Security on Supplier Bank information in Epicor - transmissions to bank for payments

I’m looking for some advice for those that are using some sort of ACH program with their bank to “pay” suppliers. At the moment, we have a customized system and are moving to one that will do more on the bank’s end so we can remove our customizations (trying to go back to base as much as possible for ease of upgrading). We plan on using Automation Studio to accomplish some of the new programming, as well.

I ran across an old thread on here from 4 years ago with the questions I want to ask (no answers, just questions in the thread) and am looking for what others are doing.

  1. Who can update your supplier bank information in Epicor? Is it secure to one person or two people? Do you have the change log turned on to track it? Is there any approval process used for changes?

  2. Who can request a change of bank information for your supplier? How are you ensuring that the bank information is correct for the supplier?

  3. Is the same person who generates/sends the file to the bank the person who is entering payments in Epicor? If so, do you have a payment approval process that requires another individual to approve the payment or the file cannot be sent? Is this done in Epicor or outside Epicor?

  4. Who reviews that all payment transactions processed without errors on the bank’s end?

Thanks all my questions for now and thanks in advance for your words of advice!

Just some thoughts from ACH history of my past…

Purchasing would update the account numbers and not Finance to maintain separation of duties as they generally had first (and better) relationships with the suppliers.

To check for correctness, AP would make a small deposit (less than a dollar), maybe two if you want to be even more secure, into the account without telling the supplier the amount(s). The supplier would have to tell purchasing the date and amount of the deposit and they would tell Finance. If it matched, great. If you heard nothing, the account was not used.

This was too manual, I would have liked to have a web form and let the system check the date and amount. I would also have liked to put a BPM Hold on the supplier during the time of the change request and the verification to prevent anything from being paid via ACH. If the web form matched, then it would remove the BPM Hold. Oh yeah, the web form would require a login from the domain of someone from the company, which one can do with SharePoint/M365.

AP created the file in Kinetic and submitted it to the bank. At every bank I’ve used, that upload sits in a pending state until another person approves it.

The other person in Finance would log into the bank and compare the names and amounts with the pre-check run. If all matches, then that person would release the payment.

All other reconciliation is similar to checks at that point.


Mark W.


Oh, my yes. The changes were logged!

1 Like


It’s the only way we log…

lumberjack GIF

This will have an almost completely automated system. We will do ACH and Wire Transfers as well as having the bank print our checks; some they send to our suppliers and some they send to us to send to our suppliers. Right now, we create 3 separate files; one EDI file and two other files that get uploaded to the bank portal. This will condense it all in one and will work with the new standards (ISO 20022).

We want to make sure security is in place, too…hence the questions :slight_smile:

We are using the built in ACH processing, nothing custom.

I hide the back/remit tab from everyone, but the security group that does the ACH process. one person enters and one validates the entry.

We have a form that the supplier must fill out and we verbally verify the information.

The AP people create the payment file, then the comptroller checks and uploads the file then someone from corporate accounting verifies and approves the uploaded file for processing.

The comptroller or assistant verifies in the bank’s portal the file processed without errors.


Thanks, Greg and Mark! I’ll bring your responses back to our team :slight_smile:

1 Like

I like @gpayne’s approach. We’re very flat and we have ONE AP Person. We have one other person that handles Vendor/Customer setup so the basic GAP rules are followed, but its’ still not ideal.

We were looking into the same exact questions you are asking and found a generic Epicor Approvals module that seems to ‘make’ BPMs as needed and uses a UD table in the background. Seemed quite interesting although we didn’t pull the trigger on this or any other solutions yet. At this point I’m thinking that Automation Studio is the way to go, but I’m not sure.

Anyway - here’s a link - no endorsements or anything.


Thanks, Mike!