fraud in record numbers: why treasury needs to act now

Fraud in Record Numbers: Why Treasury Needs to Act NowTreasury in Practice Series

Underwritten by

Issue 16

2 ©2017 Association for Financial Professionals, Inc. All Rights Reserved www.AFPonline.org

Treasury in Practice Fraud in Record Numbers: Why Treasury Needs to Act Now

Fraud in Record Numbers: Why Treasury Needs to Act NowTreasury in Practice Series

October, 2017

Kyriba is proud to underwrite the latest Treasury in Practice Fraud in Record Numbers: Why Treasury Needs to Act Now.

Fraud and cybercrime have emerged as one of the biggest threats to the stability of a treasury team and the careers of treasury professionals. Fraud attempts continue to increase in both quantity and sophistication. And when fraud occurs, like a natural disaster, it surprises, overwhelms and leaves destruction in its path.

While many treasurers hope they are well prepared to prevent fraud from occurring, every successful fraud attempt exposes weak controls and detection methods that serve as a learning opportunity for others.

This guide offers excellent insight into the magnitude of fraud threats, ranging from internal collaborative attempts to external hacks and ransomware schemes. AFP also includes frightening statistics to complement the horror stories that help us all learn to be more vigilant when protecting our treasury workflows and assets from unauthorized access.

From Kyriba’s perspective, we strongly support the best practices offered in this guide:1) Implement consistent controls across payments and bank accounts, regardless of type, geography

or “who” made the request2) Never rely on UserID and password to protect a system (no matter how amazing your password

might be). Personal and business systems need more stringent protections, such as combinations of two-factor authentication, IP filtering, single sign on (SSO) and more.

3) The CIO/CTO/CISO will have a policy for your organization’s information security. Treasury systems need to align with this. Exceptions create unnecessary risk.

4) Don’t download or click on anything suspicious without verification first 5) Assume that fraudsters know your executives’ travel schedules6) Find ways to screen payments against lists and custom rules to filter out suspicious activity before

it goes to the bank. Kyriba is a proud sponsor of the AFP Treasury in Practice series so that CFOs and treasurers are better

informed and can reduce the risk of fraud and cybercrime. Please enjoy this guide.

Best regards,

Bob StarkVice President, StrategyKyriba

www.AFPonline.org ©2017 Association for Financial Professionals, Inc. All Rights Reserved 3


To say that treasury professionals have their hands full with payments fraud might be

the understatement of the decade. Corporate practitioners, whether they be entry level

or senior executives, are taking leading roles in keeping their organizations safe from

fraudsters, as well as determining the course of action going forward when fraud does occur. And

make no mistake—fraud will happen, no matter how efficient your protections.

In this latest Treasury in Practice Guide, underwritten by Kyriba, AFP explores common fraud

schemes that are plaguing corporate treasury departments. We also present a host of best practices,

so that you’ll know what to do when the fraudsters come knocking on your organization’s door.

Percent of Organizations that Experienced Attempted and/or Actual Payments Fraud, 2006-2016

100%

90%

80%

70%

60%

50%

40%

30%

20%

10%

0%2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

72% 71% 71% 73% 71%68%

61% 60% 62%

73% 74%

Fraud in Record NumbersAccording to the 2017 AFP Payments Fraud and Control Survey, nearly three quarters of treasury and finance professionals’ companies experienced payments fraud last year. That’s the highest percentage since the survey debuted in 2005.

The survey, which was underwritten by J.P. Morgan and had 547 responses, noted that overall payments fraud had been in decline from 2009 to 2013. After a 2 percentage point increase in 2014 to 62 percent, fraud then jumped 11 points in 2015, and has continued to rise, reaching 74 percent in 2016.

Similarly, the 2016/17 Kroll Global Fraud and Risk Report found that 82 percent of executives experienced a fraud incident in 2016, compared 75 percent in 2015 and 70 percent in 2014. But even though there have been major concerns about outside threats in recent years, 60 percent of respondents revealed that fraud had been committed by a combination of current and former employees and third parties. Nearly half (49 percent) said fraud incidents involved all three groups. Overall, 44 percent said that insiders were the primary perpetrators of fraud.

