In this blog post we talk about the question whether vendor bank account data was changed (often). We explain we it is important to get an overview about such changes, and what special aspects come into play when talking about data out of SAP®.
In many countries a bank transfer is the usual way of paying a supplier. It requires correct bank details to work properly. Changes to this data is fairly limited because of the effort involved (opening a new account, legitimation with the financial institution, money laundering aspects, effort involved in changing payment transactions to date). So if there are suppliers whose bank data changed frequently in the past, this is definitely worth looking at more closely.
Bank data determines where money is transferred to. Changing bank data means redirecting cash flow and possibly also the recipient. This may be done intentionally in cases of fraud or unintentionally through incorrect entries or interface problems.
Technical aspects of this approach
The strong point of this analysis is that not only the actual status or current bank data are analysed but also the change log is looked upon. When dealing with SAP® data, the change tables named CDHDR and CDPOS are used to ensure this. It is important to use the information stored there and get the most out of this complex data structure; changes for example are recorded not as change but as one delete followed by an insert of a data record. Following that approach, information like “old value” and “new value” have to be determined in several steps as well. Also it is very helpful to clean the data before using it, so that the analysis is able to identify different syntax and special characters
(account number 000123 versus 123 versus 000-123). Tools like ACL™ are offering powerful and easy-to-use options to clean and harmonize such data (like CLEAN(), REPLACE(), SUBSTRING() or ALLTRIM(), just to name some functions which are available).
What questions should be answered
It should be aimed at indicating for which suppliers there have been frequent alterations to bank details. Where were new bank accounts frequently opened? Where were bank accounts frequently closed? A further aspect is the period of validity: Are there cases where supplier bank accounts were only active for a very short period? Here it is of importance whether there were payment transactions during this time, for instance in the framework of the automatic payment run in SAP®.
Since the last big fraud case at an automotive supplier the focus has moved to the „Boss trick“ (German) approach. Fraudsters are acting as managers or CEOs and try to obtain payments to their own bank accounts. They do this by approaching the accounting employees directly, acting as their boss (or their bosses’ boss etc.). Obtaining a bank data change which does not follow the usual authorization process is part of this pretty often; so analysing your vendor bank data changes is critical and highly topical.
There are further aspects that may be of interest for you in this context:
Same bank details for different suppliers: Are they apparent suppliers? Suppliers without bank
contacts: If no bank details are held in the system, how can payments be made? In cash?