What are the risks associated with managing authorised signatories?
Are you aware of the risks associated with managing authorised signatories? In this blog, we’ll discuss why managing authorised signatories or signers has become riskier than ever before and how organisations can minimise the risks and transform their existing processes and operations.
Introduction
In the majority of organisations worldwide, the process of managing and distributing authorised signatory or signer lists is still a predominantly manual and paper-based process. This means that core operational functions like company secretary and corporate treasury are faced with a huge administrative burden of compiling, scanning, distributing and updating signatory data. Hence, maintaining a constantly-changing inventory of authorised signatories and bank mandates tends to often be at the bottom of their to-do-list, which brings a series of risks like unnecessary bank costs, loss of cash visibility, failure to comply with internal controls and corporate governance policies, and even risk of financial loss due to fraud.
The use of dedicated signatory management technology can help eliminate those risks by providing a live single-source repository of signatory data.
Top 5 risks associated with managing authorised signatories or signers
Risk of inefficiencies
The current process at most organisations is heavily manual which means that it is prone to human errors and inefficiency – data updates can be delayed and incorrectly implemented.
Maintaining a constantly up-to-date signatory inventory is almost impossible as employees come and go. The effectiveness of the process also highly depends on the strength of the relationship between the treasury/company secretary and HR.
Risk of delayed or failed business transactions
Inefficiently managed authorised signatory lists can result in a transaction / deal / payment getting delayed or failing completely which can further jeopardise key business and client relationships.
Risk of signatory fraud
Organisations on both sides of any transaction that require signatures are exposed to a high risk of fraud. Each day that a signatory remains on your list, after having left your company is a serious fraud risk opportunity. They can sign and you will not know anything about it. Why? Because you have not given your counterpart the updated list! They are just acting on their version - which is out of date.
With organisations quickly adapting to the new digital-first economy post COVID, many have now transitioned from using wet signatures to electronic or e-signatures. The use of e-signatures carries an additional risk of cybercrime, information leakages and technology failures.
According to the results of a recent poll we ran on LinkedIn’s Governance, Risk and Compliance Management (GRC) group, 23% of surveyed people are not validating the authority of e-signatures within their organisations, whilst 72% are relying on their e-signature technology providers to carry the responsibility.
Risk of non-compliance and financial scrutiny
Many organisations, especially those in the financial sector, should comply with rules and regulations for presenting documents, disclosures, and other information at certain stages during a transaction and maintaining and demonstrating an efficient financial, governance and operational environment. If organisations fail to comply, they face a risk of getting sanctioned and fined by regulatory authorities, losing accreditation status, or damaging their brand equity.
Risk of director liability
Not having a suitable authorised signatory / signer register exposes organisations to liability risk. Generally, all company directors by law have the authority to do as they please on behalf of the company, including opening and closing bank accounts.
Good governance is therefore essential to identify the most appropriate personnel to carry out tasks on behalf of an organisation to avoid any misuse. Seniority should not dictate this.
How to minimise the risks associated with authorised signatory management
Ensure that your lists are up to date and your counterparts have the most recent version
Trust plays a huge part in business and fortunately, the majority of employees tend to be trustworthy. However, that doesn’t mean that someone won’t try at some point to exploit any weaknesses. Keeping your list up-to-date greatly reduces that risk.
Using a digital signatory management solution like Cygnetise can help you seamlessly manage, update, and distribute authorised signatory data in real-time, from anywhere in the world, and thus ensure that your organisation’s lists are always up-to-date.
Keep the signatory rules and categories simple and understandable. Your counterparts are not mind readers.
People can’t be expected to parse your complex and bewildering rules. Signatory lists are often documents that have evolved over time and have been passed down through multiple employees. Often it leaves a bloated and confusing set of rules that are impossible to decipher. Make sure you have your list reviewed periodically.
Cygnetise makes the management of signatories, very easily manageable. Signatory authorities can be managed on a list, department, function, account, or entity level, and also on an individual employee basis. This makes the management of all signing authorities extremely effortless and fully transparent across the entire organisation.
Keep the numbers on the list manageable.
While being on a list is a somewhat dubious honour, not everyone who reaches a certain status needs to be on the list. The number should be enough to ensure the business can be performed with no interruptions but not so long that management of the list is impossible and unwieldy where everyone who becomes a manager automatically is added to the list for example.
Or, alternatively, you can use a digital signatory management solution that allows you to easily organise and manage large amounts of signatory data at a click of a button.
Ensure the right people have access to your list.
This is true for both internal and external stakeholders. Do you know who can access your signatory data at any time? Having a digitised online version of your lists can help greatly in that respect.
With Cygnetise, you can have a real-time view of who has access to your lists and grant and revoke permissions instantly. Cygnetise is GDPR compliant and ISO 27001:2013 certified which gives you that extra peace of mind that your signatory data is protected.
Keep a complete audit trail/history of any changes made to your authorised signatory data and all document versions.
Maintaining a complete audit trail of what signatory lists were changed, when and by whom can significantly reduce the risk of non-compliance and financial loss. Doing this manually can be an extremely burdensome and costly process.
Cygnetise allows you to keep an automatic historical log of all signatory data changes. Each change is recorded immutably creating a precise record of what was changed, who made the change, who validated it and exactly when it was done.
To provide you with even further assurance, the platform also let you recreate signatory lists from any point in time in the past.
Conclusion
At Cygnetise, we have developed an application that solves the pain of managing authorised signatory lists, making it secure and efficient. Our technology enables users to update their lists in real-time and has a variety of sharing mechanisms so that the counterpart can always have access to the most up-to-date information without you having to recompile and redistribute. You can save over 90% of their admin costs and time, whilst mitigating the risk of fraud for the organisation.