Download our new report, The Great Reset, for exclusive insights into banking industry trends from 200 senior executives 

Banks are once again at the precipice of monumental change. 

Digital technologies have reshaped every area of finance, and ahead lie transformations of even greater scale as Artificial Intelligence (AI) and machine learning further permeate both finance and wider society.

A great reset of people, processes, and technology inside banks has taken place, and as our new report makes clear, the implications for capital markets are sweeping. 

Along with World Business Research Insights, Confirmation surveyed 200 leaders inside the world’s leading banks to understand how executives are responding to the biggest issues and trends of a generation following two years of turbulence.  

Our findings reveal current attitudes and thinking of C-suite executives charged with developing their businesses to meet the relentless demands of modern markets.  

The biggest challenges faced by banks today 

The Great Reset reveals the key trends and challenges the industry is currently grappling with, and how executives are plotting a course through a landscape laden with cybersecurity, operational, conduct, and compliance risks.  

The digitization of processes is a dominant theme driving everything from automation of back-end processes to hybrid working arrangements, trade reconciliation, and more.  

Shifting customer demographics and attitudes are also increasing demand for digital services, and our report reveals how business leaders are dealing with intense competition with investment into innovation.

Some of banking’s most respected thought leaders give their view on how changing expectations of both clients and senior stakeholders within the business can have an impact on digitization projects, and how to win senior buy-in for important projects.  

Adoption of machine learning tools to crunch exponential amounts of enterprise data is surging, as teams lean on AI to further reduce manual processes, eliminate errors, and empower risk, compliance, and IT leaders to fight fraud. 

How digitization is accelerating change 

As The Great Reset: Challenges and solutions for global banks in 2022 and beyond details, the catalyst for all of this is supercomputing power deployed to create the new technologies that are reinventing companies, markets, customer interactions, and the industry as a whole.  

Machine learning and AI have leveled the playing field for digital-only challengers. As the report underlines, digitized customer touchpoints such as onboarding and help services are changing societal habits with respect to how people prefer to deal with their banks.  

As industry experts inside the report make explicit, opportunity is there for organizations willing to engineer a better future in finance through AI instead of re-treading outdated IT playbooks. 

The changing nature of the modern workforce is also presenting obstacles, and industry leaders give their view of how remote work, resourcing, talent retention, and employee wellness initiatives are being tackled within organizations. 

The Great Reset details which critical new skills are needed to help implement and run automated systems, and respondents overwhelmingly identified one area of bank operations as particularly short on talent and ripe for automation. 

The post The Great Reset: Challenges and solutions for global banks in 2022 and beyond  appeared first on Confirmation.

The next generation of our asset verification platform provides an even easier and faster way for you to securely complete requests anytime, anywhere with our cloud-based centralized solution.

Faster asset verifications in fewer steps

Simplify your workflow, manage requests from an intuitive interface, and send requests for multiple clients to multiple banks in one order. Our growing validated responder network and validation procedures ensure your requests are going to the right place, reducing the risk of fraud. Only Confirmation provides a global network of validated responders that guarantee a response, typically within 24 hours.

Confirmation is the leading solution to complete asset verifications

Save time getting started with an intuitive interface to send, find, sort, and filter requests

Centralize and manage all your requests in one easy-to-use system with access to over 1,000 banks in our network.

Simplify your workflow and manage requests in fewer steps

1. Select the type of confirmation you want to request
2. Find the financial institution you want to send it to
3. Search for an existing client or add a new client
4. Complete the form based on the selected confirmation type
5. Review, add to your cart, and check out

Streamline the checkout process by sending multiple requests in one transaction

Run a report by confirmation type, then filter by the client name, date, and more to view previously sent confirmation requests

Take the next step today

Getting started is easy with no contracts or intensive tech setup. Sign up for an account within minutes and begin sending requests. No need to enter credit card information until you submit a request, and no hidden fees; only pay for the requests you send.

Learn more >

The post The next generation of asset verifications is here appeared first on Confirmation.

In the wake of recent billion-dollar financial frauds such as Wirecard, Luckin Coffee, Cox & Kings, IL&FS, and DHFL, we have witnessed the audit profession’s image tarnished and stakeholder trust in auditors eroding. To change this perception, it’s time we focus on the quality of audits. Challenging the status quo is a must to overcome century-old, accepted shortcomings in legacy practices.

So how can we improve the quality of work and set the right culture within the organisation? We’ll explore that here.

Historically, black-swan events have not only changed the trajectory of governments, economies, and businesses but also altered the very course of history. Early signs of a shift in consumer behaviour and business models are already visible with the recent lockdown of economies globally. As we enter uncharted territory with the second and third wave of the COVID-19 pandemic, and its catastrophic effects on many social, economic, health and political fronts, it has been an eye-opener into how we ‘work’.

During this time many of us have had the opportunity to take a step back to “rethink and reconsider” our work and daily routine. Where possible, remote working has become a norm across many small and big businesses. Teams are using digital video platforms to stay connected. In some respects, we are more connected today than we were pre-pandemic.

While these changes may be direct, short-term responses to the crises, how we return to normalcy once we manage to live with or move forward with COVID-19 is a grey area for most of us. What we do know is that many of the work and lifestyle changes will continue to be present and create long-term improvements or disruptions that will shape our ways of working and living for years to come.

So how have auditors around the world approached ‘remote auditing’? Previously it was unheard of for an auditor to work remotely due to several factors, security of data being a major concern. However, like many industries, auditing companies around the world have had to adapt to the new ways of working and pivot their workforce to work from home, keeping an openness to evaluating uncharted ideas.

As the audit profession moves to “Remote Auditing” and rewires its old ways of working, this is the opportunity to challenge the status quo and remove age-old impediments or industry-accepted shortcomings by asking two fundamental questions for every audit process followed:

1) Did you get the job done? & 2) Did you do it right?

To understand how we can implement this approach, these two aspects have been plotted (Get the job done and do it right) on a business matrix and explained the approach to analyse one of the most critical audit processes: External Confirmations*.

Let’s look at the four quadrants and evaluate each external confirmation scenario and their possible outcomes.

1) Devil’s Quadrant (Not getting the job done, Not doing it right) 

This position of the devil’s quadrant is one where an auditor should never be. An audit firm that skips the external confirmation process and opts for alternative procedures is exposed to high fraud risk. As audit evidence relied upon in such procedures is from an internal source, it can be easily forged or manipulated. These firms should immediately change their approach and start emphasising receiving external confirmations independently.