Source: 2017 AFP Payments Fraud and Control Survey

https://www.afponline.org/docs/default-source/protected-files/mbr/2017paymentsfraud-final-afp.pdf?sfvrsn=2&_n=8224

http://www.kroll.com/en-us/intelligence-center/reports/global-fraud-risk-report



thing you have to get right and if you don’t, you’re allowing your systems to be potentially penetrated.”

Stark noted that there are some important questions treasurers need to ask themselves when securing their systems against payments fraud:

• Can your connectivity be compromised?• Do you know who your account signatories are? Who can

change them? Does your bank have the same list?• How many layers of protection exist after you enter your

password when accessing your treasury system?• Do you have visibility into every payment? Are your

controls consistent for every bank, region and person? Do you review your acknowledgements?

• Do you have controls in place to prevent unauthorized changes to supplier payment information?

• Do you use payment watch lists? Do you have a control center to view all transactions and modifications?

To successfully combat fraud and improve compliance, treasury professionals need strong financial controls. According to Stark, that means protection against unauthorized use, standardized global workflows for payments and bank accounts, and alerts and notifications to support risk policies.

The AFP fraud survey also revealed that fraudsters are generally targeting the big fish. Organizations with at least $1 billion in annual revenue were more likely to have been hit with fraud than those who had revenues of less than $1 billion.

As always, checks were the payment method most targeted by fraudsters. Furthermore, it actually increased four percentage points to 75 percent from the year before. While this guide won’t delve further into check fraud trends and protections, AFP’s latest Payments Guide features extensive insights on that subject.

Improving Financial ControlsFor treasury professionals, protecting access to the systems themselves is paramount. Sometimes treasury does this is in conjunction with the IT department; IT may give treasury a checklist on what it can do to strengthen security, or IT may control everything on its own.

“Whether it’s your treasury system, your ERP or your FX trading portal, a consistent set of controls need to be utilized, rather than every system having a different way of logging in—some of which pass the IT sniff test and some that do not,” said Bob Stark, vice president of strategy for Kyriba. “That’s one

Percent of Organizations that Experienced Attempted and/or Actual Payments Fraud in 2016

All Annual Revenue Annual Revenue Annual Revenue Annual Revenue Less Than $1 Billion at Least $1 Billion at Least $1 Billion at Least $1 Billion and Fewer Than 26 and More Than 100 Payment Accounts Payment Accounts

74% 71%

81% 82% 84%90%

80%

70%

60%

50%

40%

30%

20%

10%

0%

Source: 2017 AFP Payments Fraud and Control Survey

https://www.afponline.org/publications-data-tools/reports/guides/afp-payments



Protection from unauthorized useIf there is an easy way into your system, criminals will find it. Allowing access via user ID and password simply isn’t going to cut it in today’s threat environment. Controls like password timeouts, resets and alphanumeric requirements add additional layers of protection.

One of the most common and most effective threat deterrents is two-factor authentication (2FA) or multifactor authentication. It is typically used to protect bank software, and should also be applied to treasury and ERP software. 2FA creates a one-time password that is generated from a hard token (a key fob) or a soft token (a text message to your phone).

Another substantial best practice is IT filtering. Sites like Facebook also apply this kind of protection; if you login from a device that is not recognized, the system will ask you for additional information. You might be asked security questions or enter in a one-time password via 2FA as a result of IT filtering. “There’s nothing unique about this—but a lot of treasury professionals don’t use this for their treasury systems,” Stark said.

IT departments may even want to control the entire process internally. This is where a single sign-on (SSO) solution may come into play. In this case, there is no user ID and password; the TMS is linked directly to the company’s internal systems. “Treasury should never do anything without the recommendation or even direct ownership of IT, when it comes to systems,” Stark said.

Standardized global workflowsThe more organizations expand and decentralize, the harder it becomes to manage bank accounts and signatories. Treasury needs to establish a central repository so that it has visibility into its accounts. This will also allow it to track authorized signers and maintain one source for documentation.

Additionally, treasury should implement structured workflows for approval processes to ensure that there are no “under the radar” bank accounts or signatories. Reconciliation procedures with the banks also should be established.

