Mandate fraud and operational losses in banking: A how-to prevent guide
Mandate fraud is escalating in the banking industry, with criminals impersonating trusted figures to divert payments, causing significant financial and reputational damage. This guide explores the critical role of corporate treasuries in preventing fraud through advanced technology and strict internal controls to safeguard financial operations.
Mandate fraud* is a growing issue in the banking industry, involving sophisticated schemes with severe business consequences for both banks and their corporate customers. In this type of fraud, criminals impersonate trusted entities such as senior executives or well-known vendors to manipulate payment instructions. They typically use emails or other communication channels to seem legitimate, aiming to divert funds into their own accounts.
The consequences of mandate fraud can vary and include:
Operational and financial losses: Mandate fraud can result in direct financial losses from unauthorized transactions and the associated costs of rectifying the fraud. Indirect costs include the resources expended on investigations, legal fees, and enhanced security measures to prevent future incidents.
Reputational damage: Falling victim to mandate fraud can severely damage a bank’s reputation, eroding customer trust and potentially leading to a loss of business.
Increased operational costs: Combating fraud requires substantial investment in detection, investigation, and prevention measures. This includes deploying advanced technology and comprehensive staff training.
Regulatory penalties: Regulatory bodies can impose fines on banks that fail to prevent fraud, adding to both financial and reputational damage.
In this guide, we explore the crucial role of corporate treasury in preventing mandate fraud and outline best practices for risk mitigation with some real-life examples from Mazars and Westpac.
Do you still manually manage bank mandates? Contact us to see how we can help you automate the process and reduce 95% of the time spent on managing authorised signatories and bank mandates with the latest blockchain technology.
The role of corporate treasury in mandate fraud prevention
The corporate treasury plays a crucial role in protecting an organization from mandate fraud and operational losses. Responsible for managing bank accounts, treasurers ensure that all financial operations comply with strict regulatory standards, using robust internal controls to prevent unauthorized transactions. Their meticulous management of financial operations can significantly reduce the risk of fraud.
The corporate treasury should ensure real-time visibility of all bank account activities to maintain a secure financial environment. This includes close monitoring of the opening and closing of accounts, diligently updating signer records, particularly in line with employee turnover, and regularly auditing bank account records. Incorporating software that continuously monitors account data and flags suspicious activities is now standard best practice. This high level of diligence allows treasurers to detect anomalies early, ensuring that all processed transactions are legitimate and authorized. With advanced data analytics and technologies like AI and blockchain, they can also easily scrutinize multiple employee data points, from email communications to even social media activity, further helping them identify any potential internal threats or compliance breaches.
Overall, the corporate treasury serves as the cornerstone of a company’s financial security framework. By combining strict process oversight with advanced technology, modern treasurers can protect the organization from both internal and external financial threats.
Common fraud schemes targeting treasury departments
Treasury departments are susceptible to the following types of fraud, each exploiting different vulnerabilities within financial processes:
Transaction fraud: This involves either creating fake invoices or hacking into genuine suppliers' systems to alter banking details on legitimate invoices. If treasury teams fail to detect discrepancies in payment details, funds can be wrongly diverted, leaving legitimate vendors unpaid and creating tension in the supply chain.
Impersonation fraud: Fraudsters often impersonate senior figures, using advanced techniques to mimic their communication styles. They request urgent transfers or sensitive information in a practice known as phishing. This method typically employs social engineering to manipulate treasury employees into executing unauthorized transactions.
Internal fraud: This occurs when trusted employees misuse their access to company funds for personal gain. They may manipulate legitimate invoices or exploit their knowledge of internal processes to carry out transactions that appear compliant but are fraudulent.
Case study: Mazars exposes deep-rooted fraud in corporate banking
In a series of customer assessments, the leading consulting firm Mazars has uncovered several fraud cases, that clearly demonstrate some of the most fraudulent activities within corporate banking. In one instance, a former managing director, in collusion with a bank's sales representative, set up several unofficial bank accounts to filter off customer payments he skimmed or to which he’d added VAT reimbursements, and used the funds for personal expenses. When the problem was detected, the client's bank declined to provide account details, even though Mazars’s team had the necessary authorization from the group CEO. Additionally, they failed to update the list of signatories for the official bank accounts as requested. That created further challenges for the new management in gaining control over both official and unofficial bank accounts since the bank did not process updates for signatories from the previous year. In another case, during a cross-inventory of bank accounts in which they compared lists provided by banks and group branches, Mazars revealed hidden accounts managed exclusively by branch CEOs, unknown to the banks' corporate treasury departments, with some of them using these accounts to funnel income for personal use by investing in real estate, like parking spaces. Despite some of these CEOs having resigned, the accounts remained active with outdated signatories. To mitigate this risk, management needed to take control over all bank accounts.
