However, this increased reliance on BACS transmissions is also creating unprecedented business risk. With ever increasing numbers of BACS transmission failures, due primarily to the increased security processes now required, far too many organisations are facing the nightmare scenario: just what happens when staff and suppliers don’t get paid or vital revenue is not collected?
 
With UK business now highly reliant upon electronic payments, Harry Hornby, managing director of BACScontingency.com, asks why so many organisations are failing to put robust emergency BACS processes in place?
 
Electronic World
There has been an explosion in electronic payments over the past decade as organisations large and small look to exploit lower processing costs and improved efficiency. Indeed, the online payment service BACS now processes over five billion payments per year, handling more than 80 million on a peak day through its two principal payment services, Direct Debit and BACS Direct Credit.
 
Direct Debit is also used by around 15,000 organisations for collecting a variety of regular and occasional bills, resulting in 2.7 billion Direct Payments annually. Over 100,000 companies also rely on BACS Direct Credit for supplier payments, pensions, employee expenses, salaries, insurance settlements, dividends and refunds. 90% of salaries are now paid via BACS Direct Credit, with four million wages processed every week and 21 million salary payments transferred each month.
 
Often it is the bank that will recommend a certain BACS solution. With BACS solutions being largely developed to protect the banks’ interests, companies often do not assume full ownership of their BACS solution on the assumption that the system must be robust.
 
And yet, only a tiny proportion of these businesses have a robust contingency in place should the BACS submission process fail for any reason – despite clear advice from both the banks and BACS. Given the huge reliance on electronic payments, why have so few CFOs considered the business implication of unpaid staff and unprocessed Direct Debit collections?
 
Submission Failure
The risks are growing. Submission failures are clearly on the increase, especially since the introduction of new BACS security procedures. Whilst in the old days, people shared passwords enabling any number of people to make the submission, those days are long gone.
 
Today, authentication devices such as smart cards are allocated to specific individuals. Inputting the wrong password three times will result in that individual being locked out of the BACS system for at least two weeks while the bank issues a new card.  Indeed, there have been a number of cases where submission personnel have actually left the company and no one has remembered to order a smart card for the new recruit – leaving the company facing that impractical two week wait whilst the new card is ordered, issued and installed on the system.
 
And while some organisations may have two or three smart cards, they must be used by a specific individual, who may or may not be available, and they must be set up on the system which is a complex process demanding specific skills from the vendor of the BACS software.
 
Similar problems affect the hardware security modules (HSM) used by larger organisations. These are complex, expensive pieces of equipment that need to be configured and installed by specialist personnel. If one of these fails whilst a company is trying to make a submission, a replacement HSM will also take two weeks to procure.
 
Add in the standard problems of IT failure, Internet compromise through virus or denial of service attack, flood, fire and theft, and organisations need to think very seriously about financial contingency.
 
No Contingency
Despite very firm advice from BACS that every organisation should build in contingency to the submission process, in reality most organisations make submissions at the very last minute – typically late on Wednesday for a Friday payment.
 
This leaves very little room for manoeuvre in the event of submission failure. And the implications are severe: a recent report revealed that 20% of staff will not turn up for work on a Monday morning if wages were not paid on a Friday.  Add in the effect on cash flow of uncollected Direct Debits and the impact on supplier relationships of unpaid bills and organisations simply cannot afford to be so lackadaisical about electronic payment. There is no second chance at this: unless organisations build in contingency business stability could be seriously compromised.
 
In reality, few organisations are prepared to go to the costly extremes of running an off site BACS solution as a back up, with both dial up and Internet access to cover all eventualities, as well as additional support staff who can manage the submission process. Nor are they prepared to pay for top line IT support to ensure problems are resolved immediately – rather than the next day when the deadline has been missed.
 
Emergency Services
But there are alternatives. For as little as £25 per month, an organisation can sign up for an emergency BACS service. Leveraging a proven infrastructure, with disaster recovery, and staff with the expertise to handle submissions from a variety of systems, the contingency service offers organisations an immediate response in the event of submissions failure for any reason.
 
Critically the service puts in place tight security protocols and processes to ensure that staff are not tempted to exploit the failure to commit fraud.  This includes bank authorisation and signature verification to ensure that only fully authorised payments are submitted.
 
This emergency service can be provided on an ad hoc basis or organisations can opt for a monthly solution that includes regular checks of contact and bank details, as well as a test submission to BACS every six months to ensure the process is robust.
 
Forward Planning
However, emergency submissions cannot be made without written authorisation and confirmation from the bank about the identity of individuals authorised to make submissions. They cannot be made just at the say so of the book-keeper. Therefore organisations need to embark upon some forward planning; without the authorisation in place, it will not be possible to use the emergency service, however dire the consequences.
 
For those CFOs that have planned ahead comes the peace of mind of response within an hour and submissions typically completed within two or three hours.  Furthermore, using the monthly service, staff will become familiar with the contingency process via the biannual test, significantly reducing panic in the face of submissions failure.
 
With low cost contingency options that provide both peace of mind and a transparent emergency BACS solution, the cost benefit argument is simple. Given the potential business impact of submissions failure, can any organisation really justify this eleventh hour thinking?

by Harry Hornby, Managing Director of BACScontingency.com