Why banks should bolster risk management services
Transaction banks have more scope to offer direct risk management services to their corporate clients as the latter's concerns over fraud and cybercrime rise.
The Corporate Treasury Insights 2015 report, published by Boston Consulting Group and BNP Paribas, found that effectively managing risk was the top priority for corporate treasurers. Having a robust risk management offering was cited by 70% of respondents as a factor that would give a bank a competitive advantage over peers.
By comparison, in the Euromoney cash management survey 2015 just 15% of respondents stated that their cash-management provider also offers risk-management services.
Given the demand from treasurers for more sophisticated products, it is perhaps surprising that transaction banks in the main either lack a distinct risk-management service for corporates, or seek to integrate this in their cash-management offering. Dub Newman, head of North America GTS, Bank of America Merrill Lynch, points out that risk-management services are inherent within a bank’s cash-management service, rather than offered as a separate product. Jacques Levet, head of transaction banking EMEA, BNP Paribas,argues that the value of those services is coming under greater scrutiny by corporates, who want to see what their bank is doing to assist them.
“When choosing a banking partner, and beyond the usual price, reliability and quality of service criteria, clients now look at bank’s ability to offer personalized advice and true added-value services, notably around risk management solutions,” says Levet.
Levet explains how he has seen a corporate come to the bank directly to ask for assistance: “While discussing fraud prevention techniques and measures with a particular client, and because he knows the great length we go to in order to protect their transactions within the bank, he asked us if we would be ready to actually audit his own systems to ensure they provided the same level of security.”
The corporates surveyed for the Corporate Treasury Insights 2015 report stated that their greatest concerns now over risk are firstly market and economic risks and secondly fraud and cybercrime. While the former may not be something that can be easily mitigated, the banks are in agreement that cyber risk is undoubtedly one of the most pressing.
Levet says: “When it comes to risk management, and next to the traditional market, economic and counterparty risks, corporate treasurers view cyber security as top priority going forward. Being experts in managing risks in general, banks are now more and more asked by their clients to develop a true commercial offer around risk management tools, something they feel is missing in the industry.”
Many treasurers now realise that managing risk on their own is a difficult task, and are willing to pay to enlist the help of the banks.
“Considering the real added-value potential of risk management tools, treasurers say they are happy to pay for and invest in such services,” says Levet.
Treasurers are taking differing approaches to working through the issues, often seeing it as a problem for other areas of the business to manage, especially if it involves technology.
Says Levet: “When it comes to cyber security, you see different approaches from treasurers. Some are willing to take the matter in their own hands while others have decided to completely outsource it to their IT departments.”
Although cybercrime is seen as the top concern, human weakness is the biggest problem now.
“Beyond the safety of the IT systems, which is paramount, there is also some education to be done with treasury teams on individual behaviors,” says Levet. “For example you’d be surprised how many people can be misled into giving out sensitive details like passwords over the phone.”
Matthew Dewsbury, global head of fraud risk at HSBC, elaborates on the problems, explaining that even if a company’s antivirus and firewalls are up to date, there are still weaknesses. “What is more of a concern now is when social engineering is used in conjunction with a cyber attack,” he says.
“Staff can be duped into making payments to fraudsters by emails which are manipulated to appear to come from their own senior executives or a supplier. These emails often contain genuine information which has been harvested from hacked email accounts or social engineering.”
Corporates need to ensure they are keeping track of transactions; if it looks legitimate the bank will not flag the issue. If the treasury team has authorised a payment with false information, it makes it very difficult for the bank to realise fraud has taken place, as all the details will adhere to the correct processes. The burden of realising there has been a fraud lies with the corporate themselves.
Says Dewsbury: “If this happens, the bank will endeavour to get the money back. But this relies on the customer detecting the fraudulent payment themselves, and quickly. HSBC is very good at recovering funds, but if the bank is only notified a few weeks later, it is difficult to follow the money trail and the criminals may have already disbursed the funds.”
Treasurers also need to keep tabs on payments activities across their accounts, especially ones not used daily. BAML’s Newman says: “There are areas that can foster risky activity, such as excess or dormant accounts on the client’s platform. If they have accounts they are not paying close attention to, they can become targets.”