Preventing payment fraud with SAP Advanced Payment Management and Business Integrity Screening
December 2022
7 min read
Author:
Ravi Ramamurthy
Share:
Rapid advancements in technology and globalization often require cutting- edge payment solutions for corporates with a diverse footprint, but be sure to bake in anti-fraud measures.
Payment fraud originating from within or outside an organization must be guarded against. Read on to learn how SAP Advanced Payment Management (APM) and Business Integrity Screening (BIS) can help.
Compliance requirements, audit needs and external factors like embargos, sanctions imposed by governments, and so on are additional imperatives for corporates and financial institutions (FIs) that want to secure their end-to-end payment lifecycle. Protection must be provided from the time of triggering a payment – or even before – until payment reaches the intended recipient.
In an increasingly digitized world with multiple cybersecurity threats, it is becoming even more important that the payment process is robust and ably supported by a strong technology infrastructure that provides security, speed, and efficiency.
Challenge for Corporates
The reality for many corporates is that they have multiple enterprise resource planning (ERP) systems – SAP or from other vendors – implemented over a period of time, or they have multiple systems due to merger and acquisition (M&A) activity in the past. Such corporates end up having lots of multi-banking relationships with different processes across the entire company, and different systems or banking portals for making payments. In an ideal world, moving to a single system with focused banking relationships, centralized treasury management and harmonized global processes is the end game that every company wants to achieve. But the process to get there is long.
SAP S/4 HANA
Companies using, or moving, to SAP as their primary ERP often aim for a single instance of the S/4 HANA landscape to get a single version of truth, but they may approach it in different ways. The journey most often is long and complex. But payment risk has to be mitigated sooner, rather than later.
Companies can adopt different strategies like ‘Central Finance’, ‘Treasury First’ or centralization of payments through a Payment Factory (PF) solution to enable certain quicker wins and security for the treasury and finance organization.
Advanced Payment Management Functionality
SAP introduced APM in 2019 to help payment centralization, visibility and oversight for those using its systems. APM alongside In-House Bank is its payment factory solution. SAP has continuously upgraded it since, with appropriate functionalities including anti-fraud measures available to users now.
APM allows for centralization of payments originating from any system – be it SAP or non-SAP – and facilitates:
Data enrichment,
Data validations,
Conversions to bank specific file formats where needed,
Batching, along with adding an approval mechanism by integrating with SAP’s Bank
Communication Management option and by using a secured single channel of communication to all banks like SAP’s Multi-Bank Connectivity.
These measures enable treasury to have central and near-real time visibility of all payments going out, allowing corporate treasurers to put controls and checks in place through a robust payment approval mechanism.
Having a strong and auditable payment approval process governed by a unified system will enable reductions in payment fraud. However, payment approval alone is somewhat of a reactive mechanism and relies on a human touch that can sometimes become time consuming, labor-intensive and prone to errors, which can potentially miss some transactions when done on a large scale. A more advanced way of managing payment risk efficiently is through an exception-based procedure, where only absolutely required payments go through a human touch, with low-risk transactions filtered through an automated rules engine that allows for targeted attention on high-risk payments.
The need for Business Integrity Screening
SAP Business Integrity Screening (BIS) is a solution that complements the payment engine of S/4 HANA, including the advanced payment management (APM) function. BIS is a SAP solution that can be enabled on S/4 HANA. At a high level, it is a rules-based engine designed to detect anomalies and third-party risk. It uses data to predict and prevent future occurrences of fraud risk.
By virtue of being on S/4 HANA, BIS handles large volumes of payments, processing through real-time simulations. SAP BIS also integrates with different process areas like master data management, invoice processing, payment execution (payment runs), and with APM for payments originating from other systems. This helps fraud prevention at a much earlier stage.
The below Figure 1 picture depicts a few of the features of BIS where a set of rules can be defined for different scenarios with certain SAP provided out-of-box rules – for example, identified risk factors might include:
Supplier invoice and payment execution stages, like vendor invoices or banks accounts in high-risk countries,
One-time vendors,
Payments made too early,
Changes to vendor banking details just before a payment cycle,
Duplicate invoices,
Manual payments, and so on.
Figure 1: SAP’s Business Integrity Screening (BIS) Key Features
Source: SAP.
BIS has a highly flexible detection and screening strategy for business partners where new rules can be added and it can make composite rule scenarios, resulting in an overall risk score being awarded. For example, a weighted score may be determined based on individual Rules like:
Payment value banding.
Consecutive payments to the same beneficiary.
Beneficiary address in an ‘at risk’ country.
Using the power of S/4 HANA, every payment is processed through all the rules and strategies defined to detect anomalies as early as possible, with real-time alert mechanisms providing further security. Implementations can leverage out-of-the-box rules and create new rules based on internal knowledge to refine anti-fraud measures going forward. BIS also has powerful analytics through the SAP Analytics Cloud solution for evaluating the performance of each strategy and rule, enabling refinements to be made.
BIS & APM Integration
For customers operating a single system environment, BIS was previously integrated with Payment Run functionality. With a multi-ERP Payment Factory landscape, BIS now integrates directly with APM. This means payments across the enterprise can be routed through screening for exception-based handling.