Stark also recommends keeping a payment security checklist to ensure that all access points are secure. As we saw in the 2016 Bangladesh Bank hack, failing to secure access points can be devastating. Treasury departments should have:

• Secure access to software used for payment initiation, approval and transmission

• Separation of duties and approval limits for payments software in all areas, for all users and across all payments

• Secure and monitored payment transmissions to the banks• Real-time payment confirmations and acknowledgements • Full reconciliation of payment transactions

• Monitored workflow changes within payments systems.Some CFOs are also establishing payment factories, since

using multiple payment systems makes it incredibly difficult to maintain standardized payment controls. Without proper controls, compliance with Sarbanes-Oxley Section 404 is incredibly difficult, the risk of duplicate and missed payments increases, and preventing internal fraud and external hacking is a much greater challenge.

“Setting up detection rules in your

payments system will flag transactions that

meet predetermined conditions, requiring

further attention.”

Alerts and notificationsReviewing audit trails allows treasury to identify unauthorized transactions. Utilizing a centralized tracking system that can filter by any variable and contains sufficient detail and descriptions for each transaction can help immensely. It should be available directly in your treasury system, rather than a report you need to request.

A visual dashboard that monitors data and workflow changes across treasury systems is another tool treasury can use to spot illicit transactions. Treasury professionals should monitor the number of payments and payment files transmitted to banks, internal workflow changes (e.g., limits and approvals), bank accounts and signatories.

“Setting up detection rules in your payments system will flag transactions that meet predetermined conditions, requiring further attention,” Stark said.

BEC Scams: Still Plaguing TreasuryAccording to AFP’s fraud survey, 46 percent of practitioners that experienced fraud reported that the attacks came via wire transfer. Although this is a slight decrease from 2015 (48 percent), it’s still quite a jump from wire fraud numbers in 2014 and 2013 (27 percent and 14 percent, respectively). The primary reason for the uptick in wire fraud has been the rise in business email compromise (BEC) scams.

In a typical BEC scam, a company that makes frequent wire payments will receive a transfer request via email from what appears to be a high-level executive or a routine supplier. The catch is that the request is actually coming from a hacked email account, or a fake account that appears legitimate.



Most of the time, BEC scams begin with a criminal sending a phishing email to an employee. If the employee takes the bait and clicks the link, the criminal will gain access to that email account. For a lengthy period of time, the fraudster will monitor that employee’s email until they get a good sense of who initiates wires and who requests them. At that point, they’ll “spoof” an email or create a domain that’s very close to the company.

According to AFP’s survey, 74 percent of financial professionals were victims of BEC in 2016—a 10 percentage point increase from 2015. Fortunately, 70 percent of organizations have implemented controls to prevent these scams.

Preventing BEC scamsOne way to prevent unauthorized wire transfers, explained Greg Litster, president of SAFEChecks, is to require two different computers and passwords to send money, with one of them being a computer that connects to the bank and nothing else. Multiple employees can initiate a wire or ACH transfer with their daily computers, but only the dedicated bank computer can be used to release transfers. “For the release, you don’t want to use a computer you use for email, because you don’t know if your computer’s been hacked and the keystrokes are being monitored,” he said.

Once the company adopts a two-computer policy for wire transfers, Litster advises treasury practitioners to update their electronic funds transfer (EFT) agreements with their banking partners to reflect those revised policies.

But while adding a computer that is only used for the bank connection sounds like a good idea, Magnus Carlsson, AFP’s manager of treasury and payments, noted that it’s not a practice that is typically used in treasury departments. “In my own experience, the AP personnel used their workstations to initiate payments, but they also had security devices such as

“If you get hacked and you send a wire

to a new bank they set up, that money is

gone. But if you get hacked and you send

a check to a PO Box, all is not lost. In that

scenario, you have what is called a forged

endorsement.”

login boxes they had to use to connect to the banks,” he said. “But the security set-up is of course different depending on what systems and banks you are using.”

Tom Hunt, director of treasury services for AFP, agreed. “I think this is the ideal situation, but in practice it rarely occurs,” he said.

For any treasury professional who is traveling and needs to approve a wire transfer, Litster recommends carrying a small laptop that’s not used for anything else and logging onto the internet via the mobile hotspot in their smartphone. “That connection is secure, so you can log in and just release the wires,” he said.

Next, to shift liability for any cyber losses to the bank, practitioners must be sure to follow their banks’ internal controls and technology recommendations. “If you don’t implement what they tell you to do, and there’s a loss, they’re going to push it right back on you,” he said.

It’s also important to note that not all BEC scams result in dubious wire transfers. Sometimes, criminals will impersonate an executive or a routine supplier and request a check payment be sent to a new PO Box address that they control. However, when this happens, your company might not be on the hook for the loss, Litster explained.

