According to the AFP (Association for Financial Professionals) in their 2015 AFP Payments Fraud and Control Survey, over 62 percent of companies were subject to accounts payable and supplier payments fraud in 2014. 77 percent were the result of paper check fraud. As companies grow, the need for better internal fraud controls increases.
Internal controls begin at the top as management buy-in is critical to successfully instilling a culture of compliance. It’s also on the CFOs and Controllers to minimize cash leakage, balance the needs of the company with the available investment in tools, and establishing behavioral expectations for the organization.
Questions for the Accounts Payable Organization
How do you know if your organization has a fraud control risk? There are some signs that you need to immediately address:
- Has a recent audit revealed an internal control issue?
- Has there been a recent fraud?
- Are there ongoing reconciliation or disbursement problems?
Payment Fraud Control Best Practices
Accounts payable and finance teams can reduce their fraud exposure by implementing some key best practices.
- Automate controls – Implement controls (automated whenever possible) focused on segregation of duties, delegation of authority, and data access. Software solutions are ideal if they can operationalize processes since they are more comprehensive and closed loop operations.
- Review system access controls – Employ technology that provides flexibility and discrete configuration of controls around system access and critical accounts payable paths. This minimizes the ability to affect changes or expose secure data for those who do not need it.
- Record signatory approvals – Establish digital approvals for invoices and payments to monitor the complete payment lifecycle.
- Supplier validation process – Validate supplier contact information, payment data, and tax information prior to supplier onboarding. This process should take into account the different requirements per each payment method and payee country.
- Ongoing regulatory compliance – Perform ongoing regulatory compliance screening on a quarterly basis and if possible prior to supplier payment, especially as it relates to verifying suppliers against the OFAC, BIS, and SDN lists.
- Deepen invoice-payment-reconciliation integration – Ideally maintain a single system of record for supplier payments including invoices to the reconciliation of payments for full, closed-loop accounting.
- Establish internal blacklist – Assuming that businesses change and to account for staff turnover, maintain a blacklist of identified individuals or companies that you will not pay to because of past fraud attempts. This includes their names, emails, banking data, and potentially their addresses, since they may register under a different name but have corroborating data.