SMEs mainly focus on risks that are obvious but unlikely, such as fire. Some risks are less obvious but may have serious consequences.

Empowered employees

People are far more empowered today than before. The relationship between employees and employers has changed considerably as a result. Employees are far more prone to fight their dismissal or to lodge a complaint against their managers than before. This new empowerment comes with a price tag. It implies additional legal costs and possibly even penalties. 

Internal fraud

Companies conveniently assume that fraud is an external threat, but the enemy sometimes comes from within. Moreover, internal fraud is a typical risk for small and medium-sized enterprises, precisely because of the focus on trust. Some employees dare to betray this trust. They have their hands in the till, sell machine parts, or pass on sensitive data to the competition for payment. There are various reasons for susceptibility to fraud. First of all, people today are not as loyal as before. SMEs also have fewer rules and procedures. That freedom opens the door to abuse.

Insolvency among customers and suppliers

Insolvency is and remains a substantial risk, especially after the crisis. Companies do not dwell nearly enough on the fact that customers can go insolvent. Insolvency has dramatic consequences for your profit margin. Suppliers may also be affected, which can seriously threaten your production process. After all, it is not an easy task to quickly find a new raw materials supplier. Companies are well advised to purchase external data about their partners, especially if you do business abroad.

Interdependencies

Companies depend on other partners in order to operate. Problems with suppliers may thus impact on their internal functioning. Imagine if an important supplier's machine breaks down, and you are left without raw materials. Companies must assess their full value chain in order to detect possible risks. Bear in mind that your customers may also have problems. For example, a fire at your most important partner can prove to be a major spanner in the works. You can include an additional clause in your business interruption loss policy so as to receive compensation if your supplier is affected by fire.

Professional liability

Like people, companies are fallible and thus occasionally make errors. These errors can cause damage to third parties. The resultant claims can range from several thousand to possibly millions of euros. For example, an engineer could have made a calculation error in the design of a new production line.  Apart from material damage to the assembly line itself, there may also be financial losses due to production stoppages.

Caution with contracts

Nearly every contract that companies enter into has a clause on liability. This describes each party's responsibilities. Companies pay scant attention to this, even though the contractual consequences may be significant. An excellent example is a lease for a crane. The lessee is usually responsible for any damage to the crane, which can be very costly. Study the liability clauses thoroughly as they can have a serious effect on your company's financial health.

Political risk

By political risk, we mean all events that may prevent your foreign customers from being able to pay or your foreign partners from being able to produce. These may be purely political events such as a war or revolution, but may also be natural disasters, economic difficulties, or government decisions that complicate trade. For instance, import permits may suddenly be withdrawn. Belgian companies have a strong international orientation and are thus well-advised to have insurance against political risk.

Environmental damage

“The polluter pays” is a well-known principle. Restoring the environment to its original state is a costly business. A few dozen litres of oil can cause hundreds of thousands of euros of damage.

(Source: www.Aon.com)

Central banks worldwide are stimulating the economy with cheap money. This leads to a false sense of security in the financial markets.

After all, any news - positive or negative - can trigger severe market fluctuations. Companies run substantial interest rate and exchange rate risks as a result, even though they are not always aware of this. Fortunately, there are financial techniques to hedge these risks. 

A recent study by BNP Paribas Fortis and ATEB, the association of corporate treasurers in Belgium, speaks volumes. Barely 51% of the 402 companies interviewed have the same risk tolerance today as in 2008. This is a surprising finding because risk managers are dealing with a complex and therefore more unpredictable economic context in 2015.

“Today, financial risks, especially systemic risks, are more difficult to manage than five years ago,” says Eric Charléty, head of the Business Development department of the dealing room. “What if the interest rates suddenly start to rise? Many companies have taken out loans with a variable interest rate, because they assume that interest rates will remain low. But that choice exposes them to a substantial risk. As soon as rates rise, you have a problem.”

Exchange rate risk is often underestimated

Besides the interest rate risk, most companies are also exposed to a significant exchange rate risk, because they import and export goods or have partnerships with companies outside the Eurozone. According to Eric Charléty, Belgian entrepreneurs often take a very narrow view of financial risks:

“Sometimes they do not look further than what is on paper, for example that their invoice must be paid within 30 days. But if the payment is in Pound Sterling, the profitability of the transaction will largely depend on the conversion into euros. In this case, it is certainly a good idea to hedge yourself against the exchange rate risk in advance.

Even so, very few companies manage to successfully link their risk management to their strategy. They assume all too often that they only run risks if they do business outside the Eurozone. This is incorrect; a broader perspective that takes due account of the competition is needed. Even a company that only does business in the Eurozone has to deal with competition from outside it. Due to fluctuations in foreign exchange markets, a British or Japanese competitor may suddenly be cheaper.

That makes risk management a key factor of the business strategy, on par with target markets, products, and value chains. Good knowledge of the competition, their exposure to risks, and how they manage them is just as essential to the success of the company.”

