In a recent conversation with industry experts Bob Stark, Global Head of Enablement at Kyriba, and Steven Otwell, Managing Director of Payments and Connectivity at Kyriba, we explored the rapidly changing landscape of corporate treasury. With insights from their extensive experience in payment innovations, data integration, and risk management, Bob and Steven shed light on how treasurers can navigate key trends reshaping financial leadership. In this article, we dive into their perspectives on what treasurers must know to stay agile, secure, and future-ready in today’s dynamic environment.
Kyriba and Trustpair are excited to share their latest white paper: The Connected Treasurer: 5 Payment Trends Reshaping Financial Leadership. Download it and learn more now!
1. First question, could you please start by presenting yourselves and explaining your experience in terms of payments and treasury?
Bob Stark:
I oversee enablement and strategy at Kyriba, where my role is focused on guiding Kyriba’s approach to manage the future of payments. We have product teams that do the R&D and development and build all the features that help us manage payments on behalf of our customers.
Steve and I collectively make sure that we not only understand what the market is looking for and identify innovations, trends, and regulatory impacts but also put ourselves in a position to communicate back to our clients and influencers in the space around. We’re here to pass on Kyriba’s vision and mission to support payments.
Steven Otwell:
I’ve been with Kyriba for about 8 years and my role is to work with the sales teams on larger complex deals that involve payment solutions and bank connectivity projects. I work with big insurance firms, the financial services industries, large global corporations, and more. Including companies that present many complexities in terms of banking and payments.
2. What have you observed in terms of payment trends in the US market over the past few years?
Bob Stark:
There’s an obvious answer to start with, which is the acceleration of payments. Not only instant payments but all types of payments: whether you talk about ACH payments, real-time payments, or instant payments, it all comes down to that. There’s a need to push payments more quickly.
The instruments are also more varied, they provide more options for organizations, whether they’re looking at traditional ACH or whether they’re coming off more manual payment methods.
Also, the word I would add is more control over the payment delivery, which is the biggest benefit for the treasurers that we speak with. It’s not only that they’re sending the payment quicker, it’s that they’re actually in control of its delivery. If they want to pay a supplier in a specific geography, then they can choose a payment method that aligns perfectly with that location.
I think that’s the biggest thing that we’ve observed and – in fact, that we’ve observed in other regions before North America – there’s a diverse set of options for Treasurers, APs, and CFOs.
Steven Otwell:
We’re also seeing a push for a tighter integration with the CIO. Before, it was the CFO and the Treasurer working with their banking partners. But the larger these banks are getting, the more frameworks and infrastructure they have around technology.
They’re now offering more sophisticated integrations with corporate ERP systems, treasury systems, back office infrastructure, etc. The question of how data is getting in and out of banking partners has been an increasing focus.
Companies are now investing millions – or billions of dollars – in ERPs and other applications – and it’s really about tight integrations with financial banking partners. Integrations have been a huge focus in the last few years – involving tech more than ever before.
3. What changes are you seeing in the roles and responsibilities of finance professionals? Do you think a treasurer today has a completely different job than like 10 years ago?
Bob Stark:
Treasury has changed a lot in the last few years. And more than ever, treasurers collaborate with other teams around payments and the payment experience.
I think these new collaborations and reorganization of the roles within the CFO’s office are some of the biggest changes, especially around the roles and responsibilities to deliver payments successfully to beneficiaries. And the treasurer is not the only organization within the office of the CFO that’s delivering payments.
We used to see significant silos: Treasury would do treasuries tasks, and APs would do APs tasks. You might have payroll doing a whole other thing and you would have this inconsistency around what that payment experience looked like. Never mind the delivery channels, never mind the costs, and let’s be honest, the security and assurance that those payment channels were the right ones and they were delivering payments in the way that you would expect.
Security being the biggest word out of that. The payment journey was inconsistent. I believe that’s the biggest change around payments that we’ve seen in Treasury. Ultimately, the goal is to have an integrated payment journey across all of these groups and have much more assurance that what you intend to do actually happens.
This is obviously where Trustpair and Kyriba intersect: ensure that the payment journey is consistent so that treasurers know that when they hit send the right things are going to happen.
Another change is also the rise of potential frauds and mistakes: this changes how we approach the idea of payments.
