The Real Cost of a Lax Company Culture
Trust us, it's more expensive than you think
Case Studies
Real-life examples of how organizations use PaymentWorks to improve compliance, reduce workload, and add value.Stuff to Watch
Library of short and sweet videos featuring product demos, customer interviews, and sessions with experts.Podcasts
The perfect way to geek out on all things vendor management, and get tips from our guests, partners, and customers.Vendor Management Appreciation Day
Dedicated to celebrating the unsung heroes of vendor management and up-leveling your strategy.Events
We go places. We do things. Join us!Trust us, it's more expensive than you think
We’ve all heard the saying, “What you allow is what will continue.” But when it comes to company culture, letting things slide can cost you way more than you think—financially, reputationally, and even in employee morale. Imagine this: you’ve built a company, you’ve hired talented employees, and you’ve made a name for yourself. But behind the scenes, a relaxed, anything-goes culture is quietly chipping away at all that hard work, opening the door for fraudsters, demotivating your best people, and slowly eating into your profits.
Here’s the reality check: A laid-back approach might sound like a great way to keep things fun and easy, but in the real world, it’s a recipe for disaster. When you don’t enforce rules, you’re leaving the door wide open for fraud, inefficiency, and a toxic work environment. Spoiler alert: fraudsters love it when you’re not paying attention.
Let’s dive into how a lax company culture can silently drain your resources and why tightening up could be the most profitable decision you make this year.
A Lax Company Culture = An Open Door for Fraudsters
Steps to Fix a Lax Company Culture
—Establish a zero-exception policy
—Implement automated vendor verification and monitoring
—Strengthen change management protocols
—Educate the C-suite on fraud risks
—Develop a robust incident response plan
—Implement a vendor portal with secure access
Don’t Pay the Price for a Lax Company Culture
Get Ready for Vendor Management Appreciation Day 2024
Want Help Aligning Teams to Prevent a Lax Company Culture?
Interested in Regular Tips to Prevent a Lax Company Culture?
Want Personalized Guidance to Prevent a Lax Company Culture?
Fraud doesn’t always present itself as a dramatic, Hollywood-style heist. More often than not, it sneaks in quietly, taking advantage of the gaps left by a lax company culture. When your policies are unclear, when exceptions become the rule, and when your attitude is, “We’ve always done it this way,” you’re essentially rolling out the red carpet for fraudsters. They thrive in environments where rules are more of a suggestion than a standard.
Fraud often takes root in companies with inconsistent processes, unchecked access, and a culture that tolerates shortcuts. When you allow exceptions, however small, you create cracks in your system. These cracks are like neon signs to fraudsters, signaling that your company isn’t paying attention. They exploit these vulnerabilities, knowing that in a culture where “close enough” is good enough, their activities are likely to go unnoticed for far too long.
Imagine this: A well-established company had a trusted vendor they’d worked with for years. As a gesture of goodwill and due to their longstanding relationship, the company’s CFO agreed to expedite payment one month, at the vendor’s request. The CFO asked the vendor desk to pass over some steps and just push the payment through. The team knew this was a bad idea but didn’t want to say “no” to a higher-up, so they complied.
A few months later, the vendor desk received another email from the CFO about a different client—again asking for expedited payment, this time to a different bank account. Unbeknownst to the vendor desk (or the CFO), this email was actually a fraudster masquerading as a member of the C-suite. The email from “the CFO” came from a .co domain instead of a .com domain—a minor detail that could slip past anyone. And since the vendor desk was used to requests like this from the CFO, no one batted an eye. They sent the payment to the fraudster, costing the organization hundreds of thousands of dollars—money that could have been used to grow the business—all because of a lax culture that allowed “small exceptions” to become the norm.
💡Insight: When you don’t enforce your company’s policies, you’re paving the path for fraud to enter your organization—and fraudsters are looking for just this type of lax culture. Implementing strong, consistent processes is your first line of defense against fraud. It’s not about micromanaging; it’s about safeguarding your assets and your reputation.
Fraud prevention starts with clarity and consistency. When employees know the rules and are held accountable, it creates an environment where fraudsters know they won’t stand a chance.
In many organizations, CFOs and other members of the C-suite may ask vendor managers to make exceptions to established onboarding and management processes. These exceptions often come with seemingly valid reasons: to expedite payment, onboard a trusted vendor quickly, or accommodate a high-priority project. However, each deviation creates an opportunity for fraudsters to exploit gaps in the system. This “bend-the-rules” mentality can be the root cause of millions in losses due to fraud, as cybercriminals are always on the lookout for weak points in a company’s vendor management process.
Vendor onboarding and change management processes are designed to enforce strict checks and verifications, ensuring that every vendor is legitimate and meets compliance standards. When executives bypass these protocols, they inadvertently create vulnerabilities. Fraudsters are adept at mimicking the behaviors of legitimate vendors or exploiting changes in payment information when protocols are lax, resulting in costly fraudulent activities.
In 2019, Toyota Boshoku Corporation, a subsidiary of Toyota Group, fell victim to a Business Email Compromise (BEC) scam that cost the company approximately $37 million. The fraudsters posed as a trusted vendor and tricked an employee into diverting funds to a fraudulent bank account. In this case, Toyota had a process in place, but an exception was made to expedite the transfer without proper verification. This high-profile example serves as a cautionary tale about the dangers of bypassing established procedures, even in seemingly small ways.
