In the News

February 21, 2019

 

Know Your Supplier With Third-Party Risk Management

---

Mitigating Risk From Cyberattacks

---

Take Advantage of Kansas’ Lien Extension

---

Mistakes We Make When Dealing With Change

---

Know Your Supplier With Third-Party Risk Management

At every turn in the credit department, due diligence is a requirement. Whether it’s lending to a new customer, extending a current customer’s line of credit or following up on payments, credit managers must follow their company’s protocol to ensure their business relationships and dealings are legitimate. An incident with U.S.-based e.l.f. Cosmetics (ELF) is one of the latest examples to remind credit professionals of another important duty: knowing your supplier.

According to the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC), the cosmetics company came under fire in January 2017. ELF said it violated OFAC’s North Korean Sanctions Regulations (NKSR) during transactions with two Chinese suppliers. ELF informed OFAC it imported $4.4 million worth of false eyelash kits (156 shipments) from its Chinese suppliers over the course of four years. However, unbeknownst to the cosmetics company, the Chinese suppliers obtained the materials from North Korea. ELF was penalized with an approximate $1 million settlement to OFAC last month.

“ELF’s OFAC compliance program was either non-existent or inadequate throughout the time period in which the apparent violations occurred,” OFAC wrote in its notice. “And [ELF] appears not to have exercised sufficient supply chain due diligence while sourcing products from a region that poses a high risk to the effectiveness of the NKSR.”

Third-party risk management must be taken seriously, especially given the strict U.S. regulations, Dun & Bradstreet (D&B) Global Head of Compliance and Supply Products Brian Alster told PYMNTS. As “regulators around the world are requiring more,” Alster noted the importance of investing in people and/or technology to maintain legitimacy.

At Kaycan LTD, Director of Credit Eric Spivack said Kaycan manufactures and purchases most of its home improvement materials from within the company. Some materials are purchased through third-party vendors, Spivack said, so the company takes the time for due diligence.

“On occasion, when we’re looking for a new supplier, I have checked out public records, pulled a D&B report and completed a very basic search to make sure doing business with them is worthwhile,” he said. “We don’t want to get involved with someone who doesn’t pay their bills, has manufacturing problems or has complaints against them.”

Credit managers must have knowledge of not only their suppliers, but also their supplier’s supplier. Otherwise, there’s a possibility of lasting consequences to the company as well as its customers.

“We’ve had cases where a customer has a problem with windows, for example,” said Spivack. “The customer sees us as the person selling to them. We want to make sure that wherever we’re getting the materials or product from is going to stand behind the product. So, if there’s a problem, the supplier will be there to take care of the customer for us.”

In the case of ELF, OFAC’s notice states the cosmetics company has begun taking several measures to prevent such violations from happening again, including supply chain audits, certificates of compliance from suppliers, and employee and supplier training on U.S. sanctions regulations.

—Andrew Michaels, editorial associate

Mitigating Risk From Cyberattacks

Cyberattacks continue to infect the business-to-business (B2B) environment; new data from IBM suggests the cost of data breaches continues to rise. In the U.S., the average cost for a breach can reach nearly $8 million. Many of the breaches come from password mining, with hackers comparing against the top-weakest passwords or asking employees to log in using accounts from LinkedIn or Uber.

Passwords remain the most popular method of safeguarding information stored online, yet creating clever passwords and changing them often is a practice many companies do not follow. Many people and companies aren’t capable of remembering and storing several passwords for multiple applications, and repeating passwords more than once is all too common, making it that much easier for hackers.

In addition to the steep price tag of data breaches in the U.S., other countries experience breaches on a large scale as well. Earlier in February, the U.K.’s Metro Bank said some of its customers were victims of fraud, according to Motherboard. The weaknesses in Metro Bank’s systems had been “known about for some years,” an article on Motherboard said.

The credit department continues to shift to more digital methods, making a data breach much more likely. With the proper tools and care within the department, breaches can be undermined and caught before turmoil strikes the company.

“Creditors should work closely with their IT departments if they suspect a fraudulent situation,” said an NACM member, who wanted to remain anonymous. “IT departments encourage frequent password changes to minimize the risk of exposure to fraud.” Keeping close connections with the IT department allows creditors to ask questions whenever something suspicious pops up, even if the question may seem insignificant at the time.

The NACM member also suggested staying close to the customer. “It is more likely for a customer to recognize potential fraud if they have a working relationship with their creditors and/or a direct contact,” the member said. Understanding the email addresses used, the customer’s preferred form of contact, the office hours of the customer, etc., can help spot potential red flags more easily. Once something suspicious crops up, the creditor can begin to mitigate the risk before any detrimental breaches occur at the company.

Keeping close to IT and the customer prove to be strong ways to minimize fraud in the company, and another way is looking into who within the company has access to certain passwords, applications and clouds. If several employees, aside from senior management, have access to corporate accounts used for different apps and services, there is a greater chance of a breach. While many employees may not intend for a breach to occur, careless practices and use of passwords still have the potential to lead to fraud.

