Articles
Identifying Risks in Treasury Technology
- By Staff Writers
- Published: 8/25/2020
The AFP Asia-Pacific Treasury Management Handbook, sponsored by Kyriba, provides insights on the risks that technology poses for treasury departments. In particular, as treasury’s reliance on technology increases, so, too, does the associated operational risk should that technology then fail. This can materialize in different ways.
In a centralized treasury structure, if technology and/or communications lines fail. A centralized treasury structure is only as effective and efficient as the information it receives electronically from a host of internal and external parties, including group operating companies and banking partners. It is also only able to function because technology has facilitated a group-wide set of standardized treasury policies for entities located around the world to follow.
However, such wide-scale adoption and reliance on technology comes with a risk. What happens when technology (and communication channels) break down, whether caused by a denial of service attack at the bank or by an interruption to regular electronic communication, and central (or regional) treasury cannot accurately collate group positions or initiate payments or other activity? The centralized nature of treasury may mean there is a lack of local experts in-house to take over. Treasurers need to carefully evaluate this technology risk, and come up with a set of operating procedures to follow if such an event occurs.
If a technology vendor fails. Another technology risk to be mindful of is the risk associated with the choice of a particular technology platform or vendor, including issues such as the need for after-sale installation and support or even the risk that a vendor may go out of business. A related issue is the risk associated with the potential failure or obsolescence of vendor-acquired hardware, software, and/or
communications devices. This risk may also arise when a treasury system is selected without the support of, and consultation with, the organization’s technology and legal staff.
If an activity is outsourced to a third party and the expected service is not received. Many companies outsource certain treasury activities to third parties, including investment management, especially the use of specialist fund managers, and the use of software solutions provided as software-as-a-service (SaaS). SaaS has data and systems hosted remotely, so that companies must have a dedicated method of communicating to the systems.
While some companies choose to host their treasury management systems on site, vendors are seeing increased demand for offsite hosting on the vendor’s own servers (or outsourced servers managed under license on the vendor’s behalf). Companies can choose to have a dedicated server at the vendor’s location, with access via a dedicated line (on a VPN), or to share bandwidth and servers via a SaaS solution. The use of shared architecture does represent an additional risk which needs to be managed. This risk is magnified because of the value of transactions effected through the treasury management system.
If treasury does not fully understand how technology operates. Finally, adopting a technology solution does not manage risk automatically. During the implementation of a new solution, members of the treasury department need to work to ensure they understand the processes followed by the system and that these processes match the company’s policy.
As an example, if a system’s automated initiation and approval of outgoing payments does not reflect the company’s preferred procedures, the system’s own system is exposing the company to unnecessary (and unacceptable) operational risk.
For more insights, download the AFP Asia-Pacific Treasury Management Handbook.
Copyright © 2024 Association for Financial Professionals, Inc.
All rights reserved.