CFOs have a responsibility to their employees, not to expose them to the risk of a situation in which they commit a fatal error acting in good faith.
It is usually the weakest that suffer – such as the clerk who releases payment in error. Anyone who has ever been face to face with a company employee who has become a victim of fake president fraud knows the personal consequences this type of fraud can have. Fear and upset on their faces are only the two visible signs of this reality, because the invisible consequence is not immediately obvious. Fired. Without notice. Their personal existence in peril.
Why? Yes, why exactly? Because he has released payment as always? Because it was urgent as always? Because he acted as a stand-in for an absent colleague? Because decentralized payments using customized electronic banking systems involve systemic risks? Because it is already the upstream processes that do not contain all the security elements that are technically and procedurally feasible? Because supervisors all the way to the supervisory board have been ignoring this problem for a long time and can be fobbed off with answers such as "this cannot happen here" even though they know better?
Companies have a responsibility, CFOs have a responsibility: to their employees, not to expose them to the risk of a situation in which they commit a fatal error acting in good faith.
However those who ignore the risks of payment transactions, who block investments, who although they cannot entirely avoid risks can still significantly reduce them, act negligently. Whether this is in fact grossly negligent or reckless is a matter for the lawyers.
This issue has recently been picked up by Finance Magazin to shed light on the underwriting consequences for fidelity bonds and D&O insurance. Especially with regard to D&O insurance CFOs should pay attention because, even though it is usually more difficult to prove negligence of duties on the part of executive officers, it is nevertheless a possibility in my personal opinion considering that the risks of payment transactions are generally known and not limited to fake president fraud.
Also generally known are better practice solutions, which at the same time address other areas of risk such as corruption, money laundering, embargo and anti-terror lists. Their key element is a centralized payment platform. Only such a system applies the necessary ex ante and ex post controls or more extensive forensic methods.
Those who still remain idle, really can't be helped anymore – not even with insurance.
A surreptitious glance across the great pond on the list of shame of the U.S. Securities and Exchange Commission (SEC) under the Foreign Corrupt Practices Act (FCPA) shows the kinds of penalties imposed and for what crimes. It can be assumed that sentencing was at least in part also influenced by the level to which the company in question has employed the technical means available today to prevent such incidents or detect them early itself. Similar such lists compiled by other US agencies can be found on the internet.
The issue of payment security also has another side, which should bring a lot more joy to companies: a positive business case! The centralization and automation of internal and external payments, including the necessary adaptations of up and downstream processes, is an investment which brings rewards to most companies in the short term (usually within 6 to 18 months).
An amicable outcome in view of all the risks and potentially negative consequences, wouldn't you say?
Source: KPMG Corporate Treasury News, Edition 59, September 2016
Author: Carsten Jäkel, Partner, Finance Advisory, firstname.lastname@example.org
© 2017 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.
KPMG International has created a state of the art digital platform that enhances your experience, optimized to discover new and related content.