The Payments Podcast from Bottomline.

Episode Transcript

Owen McDonald: Welcome to The Payments Podcast. I'm your host, Bottomline Managing Editor, Owen McDonald. We're viewing business payments through a vertical market lens in this episode by looking at five key themes common across most verticals. These themes are legacy tech, reputational and operational risk, fraud and cybersecurity, internal team pressures, and modernization. Then we thought, who better to tackle this beast of a topic than our colleague, Richard Ransom, Head of Solutions Consulting for Corporates at Bottomline? Richard Ransom, welcome back to The Payments Podcast.

Richard Ransom: Thank you, Owen.

Owen McDonald: Very glad you could be here. We're talking about solving five key B2B payments challenges across verticals, so let us begin. More companies are now diagnosing and addressing legacy tech problems. What about that, Richard? In what ways does legacy technology create unique challenges for B2B payments in different verticals, and what are the risks of not modernizing around that?

Richard Ransom: So in our experience, B2B payment systems are often updated at the speed of the back-office systems that feed them, like billing, ERP, and payroll. And what this can mean is systems fall behind compliance, regulation, access to innovation, and become victim of increased security threats. The risks of not modernizing are particularly felt in areas like financial institutions and insurance, where the burden of regulation is much larger than other types of business. And what this means is we get layers of technical insulation that proliferate as middleware used to mitigate the costs of making changes to elderly systems. In addition, the amount of siloed legacy systems in the office of the CFO, so AP, AR treasury, mean adoption of wider initiatives with B2B payment benefits, like extended data in ISO 20022, for example, are considerably slower than anticipated. So whole economies miss out because legacy systems don't allow this innovation to happen. And what you see is, the least cost route to ticking a compliance box rather than being able to really build on what these things are meant to do. And, you know, for large scale billers such as insurance, utilities, and telcos, the increasing costs of management of aging billing systems (which is not uncommon for them to be 20 or so years old), means the need for modernization is becoming inevitable. And, with uncertainty in how aging national payment systems will be updated - so in The UK, our ACH system is due for a refresh, but we don't quite know when - that means organizations are looking to trusted third parties, like Bottomline, to provide end-to-end direct debit management, for example, to augment their new billing systems and keep them relatively future proof. And this is gonna be the same situation everywhere in the world. You know, keeping the core things 'core', like calculating the bill, but the way that that subscription is managed, that's more often going into an external system to mitigate that risk of not modernizing.

Owen McDonald: Now a company is perceived according to how well it delivers on expectations. That in turn depends on operations. How do reputational and operational risks manifest in B2B payments, Richard? Can you share an example of how organizations in different verticals are addressing this?

Richard Ransom: Yeah. And, you know, that reputational risk can can come from something as simple as not paying someone on time. And that isn't great for the payee, so it's not great for me not to get money. But for the late payer, there's a reputational risk. And in the past, especially in the UK, this data wasn't open and available. But, recently introduced due to The Duty to Report legislation compels organizations of a certain size to report their payment performance every six months. So this is the government saying to UK businesses, you've got to report how good you are at paying, and you've got to do it every six months. And if you don't do it, accurately, you're going to go to prison. You're going to get a fine. This is a criminal offense. So there's a good reason for doing that, and it seems like a bit of a sledgehammer to crack a nut to really go to town on the legislation, but any business needs to think about the the impact of their late payments. And where we're seeing this really come to life is when, organizations are looking to get in a partnership with another organization, and especially in utilities and telcos and insurance and FIs where, there's a lot more openness around governance. And we're seeing that ESG is having an influence on purchasing decisions. So it's just not about how environmentally sound your data centers are, and how energy efficient you are, and how much green space you have. But increasingly on the G of ESG, the governance, and here, late payment culture or the risk of publicly not of publicly being a victim of preventable crime or error can be a significant issue. And we've seen that in the UK with several very large, very obvious household names, falling under cyberattacks recently.

Owen McDonald: Let's turn to a really major challenge now. Richard, what are the most pressing fraud and cybersecurity threats facing B2B payments today, and how do these threats differ between industries? Just give us a sense of that.