2)    Good News, Bad News (Getting the job done, Not doing it right) 

If your firm’s practices are in the bottom-right corner of the matrix, you are walking on a tight rope. The good news is that you are gathering documentary evidence. But the bad news is the evidence gathered is not reliable. Such processes or practices are not sustainable in the long term and expose the firm to fraud risk.

Below are a few pertinent scenarios of how this occurs. 

• The auditor makes the client (i.e. auditee) send confirmation requests to third parties. This results in loss of control over the contents of the package, which could lead to scenarios like confirmation letters not being sent at all, tampering with the contents inserted in the package or sending a confirmation letter with a special note for the responder directly affecting the quality of response.
• Client prepares confirmation letters or client is marked on the confirmation emails being sent out. In these scenarios, auditors reveal their sampling list and confirmation date to the client making it easy for the client to understand the pattern the auditor is following. Therefore, it eliminates the element of surprise which is very important in audits.

• Client sends email confirmations marking auditors “cc” on the email. This results in loss of control. For example if the client sends a confirmation to an incorrect email address, the delivery failure notification is only sent to the client, and the auditor, who is marked as “cc”, is not notified.
• Confirmation response is received via the client. A confirmation response coming through the client could easily result in information being forged or manipulated before being handed over to the auditor (example – Satyam Confirmation Fraud).
• Proof of origin or responder validation. An auditor could receive a confirmation from a compromised source. (Example – Olympus Confirmation Fraud and Peregrine Financial Group Confirmation Fraud)

The firm’s strategy should be to implement stronger processes within the firm. They should aim to move to the top-right corner of the matrix by working on the attributes key to “Doing it right”.

3)    The Last Jump (Not getting the job done, Doing it right)

Post the Satyam bank confirmation fraud, many large and mid-size audit firms took note of the lapses in the external confirmation discussed earlier and shifted their focus towards carrying out the confirmation process ‘right’. As a result, there has been a significantly reduced response rate for most of the audit firms. Typically, in the top left section of the quadrant, where an audit firm is trying to do the right things which do not give desired results over a period tends to push the firm back to the bottom right section (Getting it done, Not doing it right).

So, what is the reason for a response rate?

• Are we designing the confirmation requests, including determining that requests are properly addressed and contain return information for responses to be sent directly to the auditor? (Para A3-A6 of SA 505: External Confirmation)
• Are we selecting the appropriate confirming party? (Para A2 of SA 505: External Confirmation)
• Are we sending the requests, including timely follow-up requests when applicable, to the confirming party? (Para A7 of SA505: External Confirmation)? 
• Are we using appropriate tools to track and monitor the delivery of the request?

• Are we making it convenient for the third party to respond? 

If you fall in this section of the quadrant, make sure you assess the above parameters and address areas where you need to work on. The most important thing here is to be patient and keep improvising.

4)    North Star! (Getting the job done, Doing it right)

Obviously, every auditor should aspire to be in the upper right quadrant. The ideal position, where you get the job done and do it right. Auditors that fall in this quadrant are doing the following four things properly:

• Sending and receiving confirmations independently, 
• Tracking the delivery of confirmations, 

• Performing timely follow-ups, and 
• Validating the source of the response. 

The greatest challenge for auditors in this quadrant is it results in a heavy strain on the firm’s resources. It directly results in increased demand of people-hours, low-end administrative work. All of which directly impacts efficiency and profitability due to the higher costs. 

To collectively achieve higher response rates, meet auditing standard requirements and improve efficiency and profitability, technology is key!

An electronic confirmation application, such as  Confirmation, helps accounting firms in digitising and automating the entire external confirmation process. This results in increased efficiencies, being compliant and scalable with zero client interference from preparing and sending confirmations to receiving a completed confirmation back. Not to mention, it enables firms to implement a workflow which “standardises” the audit confirmation process across their organisation. One standard process across all teams allows for consistency and helps firms stay compliant from an auditing standards perspective.

Over the last 2 years we have witnessed the enormity of the COVID-19 pandemic’s impact on global economies, financial markets and businesses. This alone has put greater pressure on auditors to do their part in keeping the financial economy healthy and safe from potential fraud risk, during a vulnerable period.

Under the current circumstances, auditors must be agile and know when to recognise that conventional practices may need significant modification to address the challenges and uncertainties arising out of situations like the pandemic. Whilst it is priority to be vigilant and on guard during times like the present, it is imperative that firms always ensure there is no dilution or non-compliance with auditing standards in carrying out audits.

Every audit partner or manager when they review their teams work, they should ask two questions: Did you get your job done? Did you do it right?

*External confirmations are one of the most effective audit processes for identifying fraud risk. It is defined as the process of obtaining audit evidence through a direct response to the auditor from a third party (the confirming party).

In most instances, material financial frauds lead to inflating accounts receivables, eventually resulting in fraudulently inflating bank balances. This is a line item on the balance sheet typically least questioned or doubted by shareholders or analysts. Another material financial fraud carried out by employees is in accounts payables. Simplistically fake vendors and/or invoices are created and submitted to siphon money out of the organisation.

The post Modern Audits: Getting the job done, and doing it right appeared first on Confirmation.

1.0 Overview

1.1 Service Level Agreement (SLA)

This SLA defines the service levels for:

1. Hours of Operation and Service Maintenance.
2. Service Availability.
3. Problem Management.
4. Change Management.

1.2 General Terms and Definitions

Business Impact: The effect of a Problem on Bank systems, products, services or operations from Line of Business perspective, including business, financial, legal, or public relations factors.

Force Majeure Event: Such event may include action or inaction of governmental, civil or military authority; fire; strike; lockout or other labor dispute (but not including delays caused by subcontractors or providers); flood; war; riot; theft; earthquake and other natural disasters.

Help Desk: Providers place to call to report Problems or ask for assistance. (Note: Include phone number for Help Desk.)

Line of Business: Organization inside or outside Bank that services Bank customers and clients. Notification: The process of Providers informing Bank that a Problem has occurred or of Bank’s informing Provider that a Problem has occurred. Bank and Provider will agree on mutually acceptable methods for sending notifications and for documenting notifications.

