Created in 1959 by its namesake and chairman, Yves Rocher is a €2 billion turnover leading company in botanical beauty products based in Brittany, France.

Our group is present in 80 countries. It has its subsidiaries who distribute our products under 10 different brands employing 15,000 people. We sell directly to 30 million consumers through 3 main channels:
•    shops
•    mail order
•    party sales

As a result of our retail business, for purposes of cash collection, the Group Treasury works with more than 100 banks throughout the world, which means many heterogeneous systems of electronic banking. We count more than 50 electronic banking systems in our Group.

Tighter control and security requirements

Over the last two years, we have observed an enhancement of internal control and requirement of security mainly driven by the evolution of the regulation. It implies especially in the area of treasury (payments, financial operation) a better control on our process and, further more, to be able to identify who did what. We migrate from a world of procedure to a world of process.
For treasurers, securing our process and ensuring an audit trail of the entire payment processes is part of the first elements required by the management, especially if they are personally and directly involved in payments through their personal signature.

We have to demonstrate at any time that our controls are effective, and that internal and external security of our cash flows are guaranteed. The objective is to fight against fraud and prevent risks.

Global reflection on payment security

Based on these elements, beginning of 2005, the Group Yves Rocher decided to set-up a project in order to secure the complete chain of payments starting from our ERP (SAP) to bank systems. As this kind of project can be so large in our Group with our number of banks, countries and means of payments, we decided to have a global reflection on our way of working and to start to implement the solution in France before deploying it worldwide.

Our reflection concerning payments was based on two concepts:
•    Centralize all our European payments on a single company or,
•    Leave the responsibility of making payments in the different subs but set-up a common communication, validation platform between our ERP and banks.

After some internal debates, we decided to choose the second solution which offers more benefits given our organization:
•    No modification of the existing organization. Subs keep the responsibility of making payments with all controls around them.
•    Payments are still signed by people who know what they are signing Unique common platform reaches our internal security objectives based on
•    Personal identification
•    Authorizations and signing workflows managed in a common tool
•    Personal signature with certificates on smart cards

SWIFTNet as communication tool

In the mean time, we decided to use SWIFTNet for communication with banks as this protocol appeared to us as a worldwide protocol with a very high level of security delivered by SWIFT through :
•    Resilience
•    Non repudiation
•    Notarization of the exchange

We chose to connect to SWIFTNet via a service bureau (EuroInformation from CMCIC) in order to have reasonable cost and to use a specialist in this field. As intermediate software between SAP and the service bureau, we installed TRAX (Cf. schema).

FileAct only

Choosing to use FileAct only was the major difference with most of other corporates. Indeed, we did not have enough market operations (500 a year) in order to afford the cost of a FIN connection for this unique service. Moreover, it was on mass payment where we identified major risks and payback. Using FileAct allows us also to keep using local formats, which is very important in our business for banking reconciliation and it avoids us to create new payments formats. We decided to migrate all our electronic payments, including treasury payments, salary payments and suppliers payments.

Personal signature

The second main difference with other corporates consisted to implement personal signature on SWIFTNet FileAct. In France, Belgium and Germany, our management is used to sign with smart cards on Etebac 5, Isabel, Multicash. It was difficult for us to sell internally such a project around security without implementing this functionality.

On this specific subject, we succeeded in making our first payments via FileAct with personal signature with two French banks (Société Générale and CMCIC) in August 2005. The technical feasibility and multi-acceptance of a single certificate by different banks was proven. Having done that, we could go ahead on the project.

Today

In November 2005, 8 months after the go on this project, we went into production sending payments and receiving bank statements with YROCFRPP as BEI. Today, we already have opened 5 MA-CUGS and we exchange files with 6 banks. Since the beginning of January 2006, it represents 98% of our flows paid from France.

Now, we are deploying this solution in our international subs starting with Belgium, Scandinavian countries and other major European countries.

Main benefits and difficulties

After few months of real life on this project, we observe the following main benefits :
•    Enhancement of the internal and external security
•    Better visibility on available cash
•    Costs reduction with less platforms
•    Fine monitoring on the payment
•    Very good acceptation from all users (accounting department to top management)

The main difficulties encountered during this project were the subject technicality with a swift language we needed to learn and a domain quite new for every participant. The number and variety of participants involved (SWIFT, banks, software company, service bureau and our internal IT team) was also a key issue during this period

In the near future

As this first phase is a great success, we will implement in 2007 the FIN service in order to reconcile automatically our market operations and to generate the related bank transfers. In fact, the additional costs to use this service in addition to FileAct appears to be very affordable regarding the wide range of functionalities covered within the same channel.

Laurent Delauriere joined Yves Rocher in 1993 as treasury assistant as the group headquarters in Paris. In 1994 he transferred to Belgium as financial controller in the coordination centre before taking the position of CFO in 1999 before returning to the French capital to become Group Treasurer in 2003.