I recently sat down with several of BDO’s Restaurant clients to discuss key treasury considerations for areas including controls, vendor services and financing. In this post, I summarize the main takeaways and need-to-know information from the discussion.
Payment Card Industry Data Security Standards (PCI/DSS) relates to controls over electronic receipts via payment card and related customer information. PCI/DSS differs from broader cybersecurity considerations, insofar as cybersecurity focuses on all types of information that can be obtained via the Internet, as well as potential disbursements made in any manner. It’s easiest to think of PCI/DSS as control over receipts and customer information, and cybersecurity as control over disbursements and all information—customers, employees, vendors and your company.
PCI/DSS is mandated by card associations and issuers. You must comply with your required level (1 – 4) and encrypt transmitted card (customer) data. Discuss with your processor how to best do this.
Cybersecurity is not yet required. But it may be worth considering leveraging a third-party to identify your vulnerabilities and assist in implementing improvements. And consider where else you have assets in need of protection—such as those with a broker. What controls do they have in place to protect your investments?
You probably have controls in place such as Positive Pay over checks and ACH, as well as ACH debit blocks and filters on all accounts (your Positive Pay default should be “No Pay,” so your bank will not honor a presented check you have not told them about).
Another control would be to review your A/P master file and remove any unauthorized vendor that was input prior to the implementation of good controls. You should conduct this review yearly.
Business Continuity Plan (BCP)
You may not need this for an individual location, but what about Corporate? If a disaster hits, how will you initiate and report cash transactions? How will you obtain and concentrate your receipts, pay employees and vendors, borrow money, pay the bank or transfer funds? It is recommended that you develop a BCP for treasury/cash management and test it yearly.
Banking Services – General Approach
In addition to meeting your banker every few months for an update on your company’s status, consider meeting them every two years. Challenge them to introduce new services that will save you money, identify existing services no longer needed and ask what pricing reductions they can provide on other services.
Credit Card Processing Services
There have been several recent changes to improve transaction security, such as PCI/DSS, encryption and EMV. Considering this, do you still have the right card processor? Think about your service levels and reporting, exceptions and chargeback volumes, pricing, the need for new terminals and transaction encryption. Maybe this is the time to put out a Request for Proposal (RFP) Provide several candidates with detailed information on past and expected volumes (value and count), processing hardware and software, recent changes, issues, etc. You want the candidates to know everything but your current pricing; this will give them the opportunity to suggest ways to help you process transactions better and offer their best pricing. Your pricing should improve, and you may not even need to switch processors.
Let’s say you’re approaching another bank for a new loan facility. You’ll be providing them the basics: information on your company status, history, changes, financial statements and management/owners.
But also provide them a flowchart of your bank accounts, showing flows of funds in and out, and your account analysis statements. There are several reasons for this: The account analysis statements—with all pricing detail/totals and account balances redacted—will support the flowchart and help the bank understand the services you are currently receiving. This will help them understand your business better and give you more credibility.
It will also help them determine additional income they can make from the relationship—and allow them to make recommendations on what additional (or fewer) services they could provide you—all to your benefit. Later, when they propose on your credit facility, you can ask them to use that same information to provide you competitive pricing on their banking services.
Finally, after your deal is completed you should prepare a summary, by topic, of your ongoing requirements, to ensure you are always in compliance. The summary should have two goals: to summarize all future payment, reporting and other requirements, and to note where in the agreement one would go for more information. Also, prepare a calendar of those requirements.