Preventing payment fraud with SAP Advanced Payment Management and Business Integrity Screening
December 2022
7 min read
Author:
Ravi Ramamurthy
Share:
Rapid advancements in technology and globalization often require cutting- edge payment solutions for corporates with a diverse footprint, but be sure to bake in anti-fraud measures.
Payment fraud originating from within or outside an organization must be guarded against. Read on to learn how SAP Advanced Payment Management (APM) and Business Integrity Screening (BIS) can help.
Compliance requirements, audit needs and external factors like embargos, sanctions imposed by governments, and so on are additional imperatives for corporates and financial institutions (FIs) that want to secure their end-to-end payment lifecycle. Protection must be provided from the time of triggering a payment – or even before – until payment reaches the intended recipient.
In an increasingly digitized world with multiple cybersecurity threats, it is becoming even more important that the payment process is robust and ably supported by a strong technology infrastructure that provides security, speed, and efficiency.
Challenge for Corporates
The reality for many corporates is that they have multiple enterprise resource planning (ERP) systems – SAP or from other vendors – implemented over a period of time, or they have multiple systems due to merger and acquisition (M&A) activity in the past. Such corporates end up having lots of multi-banking relationships with different processes across the entire company, and different systems or banking portals for making payments. In an ideal world, moving to a single system with focused banking relationships, centralized treasury management and harmonized global processes is the end game that every company wants to achieve. But the process to get there is long.
SAP S/4 HANA
Companies using, or moving, to SAP as their primary ERP often aim for a single instance of the S/4 HANA landscape to get a single version of truth, but they may approach it in different ways. The journey most often is long and complex. But payment risk has to be mitigated sooner, rather than later.
Companies can adopt different strategies like ‘Central Finance’, ‘Treasury First’ or centralization of payments through a Payment Factory (PF) solution to enable certain quicker wins and security for the treasury and finance organization.
Advanced Payment Management Functionality
SAP introduced APM in 2019 to help payment centralization, visibility and oversight for those using its systems. APM alongside In-House Bank is its payment factory solution. SAP has continuously upgraded it since, with appropriate functionalities including anti-fraud measures available to users now.
APM allows for centralization of payments originating from any system – be it SAP or non-SAP – and facilitates:
Data enrichment,
Data validations,
Conversions to bank specific file formats where needed,
Batching, along with adding an approval mechanism by integrating with SAP’s Bank
Communication Management option and by using a secured single channel of communication to all banks like SAP’s Multi-Bank Connectivity.
These measures enable treasury to have central and near-real time visibility of all payments going out, allowing corporate treasurers to put controls and checks in place through a robust payment approval mechanism.
Having a strong and auditable payment approval process governed by a unified system will enable reductions in payment fraud. However, payment approval alone is somewhat of a reactive mechanism and relies on a human touch that can sometimes become time consuming, labor-intensive and prone to errors, which can potentially miss some transactions when done on a large scale. A more advanced way of managing payment risk efficiently is through an exception-based procedure, where only absolutely required payments go through a human touch, with low-risk transactions filtered through an automated rules engine that allows for targeted attention on high-risk payments.
The need for Business Integrity Screening
SAP Business Integrity Screening (BIS) is a solution that complements the payment engine of S/4 HANA, including the advanced payment management (APM) function. BIS is a SAP solution that can be enabled on S/4 HANA. At a high level, it is a rules-based engine designed to detect anomalies and third-party risk. It uses data to predict and prevent future occurrences of fraud risk.
By virtue of being on S/4 HANA, BIS handles large volumes of payments, processing through real-time simulations. SAP BIS also integrates with different process areas like master data management, invoice processing, payment execution (payment runs), and with APM for payments originating from other systems. This helps fraud prevention at a much earlier stage.
The below Figure 1 picture depicts a few of the features of BIS where a set of rules can be defined for different scenarios with certain SAP provided out-of-box rules – for example, identified risk factors might include:
Supplier invoice and payment execution stages, like vendor invoices or banks accounts in high-risk countries,
One-time vendors,
Payments made too early,
Changes to vendor banking details just before a payment cycle,
Duplicate invoices,
Manual payments, and so on.
Figure 1: SAP’s Business Integrity Screening (BIS) Key Features
Source: SAP.
BIS has a highly flexible detection and screening strategy for business partners where new rules can be added and it can make composite rule scenarios, resulting in an overall risk score being awarded. For example, a weighted score may be determined based on individual Rules like:
Payment value banding.
Consecutive payments to the same beneficiary.
Beneficiary address in an ‘at risk’ country.
Using the power of S/4 HANA, every payment is processed through all the rules and strategies defined to detect anomalies as early as possible, with real-time alert mechanisms providing further security. Implementations can leverage out-of-the-box rules and create new rules based on internal knowledge to refine anti-fraud measures going forward. BIS also has powerful analytics through the SAP Analytics Cloud solution for evaluating the performance of each strategy and rule, enabling refinements to be made.
BIS & APM Integration
For customers operating a single system environment, BIS was previously integrated with Payment Run functionality. With a multi-ERP Payment Factory landscape, BIS now integrates directly with APM. This means payments across the enterprise can be routed through screening for exception-based handling.
