Having served for the last nine years as treasurer of the Rockefeller Group, a leading real estate developer, owner and investor, my department and I have worked diligently to establish effective payment processes that would reduce the risk of fraudulent or inaccurate payments. These efforts can be split into four primary categories: internal controls, information technology and dissemination, corporate culture and monitoring/compliance.
The Rockefeller Group has established specific guidelines and procedures that must be followed in the preparation, approval and execution of electronic payments. These policies require the following:
- Segregation of duties: Each payment must have three separate employees involved before it will be processed. One employee requests the payment, one employee must process the payment and a final employee approves/releases the payment.
- Physical and electronic forms: Rockefeller has a physical form to be filled out requesting a payment that includes the vendor’s account information, a copy of an invoice and an original signature from an employee with sufficient authorization to approve the payment.
- Payment authorization limits: A delegation of authority is in place giving each employee a specific limit on the payment amount they can approve.
- Bank controls: We have ensured that each of our bank accounts has the proper controls including, but not limited to, positive pay and ACH debit block.
Information technology and dissemination
At Rockefeller, use of information technology is critical to not only implement the internal controls described above, but also to rapidly disseminate information in order to ensure transactions are widely communicated to accounting and other key departments. Our company has had a treasury workstation for over 20 years that allows us to define the requirements that need to be met for payments to be input and released. The workstation is also valuable as it distributes key reports, including a list of payments being processed, several times a day. Finally, our treasury workstation has security administrators from our IT department that govern over user rights, ensuring employees have access and authority consistent with their job requirements.
Corporate culture and employee education
The Rockefeller Group seeks employees with high integrity and outstanding character, and this is especially important in the treasury department given the influence the team has over payment processing. The company’s senior management understands the importance of payment policies and actively supports treasury’s enforcement of payment protocols. The company also ensures that treasury has the resources it requires to effectively execute its responsibilities. In terms of employee education, with the help of our internal audit department, we created an electronic payment processing policy that was distributed throughout the organization. In conjunction with internal audit and IT, the company has held mandatory seminars on the nature of payment fraud and best practices for preventing fraud.
Monitoring and compliance
Daily report dissemination allows the company’s accounting group to perform timely accounting reconciliations. These reconciliations should highlight fraudulent or inaccurate payments and prevent them from occurring in the future. The processing of payments receives significant attention during our regular internal and external audits. Treasury works closely with internal audit throughout the year to ensure we are implementing best-in-class protocols to protect our company’s interests.
Sam Pallotta is vice president, treasurer for Rockefeller Group International Inc.