Independently written by guest writer Bird Lovegod, Fintech journalist and consultant.
When I was invited to write a blog piece for Cygnetise, I thought to do a little research. So I Google ‘what is an authorised signatory list’.
First page results come up from major companies, several Universities, and Government. I’m surprised because some of the results are links to PDFs of authorised signatory paperwork, the blank forms with company’s headers. I got the uneasy feeling if I delved even slightly deeper I’d start to find actual completed lists of authorised signatories including names, signatures and everything else needed to become an authorised signatory myself. Or at least pretend to be. And on page two of google, a definition of what an authorised signatory is: “A representative with power to sign an agreement. AKA signing officer.”
Right. So if I’m an authorised signatory I can buy things, sign off payments, add people, real or imaginary, to a payroll, and maybe sign a few contracts, this kind of thing. Important things. Expensive things. Legally impactful things. I’m starting to see why security in the process of adding and removing authorised signatories is crucial. I’m also wondering if companies like UBS really want their authorised signatory forms on page one of a Google search. You’re welcome.
In large multinational organisations, where no one knows everyone, the possibilities for fraud are seemingly unlimited. I even stumbled across a magazine dedicated to highlighting the problems of human dishonesty.
It seems to me after just half an hour research, that protecting and maintaining the integrity of a signatories list, and having that list as an integrated component of a digitised system, is fundamental to privacy, security, and good governance. My Googling also brought up documents detailing how to add or remove signatories in steps which I have no doubt would take several days to complete if all went smoothly, and several weeks when things didn’t. I have a sneaky suspicion many organisations will have outdated signatory lists. Seniority is often a factor in having authority to make decisions, and I wonder how many companies and organisations have signatory lists with retired or even deceased persons still on them, opening a door to commercial identity fraud. If a criminal can convince a supplier they are an authorised signatory they could easily purchase order valuable goods in large volumes, never to be paid for. Again, you’re welcome.
From what I know about blockchain, it seems like the perfect use case, blockchain was designed to be used for systems whereby the parties don’t necessarily know or trust one another. It’s about consensus across the network rather than centralised databases of what is considered ‘true’. The danger of centralised databases is they are hackable, sometimes easily, and accessible by people who may have less than honest intentions. Even managed honestly, databases are prone to human error, and are invariably less than 100% accurate and up to date. If Cygnetise really are able to smarten up the signatories list problem, they’ll be a valuable service to all their clients, and in a great position to further extend their value chain. In blocks.