Outage: A period commencing at the earlier of the time when (1) Bank notifies Provider, or (2) Provider otherwise becomes aware, that the conditions for a Severity 1 or Severity 2 Problem have occurred and ending when Provider has notified Bank that Provider has restored the Service. Outages will not include any time that is due to:

1. Scheduled Downtime.
2. A failure of communications lines that is not due to Provider’s negligence or willful misconduct.
3. A failure or fault of the Bank’s or end user’s systems or of any system not under the reasonable control of Provider or its contractors.
4. A Force Majeure Event.
5. Bank’s or end users’ failing to operate the Services in accordance with the terms of this Agreement.

Problem: One or more events that cause a disruption of Service, or which, if not causing a service disruption nevertheless require further monitoring and/or repair.

Problem Identification: The earlier of the time when Provider first becomes aware of a Problem, or Bank notifies Provider of the Problem.

Problem Management: The process, by which Problems are identified, recorded, assigned, and managed through to resolution.

Problem Resolution: Changes to software or procedures that create a permanent fix for a Problem. Problem Resolution may occur at the time of Service Restoration or later, if a Workaround was installed to perform Service Restoration.

Response Time:  The time required for a computer system or an associate (employee) to act upon input and deliver results to the user or requester.

Service Restoration: Restoration of a service that was disrupted during a Problem. Service Restoration may be either Problem Resolution (permanent fix) or a Workaround reasonable in Bank’s judgment.

Service Delivery Path: The components required to deliver the Service, including, without limitation, the primary applications, the underlying operating systems, the network connectivity, any software and hardware required to support these components and any supporting processes. If a Service utilizes more than one platform (2-tier and 3-tier architecture), all the platforms and components of those tiers are included.

Severity: A classification of a Problem in terms of business impact.

Severity Level 1: A problem whose impact on business functions and practices is critical and service is unavailable, unreliable or severely degraded.

Severity Level 2: A problem whose impact on business functions and practices is moderate and had recurring problems that jeopardized delivery of service.

Severity Level 3: A problem whose impact on business functions and practices is minor.

Workaround: A temporary fix or bypass for a Problem or incident that restores disrupted service.

2.0 Hours of Operations and Service Maintenance

2.1 Core Business Hours for the Service

3.0 Service Availability

3.1 Availability Definitions Availability Metric Definition

Availability (“Availability”) means that a service is accessible to the end user at the time the end user is scheduled to use it, i.e., excluding Scheduled Downtime. The metric for Availability is Percentage Availability.

Availability Formula

Percentage Availability (“Percentage Availability”) is calculated by dividing the Actual Minutes of Availability by the total number of Scheduled Minutes for the month multiplied by 100. Actual Minutes of Availability equals Scheduled Minutes minus Unscheduled Downtime Minutes. All quantities in the formula are totals for a month.

A% = (Scheduled Minutes – Unscheduled Downtime Minutes) / Scheduled Minutes x 100

Definition of Availability Formula Variables

Scheduled Minutes: Total minutes in the month falling within the start and end times stated in the “Availability” panel of the table less Scheduled Downtime. If no start and end times are stated, Scheduled Minutes equals total minutes in the month less Scheduled Downtime minutes. Scheduled Downtime: Total minutes during the maintenance periods specified in the “Scheduled Maintenance” panel of the table and at such other times as the parties may agree in advance. The total number of minutes in such maintenance periods will be “Scheduled Downtime.”

Actual Minutes of Availability: Scheduled Minutes during the month less Unscheduled Downtime Minutes during the month.

Unscheduled Downtime: Total duration in minutes of all Outages and controlled shutdown time during the month. If Provider performs a controlled shutdown of the Service for emergency maintenance or the like, Provider will make reasonable efforts to give notice thereof before such event.

3.2 Availability Measurement Responsibility

Provider will calculate the monthly Percentage Availability and will provide supporting documentation showing Scheduled Minutes, Unscheduled Downtime and a log showing day and time for each Outage. Upon the Bank’s request, Provider will forward a copy of the availability report and log for each month to the Bank within five Business Days after the last day of each month. Bank may review the availability report and log and may question omission from the log of any Outage for which it has preexisting written documentation. The parties will cooperate in good faith to resolve any disagreement about the number and duration of Outages.

3.3 Availability Service Level Standards

The Percentage Availability service level standard will be 99.0%.

3.4 Failure to Achieve Availability Service Level Standard

Failure to Fulfill Availability Standard over One Month

If the monthly Percentage Availability falls below the standard set forth above, during any calendar month, Provider will deliver to Bank within 20 Business Days after the close of the month, a written plan of corrective action describing the steps that Provider will take to cause Percentage Availability to equal or exceed the standard during the current month and each month thereafter. Bank may comment on this plan, and Provider will consider in good faith implementing Bank’s suggestions. Provider will carry out the steps set forth in such plan, as modified in response to Bank’s suggestions. Provider will bear the expense of implementing such plan.

Failure to Fulfill Availability Standard over Several Months

If monthly Percentage Availability falls below the standard set forth above for any three months during a six-month period, Provider will meet with Bank’s representative at Bank’s request to determine a course of action. Bank may make commercially reasonable requests to Provider to add redundant facilities, eliminate single points of failure, replace components and otherwise to supply additional resources, at Provider’s sole expense, that are reasonably designed to improve availability, and Provider will comply with those requests. Bank’s making requests and Provider’s complying with them do not relieve Provider of its obligation to fulfill its obligations under this Agreement.

3.5 Termination Due to Force Majeure Event

If Provider is affected by a Force Majeure Event, Provider will take reasonable action to minimize the consequences of any such cause. Provider will give Bank prompt notice in writing of the facts which constitute such cause when the cause arises; and, when the cause ceases to exist, will give prompt notice thereof to the other party.

If Provider is unable to fulfill its obligations under this SLA and the Service is not available to Bank for a period of ten (10) consecutive days due to a Force Majeure Event, Bank will have the right to terminate this Agreement without any liability or further obligation to Provider as of the date of termination.

4.0 Problem Management

The Problem Management process involves Initial Notification about Problems, periodic Status Updates, Service Restoration and Problem Resolution.

4.1 Problem Management Definitions

Initial Notification Time:  The period elapsed from Problem Identification until Provider informs Bank by telephone about the Problem. Such notice is the “Initial Notification.”