“If you get hacked and you send a wire to a new bank they set up, that money is gone,” he said. “But if you get hacked and you send a check to a PO Box, all is not lost. In that scenario, you have what is called a forged endorsement. You sent a check made payable to a particular party that was intercepted by somebody who is not that party, they forced the endorsement and processed it through. That becomes the liability of the bank of first deposit. And the statute of limitations on a forced endorsement is three years past the date it was deposited, except in Florida and Georgia, where it is one year.”

Litster added that banks have a part to play here as well, especially when there has been a sudden change to the receiving bank of a repetitive wire payment. He recounted an incident in which a corporate client of a Texas bank was hit with a seven-figure BEC scam. In response, the bank changed its protocol so that it no longer allows wires to move immediately through its system if the payments are being sent to Eastern Europe or Asia and there has been a bank change. “They always stop it and call the company,” he said. “They say, ‘We see you’re sending this wire and there’s been a change of bank. Are you certain about this?’ A year after putting this into practice, they caught two wires—one going to Eastern Europe for $900,000, and one going to Asia for $1.4 million.”



Treasury professionals would be wise to carefully vet their banking partners on this issue. Ask them if they have any special procedures for sudden changes to payment instructions for repetitive wire transfers. If they don’t, then it might be time to find a bank that does.

For more insights on how to protect your treasury department from BEC scams, be sure to check out our recent Treasury in Practice Guide and our Payments Guide.

Brad Smith, president and chief legal officer at Microsoft, criticized the U.S. National Security Agency for the critical role it played in WannaCry’s emergence. The NSA discovered a vulnerability in the Windows operating system, and that information was stolen by hackers and published online.

Microsoft released a security update in March to patch the vulnerability, but many large companies hadn’t bothered to make the upgrade by the time of the attack. Smith called out companies for sitting on this crucial update for two months. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” he said.

At the time, Symantec predicted that the infections would cost companies tens of millions of dollars to clean their networks, Reuters reported.

Taking actionThe topic of ransomware came up during the latest meeting of AFP’s Treasury Advisory Group. Sassan Parandeh, CTP, global treasurer of ChildFund International, asked the other members of the group if they have experienced ransomware attacks. “It’s beyond having insurance to compensate you, and it’s beyond having IT protect you against ransomware—when these people hold your data hostage, they want to be paid by bitcoin only,” he said. “Do you have a corporate policy in treasury to respond to that and act legally, rather than pay an organization in Russia in bitcoin?”

Although ChildFund has never experienced these types attacks, the global development organization has had in-depth discussions about it. “Our treasury has indicated that if this ever happens, we cannot process payment to a cyber-terrorist,” Parandeh said. “If it ever did happen, in order to comply with the Patriot Act, we’d have to refuse to pay the ransom and instead just abandon the infected devices. It’s one of the issues that is on our minds all the time.”

Another treasurer present noted that insurance companies do provide insurance for ransomware, but organizations who invest in it run into the same complications as they do when they purchase policies for kidnapping and ransom. “The insurance company says, ‘We’ll cover you, but you need to hire a hostage negotiator.’ And once everything has been negotiated, the terrorist still has to be paid in a method that is clear and visible and follows U.S. laws. It’s a contradiction,” he said.

The WannaCry attack also came up during a roundtable discussion on cybersecurity at the 2017 AFP Executive Forum. Tom Durkin, CTP, managing director, digital channels for Bank of America Merrill Lynch, stressed that the

The infamous WannaCry ransomware attack

reportedly hit more than 300,000 victims

in 150 countries in mid-May, locking up

computers and demanding that a ransom be

paid to render them functional again.

Ransomware Attacks: Holding Your Business HostageThough not technically payments fraud, ransomware attacks are a major threat that can cost companies millions of dollars. Verizon’s 2017 Data Breach Investigations Report noted that ransomware went from the 22nd most common form of malware in 2014 to the fifth in 2016.

The infamous WannaCry ransomware attack reportedly hit more than 300,000 victims in 150 countries in mid-May, locking up computers and demanding that a ransom be paid to render them functional again. But what makes this particular piece of ransomware unique is that was used with a worm, explained Europol Director Rob Wainwright. What that means is that if one computer in your network becomes infected, all your devices could be impacted.

He added that many of the victims were businesses, “including large corporations.”