When senior leaders push vendor managers to bypass established controls, they send a message that convenience is more important than security. This directive from the top can cause compliance teams to feel pressured to “make it work” rather than insist on following protocol. It leads to a breakdown in governance and opens up significant opportunities for fraud.
💡Insight: A culture of exceptions has far-reaching implications. Yes, it can open the door to catastrophic fraud. But it can also be demoralizing for vendor managers who know they should stick to a process but feel like they’re hands are tied because their orders are coming from the top. It’s a problem worth tackling, and doing so can have a positive ripple effect across the organization. Not sure where to start? Check out our Document the Exceptions Logbook.
All is not lost. There are ways to fool-proof your policy and processes so you can kick exceptions and the other symptoms of lax company culture for good. The best part? You don’t have to be a drill sergeant to create a culture of accountability. Instead, the goal should be to establish clear expectations and consistent enforcement that allow your team to thrive. In other words, the goal should not be to instill fear or micromanage every move.
Start with clear, written policies that are easy to understand and apply. Make sure that every employee knows these policies inside out and understands why they exist. Regularly communicate the importance of these rules and provide training to reinforce them. Instead of catching people doing things wrong, create an environment that celebrates catching people doing things right.
Encourage a “speak-up” culture where employees feel safe raising concerns, reporting suspicious activities, or suggesting improvements. When people feel empowered to call out inconsistencies without fear of retaliation, you’re building a culture of integrity, where everyone plays a role in protecting the company.
Then, implement the more detailed steps below to foolproof everything from start to finish.
Mandate adherence: Make it a non-negotiable policy that no vendor onboarding or change can occur without following the established protocols, regardless of requests from senior management. Communicate that exceptions are unacceptable and make the consequences for bypassing protocols clear.
Accountability: Implement a system of accountability where any deviations must be documented, and the responsible party is held accountable (see this). This discourages anyone from bypassing the process on a whim.
Automate verification: Use automation to verify vendor details, including tax ID validation, bank account verification, and ongoing sanctions list checks. Automated systems are less prone to human error and ensure every vendor is vetted thoroughly.
Continuous monitoring: Integrate a solution that provides continuous monitoring of vendor data, alerting the team to any changes or red flags. This allows for real-time detection of suspicious activity and minimizes the risk of fraud slipping through.
Dual authentication for changes: Require dual authentication for any changes to vendor payment information. For example, if a vendor requests a change to their banking details, two independent contacts within the organization must verify this change before it’s implemented.
Third-party verification: Use third-party services to confirm vendor information before processing any changes, ensuring that all updates are legitimate.
Training and awareness: Conduct regular training sessions for the C-suite on the risks associated with making exceptions. Share real-world examples like the Toyota case to demonstrate the potential financial impact.
Highlight long-term costs: Emphasize how seemingly minor exceptions can lead to massive losses, affecting the company’s bottom line, reputation, and compliance status.
Immediate action plans: Have a response plan in place for potential fraud incidents. This should include steps for isolating the issue, notifying affected stakeholders, and communicating with law enforcement if necessary.
Post-incident analysis: After any fraudulent activity, conduct a thorough analysis to identify how and why the breach occurred, and use this information to strengthen existing processes.
Vendor self-service portal: Utilize a secure vendor portal that allows vendors to manage their information, submit onboarding details, and make changes. This ensures that all interactions are traceable, and any unauthorized attempts are flagged immediately.
Role-based access control: Ensure that only authorized personnel can access sensitive vendor information, and limit their ability to make changes based on their roles.
💡Insight: A company that values accountability is one that flourishes. When employees know they’re part of a fair, consistent system where everyone plays by the same rules, they’re more engaged, loyal, and productive. It’s not about policing—it’s about building a community where people feel valued, trusted, and part of something bigger.
The risks associated with making exceptions in vendor management aren’t limited to financial losses. They can damage an organization’s reputation, cause legal issues, and erode trust among employees and stakeholders. On the other hand, enforcing strict policies, leveraging automation, and educating leadership on the dangers of lax culture allows organizations to significantly reduce the risk of fraud.
CFOs and other C-suite leaders play a crucial role in setting the tone for how seriously vendor management protocols are taken. When they lead by example and prioritize security over convenience, it reinforces a culture of diligence and accountability that protects the organization from costly mistakes.
We’re LESS THAN ONE MONTH AWAY! December 12th for our SECOND annual Vendor Management Appreciation Day (VMAD)!
What: A special day set aside to celebrate our heroes, vendor managers
Why: There’s no expiration date on honoring one of the most important, under-recognized roles across industries: vendor management.
When: December 12th, 2024
Join us in observing Vendor Management Appreciation Day (VMAD)! We’re gearing up for the 2024 celebration, and we want you to be a part of it!
VMAD is a unique holiday geared toward unifying vendor management professionals and celebrating innovation in the field.
Moreover, we’ve released gifts each month to help you supercharge your vendor management efforts. Additionally, we’re planning some awesome events so everyone can connect and celebrate the important, strategic role of vendor management.
In the meantime, learn more here, and grab some free vendor management goodies.
Explore our blogs below. They’re filled with action items you can implement right away.
What You Need to Know About CEO Fraud Phishing and the Vendor Desk
The New Face of Vendor Fraud Cases
5 Things to Know About Vendor Onboarding Software
Three Things Going Wrong With Your Vendor Onboarding Process
We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.
© Copyright 2024 - PaymentWorks