Last week, it was reported that LOT Polish Airlines, the main airline of Poland, paid 2.5 million PLN (US$685,000) to scammers last year that sent a fraudulent invoice for a monthly aircraft payment. It appears that the invoice also had amended payment details which enabled the transaction. LOT paid the amount to a Cyprus bank account and it was immediately transferred to an account in Asia. They were able to recover about 30% of it, costing them $500,000.
It is also a dirty secret that this happens much more often than is reported. I have talked with companies that have had issues with 6- and 7- figure amounts stolen through falsifying vendors, invoices, or switching bank terms on existing suppliers. While it can happen internally, as technology progresses it makes it even easier to do it from the other side of the world where perpetrators are largely free from repercussions.
Stories like this are why companies need strong processes not just in their procurement department, but in their AP department as well. Scammers are getting better at identifying and exploiting common flaws in processes, so it is essential to evaluate policies on a recurring basis to ensure they continue to be solid.
The easiest way to evaluate them is by asking how someone, internally or externally, could exploit them and check against that. How do you vet new vendors to ensure they are legitimate? What is your approval process to authenticate a vendor’s new payment method? How do you ensure an invoice is actually coming from the vendor?
Embracing this as part of an Accounts Payable transformation is critical to bringing long-term success to the organization. Adding AP automation and significant new technology investments without a thorough process evaluation can expose Accounts Payable to risk that isn’t correctly accounted for.
Adding the proper policies can take effort and the reward may not be easily visible, but if an AP team becomes the victim of significant fraud, it puts a black mark on the entire finance organization. There are dozens of ways that a company can fall victim to scammers through the AP department; the root cause for most is having a process that didn’t protect it to begin with.