Steven Otwell:
Adding on that last part, I think that risk mitigation is now more up to treasurers than it used to. Especially when it comes to payment fraud: how are we protecting these processes?
We see treasurers’ jobs come into jeopardy because there can be fraud and complexity in the market. What controls and processes are they putting in place? I think the other component is the volatility in the banking infrastructure – and we’ve seen this with banks going down really quickly.
Treasurers were calling us because they were now having to go not only to their CFO but to their board to explain how are they managing their bank relationships with the volatility in the market. So there’s risk mitigation not only around payment fraud risks but also around bank volatility risks. Questions like: “What will we do if something happens to our bank? How will we move forward?”
So treasury isn’t really in a silo anymore, especially on these topics. They’re working with AP, they’re working with many teams. They’re becoming more and more ingrained as part of an overall strategic role in the debt investment and risk mitigation aspect.
Bob Stark:
And when we talk about risks, it’s also important to mention business continuity. It’s often linked to paying the right person at the right time which is the case for the procurement team for example. If there’s a disruption in paying suppliers, treasurers need to be able to come up with a plan.
No one expects at this point in 2024, another bank to fail tomorrow. But treasurers now have to be prepared for that possibility. They need to be able to say “Yes we can shift our payment channels to other institutions”. It’s a critical part of that risk management aspect. This is a holistic thing with a lot of different constituents. It involved much higher profiles than when it was a siloed and compartmentalized issue.
4. On the security issue: we see more payment methods, more electronic payments, instant payments, etc. Security is a growing concern for companies. What are your observations on that topic? Are companies ready to face these challenges? How are they adapting?
Bob Stark:
Being ready or not almost doesn’t matter – because the risks are already here! The payment journey is now riskier than it was before: that’s just the current reality.
The rise of AI and deepfakes within fraud schemes has risen significantly. We’ve seen examples of that, again and again and again. There are new threats that are amplified by AI. So how do companies – and treasurers – look at these new risks? They need to see it in the context of the payment journey.
There are different facets of the payment journey. It used to be just as worrisome as what type of payment do I want? How do I connect to the bank? What format does the bank require and what do I need to produce out of treasury, out of the ERP? Should I have maybe more than one person look at this payment as some sort of procedure around approvals and controls?
That used to be what the payment journey was. The payment journey now has a whole internal compliance and payment governance to it. And that governance, that program has been expanded to a variety of things.
So you now need a level of fraud detection, which usually is AI-driven. You need things like sanction list screening – you can’t rely on the bank to do it for you. You need to be able to identify things such as does this bank account that I’m paying actually belongs to the beneficiary.
These are all checkpoints that need to be incorporated into payment governance. In the end, it all comes down to: is the payment that I’m sending the right one and is it going to the right beneficiary? Is everything that I expect going to happen the way it should, yes or no? There’s a real checklist to mitigate the risk of mistakes and fraud.
All this needs to be built into the payment journey in a digital way and I dare say at machine speed so that we’re not just reliant on human decision-making or have internal processes slow down and make sure that some of those checklist items don’t happen. We can’t risk those checklists not being done to completion.
We also, especially as we look at accelerated payments and real-time payments, can’t afford to slow the payment journey down for an instant payment and add 4 hours of checking just to make sure it was OK because that’s no longer the reality. So the journey is faster and treasury/procurement / AP / the CFO needs to respond in real-time to secure that payment journey.
Steven Otwell:
Ultimately the one thing that has to happen in the beginning are ground rules and standard operating procedures with your employees and your staff. You have to go through the policies and procedures and adhere to those. If you don’t have those in place, human error and payment fraud are going to happen.
Someone has manipulated a process somewhere in your workflow. And if your team members aren’t sticking to that workflow or someone can manipulate them to get out of that workflow, that’s ultimately where it happens.
As sophisticated as the fraudsters are, it always comes down to someone doing something wrong that they shouldn’t have because they didn’t follow their internal policies and procedures. It has to start at the human level before you start putting complex AI machine learning on top of that.
5. And do you see payment security as a major worry among your clients? Is it more of a worry than it used to be?
Steven Otwell:
Yes, definitely. And it all started with COVID. Everyone started working from home: policies and procedures broke down and fraudsters saw that as an opportunity. Fraud started hitting hard. And it’s now hitting a large majority of companies.