Best practices for mitigating bank account and mandate fraud
As per Mazars’s recommendations and best practices, organizations can significantly mitigate the risk of mandate fraud by following the below comprehensive step-by-step guide:
Define corporate relationships: Establish and communicate clear policies to prevent conflicts of interest.
Rotate representatives: Regularly rotate representatives to local banks to prevent collusion.
Maintain a mix of signatories: Use a mix of local employees and corporate representatives as bank signatories.
Keep an annual report of bank accounts: Ensure each framework agreement with banks includes an annual report of all bank account details.
Inform on new accounts: Require banks to inform the company each time a bank account is created under its legal entities.
Restrict signatory powers: Define and enforce restrictions on signatories, including withdrawal limits and double-signature requirements.
Perform regular audits and reconciliations: Conduct regular audits and reconciliations of all bank accounts to detect and address discrepancies.
Monitor VAT transactions: Closely monitor and reconcile all VAT payments and refunds.
Verify payment requests: Implement robust verification processes for all payment requests.
Update payment mandates: Ensure all changes to payment mandates are rigorously approved and verified.
Justify cash movements: Detect and justify all cash movements, restricting cash transactions where possible.
Close inactive accounts: Promptly close inactive accounts and update account details after brand changes.
Centralize bank guarantee management: Limit bank guarantee management to two employees as authorized signatories / signers under direct CFO oversight.
Use beneficiary account validation: Perform beneficiary account validation for new suppliers and whenever bank account details are modified.
Perform on-demand validation: Implement on-demand validation of account status and ownership before making payments.
Kleinwort Hambros Bank reduces 95% of time spent on managing authorised signatories
Case study: The $290 million Westpac scandal unraveled by missing invoice oversight
Westpac faced a significant fraud involving fake invoices and forged signatures, potentially costing the bank more than $290 million. The fraud was uncovered after a series of inquiries revealed problems with several corporate clients. The alleged fraud involved false signatures on documents for 100 separate transactions over several years. Westpac insiders blamed the bank’s lax approach to invoice verification, with processes for checking invoices described as “non-existent.” This case highlights the critical role of treasury departments in implementing stringent verification processes for all invoices and payment requests to prevent similar fraudulent activities.
Cygnetise's solution to bank account and mandate fraud
Cygnetise offers a modern solution to the age-old problem of updating bank mandates efficiently and accurately. By providing real-time updates of signatory lists to banks, minimizing processing risks and delays, Cygnetise enhances both the customer experience and bank workflows, while also significantly reducing the risk of mandate fraud. Key benefits include:
Real-time updates: Customers can manage and see all changes to signatory lists in real time.
Secure storage: Signatory data is stored securely and controlled by the customer.
KYC documents: Optional inclusion of KYC documents for individual directors/signatories/signers, available digitally.
Audit trail: Maintaining an accurate audit trail minimizes the risk of customer disputes and fraud. It records all changes made with timestamps.
Reduced costs: Eliminates repetitive signatory data distribution and processing.
Notifications: Instant or scheduled notifications of changes to signatory/mandate details.
Single register of signatories: Customers can keep all signatories in one place with a unified updating protocol for all banking relationships.
Adopting Cygnetise can significantly enhance the efficiency and security of bank mandate management, making it an essential tool for modern corporate treasury practices. It adds significant value for both companies and their bank partners.
Conclusion
In conclusion, mandate fraud presents a major threat with far-reaching consequences for the banking industry, affecting operational efficiency, financial stability, and reputational integrity. Effective prevention hinges on the proactive engagement of corporate treasuries in enforcing robust security measures, rigorous monitoring, and stringent controls over financial transactions.
By implementing best practices such as regular audits, rotation of bank representatives, and the verification of payment requests, organizations can significantly mitigate the risks associated with mandate fraud. Additionally, the adoption of innovative solutions like Cygnetise can streamline mandate management, enhance security, and improve compliance by providing real-time updates and maintaining a comprehensive audit trail.
As demonstrated by cases such as Westpac's invoicing fraud, vigilance and constant refinement of security protocols are crucial. Embracing these strategies will not only protect against current threats but also adapt to evolving challenges in the financial landscape, ensuring trust and integrity in banking operations.
Want to learn more about Cygnetise? Request a free demo below and one of our team will get in touch with you right away!
*What is a bank mandate: A bank mandate, also known as an account signatory, is a person in a business authorized to manage its bank account.
Account signatories can typically:
View all balances and transactions
Set up payments
Sign up for new financial products and services
Add or remove other bank mandates
All account signatories are officially named individuals on a business’s bank account, not companies.