Cash Pooling/Single Legal Account Pooling:
DNB's Group Account Systems/Cash Pools are based on a balance netting principle, often called "Single Legal Account Pooling” or Nordic Balance Netting Model. This is a method commonly used among Nordic banks and it implies that legally only one single bank account, “The Group Account”, is opened per currency. These are the contractual accounts between the Bank and the Cash Pool Owner where the Bank charges and pays its interests.
The Sub-Accounts, or the Operational Accounts (OPRs), are the current accounts of each pool member/participant linked to the Group Account, and the terms and conditions on these accounts are set by the Cash Pool Owner, in most cases the parent company/the treasury unit. These terms and conditions (interest margins and limits) are defined as inter-company terms and conditions and the bank only calculates and capitalises interest on behalf of the Pool Owner.
It is relevant to mention that DNB’s cash pools work in a way whereby the balance netting (offsetting debit and credit balances by “sweeps”), do not impose a direct physical transfer of funds between the participant and parent company/cash pool holder. The sweeps are carried out to "report" a net balance in each currency and hence calculate interest on that net balance and accordingly improving the net interest position. The balance is as such "reported", and not permanently moved to/from each OPR account, to/from the parent company. It is immediately posted back to the individual OPR account. The balance on each OPR is as such the pool member’s funds, reflecting the inter-company position (loan or deposit), and it will be available for the pool member at the start of business the next morning.
DNB offers a wide range of systems within this segment, from the single currency account/single entity systems at the lower end of the scale, to the more complex cross-border multiple currency/multiple legal entity systems at the upper end of the scale, classified as DNB’s International Cash Pool, the “ICP” concept.
Cash Concentration (ZBA):
Bank accounts in a cash concentration structure are, as opposed to the OPR accounts in the pooling model, all physical accounts owned by each individual entity, with the bank as the contractual counterparty. The basic principle is to consolidate/concentrate end of day balances on the current accounts against one common "Master Account" per currency for the group, either based on a zero balance principle or on a target balance principle. This is achieved by physically transferring the end of day true value dated balance to or from the respective current accounts – meaning end-of-day surplus cash balances will be swept from the current account to the Master Account and end of day negative cash balances on the current accounts will be covered by a transfer from the Master Account to the actual current account.
As in a pooling arrangement, the swept end-of-day balance on each current account reflects the inter-company position against the parent company.
Comparing the two models:
In total, the cash pooling (CP) concept and the cash concentration (CC) concept is quite similar as they are both balance netting methods with co-mingling of funds that both leads to inter-company positions between the header account an each member of the account structure. The one main difference is that funds are not returned to the member account in a CC structure while they are returned in the CP model. This implies that in order to process transactions one needs to allocate intra-day limits granted by the bank in a CC structure while in a CP model the swept funds are returned and available at the pool member account. If there are still not sufficient funds after the return sweep has taken place, the account can be funded by applying an inter-company limit (overdraft), granted by the Cash Pool Owner.
In a notional pool, the netting is done without establishing a physical account structure, and as such no funds are moved from a sub-level to a group level on a day-by-day basis, and accordingly, there will be no inter-company positions to report or book. A recalculation is instead performed after the end of each capitalisation period (monthly/quarterly), as if the account balances were “notionally” pooled, and this netting benefit is then paid/compensated back to the "pool holder".
Based on the above, notional pooling is in most cases an interest optimisation tool for maximising interest income and minimising interest expenses only. Notional pooling is also called interest compensation or interest enhancement.
There are usually no features in a notional pool that support working capital optimisation in the sense that there are no possibility to utilise group liquidity, e.g. by one member in a deficit position to utilise the surplus funds provided by another member of the pool. Likewise there is no option to allocate inter-company limits by the pool owner, like in an ICP solution.
... Vis mer
It is recommended that corporates and organisations have a written policy regarding payments. This can either be a part of a general risk policy or as separate payments policy. In a fraud perspective it is important that the policy is understood and signed off by senior management and all relevant stakeholders in the payment process. Relevant stakeholders are people in your organisation who have access to the payment process. This can for example be personnel who register or approve payments or process payment files.
In the payment policy there should be stated specific payment procedures for how payments are executed in the organisation. A sign off by senior management is important to prevent what is referred to as CFO fraud. Which payment procedures and guiding principles should your organisations focus on and implement?
Access to the payment process
The most straight forward way to reduce the risk of fraud is to have a comprehensive view on who has access to payments and payment data at each stage of the payment process. Keeping strict access and controlling user rights to electronic banking systems is essential. Please also do not forget to have the same strict access and control of user rights in payment modules in your ERP and Treasury systems. Remember to guard the right to add and edit bank account numbers for suppliers and customers.
Segregation of duties
Segregation of duty means that no single person in the organisation should be able to make a payment alone. Segregation of duties is also referred to as the four eyes principle. There should always be at least two persons involved in the process of registering and approving payments. Segregation of duties should also apply for updates of bank account numbers in your ERP and Treasury systems.
Centralising payments processes
Centralising the payment process can increase the quality of the payment process. Professionalising the payments process and reducing the number of employees who have access to the payment process is a good tool to decrease the risk of fraud.
Which red flags and warning signals should my organisation look for in our daily operation?
Beware of urgent payments requests because fraudsters like to create a state of urgency. Generally an organisation should view urgent payments as an exception with high risk. Treasury or finance can mitigate the number of urgent payment by having overview and control on their cash position and short term payment forecast. The number of urgent payment should be kept as low as possible by forcing the organisation to follow standard payment procedures. An organisation can for example use KPIs to drive down the numbers of ad hoc and urgent payment. It is important to train relevant stakeholders to ask control questions and transfer the payment to standard payment process if possible. Checks and controls are critical before processing any urgent payment. Your payment policy and procedures should be strict related to urgent payments to unregistered receivers.
In a fraud attack it is normal that the fraudster try to trick you to pay to an unknown account. Hence manual registered payments are a risk factor that should be kept at a minimum. All payments to suppliers and customers should follow standard workflows in your ERP system. Manual payments should only be used in cases where the counterparties and their bank accounts are known. As with urgent payment your organisation should work systematically to reduce manual payments and standardise the payment processes in ERP or Treasury systems.
Sending out fake invoices or informing of account number change is also a common fraud attempt. First line of defence in these cases is to contact your supplier or customer when receiving a new bank account number. Your organisation should request a confirmation from their contacts at the supplier or customer side. This should be used as documentation when updating bank account numbers in your systems.
CFO frauds are fraud attacks where criminals is posing as CFO,CEO or other senior management representative to manipulate and push people on the operational side of the payment process to transfer cash. These frauds are well organised, often involve significant amounts and attack the human factor in your organisation. Senior management need to commit themselves to payments policy and standard procedures to mitigate the risk of CFO Fraud. At the same time all employees with a role in the payment process need to be well informed and trained to protect your organisation against manipulative fraud attempts. People working with payments in your organisation should be confident in asking questions as part of the checks and controls procedure!
Risk of internal fraud needs to be taken into consideration and mitigated. Standardised payment procedures are important to prevent internal fraud. Segregation of duty and the four eyes principle need to apply for all stakeholders in the payment process. This is also relevant for stakeholders who have access to payments in ERP and Treasury system or access to payment files.
What should I do if the accident happens?
First call your bank as soon as possible! If you are a DNB customer you should call +47 915 04800. If the alert is sent early to your bank there is a small chance that the bank can stop the transfer before your cash is lost. Second you should report the incident to the police. Third you need to incorporate lessons learned in your payment procedures, to mitigate the risk of future fraud. Unfortunately criminals are likely to return if they have discovered week spots.
... Vis mer