departments will have the right to release the payment. The right to release payments is only granted to central treasury as they are in charge of funding.
Time to Disrupt the Inertia
Independence and the freedom to set up processes reflecting individual requirements in a most efficient and secure way is more important than ever: so if this all makes sense to you, then it is time to reconsider, and time to act now – before it is too late.