—Christie Citranglo, editorial associate

Take Advantage of Kansas’ Lien Extension

Kansas. What’s the first thing that comes to mind? The band? The Wizard of Oz? How about lien extensions on construction projects? A recent mechanic’s lien filing in Kansas is now heading to the courtroom after a business claims it has not been paid for work.

McElroy’s, a plumbing, heating and air conditioning company, is owed more than $2.5 million for labor, materials and rental equipment fees for an expansion project at the Topeka Mars Chocolate North America plant, according to the Topeka Capital-Journal. Construction services were performed between January and May of 2018, and McElroy’s filed a lien in September, meeting all legal requirements, said the company.

McElroy’s has foreclosed on the lien, taking the issue to court after roughly half of the initial contract has not been paid—final payment by Mars was made around June 2018, according to the court filing. McElroy’s is also looking for 18% interest, attorney fees and other costs, states the Capital-Journal.

In Kansas, there is no requirement for a preliminary notice on commercial, private projects; however, NACM’s Secured Transaction Services suggests serving one 45 days from last furnishing. Depending on where an entity fits within the construction supply chain, different time frames must be met to perfect a mechanic’s lien.

Original contractors have four months from last performance to file a lien statement with the clerk of the district court of the county where the property is located. However, this deadline can be extended to five months if a notice of extension is filed within four months of last work with the clerk and sent by certified and regular mail to the owner.

Suppliers and subcontractors have it a bit trickier, yet similar. A lien statement must be filed within three months after last furnishing; served “personally” to any owner, holder of recorded equitable interest and any party obligated to pay the lien; mail a copy to the aforementioned parties; and post a copy of the lien statement on the premises in a conspicuous place if an address of any of the parties is unknown, according to Kansas statute.

Suppliers and subcontractors also have the luxury of the notice of extension, lengthening the time to file a lien statement from three months to five months as long as the notice is filed within three months of last furnishing in the office of the clerk of the district court of the county where the project is located, and it is mailed by certified and regular mail to the general contractor, while a copy is mailed to the owner, if known, by regular mail.

The Topeka Mars facility also had liens placed on it in 2014 and 2017, totaling millions of dollars, including at least four in 2017, resulting in $1.4 million in unpaid work, according to the Capital-Journal.

—Michael Miller, managing editor

Mistakes We Make When Dealing With Change

Change comes in many shapes and forms in the credit profession. Whether it’s the size of a credit department, payment and collection methods, or new technology, professional speaker and author Kit Welchlin, M.A., CSP, of Welchlin Communication Strategies, said credit managers should adapt to change by harnessing their communication skills to avoid common mistakes along the way. Welchlin will further explore such communication strategies at NACM’s 123rd annual Credit Congress & Expo this May in Aurora, Colorado, during his presentations, “Active Listening: The Business of Communicating,” and, “Managerial Communication: What Makes an Effective Leader?”

Over the years I have witnessed and helped many clients go through tremendous change. There are three common mistakes made: joining the anti-change crowd, acting like a victim and freezing like a deer.

Joining the anti-change crowd. I learned a long time ago growing up on the farm that it was a lot easier to ride the horse in the direction it was headed. If you have ever been on a horse that wants to go back to the barn, it’s going back to the barn. It’s an 800-pound animal. All you have is the bit and the bridle. The more you slap it on the ears and swear, the more likely the horse will scrape you off on a tree or the barn door on the way in. It is the same way when it comes to organizational change. When the industry is changing, when the organization is changing, sometimes you may have to go along with it because it’s a lot easier to ride the horse in the direction it is heading. So, embrace the changes, learn new skills and don’t get thrown from the horse. Stay involved. Join a task force, a climate survey committee, or a transition monitoring team and seize the opportunities.

Acting like a victim. Sometimes, we throw a pity party and invite others to attend. We talk about how hopeless it is and how helpless we feel. Throwing a pity party doesn’t make us very appealing as a co-worker or as a leader. Acting like a victim is personally and professionally damaging. We miss opportunities. We miss the chance of being respected and admired as the one who helped move change along. Acting like a victim adds stress to our lives and wears us down and everyone around us too. It is essential to accept the changes we face, remain productive and have a positive influence. Often, when we face change, it is easy to fall into the pit of self-pity. Worrying about the future is silly; you are creating the future. You have the job. We should be thrilled that our organization has so much confidence in us. Put your shoulders back and take change head-on.

Freezing like a deer. When we have endured a work environment plagued with nonstop change, we do become somewhat fatigued with solving problems and making decisions. When we have made some decisions that weren’t the best, we start to play it safe. Playing it safe leads to paralysis. We lose momentum and we can freeze like a deer in the headlights. To make sure we don’t lose our nerve in solving problems and making decisions, we need to keep reviewing our short-term plans and long-term goals and keep pointing ourselves in the right direction. Review your organization’s mission statements and value statements to make sure your thoughts and actions are congruent with the organization’s values. Keep an objective decision model close by to guarantee you are balancing logic with emotion. When faced with change, it is natural to become cautious and play it safe. However, change is a full contact sport. We need to practice on and off the field to sharpen our skills and keep moving forward. Study your industry and take personal responsibility to develop the talents you need to protect your career.

Reprinted with permission.