Vendor verification and payment controls for fast-moving companies

In 2017, the former Chief Revenue Officer of the Sacramento Kings got caught stealing $13.4 million dollars from the basketball team and its corporate sponsors.

Over the course of multiple years, Jeff David rerouted arena sponsorship payments from the likes of Kaiser Permanente (a massive managed care provider) and Golden 1 (a prominent local credit union) to his own bank account.

The gist was pretty simple. He set up his own shell company with a similar name as the Sacramento Kings management group — “Sacramento Sports Partners LLC” — and versioned up a copy of the Kings Standard Invoice template.

When companies went to pay for new arena sponsorship, he told them at the last moment, unbeknownst to the Kings organization, that the payment terms had been slightly amended to help with the new arena construction that was currently in motion. As a savvy salesman, he tweaked the prepayment and pricing escalation specifics on multi-year deals to siphon off millions of dollars at a time to “Sacramento Sports Partners LLC” … and his personal Wells Fargo Account.

David wasn’t caught until years later, now CRO of the Miami Heat, and proud owner of more than ten million dollars worth of beach front real estate. But the day of reckoning came. Upon moving into his new digs, he received a seemingly innocuous call from a Sacramento Kings HR staffer. In searching for a simple sales commission structure doc in his old files, she stumbled upon a folder cleverly titled “Turbo Tax.” And that’s when things began to fall apart like a Papier-mâché suit in the rain.

Jeff David did something very wrong (and really stupid). And his actions were possible due to putrid vendor payment controls within the finance departments of multi-billion dollar corporate vendors. Cash should never have left the building under the sketchy circumstances they did. Finance leaders should have instituted more thorough spend controls, vendor background checks, and payment approvals.

But what does good look like?

Segregation of duties & vendor verification

Segregation of duties, also known as separation of duties, is a critical internal control measure that helps prevent fraud and errors by distributing key tasks and responsibilities among different individuals within an organization.

In the context of vendor payments, segregation of duties ensures that no single individual has complete control over the entire payment process, reducing the risk of unauthorized payments or payments to the wrong people.

And vendor verification is the process of verifying that a company really is who they say they are. It goes deeper than making sure they are a financial going concern — it ensures they don’t use some DBA (doing business as) name to dupe the accounts payables team. And it checks that they aren’t a stack of empty shell companies overseas.

Here's how segregation of duties and vendor verification can be applied in the vendor payment process:

1. Vendor setup:

• The process of setting up new vendors in the system should be assigned to specific individuals or a dedicated team responsible for vendor management.

• These individuals should perform due diligence to verify the legitimacy of the vendor, check required documentation, and obtain necessary approvals.

• Part of this can rely on trusted third parties who perform background checks.

2. Purchase requisition:

• When a department within the organization requires goods or services from a vendor, a purchase requisition should be initiated.

• The responsibility for initiating and approving purchase requisitions should be segregated from the authority to make payments.

3. Purchase order (PO) approval:

• Once a purchase requisition is received, it should be reviewed and approved by the appropriate department or manager.

• The approval of purchase orders should be distinct from the authority to process payments.

4. Goods receipt and invoice verification:

• When goods or services are received, a separate team or individual should be responsible for verifying the accuracy of the delivery and the corresponding invoice.

• This verification process ensures that the goods or services were indeed received and are in accordance with the purchase order.

5. Invoice approval:

• After the invoice has been verified, it should be forwarded to the appropriate individual or department for approval.

• The person responsible for approving the invoice should not have the authority to execute the payment.

6. Payment execution:

• The responsibility for processing payments should be assigned to a separate individual or team, distinct from those involved in vendor setup, PO approval, invoice verification, and approval.

• When a treasurer is involved to make an ACH payment, the account routing details should be verified verbally by phone.

• Finance teams need advanced Accounts Payable controls. Spend management solutions like Brex apply AP controls to invoice-driven payments so you can confidently pay bills by corporate credit card, ACH, check or global wire.

7. Reconciliation:

• Finally, the reconciliation of payments and vendor accounts should be performed by individuals who are not directly involved in processing payments. This links to User Roles, and who does what.

8. User roles:

• But all this needs to be usable for employees. Most procurement spend is ad hoc. Employees just want to swipe a card much of the time and not worry about a PO. In fact, most casual spenders would do everything in their power to avoid the PO process.

• Usually, POs are complex and take nearly a full workweek to get approved. That's why Brex p-cards are so valuable. Finance can set limits on spend, vendors, etc. on the back end and employees can buy the things they need to do their jobs more efficiently.

• You also want to make sure you kick people off when they shouldn’t be in the system anymore. A lot of fraud occurs when disgruntled employees still have access to sensitive systems. Brex’s P-card functionality has control features that automatically transfer a card when an employee leaves.

Jeff David is nearing the end of his 7-year prison term at the Federal Correctional Institution in Morgantown, West Virginia. The craziest thing about this is that if Jeff didn't conduct all his (nefarious) business on his work computer, he may never have been caught. Afterall, the only reason HR decided to look at his laptop was to find "a copy of a commission structure to build out the corporate sales team" that Jeff was supposed to leave behind before he left for another job. It makes you wonder how many other frauds are never discovered.

While the Kings swiftly and thoroughly probed David’s wrongdoing upon learning of it, it appears that the Kings’ internal audits and other financial review mechanisms failed to uncover David’s wrongdoing for a half of a decade…

…David’s ability to redirect millions of dollars without detection is no doubt troubling for the Kings. Similarly, David’s ability to dupe executives of Golden 1 and other companies has likely led to self-reflection and review of verification procedures.

- Sports Illustrated

Most estimates I've seen peg procurement-related spending at upward of 50% of a company’s non-payroll expenses. Finance and AP teams prefer a more controlled process, through POs and invoices, to ensure compliance. Employees desire a lightweight and flexible one to meet business needs while staying within budget and policy boundaries. So many organizations are currently bringing multiple disparate systems together to meet these needs, which makes it very hard for their finance teams to get a consolidated view of total spend. There are better ways to simplify procurement spend so that it works for employees doing the spending and finance teams trying to manage it all.

These types of face-to-face, "close on a handshake" negotiations are really open to various types of fraud, making it even more important for finance teams to institute controls that make it more difficult for deal terms to be changed at the last moment and payments can’t be made to similarly sounding companies.