Richard Ransom: Yeah. And globally, the fraud threats in B2B payments are focused really on accounts payable processes and where check/cheque is a particularly vulnerable area. But, you know, we're moving away from check everywhere in the world. And in The UK, [only] 84 million checks were printed last year. So it's something that's going on in the US - the US Treasury is gonna stop printing checks. These things are really important. Where the threats are around things like business email compromise (BEC) and, increasingly, fraudsters are looking at things like deepfake technology to become the CFO or the CEO and pressure people into making payments. So the cost of doing those frauds is quite high, and they tend to be more external, but really lucrative if you get it right. If you look at internal fraud threats, these are quite cheap for the people to do because they're the people inside the organization. And we found talking to customers, especially in charities, education, local government, the actual individual fraud values tend to be lower, but the cumulative effect is quite significant. And this is where insiders know how internal processes work. They tend to be less supervised, and impacts on the organization can be much more severe. So one area where we see particular pressure is the on-boarding of vendors and changes to existing vendor details. So anything that can help validate and verify the information is really important. Where you have, a third party validating suppliers and vendors on a payment network, like in Paymode for example, and where you have something like Confirmation of Payee (COP) in the UK that there's a live bank check of account ownership. These can make a massive difference, but these processes continually need to be reviewed. And looking further into things like cybersecurity threats - and I mentioned them in the earlier question. So where cyberattacks have become particularly lucrative for the criminals is around the value of the data that is being sold. So what we've seen in utilities, in particular, is the value of tokenizing bank account data with the real data stored with a secure third party. So it takes away the burden of risk and management of this data away from the organization. And in terms of things like [the UK's] GDPR regulations, it protects that personal identifiable information (PII). But in a wider sense, for any data, be it businesses or personal, hiding that data away from that cyber attacker can only help to mitigate the threat.

Owen McDonald: Let me ask you this. It sort of dovetails with that. How are regulatory requirements like Failure to Prevent Fraud and other payment regs influencing B2B payment practices across verticals? What are the commonalities when it comes to compliance?

Richard Ransom: Yeah. And these particular bits of UK based legislation should be lessons for anyone making payments anywhere in the world. And I think once again, it's just bringing to the surface how important these things are. So Failure to Prevent Fraud is an update to economic crime legislation and came into force last month. There are unlimited fines if it's seen that you have failed to prevent a fraud happening on your business. So businesses need to do more to ensure the right technical and process solutions are in place. So we expect this to drive positive behaviors across all verticals, but especially in sectors such as manufacturing, utilities, and telco, where higher value payments are common. So this is where we see that Failure to Prevent coming in. The organization gets stung for large multi-million frauds that it could have done something about. And that might be an internal threat, but it's more attractive to make those large values frauds. With this legislation and Duty to Report (so Duty to Report is saying how often you pay on time), it should get organizations to really look at their payment processes from vendor on-boarding to payment approval workflows and to regularly review in the light of emerging threats. Mitigating late payments should be a tighter focus of businesses, and those regulatory requirements can help a business to get better at accurate cash forecasting through having better cash visibility and making sure that they've got timely data. So organizations often don't need to pay late... they just don't know they have the money, or they don't have the money in the right currency.

Owen McDonald: Last question. What advice do you have for organizations wanting to unify B2B payments and future-proof processes against the challenges we've been discussing, Richard?

Richard Ransom: I get asked this question quite a lot, and it's really interesting. So my view - and this is formed over several months recently and has been the result of talking to lots of organizations - is having a 'payments champion' in your organization who can work across all payment processes, inbound and outbound, and work with your treasury functions to ensure, secure, efficient payment processes infrastructure with appropriate control and governance. So this payments champion is very typically someone internal, who just takes an interest and starts to build out their role and talks to their peers across the various silos and different areas of the business to get this one single view. Let's have a single pipe, or at least let's do things in a controlled, secure way with the appropriate governance in place. I think number two, I would say is to work with trusted payments experts, especially when embarking on modernization and major transformation. So the answer you want in terms of 'what to do about payments' may not come from your bank or ERP provider or even [your] systems integrator. It's worth looking at the payments experts in the market and the people who provide your payment systems to get their view on it because they don't have the same influences as those other parties do. I think number three, look at how your vendor data is managed and how you verify the ownership. So in the UK, you should think about implementing Confirmation of Payee to verify new or changed bank details. In Europe, you should look at Verification of Payee, which does a similar job for corporate payments. And I think the last thing is, if you are embarking on purchase-to-pay or order-to-cash automation projects, and I know lots of organizations are globally, you need to address the payments and cash elements, especially with an eye to future changes. So, the vendor who is offering you those purchase-to-pay or order-to-cash solutions does not have their eye on the payment process. So make sure that you are building that into your project, and make sure you are taking appropriate steps to look at how those things link to the project, and the benefits of really ensuring you mitigate against fraud and error.

Owen McDonald: Well, there it is. Companies continue struggling with legacy lag in tech stacks with urgent modernization priorities, with constant regulatory pressure, and more. Digital accounts receivable solutions can help manage these issues well, addressing the need for payment speed and security across many B2B verticals. Thanks once again to our friend, a very smart man, Richard Ransom.

Richard Ransom: You're very kind, Owen.

Owen McDonald: To our audience, the smartest people in B2B payments. Thanks for listening. Hit subscribe. Catch us again on your favorite podcast platforms, including Apple, Spotify, iHeartRadio, Blubrry, and YouTube. Bye for now.

The Payments Podcast, from Bottomline.