Status Update: Information given orally or in other mutually agreeable form to Bank regarding Provider’s progress toward Service Restoration.

Status Update Time: The time interval within which Provider will provide a Status Update for an Outage.

Service Restoration Time: The period elapsed from Problem Identification until the time that Provider has diagnosed the Problem, provided Service Restoration and communicated to Bank that Service Restoration has occurred.

Problem Resolution Time: The period elapsed from Problem Identification until the time that Provider has installed the Problem Resolution.

4.2 Measurement Responsibility

Provider will keep a permanent record of Severity 1 Problem resolution activities for each Severity 1 Problem in a permanent record of resolution activity. Within 20 Business Days after the end of each month, Provider will prepare a Problem Summary report. This report will provide detail on individual Problems occurring, and on the steps Provider took to resolve them. Upon Bank’s request, Provider will deliver a report (a) on resolution of a specific Problem, (b) progress through a specific date or (c) other reasonable customized report.

4.3 Problem Management Standards

Each Problem will receive appropriate attention in accordance with the Severity of the Problem. When Bank encounters a Problem with use of the Services, Bank will contact Provider in accordance with the procedure described by Severity Level set forth below. Provider will make reasonable efforts to respond to Bank’s request for assistance in achieving Service Restoration within the times specified below for each Severity level. Provider’s response will include assigning fully qualified technicians to work with Bank to diagnose and cause Service Restoration. After the service restoration of Severity 1 problems, a root cause analysis will be performed by personnel from the Development, QA, and other departments as needed. Proceedings of the analysis will be documented. The root cause analysis will:

1. Identify and investigate any actions that may have caused the issue.
2. Identify current practices that may lead to future occurrences of the issue.
3. Recommend any applicable changes to policies and procedures designed to prevent similar issues.
4. Recommend any applicable operational and organizational changes to ensure best practices are being adhered to.
5. Submit findings to the Chief Information Officer for review.

Severity 1 Problems

A problem whose impact on business functions and practices is critical and service is unavailable, unreliable or severely degraded, and would violate the stated availability service level standard as defined in this policy.

1. Confirmation will provide initial notification through email to Bank within 60 minutes or less from problem identification.
2. Confirmation will provide status updates after initial notification once the problem has been diagnosed and a resolution has been determined, further updates will be provided as a course of action is determined and a solution is implemented.
3. Every effort will be made to restore service to normal operating status as quickly as possible. Solutions may involve temporary workarounds to restore service until a more permanent solution can be applied. Resources will be assigned to work on the problem full time, until a solution has been provided.

Severity 2 Problems

A problem whose impact on business functions and practices is moderate, and had recurring problems that jeopardized delivery of service, and would violate the stated availability service level standard as defined in this policy.

1. Confirmation will provide initial notification through email to Bank within 60 minutes or less from problem identification.
2. Confirmation will provide status updates after initial notification once the problem has been diagnosed and a resolution has been determined, further updates will be provided as a course of action is determined and a solution is implemented.
3. Every effort will be made to stabilize the service and ensure business functions can continue. A permanent solution to resolve the problem will be delivered within 30 days.

Severity 3 Problems

A problem whose impact on business functions and practices is minor.

1.    The impact of the problem will be determined, and a solution will be provided in a timeframe commensurate with the scope of the problem and other business activities currently in progress. Problems will be resolved no later than by the next release of the Confirmation platform.

4.4 Problem Resolution Process – Normal Hours

US – Normal Business Hours

US – Technical Operations Off Hours – to be used for service outage only

London

Melbourne

New Zealand

Hong Kong

Singapore

Mumbai

Johannesburg

Sao Paulo

Tokyo

Note: Auto-process file issues are dealt with during normal US business hours

4.5 Failure to Fulfill Problem Management Standards

Failure to Fulfill Standards Over One Month

If Provider fails to fulfill any of the following thresholds for the Problem Management standards for Outages specified in paragraphs set forth above, Provider will deliver to Bank within 20 Business Days after month-end a written plan of corrective action describing the steps that Provider will achieve the standards for the current month and each month thereafter. Bank may comment on this plan, and Provider will consider in good faith implementing Bank’s suggestions. Provider will implement the steps set forth in such plan, as modified in response to Bank’s suggestions. Provider will bear the expense of implementing such plan. These thresholds are:

1. Three or more Initial Notifications for Outages exceed the Initial Notification Time.
2. Three or more Outages have Status Updates that exceed the Status Update Time.
3. Three or more Service Restorations for Outages occur after the applicable Service Restoration Time.
4. Three or more Problem Resolutions for Outages occur after the applicable Problem Resolution Time.

Failure to Fulfill Standards over Several Months

If Provider’s performance exceeds any of the following thresholds for the Problem Management standards for Outages as set forth above during any three-month period, Provider will meet with Bank’s representative at Bank’s request to determine a course of action. Bank may make commercially reasonable requests to Provider to add resources, change procedures, or use different Problem management systems that are reasonably designed to improve Problem management performance and Provider will comply with such requests at its sole expense. Bank’s making suggestions and Provider’s complying with them does not relieve Provider of its obligation to fulfill its obligations under this SLA. The thresholds are:

1. Five or more Initial Notifications for Outages exceed the Initial Notification Time.
2. Five or more Outages have Status Updates that exceed the Status Update Time.
3. Eight or more Service Restorations for Outages occur after the applicable Service Restoration Time.
4. Eight or more Problem Resolutions for Outages occur after the applicable Problem Resolution Time.

5.0 Change Management Standards

The Service Level Standards for Change Management will foster problem-free changes to systems and platforms covered by the Agreement. The intent of these standards is to minimize the disruption that could be caused by the changes.

5.1 Change Management Definitions

Non-Intrusive Change – A change to the system or platform that does not require any downtime or that does not cause any changes to the application functions, operations or processes.

Intrusive Change – A change to the system or platform that requires downtime or that requires changes in other systems that interface with the system or component undergoing change.

Functionality Change – A change to the system, application or process that requires communications and training for associates or customers because they will need to learn how to handle the change in the application’s functions, access rules, monitoring connections, etc.

Planned Change – Any change other than an Emergency Change that the Provider has planned for in advance.

Advance Notification Timeframes – The number of business days from the point the Provider provides Bank with the Required Change Management Documentation for Planned Changes to the point that the Provider makes the change.

