TREASURY FRAUD & WHAT CONTROLS - Strategic Treasurer
27
2021 © Strategic Treasurer, LLC. All Rights Reserved. TREASURY FRAUD & CONTROLS 2021 SURVEY RESULTS CRAIG JEFFERY Founder & Managing Partner Strategic Treasurer OMRI KLETTER Global VP, Fraud & Risk Management Bottomline This presentation is provided by Strategic Treasurer and Bottomline WHAT Results, analysis, discussion and take-aways from the 2021 Treasury Fraud & Controls Survey. WHEN Tuesday, February 10, 2021 11:00 AM – 12:00 PM EST WHERE Live Online Presentation Replays at StrategicTreasurer.com
Transcript of TREASURY FRAUD & WHAT CONTROLS - Strategic Treasurer
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
TREASURY FRAUD & CONTROLS2021 SURVEY RESULTS
CRAIG JEFFERYFounder & Managing Partner
Strategic Treasurer
OMRI KLETTERGlobal VP, Fraud & Risk Management
Bottomline
This presentation is provided by Strategic Treasurer and Bottomline
WHATResults, analysis, discussion and
take-aways from the 2021 Treasury
Fraud & Controls Survey.
WHENTuesday, February 10, 2021
11:00 AM – 12:00 PM EST
WHERE
Live Online Presentation
Replays at StrategicTreasurer.com
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
SPEAKERSGET TO KNOW TODAY’S
SUBJECT MATTER EXPERTS
CRAIG JEFFERY
Craig Jeffery formed Strategic Treasurer LLC in 2004
to provide corporate, educational, and government
entities direct access to comprehensive and current
assistance with their treasury and financial process
needs.
His 20+ years of financial and treasury experience as
a practitioner and as a consultant have uniquely
qualified him to help organizations craft realistic goals
and achieve significant benefits quickly.
OMRI KLETTER
Prior to joining Bottomline, Omri was responsible for managing the fraud and authentication solutions in the EMEA region for NICE Actimize. Omri began his career in Israel’s elite technological intelligence army unit, where he served as the Head of the Global Counter-Terrorism section.
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
ABOUT THE SURVEY
KEY POINTS OF INTEREST
SECURITY PRACTICES
TOP AREAS OF SPEND AND FOCUS
FRAUD IN CONTEXT
CURRENT STATE
KEY TAKE-AWAYS
FROM THE RESEARCH
PAYMENT MODERNIZATION
SPEED & SECURITY
TOPICS OF DISCUSSIONKEY AREAS OF FOCUS &
ANALYSIS
CONTROLS
USE OF TECHNOLOGY
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
SURVEY QUICK STATS2021 TREASURY FRAUD & CONTROLS
August September October November December January
330+Respondents
84%Corporates
16%Banks
6th
Year of Research 100+ Questions
?9 Week
Survey Run-Time
Regions of Operations
North America
Latin & South America
Western Europe
Asia-Pacific
Africa
Middle East
89%
34%
45%
22%
28%
37%India25%
Eastern Europe
31%
Run-Time
Corporate respondents that think the threat-level of fraud has increased or significantly increased in the past year.
2021 87%
2020 76%
2019 73%
2018 84%
Fraud Increasing at an All Time High
Development Analysis
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
FRAUD ESCALATIONAUTOMATION ASSISTS IN BROAD ATTACKS
Corporate: In the past year, I think that the threat-level of fraud has:
35%
54%
6%
2%
1%
2%
15%
70%
13%
2%
1%
0%
Significantly increased
Increased
Stayed the same
Decreased
Significantly decreased
Unsure
Small (< $1B) Large (> $1B)
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
COVID-19 CONNECTIONFRAUD RELATED TO THE PANDEMIC
Corporate Sub Question: Was the fraud you experienced related to COVID-19?
17%
4%
64%
14%
Yes, some of it
Yes, all of it
No
Unsure
1/5 OF COMPANIES EXPERIENCING FRAUD SAW THE COVID-19 CONNECTION. Criminals are opportunistic and used the pandemic to improve their yield.
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
POLL QUESTION
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
THEN & NOWLOSSES FROM FRAUD
Social Engineering by phone, email or text
Not Asked in 2019 8%
Business Email Compromise (BEC), imposter fraud, CEO fraud
8% 14%
Ghost Payroll / Vendor fraud6% 6%
Payment Diversion (Changing payment details on an invoice)
6% 15%
Ransomware (data encryption)2% 8%
2019 2021
Fraud attempts are increasing along with the losses. Those that report suffering a loss in the last 12 months have significantly increased over a two-year period.