Hedging = avoiding risks

The good news is that companies can hedge or cover the interest or exchange rate risk of a particular transaction by entering into a separate contract with a third party. In practice, this third party is usually a bank and the contract itself is called a ‘derivative’. Certain risks are placed with the bank through such a contract. Eric Charléty sees two major advantages in this:

“Banks are better informed about exchange rates and interest rate developments than companies. It is their core business. Banks are moreover able to spread the risk better. An individual company cannot beat the law of large numbers.”

Companies have different options for hedging their risks. They can agree in advance on a fixed exchange rate with the bank.  By way of example: Company A sells goods for USD 100,000 to company B. A receives payment a month later. The US dollar can fluctuate greatly in the meantime. A can play things safely and agree on a fixed dollar rate with its bank today. A then knows exactly how many euros it will receive.  The risk of a fall in the exchange rate then lies fully with the bank. The bank charges a premium for this. Although this sounds attractive, Eric Charléty warns against a possible competitive disadvantage:

“If you fix exchange or interest rates, you are less flexible. You can no longer profit from positive market developments.  If your competitors follow the same strategy, there is no problem. However, if they do not fix their exchange rate, they can enjoy and benefit from exchange rate fluctuations.”

Customisation

Instead of fixing the exchange rate (and thus limiting its flexibility), A may choose to ‘cap’ the rate. A can then profit from any depreciation of the dollar, while any increase is capped. Just as in the case of insurance, you have to pay a premium for such protection. However, this is not necessary. A can also avoid paying a premium by choosing a third option. In that case, you allow the rate to fluctuate between a predetermined lower and upper threshold.

“Every situation is different and so the most appropriate solution is not always the most obvious. You can combine different building blocks with each other. Choosing a derivative is customised by definition,” concludes Eric Charléty.

Insurance should be a company's last line of defence. However, many risk managers follow the opposite reasoning. They sign a policy and think that is the end of the story. Bart Cuypers of Aon advises caution and advocates a structured approach.

Many companies act like families in relation to insurance. They insure themselves against standard risks, such as fire, occupational accidents, and liability. There is nothing wrong with this per se. After all, the material damage after an incident is compensated. But as Bart Cuypers of Aon points out, the risk does not stop there:

“If your family home goes up in flames, you live in a hotel temporarily or move in with friends. But what happens if your factory is reduced to ashes? Or if your most important machines break down? Where and how are you going to carry on production? Companies think everything is under control once they sign an insurance policy. But they overlook what is known as consequential damage.”

Expect the unexpected

According to Bart Cuypers, companies all too often cover themselves against low-impact risks, leaving themselves uninsured against larger risks:

“Companies in the food sector, for example, forget that a production error can have serious consequences. They must organise an expensive recall action, there is marketing and reputational damage. Briefly put, an error can cost you a lot of money. Yet the directors' cars all have full comprehensive insurance, even though an accident will only set you back about EUR 40,000. Companies often fixate on minor damage, while you should be considering what can really go wrong if the impossible happens.”

Do not opt for an easy solution

Bart Cuypers also warns against standard insurance policies. While these are excellent for families, they are inadequate for companies because they exclude the real risks of doing business. According to Cuypers, companies frequently opt for an easy solution. They hand over their risk management to an external partner that is then given carte blanche. Not a good idea, it turns out: 

“Many SMEs operate in a specific niche or certain countries. That implies certain risks are not obvious. It is not easy for an outsider to identify those risks. The company must take the lead itself and establish its own weaknesses. It can only do that exercise itself.”

Last life buoy

Is a company's only option then to take out a large and expensive insurance package? Bart Cuypers does not think so. On the contrary:

“Insurance is actually a company's last resort. Companies are well-advised to rather work on prevention. By creating procedures, putting alternative plans on paper. You can spend a fortune insuring yourself against cyber fraud, but you can also take preventive measures. Or you can already plan today where you are going to produce if your factory burns down. As an entrepreneur, you need to be forward-thinking, including with regard to any setbacks. But most companies hardly free up any time for this, which is logical because it is unlikely to occur and you still have your routine tasks to complete.”

Step-by-step plan

Risk management is customised by definition. It is practically impossible to use a step-by-step plan that can be applied to every company. Nevertheless, Bart Cuypers gives some good general advice:

“Companies can start by identifying their risks as best as possible. That is a long-term exercise involving many parties. People on the shop floor, for example, can provide valuable information. Then check how likely it is that the risks will actually occur, and estimate the financial impact of each risk. The company can then decide whether and which action is necessary. Focusing on prevention, or taking out more insurance. It may also opt to do nothing. That is a legitimate choice, certainly if it has sufficient reserves and the impact is low.”

Fraudsters are becoming ever more inventive in their attempts to con private individuals and entrepreneurs. A healthy dose of vigilance can prevent a lot of distress.