Scheduled Maintenance Timeframes – Scheduled downtime periods specified in this agreement during which the Provider will perform maintenance and changes to the systems.

Emergency Change – A change that must be done as soon as possible to achieve Service Restoration that will correct a Problem.

Excluded Changes – Content changes or file updates that are part of an approved production process–for example, periodic updates of market news, feeds of changing commodity prices, account transaction updates, etc.

Necessary Testing Support – Assignment of technically competent people, sample data, and testing time to support changes initiated by Bank or by the Provider. The Necessary Testing Support will be outlined in formal written requests submitted by Bank to the Provider by the specified deadlines.

5.2 Measurement Responsibility

The Provider will track the number of times the Provider failed to:

1. Provide Advance Notification of Planned Changes within the specified timeframes.
2. Provide the required Change Management documentation.
3. Perform the changes during the Scheduled Maintenance Period for the Service.
4. Provide the necessary testing support Bank formally requested for changes initiated by Bank or the Provider.
5. Obtain the necessary Bank signoffs for Changes.

Within ten (10) business days after the end of each month, the Provider will compile an exceptions report listing each occurrence of the Provider’s failure to meet the specified Change Management Service Level Standards. Bank will review this exceptions report and will comment on any omissions for which it has preexisting written documentation. The parties will cooperate in good faith to resolve any disagreement about the number of Change Management exceptions.

5.3 Change Management Service Level Standards

The Provider will provide Advance Notification of the following changes, if they do not occur during the Scheduled Maintenance Period listed above:

1. No notification is provided for planned Non-Intrusive Changes.
2. One (1) business days for planned Intrusive Changes.
3. Three (3) business days for planned Functionality Changes.

While these are the minimum Service Level Standards required by this SLA, the Provider is encouraged to provide Advance Notification as soon as the Provider starts planning the change.

The Provider will perform the changes to the system and platform during the Scheduled Maintenance Period for the Service.

5.4 Failure to Achieve Change Management Service Level Standards

Failure to Achieve Standards over One Month

If the Provider fails to meet the specified Change Management Service Level Standards specified for three (3) or more occurrences in a calendar month, the Provider will deliver to Bank within 20 business days after the close of the month a written plan of corrective action describing the steps the Provider will take to eliminate future exceptions to the Change Management standards. Bank may comment on this plan, and the Provider will consider in good faith implementing Bank’s suggestions. Provider will carry out the steps set forth in such plan, as modified in response to Bank’s suggestions. Provider will bear the expense of implementing such plan.

Failure to Achieve Standards over Several Months

If the Provider fails to meet the specified Change Management Service Level Standards for three (3) or more occurrences per calendar month for any three months in a six-month period, the Provider will meet with Bank’s representative at Bank’s request to determine a course of action. Bank may make commercially reasonable requests to Provider to change its processes, at Provider’s sole expense, that are reasonably designed to improve compliance with the Change Management standards, and the Provider will comply with those requests.

The post Service Level Agreement for the Confirmation.com Service appeared first on Confirmation.

In this podcast episode, Brian Fox, Confirmation’s President and Founder is interviewed by the American Bankers Association. He speaks about how recent frauds have impacted the banks associated with them, and how using Confirmation exclusively can help prevent financial liability and reputational harm.

The post PODCAST: How Confirmation helps fight fraud appeared first on Confirmation.

• Audit firms changing their work pace and their challenges during Covid-19 
• Wirecard and Luckin Coffee – case studies of what went wrong in these high-profile frauds. 
• How data analytics and technology can alleviate fraud 
• What auditors need to know and how they can prepare for the unexpected 

If you missed the live session you can catch the full video below.

Audit firms changing their work pace and their challenges during Covid-19 

A 2020 Accounting Today survey found that over half of audit firms in the US have some or most staff working remotely. Auditing remotely is not a new concept; however, just as companies had to adjust to employees working fully remotely, auditors too needed to quickly adapt their audit procedures and communications to fulfill their obligations while working remotely. 

The survey also showed that while most firms were fairly equipped to continue to serve their clients remotely, they still had some challenges to overcome. Many audit firms were already exploring the possibilities of remote work, as many industries are, but the pandemic accelerated that digital service delivery. 

Inflo and Confirmation have seen firms around the world adapt quickly to the changes Covid-19 has presented. 

There are four common challenges they are hearing from firms.  

For some, the move to digital has been challenging while others have adapted, but the ability to scale and speed up their work has been difficult. Productivity and project management are very different when teams are not physically together. Audit processes have also adapted, as clients are working remotely and firms must ensure the quality of work is not impacted. There has also been an increased concern for the wellbeing of staff, as firms have been busier than ever guiding and supporting their clients through challenging times. 
 
Why could the pandemic potentially increase the likeliness of fraud?  

We have seen this story in several cycles, many emerging during a downturn. The large frauds have been going on for a number of years. When the economy is good, and cash is available – either through equity or debt financing – it’s easier to continue to perpetrate financial fraud. When you have a downturn in the economy and those cash capabilities tighten up – that’s when frauds begin to unravel – fraud relies on continued access to capital. 
 
When you have a tightening of the economy, frauds come to light due to reduced capital. This is why there will likely be an increase in fraud detection over the next 18 to24 months as the founder of Confirmation, Brian Fox, discussed in this CNN article.  
 
Mark and Brian spoke in detail about two particular frauds – Wirecard, a bank confirmation fraud, and Luckin Coffee, a fraud perpetrated through fictitious transactions. They also discussed how the frauds were perpetrated and what role technology plays in identifying fraud. 

What auditors need to know and how they can prepare for the unexpected 
 
Auditors have a big part to play in fraud detection and firms need to get serious about their responsibility in finding fraud. This sentiment was reflected by our audience, with 62 percent of them agreeing that auditors should have a greater responsibility in detecting fraud.  

Fraudsters are some of the earliest adopters of technology who try to stay one step ahead of authorities and auditors. That is why firms should be looking at their technology and tools that can be used to strengthen controls. 

How important is the quality of data? 
 
In the world of data analytics, the focus is on the reporting and the dashboards created from the data. To get to that point the data needs to be clean and accurate.  
 
Traditional data collection methods with clients are susceptible to fraud. In Inflo, data can be extracted from an accounting system or a backup of the system. This allows for no room for tampering or alteration of data and no need to spend time checking for accuracy or completeness. 