Many of our customers are Fortune 100 in the financial services industry. If you get hit by fraud, it’s one thing money-wise, but in terms of your reputation in the market as being a secure, sound, and risk-averse firm, it can hit hard. You could have stock share pricing implications. It goes way beyond being short of 20K, 50K, or 150K.
So it’s important to have multiple layers of defense and to make sure I’m protected because fraudsters are always finding new ways to try to circumvent the risks and policy controls that are set up.
Bob Stark:
I think fraud shouldn’t be reduced due to the remote policy and COVID. If you look at the payment policy of an organization, it’s often very manual and in-person oriented. This definitely pushed fraud. Digitized versions of payment policies need to be enforced, using digital technologies.
The playbook has really changed in the last years: AP can’t literally walk down the hall to the CFO and say, did you ask me for this transfer? Most organizations are geographically dispersed, whether it’s just within North America or it’s around the world. Most payment processes are also dispersed and have different touchpoints between initiation, review, and approval. So this digitized version of payment policies needs to have enforcement points that are digital and data-driven at each point in that payment discussion: during initiation, review, and approval.
Different questions should be asked and different scenarios prepared for different types of answers. Has our master data been edited? If yes, then additional policies and additional checkpoints need to be put in place. Is this the first time we’ve paid a different vendor? Is there something anomalous compared to the normal payment behaviors that we typically have?
These are all examples that need to be built into that payment policy. The payment policy needs to be more wide-ranging and govern all of the payments, that come out of the organization across the office of the CFO. And then the enforcement of that has to be data-driven. It can’t just be human oversight. It’s very much rules-based, plus AI and predictive analytics that need to be put in place to be able to enforce that payment policy and make sure it’s actually executed.
If there are any breakdowns in those policies, that’s where fraudsters will come in. They are able to utilize sophisticated techniques, including AI – to gather data and be able to understand where the strengths and weaknesses in an organization’s defenses are. And in many cases, it’s multiple data points. The CFO travels a lot, and the CFO’s voice is publicly available because he’s popular.
All these different data points help fraudsters come up with a plan and a strategy to execute a fraud attack. It’s all digitized and it’s all automated so that they can do this on mass to many organizations, even thousands of organizations simultaneously. That’s how we come back to the need for organizations to employ the same level of digitization, the same level of automation, and the same level of data injected into their payment journeys.
If we take the example of Arup, the company defrauded of millions last February, the reality is this is just an extra layer on top of fraud schemes that have existed for years. Impersonation of CFOs is not new. The fact that there’s an actual visual component to this where you could get fake participants on a Zoom call is more petrifying.
But impersonations of CFOs, and fraudsters being able to figure out when they are or are not available to talk versus when they’re just getting on an airplane and unavailable for some time, aren’t new. And so there’s additional layers of sophistication that technology brings.
It all comes back to making sure, that payment policies are enforced at every different level because when bad things happen, it means something broke down in that process. Either the process wasn’t good or more likely someone didn’t execute what they were supposed to.
Also, many organizations do double, triple, or quintuple the amount of payments that they used to five or ten years ago. The amount of checkpoints that we’re talking about also amplifies and that means much more work to validate whether it is a good payment or not a good payment. This is where it gets very difficult for all these financial teams to follow up and keep up. And that’s where breakdowns occur because “I didn’t have time to do this properly”, “We thought this one was OK.”, This seemed like a reasonable exception.”
6. What about instant payments? Do you believe they’ve had an impact on these fraud events? Or has the impact of instant payments been a little over-estimated?
Steven Otwell:
Instant payment is a specific use case and for many large companies, ACH is still fine. Real-time payments are mostly driven by specific use cases for example an insurance company wanting to make their claims payments so that the receiver can see it instantly on their phone, etc.
Right now there’s still hesitancy driving real-time payments, just because corporations already have their infrastructure. They’ve got all their files routed to the banks. They’ve got their ACH, NACHA, or SEPA, and those low-value domestic payments are configured and working.
We are looking at reports showing that many of the APs or heavier batched volumes are going to start moving there. We’re just not seeing the push yet. But the banks are ready, the banks want to make the move. They’re trying to be early adopters of the programs.
