Risk
Disbursement Risk Overview
Most disbursement control programs are built in response to something that already went wrong. A vendor changes banking details and nobody catches it before the wire clears. An employee runs a ghost vendor scheme for two years before an auditor notices the pattern. A payment processor has a data breach and suddenly the organization's banking credentials are in the wrong hands. The controls that exist often reflect the specific failures that prompted them — which means the gaps in the program ref
Third-Party and Technology Intermediary Risks
The first three sections of this risk taxonomy describe threats that operate through recognizable human mechanisms — a vendor whose systems are compromised, an employee who exploits a control gap, a payment that triggers a regulatory prohibition. The risks in this section are different in character. They are embedded in the technology infrastructure that modern disbursement operations depend on: the processors that move funds, the platforms that automate invoice and payment workflows, and the da
Regulatory, Compliance, and Legal Risks
The risks in the previous two sections — internal process breakdowns and vendor-resident failures — share a common characteristic: something goes wrong, money is lost or misdirected, and the harm is primarily financial. Regulatory, compliance, and legal risks operate differently. Here, a payment can be made correctly in every operational sense — properly authorized, accurately recorded, delivered to the intended recipient — and still expose the organization to penalties, criminal liability, repu