Wire Fraud (System access or credential theft)
5%3%
Note: Only top 6 responses from 2021 displayed
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
Discussion & Implications
ESCALATION OF FRAUD
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
SECURITY SPENDA THREE-YEAR TREND ON SPENDING MORE/SIGNIFICANTLY MORE
Corporate: What are your spending plans for treasury fraud prevention, detection, and controls?
3%
76%
19%
2% 3%
75%
19%
2%
7%
66%
23%
5%
Spend less than prior yearsSpend about the sameSpend moreSpend significantly more
2021 2020 2019
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
FOCUSING ON BECLARGEST RISK AND AREA OF SPEND
Note: Only top 6 responses displayed
Corporate: Which areas do you intend to spend more or significantly more on fraud prevention, detection or controls? (Select all that apply)
38%
34%
30%
29%
29%
29%
Business Email Compromise (BEC) /CEO email fraud / imposter fraud /
social engineering fraud
Bank reconciliation
File controls, digital signing
Bank transaction fraud (unauthorizeddebits, wire fraud)
Transaction controls
Card processing and controls
Banks: What do you perceive as your greatest fraud risk over the coming 12-24 months? (Select up to three)
86%
40%
37%
23%
14%
9%
7%
Business Email Compromise/Authorized Fraud
Account Takeover (Credential stuffing,etc.)
Check Fraud
Application Fraud
Brute Force Attacks
Deposit Fraud
Insider Fraud
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
USE OF CONTROLSTHE TOOLS ARE AVAILABLE – NOT ALL ARE TAKING ADVANTAGE OF THEM
Corporate: What controls does your organization have to prevent payment fraud? (Select all that apply)
78%
65%
64%
59%
54%
53%
49%
34%
30%
3%
Segregation of duties in accountspayable
Physical check (cheque) controls
Check (cheque) positive pay
ACH positive pay
ACH debit block
Dual control process to update criticalcustomer information to prevent
account takeover
Check (cheque): payee match positivepayment
File control (pre and post submissiontransaction comparison reports)
Wire positive pay
Other
Bank: What are the top three security practices or tools you wish all your clients used but that many are not currently leveraging?
63%
63%
57%
50%
33%
17%
17%
Implement dual controls / multifactorauthentication wherever possible
Leverage payment controls such asPositive Pay, ACH debit block, etc.
Timely reconciliations (preferablysame-day, definitely within 1 week)
Regular internal training & testing (i.e.on how to identify suspicious emails)
Maintain updated antivirus software &firewall
Employ user monitoring software
Only using secure networks &encrypting data at rest and in transit
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
THE POWER OF MACHINESLEVERAGING TECH
61%
60%
43%
39%
32%
32%
30%
22%
16%
11%
6%
Multi-factor authentication (MFA) on all wirepayment platforms
Multi-factor authentication (MFA) logins to ourcorporate infrastructure
Multi-factor authentication (MFA) on all emaillogins for new devices
3rd Party anti-fraud software
Automated transaction monitoring
Payment Fraud Detection Solution – Interdiction (Payments are held until released by analyst)
Internal system monitoring / user monitoringsoftware
Payment Fraud Detection Solution – Alert Only
Automatic interdiction
User behavior analytics
None of the above
Corporate: What controls do you have in place to prevent fraud? (Select all that apply)
OF THOSE WITH INTERNAL SYSTEM MONITORING
68% detect unauthorized users trying to access restricted systems
51% detect unusualchanges to payment beneficiary information
47% detect unusualpayment amounts
39% detect unusualpayment volumes
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
POLL QUESTION
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
ADOPTING TECHFOR PREVENTION AND DETECTION
Corporate respondents reported that they are exploring the following technologies:
Fraud detection
AI/ML
45%Fraud
detection biometrics
30%Fraud
prevention AI/ML
43%Fraud
prevention biometrics
32%
+14% that haveimplemented or
have plans to implement
+14% that haveimplemented or
have plans to implement
+16% that haveimplemented or
have plans to implement
+12% that haveimplemented or
have plans to implement
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
DISCUSSION & IMPLICATIONS
SPENDING, CONTROLS & TECH
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
ACCOUNTABILITY & REPORTINGREALIZING THE NEED TO TRACK AND STAY CURRENT
DIRECT ACCOUNTABILITY TO MONITOR FRAUD DEVELOPMENTS JUMPS OVER FIVE-YEAR PERIODCorporates that formally assign roles and have a regular reporting cadence to the group:
FRAUD PREVENTION AND
DETECTION DEPENDS ON EVERYONE
86% of corporates have
employee training at
least annually on fraud
66% of corporates have a
centralized hub for
reporting suspicious
activity
57% have a hotline to
anonymously report fraud
concerns
2021 36%
2020 29%
2019 24%
2018 25%
2017 22%
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
Corporate: In the past year, has the cost and burden of providing treasury fraud and controls services become more or less burdensome on your organization?
