Commercial Factor Q&A: Cybersecurity in an Increasingly Uncertain Landscape
In the wake of the continued conflict in Ukraine, Commercial Factor spoke with Mark Watkins and Christopher Hart, both directors for Equiniti Riskfactor, about how factors can improve their cybersecurity measures, especially in the face of geopolitical upheaval.
How has Russia’s invasion of Ukraine affected risk management and fraud prevention in the receivables finance industry?
We would say that it has not affected how historically risk and fraud management should be practiced. The lender will always need to understand their clients, the type of business, its people, which debtors make up the sales ledger (debtors being funded etc.,) and how collectable the debt is are the basics of receivables finance. It will however get people to think about how clients or prospective clients who have been impacted by the conflict are managed going forward. The knock-on effect on the supply chain and impact on specific industries (such as energy and food) will all need to be considered and a lender’s exposure to clients impacted by this region/conflict will need addressing.
Such knock-on effects as the impact on trading patterns, terms of payment, rising inflation and working capital requirements across clients’ facilities will heighten the need to have robust risk and fraud management capabilities. Banks are crisis managing now and getting their houses in order as quickly as possible with increased sanctions against Russian and Belarusian companies and individuals. From recent experience, we would also say that banks are being cagey about their true exposure and concerns at present to avoid any reputational concerns.
What can factors and other financing providers do to safeguard against cybersecurity threats and other risk factors caused by the conflict?
I must caveat that I am not an information security expert, but I would suggest that banks will be looking at all systems they control within their infrastructure or systems they utilize from third-party suppliers, particularly fund transfer systems. A review of all third-party tech suppliers is no doubt underway, looking at their resilience and disaster recover capabilities (recovery point and recovery time objectives). Especially suppliers from the region or systems susceptible to cyberattack.
Other risk factors such as lengthening supply chains, payment terms, inflation impacts for businesses, impacts on specific industry sectors that relied on goods from the region (especially energy and wheat), shortage of stock supplies and increasing energy and fuel prices will all need to be investigated. Lenders need to ensure reductions in exposure for clients directly dealing in these areas or disapprove exposure to clients’ debtors that are impacted by the conflict, especially with updates in lenders’ risk policies and sanction regulations in reaction to the conflict. The aspect of know-your-customer (KYC) processes and procedures is never more prevalent now.
What types of new tools and technology are available to help factors and lenders monitor and assess risk and prevent fraud?
The signs of fraud and risk do not change, but the tools available in the technology space can help with the speed and accuracy of monitoring changes of behavior to take action and drive investigation proactively and not reactively. Real-time data via extracting data directly from a client’s accounting packages is the way forward. Combining this extracted data with the collateral analysis from the movement of client facilities and complementary data sources, such as third-party data bureau information (i.e., Experian), can help generate risk metrics and trend analyses that lead to maximizing the resource time of the people who are looking at the problems. In essence, these tools can help automate a risk-based and targeted approach to client management. Data from alternative sources are also emerging, including open banking data, accounting data and payment/merchant data.
How should lenders and factors adjust their risk appetites after the developments of the first five or six months of the year, including things like rising inflation, the conflict in Ukraine and continued supply chain disruption?
Some ways to adjust risk appetite are to monitor more closely the performance of the debtors on a client’s ledger through factors such as payment patterns and the potential impact of recent developments depending on what the debtor provides. In addition, financing providers should delve deeper into a client’s supply chain and who it relies on for providing the materials and services it needs to deliver to its own debtors.
Lenders will no doubt be updating the sectors and industries that they perceive as ‘high risk’ and adjusting their lending criteria to exclude or reduce exposure to businesses in these sectors. A review of levels of interest being charged and how this is managed with clients by lenders for extended support will also no doubt be looked at. We would expect certain lenders (Tier one level) to no doubt withdraw from offering funding across businesses in distress directly impacted by the conflict, particularly if sanctions and regulations impact the ability to lend here.
Businesses impacted by supply chain problems, rising energy prices and other jumps in costs of trading will potentially be monitored by specialist risk teams or moved on to other lenders.
What are the most important pieces of information to gather from prospective clients at this time and how can factors best verify prospects?
Lenders and factors need to identify and verify the individuals that run the business or own it and complete the required sanction checks as part of their know-your-customer (KYC) procedures to check if they meet regulatory requirements. It is also critical to check payment terms and patterns for debtors as well as any potential for change and/or impact to the business. Look at how the client’s supply chain works and where the products come from. Try to dig deeper than historical experience, as so many factors are impacting a business’ trading and funding requirements, and check if the lender is aware of them all to correctly structure the facility.
Test assumptions for forecasts for working capital required for the business. Why does it need the funds? Where are the pinch points? Are its costs as expected? Is its orderbook for expected revenue valid?
Basically, correct due diligence and KYC undertaken upfront is still a key requirement for any lender. Know what you will be funding and how you can collect this debt in a stop.
Why is it important and easier to leverage data to make decisions about risk and security in today’s environment?
Accuracy, speed, reliability and transparency supports data-led decisions. These all make technology a key player in this market, particularly from analyzing big data and focusing where to look. However, we still need the human touch to assess and interpret the data being obtained.
What are some of the types of emerging data sets companies can utilize and how can they determine the “right” data to trust?
Emerging data sets companies can utilize include open-banking data, client/prospect accounting package data obtained via direct data extraction and payment/merchant data. These all can help lead the drive to obtain the complete 360-degree view of a client and/or facility. However, a lender will always need to stress test where the data comes from, so due diligence and physical visits to sites will never totally go away.
Are there any other things factors should keep in mind in 2022?
The world will continue to get more complicated with all these changes that we have and are experiencing, but don’t over-complicate the product monitoring processes. If a client facility stops tomorrow, can you collect out?
The factoring and ABL industry tends to do well in a downturn. Are lenders’ systems, procedures and, most importantly, people able to cope with a potential uplift in client volumes whilst still staying on top of the risk and fraud issues they are facing? Don’t assume you know what is going to happen after recent years. Uncertainty is the only certainty.