BIS combined with APM has two possibilities (as of writing this article):
online screening for individual items,
or batch screening for larger volumes of payments.
Rules can be set based on the size of payments as well – for example, Low value payments can be set for batch screening, while high value transactions can be set for online screening.
In the current release BIS 1.5 (FPS00), there are pre-defined scenarios specifically for APM. These check recipient bank accounts – for example, in high-risk countries and so on – and business partner (payee) bona fides for sanction screening/embargo checks at the payment order/payment item level. Custom scenarios can be created, and further custom code enhancements built within SAP-provided enhancement points.
While screening online, APM payment orders are validated through BIS detection rules. Payments without any anomalies or risk scores below threshold are automatically approved and processed for further normal processing through APM outbound processing. Payments which are suspicious will be ‘parked’ in BIS for user intervention to either release the payment – remembering, it could be a false positive scenario – or for blocking.
Any blocked payment in BIS automatically moves the APM payment order to the Exception Handling queue within Advanced Payment Management for further processing – for example, taking corrective actions in source systems, validating internal processes, contacting the vendor, cancelling/reversing a payment, and so on.
End-to-End Payment Fraud Prevention
There are different solutions available to cater to the specific needs of corporates across the payment lifecycle. A key first step is to centralize payments where Advanced Payment Management can help. A key benefit of Payment Centralization in a corporate landscape is the opportunity to initiate centralized payment screening and fraud prevention using BIS.
The integration between BIS and the APM Payment Factory enables effective payment fraud and sanction screening detection across the whole payment landscape. Adding Bank Communication Management for further approval control on an exceptions-basis will ensure a robust and automated payment process mechanism, with a strong focus on automated payment fraud prevention.
Once the payment process is secured, the next step is having secure connectivity to banks. This is where solutions like the SAP Multi-Bank Connectivity option can help.
If you are interested in any of the topics mentioned, or Sanction Screening & Fraud Detection more generally, we at Zanders encourage you to reach out to us via the ‘Get In Touch’ button. You can read more about Bank Connectivity Solutions & Advanced Payment Management: APM in our earlier articles.
However, CCR remains an essential element in banking risk management, particularly as it converges with valuation adjustments. These changes reflect growing regulatory expectations, which were
The timelines for the entire exercise have been extended to accommodate the changes in scope: Launch of exercise (macro scenarios)Second half of January 2025First submission of results to
Within the field of financial risk management, professionals strive to develop models to tackle the complexities in the financial domain. However, due to the ever-changing nature of financial
Addressing biodiversity (loss) is not only relevant from an impact perspective; it is also quickly becoming a necessity for financial institutions to safeguard their portfolios against
SAP highlighted their public vs. private cloud offerings, RISE and GROW products, new AI chatbot applications, and their SAP Analytics Cloud solution. In addition to SAP's insights, several
SAP In-House Cash (IHC) has enabled corporates to centralize cash, streamline payment processes, and recording of intercompany positions via the deployment of an internal bank. S/4 HANA
Historically, SAP faced limitations in this area, but recent innovations have addressed these challenges. This article explores how the XML framework within SAP’s Advanced Payment Management
Despite the several global delays to FRTB go-live, many banks are still struggling to be prepared for the implementation of profit and loss attribution (PLA) and the risk factor eligibility
In a world of persistent market and economic volatility, the Corporate Treasury function is increasingly taking on a more strategic role in navigating the uncertainties and driving corporate
Security in payments is a priority that no corporation can afford to overlook. But how can bank connectivity be designed to be secure, seamless, and cost-effective? What role do local
In brief
Despite an upturn in the economic outlook, uncertainty remains ingrained into business operations today.
As a result, most corporate treasuries are
After a long period of negative policy rates within Europe, the past two years marked a period with multiple hikes of the overnight rate by central banks in Europe, such as the European
On the 22nd of August, SAP and Zanders hosted a webinar on the topic of optimizing your treasury processes with SAP S/4HANA, with the focus on how to benefit from S/4HANA for the cash &
Banks perform data analytics, statistical modelling, and automate financial processes using model software, making model software essential for financial risk management.
Why banks
In the high-stakes world of private equity, where the pressure to deliver exceptional returns is relentless, the playbook is evolving. Gone are the days when financial engineering—relying
The Basel IV reforms, which are set to be implemented on 1 January 2025 via amendments to the EU Capital Requirement Regulation, have introduced changes to the Standardized Approach for
With the introduction of the updated Capital Requirements Regulation (CRR3), which has entered into force on 9 July 2024, the European Union's financial landscape is poised for significant
The heightened fluctuations observed in the commodity and energy markets from 2021 to 2022 have brought Treasury's role in managing these risks into sharper focus. While commodity prices
VaR has been one of the most widely used risk measures in banks for decades. However, due to the non-additive nature of VaR, explaining the causes of changes to VaR has always been
The Covid-19 pandemic triggered unprecedented market volatility, causing widespread failures in banks' internal risk models. These backtesting failures threatened to increase capital