Rob Rogers
Evolution of Disbursement Controls in Finance
From Clerical Safeguard to Strategic Control Function The history of disbursement controls is, at its core, a history of hard-won institutional knowledge — knowledge accumulated through fraud schemes uncovered, funds unrecovered, and audit findings that arrived too late to prevent the loss. To understand where disbursement controls stand today, and why they matter more than ever, it is necessary to understand where they began: as a modest administrative mechanism designed for a far simpler fina
TIN Matching Requirements
TIN Matching Requirements in Disbursement Controls Accurate vendor data is the foundation of compliant disbursement processes, and at the center of that data is the Taxpayer Identification Number (TIN). Ensuring that vendor TINs are correct, validated, and properly matched to legal names is a regulatory expectation with direct financial implications. For accounts payable (AP), finance, and compliance leaders, TIN matching plays a critical role in meeting Internal Revenue Service (IRS) reporti
OFAC & Sanctions Compliance
Ensuring that funds are not sent to prohibited individuals, entities, or jurisdictions is a fundamental requirement of effective disbursement control. Regulatory scrutiny around sanctions compliance has intensified, and organizations are expected to implement robust, defensible processes to prevent violations. At the center of these requirements is the Office of Foreign Assets Control (OFAC), which administers and enforces U.S. economic and trade sanctions. For accounts payable (AP), treasury
AI-Driven Payment Fraud Threats: When the Attack Learns Faster Than the Defense
A New Threat Category — or an Old One Transformed? There is a temptation, when discussing artificial intelligence and fraud, to treat AI-driven threats as a distinct category of attack — something separate from, and in addition to, the BEC schemes, vendor impersonation tactics, account change fraud, and internal risk that the preceding articles in this series addressed. That framing is partly right and importantly wrong. AI has produced at least one genuinely new attack capability that did not
Internal Payment Fraud Risks
The Most Familiar Fraud — and the Most Underestimated When organizations think about payment fraud, their attention has increasingly turned outward — to the BEC attacker crafting a convincing wire request, the vendor impersonator with a forged bank letter, the cybercriminal monitoring an email thread for the right moment to redirect a payment. These external threats are real, well-documented, and rightly treated with urgency. But the fraud that has historically caused the most consistent damage
Bank Account Change Scams: The Last Line — and the Most Broken One
The Simplest Fraud with the Highest Body Count Of all the payment fraud schemes that confront accounts payable and treasury functions, phony bank account change scams are, mechanically, among the simplest. An attacker — posing as a vendor, an employee, or an internal colleague — requests a change to banking information on file. The change is processed without independent verification. The next payment goes to the attacker's account instead of the legitimate recipient. By the time anyone notices
Vendor Impersonation Fraud: How It Works and How to Stop It
The Fraud That Starts Before the Invoice Arrives Vendor impersonation fraud is not a new phenomenon. Organizations have always faced the risk of someone claiming to be a supplier they are not. What has changed is the precision, the scale, and the sophistication of the deception — and the degree to which a threat once associated with unsophisticated schemes has evolved into one of the most technically and operationally advanced forms of payment fraud facing AP functions today. According to the
Business Email Compromise
The Attack That Doesn't Need to Hack Anything Most fraud prevention thinking is organized around technical intrusion — firewalls, endpoint security, multi-factor authentication. Business Email Compromise largely ignores all of it. The most financially damaging form of cyber-enabled payment fraud in the world today does not, in most cases, require the attacker to penetrate a network, plant malware, or exploit a software vulnerability. It requires only a convincing email and an AP or treasury fun
Payment Fraud Prevention Strategies
The Question Is No Longer Whether — It's When Every organization that disburses funds is a target. That is not a rhetorical provocation; it is the operating reality that fraud data consistently confirms. The 2024 Report to the Nations from the Association of Certified Fraud Examiners found that a typical organization loses five percent of its annual revenue to fraud. The FBI's Internet Crime Complaint Center reported that Business Email Compromise alone accounted for more than $3 billion in los
Real Time Payments & Instant Payment Risks
Introduction: The Newest Rail and Its Unforgiving Characteristics Real-time payments are the newest entrant in the organizational disbursement landscape, and they arrive with a risk profile that finance and treasury functions have not fully absorbed. The operational appeal is straightforward and genuine: funds move in seconds, settlement is final, and the rails operate around the clock every day of the year. For time-sensitive vendor payments, emergency disbursements, and counterparties who pla