In a second poll, we asked the same audience: How extensively are you using data analytics in your audit? Over 50 percent stated it is being used on risk assessment journals and other testing. This is a positive trend, as 12 or 24 months ago that may have looked very different. This trend demonstrates that firms are adopting technologies.   
 
Technology for all  

Challenger firms that use technology are leveling out the playing field for more firms to compete with the Big 4. Both Inflo and Confirmation were created to bring technology to firms of all sizes.   
 
Inflo is a cloud-based solution that provides financial data analytics and AI technology allowing auditors and accountants to deliver more valuable services to clients.  

Confirmation, part of Thomson Reuters, is a secure, online platform that allows auditors to control the audit confirmation process from start to finish. It allows banks to respond quickly and accurately to those audit requests.  

The post [Webinar] Is Technology That Targets Fraud the Future of Audit? appeared first on Confirmation.

The future of the profession may be in question should the embarrassments continue, and with the coronavirus pandemic continuing to disrupt our economy and the way we work, there are difficult conversations to be had about where audit goes from here. 

With so many uncertainties swirling, Confirmation, which is part of Thomson Reuters, assembled a panel of professional experts to discuss these topics and more in our virtual audit forum: The hard truth facing CPAs: Why (and how) we must adopt a next-generation audit now. 

Confirmation’s founder Brian Fox was joined by leaders within the audit profession, including Carl Mayes, associate director of CPA Quality & Evolution at the AICPA; Jason Whitmer, partner in-charge of Crowe’s Centralized Audit Services Team, and Michael Peters, chair, Accounting & Information Systems and the Alvin A. Clay Professor of Accounting, Villanova School of Business. Keeping the panel on their toes was moderator Kelly Richmond Pope, CPA, professor of accountancy at DePaul University, and documentary filmmaker on white-collar crime. 

If you missed the live event, or just want to revisit this engaging session, you can watch it and read through our main takeaways below.

It’s time to get forensic 

How do you solve a problem like audit failure? By admitting it is a failure in the first instance, Michael said. Auditors need to accept they have dropped the ball and evolve from a task-oriented mindset to a more investigative, probing style.  

“It’s time to move on from the old way of how auditors think, to more how a forensic auditor thinks; to embrace and resolve uncertainty,” Michael said. With the level of data and analytics at hand, it’s time to be more inquisitive, to embrace and resolve uncertainties, he said.  

To not do so is to risk further damage to the reputation of the sector, the panel agreed. “If you ask the public if we are winning the war on fraud, they will say no, but ask any auditor and they will say yes, so we have to bring that gap and make it smaller,” Kelly said. “It feels like we are resistant to change; we know best, and we don’t need to change.” 

Earlier this year the boss of a large accounting firm said it’s not the job of the auditor to spot fraud, however, Brian disagreed. He said it’s high time the profession admits that finding fraud is its responsibility. “It’s what the public expects out of us,” he said. “You see it in the headlines: ‘audit failure.’ We disguise it as ‘audit quality,’ but it’s a euphemism for failure. We have a responsibility to find material misstatements that would have changed an investor’s decision – that is our job.” 

The accounting profession is truly at a crossroads and some may be questioning how it can progress given the culture hasn’t really changed in hundreds of years, said Carl. “We all believe audit will continue to be important to capital markets, but the question is how do we unlearn and relearn this new approach? We do it with professional standards all the time, and so we need to take the same kind of approach with audits,” he said. 

Change is a necessity 

Some of the most difficult decisions facing CPAs today are around which technologies to adopt for their practice, knowing that implementing machine learning or AI may mean a wholly different way of approaching certain jobs. As Jason said: “There is a lot of change in the industry, and it can be overwhelming. One of the challenges is figuring out which direction you go first. Once you do that, there is another direction to go. It’s not easy” 

The worst thing to do, the panel warned, is to stand still. 

“By human nature, we don’t embrace change. We are a little resistant,” Brain said. “Older CPAs often just want things to stay the same; they don’t want to invest in technology because they won’t see the return. Eventually, your staff will step out and start their own practice, and the value of older firms who do not adopt technology starts to decrease because nobody wants to work with or for them. It’s a two-edged sword.” 

It doesn’t have to be a case of adopting new technology for the sake of it, said Jason. “Know your clients, know the tools,” he said. Ultimately firms that understand their clients and know what tools and applications are out there are better placed to make a decision that will result in efficiencies. “You have to plan each engagement,” he said. “Know that one tool is not the right one for every job. You definitely have to understand what is out there, what is available.” 

It may take retraining, Kelly pointed out, questioning the panel on how realistic the concepts of retooling, retraining, and relearning are for experienced CPAs. “It’s human nature to be stuck in the way you are thinking, so how do you stay current, get on the innovation train and ride it all the way? It may scare practitioners that they think they will have to start from scratch and completely retool,” she said. 

Get comfy with data 

To be an auditor of the future, understanding and being comfortable around Big Data is unavoidable. 

“It all starts with data,” said Jason. “You need to understand the data your clients have and how to use that, as you can identify trends and information you would not have otherwise been able to see. You have to get comfortable with using data and developing ways to use data techniques in your audits.”  

Next-generation audits will require firms to understand how to get that data, how to store and protect it, and how to use it and interpret the results. The students of today, who are the auditors of tomorrow, are already coming through the ranks with a different skillset to their predecessors, said Michael.  

“Machine learning and AI are taking place in audit very quickly,” said Michael. “I see this technology replacing that first year of audit work, of routine, mechanical tasks. We are in a transition period.” 

Much of this will involve investment in training, and again, the accounting professionhas to face that the world has moved on, the experts felt.  

“Everyone wanted to go work for Big Four public accountants at one time, and technology wasn’t the cool field it is now,” Kelly said. “You couldn’t bring your dog to work or wear a hoodie. Culturally the accounting profession hasn’t changed so much. Accounting seems to be more conservative, but we have to be willing to adapt, have a change mindset as well as a growth mindset, and be open to some of those things.” 

Covid will accelerate innovation, but at what cost? 

Grappling with what the audit function looks like in a post-Covid world, for Jason, the uncertainty and disruption caused by the pandemic has accelerated changes already afoot. 

