It’s a fact of banking life: Financial institutions must obey strict operating standards to prevent financial misstatements, mitigate fraud and safeguard against failure. How then to reduce the risk of such incidents? The beginnings date to the early 1900s, when financial institutions established simple internal controls as part of accounting practices.
A century or so on, regulatory agencies require much stricter internal controls—the policies and procedures institutions establish to meet operating, reporting and compliance objectives. Growth has an impact, too; when a financial institution reaches $1 billion in assets, it hews to an even higher standard. Non-compliance means penalties and other administrative actions.
So how do financial institutions meet internal control requirements while they accommodate growth and meet customer expectations for faster payments and more digital methods?
The answer, you could say, is automatic.
Hand off your manual processes
Automation—specifically, automated reconciliation—overcomes the lack of control manual processes lack. Here’s why: Regulations regarding internal controls require management teams and auditors to understand and document every aspect of the financial process. Automation assists greatly to help banks:
- assess material misstatement risks
- identify where misstatements could arise in a transaction flow
- evaluate controls for the period-end financial reporting process
- obey laws, regulations and internal policies
- provide timely, accurate reporting in financial, operational and regulatory areas
- examine fraud risks
- safeguard assets
- analyze and report on internal control effectiveness, including deficiencies or weaknesses
Specifically, the Federal Deposit Insurance Corp (FDIC) requires all financial institutions to create controls, systems and programs appropriate for their size, as well as the nature, scope and risk of their activities. The Sarbanes-Oxley Act of 2002 requires publicly traded companies to establish, maintain, assess and report on internal controls and procedures for financial reporting.
The FDIC’s Internal Routine and Controls manual states: “Recordkeeping systems should be designed to enable the tracing of any transaction as it passes through accounts.”
More transactions, more to reconcile
Tracing each transaction, though, isn’t easy. As volume climbs, reconciliation becomes more complex. The growth in payment types and methods, for instance, has led to a rise in transactions in recent years. Common reconciliations include but are not limited to:
- ledger to sub-ledger accounts,
- Federal Reserve accounts,
- suspense accounts,
- debit/credit cards and
- the ever-evolving person-to-person (P2P) payments sphere.
Banks must track and reconcile all of this—and that makes balancing the books every month with Excel spreadsheets an almost impossible task. The time-consuming manual process, with its real possibility of human error and lack of audit trail, simply cannot support internal controls.
To ensure an effective internal control structure, data integrity and visibility are essential. Manual reconciliation processes provide zero visibility into how the balance sheet was derived. That means senior management or the audit committee—held personally responsible for any financial misstatements—must certify statements though they don’t necessarily see any underlying transactional detail or exception-handling process.
Manipulation of data during manual processes could lead to such misstatements, intentional or not. Organizations often write off unresolved exceptions because they cannot trace errors to the source. Sometimes reconcilers override or change a spreadsheet formula to manipulate numbers because they don’t balance. By contrast, the segregation of duties in automated reconciliation avoids this.
End-to-end enterprise reconciliation and certification solutions can play an integral part of an internal control framework. The resulting account reconciliation picture provides complete transaction-level detail with exceptions instantly visible. It eliminates manual interventions. Workflows fully automate labor-intensive processes. Automated checks ensure compliance with corporate and regulatory controls. This is exciting news, for the right automated solution reduces or eliminates errors and provides a full audit trail. Executives can approach internal controls with confidence because they know the details behind the numbers. Truly, auditors love the visibility of the audit trails.
From automated reconciliation to risk reduction
Further, the lack of oversight from manual processes can lead to internal fraud. In its Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners provided in-depth analysis of 2,690 cases from January 2016 to October 2017, with input from more than 2,000 Certified Fraud Examiners (CFE).
Based on CFE estimates, the study concluded that occupational fraud may cost organizations up to 5 percent of their annual revenues. This potential loss approaches $4 trillion annually worldwide.
But the study also finds that organizations can reduce fraud’s impact through internal controls and policies that actively detect fraud, such as thorough management review, account reconciliation and surveillance/monitoring. “Organizations that do not actively seek out fraud are likely to experience schemes that continue for much longer and at a higher cost,” the study concluded.
In 30 percent of the cases and more than any factor, lack of internal controls enabled fraud; 19 percent of cases occurred because the perpetrator could override the controls in place. Automated reconciliation and certification solutions offer precisely the added controls to enable faster detection or prevent the type of fraud cases analyzed in the report.
Control and visibility: A concrete possibility
As transactions increase in quantity and complexity, and new areas for reconciliation appear, the risk of mistakes, misstatements and abuse will prove far too great for manual methods. As automated reconciliation strengthens internal controls, it protects the financial institution and provides visibility into the numbers to help executives make smart decisions.
What does this boil down to? Financial services organizations that automate will see their competitive edge accelerate. Put another way, banks that take charge of their internal controls today will experience profound external control in the marketplace tomorrow.
For more articles like this, check out our recent executive report: Compliance: Beyond the Regulations.
Clodagh Swennumson is senior product manager, financial control solutions at Fiserv.