Legacy controllers and finance leaders are just not jumping on board without specific use cases.
Bob Stark:
I agree that many companies are not making the move because they don’t really see a reason to. But it’s also about payment policies: do I have the right policies and procedures in place to deal with instant payments?
Many organizations also think “Does real-time payment mean real-time fraud?” Are companies in a place where they can instantly identify, review, and approve these payments without introducing additional risk into the equation? All CFOs and organizations aren’t willing to add risks if they don’t have the technology to support the processes.
There are good questions to ask: Do I need it? Does it add value? Or is it just a faster way of doing what I was doing before? Also, do I have the technology and risk mitigation strategy to support this? There’s no need to take on more risks when it comes to the payment journey.
7. And what is Kyriba doing to adapt to these trends, in terms of innovative technologies or new features? How do you see the future of software like Kyriba?
Bob Stark:
Our focus is on data strategy—ensuring our customers have a robust approach to data, with Kyriba providing the technology to support it. While AI is certainly a buzzword, it’s important to remember that there’s no effective AI strategy without a strong foundation in data.
Data strategy is vital for payments. Companies need data-driven processes to secure payments and make the payment journey safe. The aim is to detect anomalies instantly and to be ready to identify, respond to, and mitigate risks. That’s the role we’re here to play.
Kyriba’s role is to help companies digitize their payment policies, helping them with the technology, which will be coded in our platform as well as APIs and real-time integration with partners, so that overall, there’s holistic security for their payment journey that’s built into the technology stack.
Corporations have a data strategy that we support to ensure their payments are digitized and secure.
Steven Otwell:
We see API as the biggest piece here. Everything from banking to payments, to cash visibility has always been file-based historical data.
Whether we’re getting data to and from the bank via an SFTP connection or a Swift connection, it was a file being delivered from a treasury system or an ERP system to the bank. What we’re seeing now, the biggest trend, the push of what are customers asking for is a complete API infrastructure and a firm like Kyriba really sits in the middle. We’re here to help companies build that API infrastructure and go from file-based historical data to real-time data.
A transaction automatically hits the bank and automatically shows up in Kyriba, or any treasury-based application that can use API technology.
The cases are slow to adapt to real-time payments, and we need an API to get the RTP to the bank. But we are seeing a lot of use cases because we’re a treasury firm of “I want to get faster, better cash positions.” So we are using APIs because customers want to see that immediately inside a treasury-based application using an API infrastructure.
The other interesting piece is data. How do I manage my data? Moving from historical file-based data to Kyriba pulling in financial data via an API from the bank, but also using APIs to get that into the customer’s data lake or using APIs to get that financial data.
So now you do have real-time data flowing via API framework from the entire back office, multiple ERPS using API data, and the data lakes into the banks.
This data is a flowing stream across the application. API we see as the biggest game changer because it offers real-time transactions and helps companies move from the historical file-based infrastructure.
Treasurers but also CIOs and IT leaders are using APIs to move that data in a faster, more meaningful way.
8. Do you have any last words on this topic or anything that comes to mind? What advice would you give companies?
Bob Stark:
The future of payments is real-time, it’s data-driven and it’s intelligent. Every firm, no matter the size needs to be in a place where their payment journeys are able to support what that future looks like.
They need to be data-driven, have the technology, have APIs, and have AI that all work in unison to ensure that the right payments are happening and the wrong payments are stopped well before.
It’s a combination of digitizing a process, supporting a process, and making sure that the right technology happens timely and that the insights are intelligent and driven by data.
In the end, whether it’s procurement, treasury, or anyone in the office of the CFO, what they want to see is “tell me the exceptions I need to look at, I want business continuity, I want confidence that everything that we’re sending is good. But I also need confidence that anything that isn’t good can be flagged and brought to me in real-time so that we can as a group, ensure that if there are exceptions, we identify them and either flag them for further review or we can kill them before they become a problem.”
And it’s that confidence in that payment journey that companies need: have payments real-time and expedited and make sure that nothing bad happens.
To conclude
Trustpair is committed to helping treasurers navigate these changes with enhanced fraud prevention, seamless integrations, and strategic insights. Learn how we can support your organization’s payment journey and mitigate risks by contacting an expert today!