Answers / Corporate Treasury

What controls would you put in place to prevent payment fraud, including business email compromise (CEO/CFO fraud)?

A core Corporate Treasury interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.

THE SHORT ANSWER

Layered controls. Process: segregation of duties (initiator ≠ approver), four-eyes/dual authorization on payments, and payment limits by user. Master data: lock supplier bank-detail changes behind a verified call-back to a known number — most BEC attacks just change the IBAN on a real invoice. Technology: payment-factory/host-to-host with standardized formats, sanctions/IBAN validation, and anomaly detection on unusual amounts, new beneficiaries, or off-pattern timing. People: training to recognize urgency-and-secrecy social engineering, and a rule that 'urgent, confidential, change-the-account' requests are always verified out-of-band. Finally, no exceptions for senior executives — CEO-fraud works precisely by pressuring staff to bypass the controls.

WHAT INTERVIEWERS LISTEN FOR

  • Segregation of duties + four-eyes authorization
  • Verified call-back for bank-detail changes (BEC defense)
  • Payment factory with validation/anomaly detection
  • Training; no control bypass for executives

COMMON MISTAKES

  • Allowing IBAN changes on email alone
  • Exempting senior management from controls
  • Relying on technology with no process controls

Reading isn't the same as answering under pressure.

Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.

TRY QUICKFIRE →Or train full Corporate Treasury case simulations →

RELATED QUESTIONS