According to Wainwright, few banks in Europe were affected because they have taken steps to fortify their networks after being frequent targets of cybercriminals. However, healthcare providers like the National Health Service in the UK; corporations like Nissan, FedEx and Spanish telco Telefonica; universities and gas stations in China; and the Deutsche Bahn railway in Germany were all victims. Russia was hit particularly hard, with the Russian Central Bank, the Russian Interior Ministry, Russian Railways and the telco MegaFon all being impacted to varying degrees. Kaspersky Lab told The New York Times that the virus targeted more computers in Russia than anywhere else.

https://www.afponline.org/publications-data-tools/reports/guides/afp-payments

https://www.afponline.org/publications-data-tools/reports/guides/treasury-in-practice



attack just reinforces the need for companies to back up their files and download the latest versions of software. “It came down to something that was known publicly; Microsoft issued a patch on March 14 and people didn’t upgrade,” he said.

After working with his corporate clients in the wake of the attack, Durkin saw an overall lack of preparedness at many companies. There was a lot of panic within organizations because they had no idea who they needed to get in touch with to begin to resolve the issue. In fact, some corporates even thought it might be a good idea to pay the ransom.

On the surface, paying the ransom might not seem too bad. Ransomware attackers typically ask for a small amount that would seem like a drop in the bucket for a corporate—a small price to pay to get your data back. And some of these attackers are more than willing to walk you through the process. As ethical hacker Jamie Woodruff noted at a recent conference in Manchester, many hackers actually have call centers and IT support. They’ll even walk you through the process of purchasing bitcoin if you don’t know how.

Nevertheless, Durkin stressed that if your organization is hit with a ransomware attack, you should not pay the ransom. “There’s no guarantee that the de-encryption is going to work,” he said. “And the other point is, once you pay the ransom, you’re on a very public list in a bad area of the web. You’ll be under more attacks.”

One treasury executive in attendance asked about the likelihood of the attackers being caught. “The likelihood of being caught is minimal,” Durkin said. “When are we going to hear about who actually started it? It’s going to play out forever and turn into a tumultuous battle in terms of pursuit, even though you have many governments that are interested in chasing them down. That’s what fosters the bad actors to continue to try it out.”

Authorities will likely find it even more difficult than usual to locate these particular attackers, given that they used exploits stolen from the NSA. “That’s been one of the most striking things to me over the course of the past 12-18 months—you hear that these tools were stolen and then you hear a year later that fraud has been perpetrated using those tools,” said Joel Campbell, vice president, treasurer and CRO of H&R Block. “Those tools are taken and then they’re put out on the dark web. You can buy them for minimal amounts of dollars.”

Verizon’s 2017 Data Breach Investigations Report advises companies to block Microsoft Office macros, as these are a very common way they can become infected with ransomware. Macros are disabled by Microsoft by default, but users can enable them, despite the security risks. If you have

enabled macros and you download a malicious document via email, malware will be installed on your computer. Decent Security offers a guide to turning off macros in Office 2007-2016.

“Unless your organization mails around software updates, you need to block executables at your email gateway,” Verizon explained in its report. “Disable macro-enabled office documents, specifically MS Word and Excel, for anyone who doesn’t explicitly need it. Stopping malicious JavaScript starts with blocking .js via email and keeping browser software up to date.”

“You have to think a little bit like a

criminal, unfortunately, in order to

make sure that the content that you’re

pushing out isn’t going to cause a

physical breach, a cybersecurity breach,

or some other risk or harm to your

company or your customers.”

Social Media: Opening the Door for FraudOne thing became clear during a presentation on cybersecurity and payments fraud at a recent forum on payments in Berlin—social media is a fraudster’s most powerful tool.

Denyette DePierro, vice president and senior counsel for the American Bankers Association, advised the group to consider the amount of information that people put out there on Facebook, Instagram, Twitter, etc., which is often unprotected and easily accessible. “Your dog’s name might not be public record, but I bet if I search social media, I can find out your dog’s name, the age of your oldest child or your niece’s middle name,” she said. This is significant because many people use information like this in passwords because they think no one knows it. But it’s often easily available on social channels.