Six most common fraud techniques

• Fake transfers
  Fraudsters send fake transfers to the bank in the name of an organisation.  Signatures on payment orders are perfectly forged and can scarcely be distinguished from the original.
• Forged invoices
  Fraudsters intercept outgoing invoices from a company. They change the account number of the beneficiary and send the 'adapted' invoice to the customer or bank, which then pays into the fraudulent number.
• Social engineering
  This fraud technique is based on manipulation and breach of confidence. Fraudsters firstly gather personal information about their victim on social media or Google. They then contact the victim, posing as a help desk worker, for example, and try to get the victim to reveal sensitive information such as passwords or account numbers.
• Phishing
  A specific form of social engineering used by criminals to "fish" for personal data, mainly by e-mail, that enables them to steal money from a bank account at a later stage. The fraudsters often play on the feeling of fear of their victims: they warn them, for example, that there is a threat of their account being closed. 
• Hacking
  Hackers install a virus on your computer. That program observes what you do and collects all types of data. During an online banking session, the hacker can display a pop-up in which you are asked to insert your PIN code for example.
• Infiltration
  A new fraud technique by which a fraudster arranges to be hired by a company in order to learn its payment and monitoring procedures. After a few months, the fraudster makes large payments to his own account and then disappears from the scene. 

How to teach fraudsters a lesson

Fraud prevention does not have to be expensive or high-tech. Being alert and responding decisively is key.

• Raise your employees' awareness: The best form of fraud prevention is to raise awareness among potential victims. Make your employees aware of the real risk of fraud. Convince them of the need to regard business data as company property. Also encourage your employees to be critical towards everything that differs from the normal state of affairs.
• Be vigilant for suspicious behaviour: Look out for sudden changes among your customers or suppliers. Focus particularly on deviations from payment details. Example: if a supplier asks you to pay into a foreign account. Contact your customer or supplier, preferably people whom you have known for years and trust.
• Do not allow any phishing of your data: Banks never ask your for personal details by e-mail or telephone. You can assume such questions come from fraudsters. Other indications are poor language, an incorrect form of address, or the fact that the e-mail ended up in your spam folder. Mark these as unwanted messages in your e-mail program. Report the misuse to your internet provider, so the sender can be blocked.

Protect your IT systems

• Install an anti-virus program and firewall on your computer(s) and update these systematically.
• Never respond to any questions by telephone. Again: your bank will never ask you by telephone for a code or any confidential information.
• Going to do online banking? Only open the program concerned. Close all other sites. 
• Never click on links that refer to the website of a bank, especially if they have been sent by e-mail.

The bill to introduce this obligation in Belgium has been submitted to the Federal Parliament. If the draft bill is approved, B2B e-invoicing will become mandatory from 1 January 2026. Our experts explain why Belgium wants to introduce these new rules, what the implications are for your company and how we can better support you.

“The bill is consistent with international developments and initiatives at the European level,” says Nicolas De Vijlder, Head of Beyond Banking at BNP Paribas Fortis. "Europe's ambition is a harmonised digital standard. Structured e-invoicing between companies will also reduce the administrative burden of invoicing, enabling companies to work more efficiently and increase their competitiveness. The automation of VAT declarations will also help governments prevent tax fraud and adjust economic policies based on more qualitative data.”

Evolution rather than a revolution

“The new legislation is an evolution rather than a revolution,” adds Erik Breugelmans, Deputy Managing Director at BNP Paribas Factoring Northern Europe. "Digitalisation is becoming pervasive at all levels of society, as we have seen with the increase in electronic payments, as well as the additional obligations in recent years regarding electronic invoicing to the government. In this sense, the bill for mandatory electronic invoicing between companies is a logical next step. Our bank is happy to contribute to this process, although we do not intend to offer the same services as accounting software or fintechs. However, we are happy to help our customers with payments and financing."

The impact on businesses

“Customers need to be aware that the new regulations will have an impact on their internal and external processes,” continues Erik Breugelmans. "The majority of Belgian companies mainly serve an international market, which means that the introduction of electronic invoicing will be more complex for them than for companies operating in the domestic market. As the legislation will be introduced in one go, they need to start preparing now."

“The new rules will affect a company’s accounting department as well as its IT department,” emphasises Nicolas De Vijlder. "The procedural requirements are key, otherwise the automated process will not work. However, one of the main benefits of advanced automation is that everything can be done faster and more efficiently. The time between sending an invoice and paying it will be shorter and cash flows more predictable. In addition, it will also reduce the risk of error and fraud, as all transactions will pass through a secure channel."

Ready to offer you even more and better support

“Thanks to the far-reaching digitisation resulting from the new regulations, we will be able to further optimise payments,” concludes Erik Breugelmans. "As a bank, we need to finance our customers’ receivables as quickly and efficiently as possible, so that they have easier access to their working capital. In addition, because we have already gone through an entire process in terms of large-scale automation, we will be able to adapt quickly to the new rules. We can also draw on the expertise of the BNP Paribas Group, which is currently developing an e-invoicing solution for large companies."

Want to know more?

Listen to the episode on B2B e-invoicing :

• French version
• Dutch version