“It has clearly sped it up to innovation; there are things we are having to do now we didn’t in the past, and often we are asking why we weren’t already doing this,” Jason said. It is also testing traditional views of how audits should be carried out and throwing out scenarios that were once unthinkable. 

“In the profession, there is a deep-seated belief that you have to be physically present to audit,” he said. “For some yes, but we also found audit work can be performed remotely just as effectively, especially when you employ data-driven techniques.” Virtual inventories were something at one-time anathema, but in some cases, it is proving the only option, he said. 

“Something that makes me nervous as an audit chair is Covid,” said Kelly. “We are in this state where audit has changed maybe forever because of it.” She pushed the panel on how the pandemic, combined with the quickening pace of change, was making the landscape more attractive for fraudsters. 

The danger, Brian pointed out, is such volatility and uncertainty plays directly into the hand of fraudsters, just as it did during the last financial crisis. “In the Covid environment, one thing I always say is ‘think like a fraudster.’ Put your fraud hat on and look to see if the environment is better or worse for fraud; it’s much better,” he said. Businesses have to think about what they are doing differently than a potential fraudster could manipulate and utilize; how is the confirmation process altered by remote working? Can it be even be strengthened in the current environment?   

“The ultimate scorecard is when we see the headlines about catching fraudsters and when we celebrate the firms who are catching fraud, then we’re doing our job,” Brian said. 

Think of this as an opportunity 

If the world is facing a Great Reset as a result of the pandemic, there is no better time for the audit profession to push forward and futureproof, the panel said, and there is positivity in the air that it can emerge in better shape. 

“I’m optimistic,” said Carl. “There is tremendous opportunity and demand for this profession. Leveraging data is an area of expertise for auditors and there is a huge opportunity for us to take advantage.” 

Michael said he sees a lot of firms taking things seriously, especially with the regulators cranking up the pressure, and is encouraged by CPAs showing bolder thinking and better leadership. “Culture is very important in any organization,” he said. “Create the culture and move toward that. One or two people in a division or organization can make a big difference.” 

The technology is there, the will to change is there, but can words translate into actions, Brian questions. “I am optimistic we have the technology, but fearful we aren’t moving fast enough,” he says.  

The risks of not moving with the times could pose an existential threat to professional audit, he said. “If we don’t start living up to the public’s view of what our job should be, I am concerned we will have an Amazon, Google, or Ant audit. Investors will open up our exclusive rights to audit and say because we’re so bad at it we will just let anyone do it. If we don’t get better at finding material statements for fraud, we risk the future of our business.” 

If you’d like to know more about Confirmation and how we help make the audit process stronger, safer, and much more efficient, especially during times of uncertainty, click the button below.  

The post Audit Forum 2020: Why (and how) we must adopt a next-generation audit now appeared first on Confirmation.

Hosted by Accountancy Age, Confirmation’s European Managing Director, Kyle Gibbons, DO’s Arbinder Chatwal, Richard Spofforth of Kreston Reeves, and audit partner of BKL, Jon Wedge, recently gathered to discuss how technology will transform the audit process.

If you missed the live event, you can watch it below.

The panel began by reflecting on the changes in auditing during the last decade. In 2010, auditing was a largely paper-based process – auditors “coming back from client sites with transit vans” full of files and using “A3 music sheets” for checklists.

Businesses are now more complex and tech-based, and digital innovation and technology has evolved auditing.

Arbinder considers the growth of advanced data analytics (ADA) to be the major paradigm shift, becoming a key part of the audit process.  

ADA has allowed auditors to focus their data samples based on risk profiles, giving them more opportunity to find “that anomaly, that proverbial needle in the haystack.” There will be an acceleration of ADA in future, and greater integration with other systems. 

Richard sees AI’s growth as the big technological change, and an AI offering is already essential to any bid for new business. He described his organisation’s successful use of an AI tool in analysing their general ledger – the entire data population is run through the tool, which creates high, medium, or low risk profiles.  

His firm intends to broaden its usage of AI to cover accounts payable and receivable, predictive data analytics, and interpreting legal contracts. 

In concert with behavioural science techniques, AI may help identify areas of a business where morale might be low, and therefore risk and fraud are more likely to occur.  

Kyle pointed out that “we’ve heard from Brydon around his desire for audit to take a greater role in preventing and detecting fraud,” and highlighted the reforms proposed in the Kingman and Brydon reports to increase the quality of the entire audit process.  

Technology has a crucial role as a supporting tool to help improve audit quality, “allowing professional scepticism the air and space to be exercised.”  

This means having a more independent and robust approach to questioning clients’ senior management and being willing to qualify an audit report.  

Confirmation’s clients are leading the drive toward process automation – they recognise the value of having an encrypted, validated and digitised network. 

Jon said that firms need to invest heavily in R&D in response to the current economic situation. That was where competitive advantage lay during the last two recessions, and it will enable firms to get out of this economic downturn more quickly. 

The availability of real-time data makes a continuous audit more viable: “why wait for the year-end to conduct an audit?” 

The panel concluded by saying that auditors need to embrace new technology and grow with it, or get left behind. Firms must continue to invest in staff training, but also address the cultural aspect – helping staff to be more comfortable with innovative technologies and to adopt a fresh mindset. 

Please reach out to us if you’d like to know more about Confirmation or anything you heard in this recording. We’re here to help! 

The post [Webinar] How technology is transforming the audit process appeared first on Confirmation.

Economic downturns generally lead to two types of frauds. First, there’s employee fraud, when employees feel the pressure of tough times, rationalize stealing, and take advantage of an opportunity to do it. These frauds happen more than business owners would like, but usually a business can survive them. The second type is corporate fraud, usually carried out by an executive who has been committing fraud for years. In a tight economy, the fraudster loses access to capital to continue their scheme, and their multi-year fraud is exposed. These are the frauds that cause entire companies to collapse.

Two recent examples show us that corporate fraud is wreaking havoc with audit firms, banks, and investors alike, just like it did in the 2000s.

Nearly $500 million has gone missing at Commerzialbank Mattersburg, a commercial bank in Austria. The bank long reported that it had large balances of 40 to 60 million Euros each with five other Austrian banks. Guess what happened when examiners called those banks looking for the money. It didn’t exist.

The amount of money missing amounts to around half of the total assets of this small regional bank. DE24News reports that “There is a suspicion that those responsible have systematically styled the balance sheets for over ten years.” Of course, this is a blow to the internal auditors that missed the fraud. But it’s an even bigger blow to the community. Many local companies that had accounts and investments at the bank are out of hundreds of millions of dollars.