Furthermore, there’s a reason why business email compromise (BEC) scams occur when your CEO is on vacation. “I guarantee you, he’s posting pictures on social media of his vacation in Aruba,” DePierro said. “We’ve seen a lot of that. The reason they’ll be able to send an email requesting an immediate $10,000 wire transfer that is so well-crafted, that knows your dog’s name, that knows that you have the kids in Paris for the summer, is because they got it from social channels.”

http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_execsummary_en_xg.pdf



Key Takeaways

• Two-factor authentication, which uses a token that generates a one-time password, is a highly effective fraud deterrent.

• Treasury should establish a central repository so that it has visibility into its accounts.

• Reviewing audit trails allows treasury to identify unauthorized transactions.

• Wire fraud has increased considerably since 2014, largely due to the rise in business email compromise (BEC) scams.

• To shift liability for any cyber losses from you to your bank, be sure to follow your banks’ internal controls and technology recommendations.

• If your organization is hit with a ransomware attack, do not pay the ransom. The de-encryption might not even work, and if you pay, you’ll be on a public list on the dark web, which could lead to more attacks.

• Companies need to block Microsoft Office macros, as these are a very common way they can become infected with ransomware.

• Social media is a fraudster’s most powerful tool. The reason why so many BEC scams occur when an executive is on vacation is because they are posting pictures on social media. Fraudsters know they aren’t in the office.

She urged attendees to change their settings on Facebook to “anything that isn’t public.” Because fraudsters aren’t just following a bank’s or a corporate’s official social media accounts—they’re following their employees, their primary customers—anyone that could be a liability that could give them information about the way the company operates.

Furthermore, bank and corporate employees will often unwittingly post about things that could actually compromise security, like making a joke about an armored car showing up for a pick-up. “That just gave me a whole lot of information about what’s going on at the bank,” DePierro said. “We’ve even seen one instance where social media contributed to a physical security breach. Somebody at a bank posted about waiting for a plumber to fix the executive bathroom. One plumber called, and two showed up. That is the kind of thing that can happen, if you aren’t aware of how information will be used.”

Added DePierro: “You have to think a little bit like a criminal, unfortunately, in order to make sure that the content that you’re pushing out isn’t going to cause a physical breach, a cybersecurity breach, or some other risk or harm to your company or your customers.”

Even your friends list on Facebook can open the door for cybercriminals. Angel Grant, CISSP, director of RSA, Fraud and Risk Intelligence, warned attendees about the dangers of having 5,000 friends. If a hacker can get into your Facebook account, they can share a malicious link with your friends. “They can leverage your Facebook population,” she said. “The more friends you have, the more valuable you are as a target. So I recommend you all defriend people when you get home.”

Additionally, fraudsters have found a new use for social media—selling credit card information. Ironically, the Dark Web has gotten too risky for many carders, so they’ve taken to selling card numbers on social media. “There are over 500 groups doing this on social media—whether it be Facebook, Twitter, WhatsApp, etc.,” Grant said. “And this is globally; we looked at all the international social networks—500 groups, and about 300,000 users. In the past six months, it’s grown over 300 percent a month and it keeps on growing.”

ConclusionDespite the protections companies have put in place, fraudsters continue to find ways to cheat them out of money. That’s why it’s important for treasury and finance professionals to stay on top of the latest fraud trends and make sure they are securing their payment channels with the proper controls. You’re only as strong as your weakest link. And make no mistake—you have a weak link, and a fraudster is going to find it and exploit it. Now is the time to shore things up.

About the AuthorAndrew Deichler is the editorial manager for the Association for Financial Professionals (AFP). He produces content for a number of media outlets, including AFP Exchange, Inside Treasury, and Treasury & Finance Week. Deichler regularly reports on a variety of complex topics, including payments fraud, emerging technologies and financial regulation.

About AFP®

The Association for Financial Professionals (AFP) is the professional society committed to advancing the success of its members and their organizations. AFP established and administers the Certified Treasury Professional and Certified Corporate FP&A Professional credentials, which set standards of excellence in finance. Each year, AFP hosts the largest networking conference worldwide for over 6,500 corporate finance professionals. 4520 East-West Highway, Suite 800Bethesda, MD 20814T: +1 301.907.2862 | F: +1 301.907.2864 www.AFPonline.org

Tom Hunt, CTP, Director, Treasury Services,is the staff subject matter expert on treasury and working capital management and provides original, proprietary content to meet the unique concerns and strategic development needs of corporate treasury professionals.

www.kyriba.com

fraud in record numbers: why treasury needs to act now

Documents