When it comes to work-related travel, experts have projected that we are back to pre-pandemic levels. According to Business Travel News, the World Travel & Tourism Council (WTTC) has projected that global business travel will reach $1.5 trillion at the conclusion of 2024, which is 6.2% higher than 2019, the year before the pandemic. Suffice it to say we’re back in full force. And that means issues for finance and travel management teams are back in full force as they relate to corporate travel cards.
It’s a tale as old as time. A group of employees are sent out to an event across the country. The specific details can vary, of course. Maybe an industrial automation company is sending its marketing, sales team, and engineers to work the booth at a trade show. Maybe university officials across the Midwest are traveling to an athletics-related Big 10 Conference event. Or maybe public officials of a governmental institution, like a city, state, or county, are traveling to a national conference. Whatever the details happen to be, these employees are given a corporate-issued credit card on which to purchase things related to their trip while following a specific policy.
When problems arise
And that’s where things start to go off the rails. They follow the policy—at first, and only use the card for booking the airline tickets and the hotel. They use the card for their meals, and that’s it. After their event ends and they’re getting drinks with colleagues, that’s when they start to lose sight of policy. An exorbitant bar tab is accumulated, and they are not in a state to make a responsible decision on which card to use. That’s just one example. Other times, employees are simply ignorant or misinformed about what the policy is. For example, they may think that in-flight entertainment is covered on their trip. Or that the corporate travel card should cover a replacement suit jacket for the one they forgot to pack. The list goes on and on.
They may even engage in policy violations like double dipping, which is when someone pays for something with their travel card but also expenses it as an out-of-pocket expense. Instances like these and others can slip through the cracks when internal controls are weak. In the double dipping example, an employee that engages in this activity may get away with it because his approver doesn’t have access to his travel card data and doesn’t communicate with the finance department who does, and so both parties approve both transactions. So how do you strengthen controls so that you can keep finances secure at your organization? We’ve outlined ten different ways that you can do so below.
Before the transaction
Train employees on policy.
One of the first things that you should consider when implementing a corporate travel card program is to train your employees on the card policy. Your policy is chalk-full of pertinent information about what is allowed on the card, all of which is of course very interesting to those who handle corporate cards. But to those outside of the finance world, we admit that card policies may be a little dry. There is no excuse for a cardholder not to be familiar with the policy, but you can make it a little bit easier on them by creating engaging training courses for them to learn about the policy and their responsibilities as a cardholder or approver.
If you’re reading this and thinking, “well, we have a corporate travel card program, and no training to supplement it… are we behind?”, don’t worry. It’s not an uncommon situation whatsoever, as we’ve come to find. You can introduce a training program alongside an existing card program too, and at Card Integrity, we do it often for our clients.
Use distinct-looking cards.
Oftentimes personal spending on a corporate travel card may be the result of an honest mistake. Sometimes it’s as simple as that cards look similar, and the cardholder accidentally pulled out the wrong one to pay with. This can be very easily avoided by ensuring that corporate travel cards have a unique marker, like your organization’s logo or a label. You may also suggest to your cardholders that they not keep the corporate card with their personal cards in a wallet or purse and instead store it in a safe place.
Do away with department cards.
Department cards cause so many issues because they’re less traceable. It’s difficult to prove who used it when. If you have several people using the same card, who’s to blame when personal spending is found on it? The person who physically had the card at the time? What if the actual offender managed to take a picture of or write down the card number and expiration date and used it online? If serious fraud is found, you have a large issue on your hands, because you don’t know who to name in the police report. You may have a check-in/check-out log, but if someone was really determined, you can imagine several ways that they could get around this. We strongly recommend against issuing department cards for reasons like these.
Introduce separation of duties and be on the lookout for rubber stamping.
Proper separation of duties ensures that impartiality is kept through the approval process. Over the years, we’ve seen situations where cardholders are approving their own transactions. You can see where this may cause issues. The general rule of thumb is that no one person at your organization should be responsible for an entire transaction from beginning to end. We also often see instances of “rubber stamping”, that is whenever an approver simply trusts a cardholder and doesn’t really look at their submitted out-of-pocket expenses or travel card transactions carefully. Approvers should be held accountable as they play a vital role in the process.
After the transaction
Compare invoice data against credit cards to uncover duplicates.
To prevent the double dipping issue introduced at the beginning of this article, ensure that your organization has visibility and reporting available for both corporate travel card data AND invoice data, and that this data is not siloed and separated. This ensures no duplicates sneak through.
Validate receipts effectively.
Receipts can cause a lot of issues. This goes back to the rubber stamping issue described earlier—sometimes they just aren’t being looked at very carefully. Receipt validation is a time consuming process, and those in charge of approving receipts often don’t really want to do it. It’s not uncommon to see stacks of receipts at a desk. If this situation sounds familiar, consider outsourcing receipt validation through a reputable, third-party company.
Leverage Level III data.
Level III data (often written with Roman numerals but also sometimes called “Level 3 data” with the numeral 3) is the highest level of data available for card transactions. It shows information like:
- Merchant name
- Transaction and tax amount
- Date of purchase
- Order and invoice number
- Item quantity and description
It isn’t available in every situation, but if you are able to leverage level III data, make sure you do. This can be instrumental in finding out that a cardholder is buying gift cards rather than cleaning supplies at Wal-Mart (just as an example).
Don’t over-rely on MCCs.
Merchant category codes, or MCCs, are codes that card issuers and banks assign to merchants. The purpose of MCCs is to assist in identification of merchants, and they are fine for that purpose. But they aren’t always correct. For example, Amazon for a long time was listed as a bookstore. As we all know, they are no longer just a bookstore. They can also be quite broad. Our article on MCCs goes more in depth on what they are and how to use them, but the point is that they are imperfect and far from “true categorization”. Overreliance on them can lead to difficulties, so this should not be your main method of categorizing merchants.
Communicate policy violations effectively.
Finally, whenever a violation does occur, it’s important to notify the cardholder about the suspicious transaction. Sometimes it’s an honest mistake, sometimes it’s a false flag, and sometimes it’s something deeper. Whatever the case, proper and timely communication with the cardholder is paramount. Some of our clients prefer to have a third party communicate red flags and violations with the cardholder, and at Card Integrity we are happy to offer that option as part of our expense monitoring service.
Leverage resources available to you.
The tenth and final internal control in our list is utilizing resources to your advantage. For example, the Institute of Commercial Payments (IOCP) offers a plethora of resources for card professionals, including those focusing on travel cards. At Card Integrity, we have resources available too—we’ve been helping clients with their travel card programs since 2008 and have various resources on the subject. Download the free eGuide below, “T&E Card Expense Review Best Practices Guide“, to gain access to more insights regarding corporate travel cards, T&E policy, and more. Strengthening internal controls is key when bolstering or setting the foundation for a corporate travel card program.