BIS combined with APM has two possibilities (as of writing this article):
online screening for individual items,
or batch screening for larger volumes of payments.
Rules can be set based on the size of payments as well – for example, Low value payments can be set for batch screening, while high value transactions can be set for online screening.
In the current release BIS 1.5 (FPS00), there are pre-defined scenarios specifically for APM. These check recipient bank accounts – for example, in high-risk countries and so on – and business partner (payee) bona fides for sanction screening/embargo checks at the payment order/payment item level. Custom scenarios can be created, and further custom code enhancements built within SAP-provided enhancement points.
While screening online, APM payment orders are validated through BIS detection rules. Payments without any anomalies or risk scores below threshold are automatically approved and processed for further normal processing through APM outbound processing. Payments which are suspicious will be ‘parked’ in BIS for user intervention to either release the payment – remembering, it could be a false positive scenario – or for blocking.
Any blocked payment in BIS automatically moves the APM payment order to the Exception Handling queue within Advanced Payment Management for further processing – for example, taking corrective actions in source systems, validating internal processes, contacting the vendor, cancelling/reversing a payment, and so on.
End-to-End Payment Fraud Prevention
There are different solutions available to cater to the specific needs of corporates across the payment lifecycle. A key first step is to centralize payments where Advanced Payment Management can help. A key benefit of Payment Centralization in a corporate landscape is the opportunity to initiate centralized payment screening and fraud prevention using BIS.
The integration between BIS and the APM Payment Factory enables effective payment fraud and sanction screening detection across the whole payment landscape. Adding Bank Communication Management for further approval control on an exceptions-basis will ensure a robust and automated payment process mechanism, with a strong focus on automated payment fraud prevention.
Once the payment process is secured, the next step is having secure connectivity to banks. This is where solutions like the SAP Multi-Bank Connectivity option can help.
If you are interested in any of the topics mentioned, or Sanction Screening & Fraud Detection more generally, we at Zanders encourage you to reach out to us via the ‘Get In Touch’ button. You can read more about Bank Connectivity Solutions & Advanced Payment Management: APM in our earlier articles.
In the stress test methodology, participating banks are required to evaluate the impact of a cyber attack. They must communicate their response and recovery efforts by completing a
In this report, biodiversity loss ranks as the fourth most pressing concern after climate change adaptation, mitigation failure, and natural disasters. For financial institutions (FIs), it
Carbon offset processes are currently dominated by private actors providing legitimacy for the market. The two largest of these, Verra and Gold Standard, provide auditing services, carbon
Early October, the Basel Committee on Banking Supervision (BCBS) published a report[1] on the 2023 banking turmoil that involved the failure of several US banks as well as Credit Suisse. The
Today, we engage in a conversation with Brecht van den Driessche, a new addition to the Zanders team, to explore his motivations for joining Zanders and his vision for the future of risk
SWIFT now supports the exchange of ISO 20022 XML or MX message via the so-called FINplus network. In parallel, the legacy MT format messages remain to be exchanged over the ‘regular’ FIN
As the first conference in the US since its 4-year hiatus, there was good attendance among corporates and partners. The SAP Treasury conference is an excellent opportunity for customers to see
Of the many attending corporates and partners were offered the opportunity to hear the latest ins and outs of treasury transformation with S/4HANA.
Next to the enhancements in
The SAP Business Technology Platform (BTP) is not just a standalone product or a conventional module within SAP's suite of ERP systems; rather, it serves as a strategic platform from SAP,
Yet, the ongoing dilemma lies in achieving optimal returns on these investments. In this intricate financial landscape, the importance of delivering robust financial performance not only at
Treasurers dealing with multiple jurisdictions, scattered banking landscape, and local requirements face many challenges in this regard. Japan is one of the markets where bank connectivity
The EMIR Refit was originally introduced with the goal of simplifying regulations, and these new requirements took effect in 2019. Following the EMIR Refit, there has been a subsequent round
First and foremost, the long period of low and even negative swap rates was followed by strongly rising rates and a volatile market, which impacted the behavior of both customers and banks
On Thursday 15 June 2023, Zanders hosted a roundtable on ‘Climate Scenario Design & Stress Testing’. In our head office in Utrecht, we welcomed risk managers from several Dutch banks.
Seventy banks have been considered, which is an increase of twenty banks compared to the previous exercise. The portfolios of the participating banks contain around three quarters of all EU
The CSP helps reinforce the controls protecting participants from cyberattack and ensures their effectivity and that they adhere to the current Swift security requirements.
*Swift does not
Machine learning (ML) models have proven to be highly effective in the field of credit risk,outperforming traditional regression models in their predictive power. Thanks to the exponential
In this third article in the ISO 20022 series, Zanders experts Eliane Eysackers and Mark Sutton take a focused look at the Common Global Implementation Market Practice Group (CGI-MP).
As a result of the growing importance of this transformative technology and its applications, various regulatory initiatives and frameworks have emerged, such as Markets in Crypto-Assets
However, possibly the most important point for corporates to be aware of is the planned move towards explicit use of the structured address block. In this second article in the ISO 20022