A Critical Step For Your Vendor Master File When A Fraudulent Payment Happens

A Critical Step For Your Vendor Master File When A Fraudulent Payment Happens

Your organization may have a Fraud Response Plan that outlines steps to take when a fraudulent payment is made. The question is does the plan include the critical step of looking for indicators of more fraudulent payments by reviewing recent adds and changes to the vendor master file?

As one Huntsville business learned the hard way, if fraudsters think you are an easy target, they will can continue to target you. So if you had one fraudulent payment - there could be more.

Consider these recommendations to review adds and changes to the vendor master file that could have led to additional fraudulent payments.

Review Time Frame

A 60-day period before and after the incident provides a comprehensive window to capture any fraudulent activity that might have been perpetrated by the same fraudster(s). This timeframe helps in identifying patterns or anomalies in vendor adds or existing vendor changes.

Review New Vendors Added

It’s important to ensure that all new vendors have gone through your established vendor add process. Questions and reviews to consider include:

  • Review the process: Were these vendors added outside of the established process?
  • Review the source of the request: How was the request for the vendor add and the required documents received? If by email, are there any red flags in the email string? (email address different from vendor domain, language/wording differences, same email address as other vendor adds/changes etc). Were they all requested by a certain internal employee?
  • Review the documents: Were all the required documents received and validations completed to prevent fraudulent vendors from being setup in the vendor master file?
  • Review patterns: Are there any patterns in the types of vendors added that could indicate fraud? Were these Purchase Order (PO) vendors or Non-PO Vendors? Were they all requested by the same internal employee?

Existing Vendors Changed

Changes to existing vendors is especially critical because changing remittance information for legitimate vendors is how fraudsters divert payments. Any changes must follow your established vendor change process. Questions and reviews to consider include:

  • Review the reasons behind the changes: Were they initiated by the vendor or the organization?
  • Review the source of the request: How was the request for the change and the required documents received? If by email, are there any red flags in the email string? (email address different from vendor domain, language/wording differences, new employee, same email address as other vendor adds/changes etc). Were they all requested by a certain internal employee?
  • Review the documents: Were all the required documents received and were they completed accurately?
  • Review the validation results: Were all the required validations completed and successful? Was authenticating data required on the documents and did it match the data on the existing vendor record?
  • Review the process: Were controls to confirm the changes followed? This can include verifying with the vendor, bank account validation, sending notification of the change, management approval or verifying the vendor received the payment.

To complete the vendor master file review, follow up on an missing documents, re-validate new and changed vendors during the 60-day time frame and notify management of any suspected fraudulent payments.

Make sure this process is in - or added to - your organization's Fraud Response Plan.

Get a 5-Step Process So You Know What To Do If A Fraudulent Payment Happens

Attend the free Build a Fraud Response Plan So You Know What To Do If Business Email Compromise (BEC) Happens – in 5 Steps webinar on June 19, 2024 from 1-1:30pm ET.

Sponsored by Financial Operations Networks (FON) here are your immediate takeaways:

  • 5 Steps to Build a Fraud Response Plan for the vendor team
  • Reasons why it’s getting harder to avoid a fraudulent payment
  • What is a Fraud Response Plan and what vendor team processes need to be included
  • How organizations can avoid fraudulent payments

Click to Save Your Seat to watch live or on-demand.

Don't forget to subscribe to my monthly newsletter sharing content that will help you avoid fraud, compliance fines, and bad vendor data in the vendor process.

To view or add a comment, sign in

More articles by Debra R Richardson, MBA, CFE, APM, APPM, CPRS

Insights from the community

Others also viewed

Explore topics