The purchase of a new treasury management system (TMS) is a major technological investment for any organization. For this reason, chief technology officers (CTOs) and IT personnel often support treasury teams during the request for proposal (RFP) process for a new TMS. In fact, responsible technology vendors would normally suggest that the CTO is involved in the process from start to finish. That’s not to say that the CTO and treasury will necessarily agree on everything to do with a TMS, but the selection process is likely to be smoother if treasurers understand what their CTO wants and expects from the solution.
To begin with, it is worth remembering that the CTO already oversees numerous platforms within the organization – platforms that present various problems that the IT team is expected to fix. Inevitably, this takes up time that IT could be spending on more strategic activities, such as digital transformation. So the introduction of a new system that needs to be managed internally is probably the last thing that the CTO wants. For this reason, a software-as-a-service, cloud-based TMS is likely to be a popular option. It is also essential that treasury has a good understanding as to what the IT team will require from the new system, particularly with regard to data storage and security.
The good news, however, is that a new TMS is fundamentally beneficial to the IT team as well as to treasury. Today, for example, CTOs are often tasked with supporting internal connectivity between an organization’s enterprise resource planning (ERP) system and its banks to facilitate payments and bank statement reporting. Even though SWIFT can be integrated into ERP systems, it is still expensive and time consuming to support the associated connection protocols. Furthermore, accommodating numerous different bank formats, which vary according to factors such as payment type, institution and country, is either a completely inefficient use of high-value internal IT resources or a financial drain if the work has to be outsourced to a third party. A TMS reduces the burden on IT in all these respects.
It is definitely in the treasurer’s interest to collaborate with a CTO when selecting the TMS that will satisfy both treasury and security requirements. What, then, are the four key questions that a CTO is likely to ask when evaluating a new TMS?
- How secure is the TMS?
Security matters more important than anything to a CTO, particularly because treasury data usually represents the highest level of risk within a company. He or she will inevitably favor a TMS that has outstanding security features, even if it means compromising in other areas. In fact, even though the low system maintenance requirements associated with a cloud-based TMS will appeal the to the CTO, he or she would be willing to pass up on an otherwise attractive solution if it sacrifices data security. In the CTO’s eyes, the ideal TMS is both secure and hosted in the cloud.
- Will the TMS integrate with my organization’s single sign-on process?
Understandably, the CTO wants to have control over who can access the organization’s data. This control is typically achieved through a single sign-on process (an authentication service where employees use one set of login credentials to access multiple applications). The risks of not having a TMS that integrates with the organization’s single sign-on process are huge: people could potentially leave the company without their credentials being deactivated, allowing them to still access the system.
- How mature is the TMS?
Your CTO will want to know that your proposed TMS has been tested – many, many times before and by many, many other successful organizations. He or she will want to read case studies and hear from others about how the system works in practice. Expect your CTO to take a keen interest in any problems and issues that have arisen with the system over the years, and how the vendor has applied lessons learned to improve the solution consistently over time. The CTO will also want to know that the TMS will meet the requirements of departments beyond treasury, including legal, IT and information security. Also, does it deliver the latest technology in areas such as cyber defence, data protection, disaster recovery and incident management?
- What standards of assurance does the TMS provide?
The CTO will want to examine the TMS vendor’s SOC 1 and SOC 2 reports in depth. SOC 1 is a statement of operational controls, which sets out the internal controls, processes and procedures that the TMS vendor abides by when handling data. SOC 2 is a report by a third-party auditor that has audited the TMS vendor’s performance against those controls, on the basis of evidence provided. The CTO will review the vendor’s SOC 2 report to get third-party assurance that the vendor’s stated controls are actually being applied in practice. Since the SOC process is expensive, the CTO will be reassured by the fact the vendor is investing in it and see this as an indicator of the vendor’s maturity.
Every CTO expects to be held accountable by the CEO for the selection of a new TMS. And, guess, what? The CTO probably doesn’t want to get fired because the organization picks the wrong one. So when it comes to evaluating TMS vendors, the CTO will probably assess them using a research methodology that evaluates different software vendors according to their market leadership in areas such as data security capability.
Expect the CTO to ask the TMS vendor to complete a security questionnaire, which could potentially include hundreds of questions, and then undertake careful analysis of the answers provided. This thoroughness is absolutely appropriate in light of the scale of the investment being made, and the serious risks involved.
Ultimately, the process of choosing a new TMS involves a partnership between treasury and the CTO, and a partnership between the organization and its TMS vendor. Like all collaborations, these partnerships will only work well if trust and understanding exists on every side, with each partner having a genuine appreciation and respect for the requirements of the other.