11%
38%
48%
3%
0%
6%
27%
63%
4%
0%
Significantly more
More
About the same
Less
Significantly less
Small (< $1B) Large (> $1B)
THE PRICE OF COMPLIANCEFEELING THE PAIN, ESPECIALLY FOR SMALL FIRMS
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
DISCUSSION & IMPLICATIONS
ACCOUNTABILITY & COMPLIANCE
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
10%
11%
29%
36%
14%
9%
23%
18%
26%
25%
Yes, it is already completed
Yes, it is under way
It is being considered / under review
No
I don't know
Small (< $1B) Large (> $1B)
Corporate: Do you have a Payments Modernization program?
LARGE IS LEADING THE WAYIN PAYMENTS MODERNIZATION
Modernization often translates to speed (faster) and new formats/methods (better) for making payments. Interdiction of payment anomalies is a critical defensive measure that follows the “Speed Matters” security principle.
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
BANKS ON MODERNIZATIONOFFERING REAL-TIME PAYMENTS & API LIBRARY
Bank: Do you have a Payments Modernization program? Bank: What does your Payments Modernization program include? (Select all that apply)
7%
43%
7%
10%
33%
Yes, it is already completed
Yes, it is under way
It is being considered / under review
No
I don't know
67%
67%
40%
40%
27%
RTP
API library
FedNow
Fintech Integrations
Fraud measures upgrade
Note: Only top 5 responses displayed
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
Bank: What are the key areas of technology investment within your organization? (Select all that apply)DIGITAL
TRANSFORMATION & CUSTOMEREXPERIENCEWITHIN COMMERCIAL BANKING
The movement away from checks towards digital banking and electronic payments is nearly universal, and most banks indicate the need to leverage a solution provider to make this transformation secure. COVID-19 drove a wholesale and long-term WFH environment, which saw many business continuity planning (BCP) adjustments, changes in the workforce, pressure to move to digital due to distance, and even printers moved to the home office.
90%
77%
63%
60%
37%
Digital Transformation around customerexperience within Commercial Banking Channels
Fraud, risk & compliance
Back-office automation and cost reduction
Digital Transformation around customerexperience within Retail Banking Channels
Cloud migration
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
PAYMENT HAS LEFT THE BUILDINGAND IT'S TAKING A WHILE TO REALIZE IT
Specifically considering your largest ACH or Wire Fraud incident, how long did it take you to detect it and by what method did you detect it?
13%
16%
26%
33%
23%
16%
15%
10%
16%
15%
13%
13%
13%
13%
13%
4%
13%
10%
6%
13%
6%
Vendor / beneficiary notified you
Account reconciliation
Other
Same day 2-7 days 7-14 days 14-30 days 1-3 months 3-6 months 6 months or longer
Nearly a third (32%) of corporates reported having an ACH or Wire Fraud that left the building this year, up from 25% in the previous survey.
23% 1 month+
39% 1 month+
29% 1 month+
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
DISCUSSION & IMPLICATIONS
DIGITAL TRANSFORMATION & CONTROL
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
POLL QUESTION
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
TAKE-AWAYSIDEAS AND POINTS TO BRING BACK TO THE OFFICE
EVALUATE WFH
RISKS
• Time to do a
one-year
review
• Identify
exposures
from
workarounds
that were
“temporarily”
adopted
TIME TO
BENCHMARK
• Measure
yourself
against
others
(benchmarks)
and against
leading
industry
standards
INVEST IN
TECHNOLOGY
• Your
adversaries
are using tech
to attack
• Identify and
acquire
payment tools
that support
security
objectives
EVERYONE IS
NOW A TARGET
• Train & test
employees on
payment
security
• Assign
specific
people to
particular
areas of
security
20
21
© S
tra
teg
ic T
rea
su
rer,
LL
C.
All
Rig
hts
Re
se
rve
d.
LET’S CONNECTDON’T LET THE LEARNING END HERE…
CONTACT US WITH ANY FUTURE QUESTIONS
STRATEGIC TREASURER
Craig A. Jeffery,
Managing Partner
Connect with Craig on LinkedIn:
https://bit.ly/3jyDwEI
Thank you for your interest in this presentation and for allowing us to support you
in your professional development. Strategic Treasurer and our partners believe in
the value of continued education and are committed to providing quality
resources that keep you well-informed.
BOTTOMLINE
Omri Kletter
Global VP, Fraud & Risk Management
Connect with Omri on LinkedIn:
https://bit.ly/3rC6AOn
SURVEY REPORT & INFOGRAPHIC
Thanks to those who completed this year’s survey! Treasury
Ambassadors and respondents to the 2021 Treasury Fraud & Controls
Survey will be emailed the comprehensive results report and
infographic.
Non-respondents can download the summary report and infographic
by clicking the link below.
Request Report