Then there’s the collapse of German payment processor Wirecard, in what amounts to the largest accounting fraud in European post-war history, shocking the corporate world and grabbing headlines globally.

When the company admitted $2 billion was not only missing from its balance sheet, but didn’t exist, the fallout destabilized banks, creditors, wealth funds, firms using Wirecard’s services, and customers all over the world who have been unable to access capital.

The scandal is likely to accelerate impending changes to accounting legislation across Europe, and perhaps beyond. The separation of audit and consultancy functions in large professional services firms has been much discussed in the past few years, but there’s also a feeling in regulatory circles that auditors have been too slow to move to better technology. There’s a feeling that we’ve seen all this before.

Same old story 

Despite the general astonishment in business circles of the scale of the Wirecard plot, and the elaborate nature of attempts to shield the wrongdoing, as we’ve already mentioned above, the type of fraud unearthed is not new at all.

In fact, like several other large-scale bank confirmation scams, including Parmalat, Peregrin Financial, and that of fund owner James Shepherd, the simple use of paper in the audit confirmation trail was key to pulling off the fraud—a deception that could have been stopped by an easy switch from this outdated paper method to digital.

When the auditors followed the trail of the missing billions and began to ask questions, Wirecard presented documents to show the cash had been sent to two Philippines-based banks. However, the financial institutions were quick to point out the documents were clearly false and amounted to little more than a sheet of paper with fabricated logos and names.

Fraudsters gravitate toward the weak links and areas of vulnerability inside markets, ecosystems, and processes, and, in this case, the paper trail and weak internal controls were wide open for the culprits to exploit.

Wirecard purportedly booked the false revenue to its financial statements by first listing it as cash and then undermining the auditors’ bank confirmation process by requesting they send the bank confirmation to another party in on the fraud who would give the auditors the false documents, backing up the phony financial data. An unsuspecting auditor would then be left with a fake cash balance and a false confirmation.

Digitizing the entire process and using technology, like that pioneered by Confirmation, which sits between both parties as a trusted entity, would quickly root out the fraud and help the auditors stop the scam before any money was lost.

Regulatory thinking 

Implementing stronger internal controls and adopting more advanced technology to help strengthen the quality of audits is no longer just a business need for many firms but may soon be a regulatory requirement.

The UK is in the process of replacing its accounting regulator, the Financial Reporting Council, with the Audit, Reporting, and Governance Authority (ARGA), a new body that has greater powers to hand out sanctions.

One of the FRC’s final acts has been to impress on auditors the need to embrace new technology, and to use more advanced solutions that will detect and prevent fraud, spot unusual transactions, and improve audit quality.

This baton is sure to be picked up by the ARGA, which is expected to be more interventionist and aggressive than its predecessor. It was created to be a more effective enforcer with stronger powers to hold auditors to account, and it’s unlikely to show leniency should another case like Wirecard emerge when there are quick and easy ways of validating data.

This is also likely not unique to the UK, with regulators around the world paying attention to the increase in fraud as a result of COVID-19. Audit firms should seize the opportunity to get ahead of these regulatory changes by using technology that’s available now.

The post Fraud strikes again (and again). Are we really surprised? appeared first on Confirmation.

In-Network Confirmations
Standard. For each entity to which you send standard in-network confirmations, the fee is $32.00 per account confirmed for each of the first fifteen (15) accounts at that entity for the same balance request date per client. After the first 15, additional accounts confirmed for the same entity and same balance request date are $0 (free).

Consolidated. Consolidated forms can be used with certain in-network responders (primarily in Canada, Europe, Asia, South America, and the Middle East). These forms request a search for all related accounts/products based on the client information provided by the auditor. The fee for each request is $111.00 for each of the first five (5) requests at that entity for the same balance request date per client. After the first 5 for the same entity and balance request date, additional requests are $0 (free).

AR/AP. For each entity to which you send in-network AR/AP confirmations, the fee is $31.00 per request. Please note that a single In-Network AR and AP Invoice confirmation may contain multiple invoices for the same client and responder.

Legal. For each entity to which you send in-network legal confirmations, the fee is $31.00 per request.

From time to time some of these fees may be shared with our business partners.

Out-of-Network Confirmations
Electronic. The fee for each out-of-network electronic confirmation is $2.95 per request.

Paper (Print Fulfillment). The fee for mailing each out-of-network paper confirmation is $2.95 per request. 

Paper (Self-Print PDF). The fee to self-print out-of-network paper confirmation is $0 (free). 

Credit Inquiries
Credit Inquiries. The fee for credit inquiry is paid on a per request basis and may vary between $15.00-$25.00 by participating financial institution.

Mortgage QC Audit Reverifications
Reverifications. The fee for each reverification is $30 per request.

International Billing
Capital Confirmation may elect to provide users with the option to pay in local currency; provided the fees may vary if local currency is selected during payment. For pricing in your local currency, please submit a pricing inquiry form.

Response Time Guarantee
Confirmation guarantees a response to every electronic confirmation request. If a response is not provided within the first thirty (30) days, upon request Confirmation will refund the cost of that specific account confirmation. Paper confirmations are not included.

Taxes
Confirmation reserves the right to collect sales tax, use tax and/or value added tax (VAT) from its users where required by law. You will also pay any applicable taxes and duties (including withholding taxes, value added tax or other taxes in connection with your use of the Services). Upon request, You will provide to CCI written evidence of any withholding tax paid by you. If you are obligated to withhold or deduct any portion of the Charges, then you will pay to CCI such amounts as will ensure that the net receipt, after tax and duties, by CCI in respect of the Charges is the same as it would have been were such payment not subject to the tax or duties.

Credits
Credits must be requested within ninety (90) days of the original initiate and/or release date, and will be given at the lowest effective price. Credits for paper confirmations will not be given based on the responding party’s failure to respond to the request in a timely manner or at all. All credit requests should be emailed to customer.support@confirmation.com or should be submitted in writing to:

Capital Confirmation, Inc.
Customer Support Department
214 Centerview Drive, Suite 100
Brentwood, TN 37027

Customer Support
For help or to submit a request, please write to customer.support@confirmation.com.

The post Fees and Credit Policy appeared first on Confirmation.