This document discusses information security perspectives from the banking industry. It begins with definitions of information security and banking. It then outlines best practices for IT security and auditing in banks as defined by the Federal Financial Institutions Examinations Council (FFIEC). The document describes common banking activities and the risks associated with them, emphasizing the importance of IT security. It also discusses trends in banking fraud and the changing profile of fraudsters in Uganda.
With a zero tolerance level in Money Laundering and associated large regulatory penalties for non compliance, Banks and other Financial Institutes are spending immense time, effort and money to achieve compliance. Needless to say, it is still not enough. The Black Swan can enter into any Financial Institute’s Branch on any given day and sting the Bank by surprise.
The implementation of a formal and a structured AML Mitigation and oversight system and processes that effectively identify, assess, and manage such risk within acceptable levels is a challenge. Therefore, awareness about the menace of money laundering and thorough understanding of the antimony laundering process and its current trends at all levels of staff of a bank/FI are ever growing necessities.
Awaiting your valuable nominations/enquiries to make the programs mutually beneficial and successful. Please email manoj.jain@riskpro.in or contact at 98337 67114 for more details.
Program Highlights
Let the experts guide you on the best practices in Anti Money Laundering
Perspective from RBI, FIU- IND, Income Tax and more
Global regulations around AML/KYC
Indian regulations and latest reforms
How to avoid any kind of surprises
Linking AML compliance to Reputation Risk, Social Media Risk
Dodd Frank Act, US Patriot Act
What it takes to say “NO” to profitable and abundant business
Speakers and Panelist
Guest speakers from Regulatory Authorities
Risk Management and Banking Experts
Manoj Jain, Director and Co Founder, Riskpro India
Hemant Seigell, Director, Riskpro India
R Muralidharan, ex DGM - Risk Management, Bank of Maharashtra
Hemlatha Mohan, ex Country Head ORM, ING Vysya Bank
Prasanna Rath, ex Head of Risk, TAIB Bank, Bahrain
Prominent AML experts as panelist
This document provides an overview of anti-money laundering practices and suspicious transactions. It discusses the key stages of money laundering: placement, layering, and integration. It also outlines the elements of an effective AML program, including board approval, training, internal controls, and independent audits. Several typologies of money laundering are described, such as the use of shell companies and cash couriers. Guidelines for identifying and reporting suspicious transactions and clients are provided. Specific scenarios involving suspicious activities like structuring are reviewed.
This document provides information about an upcoming conference on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) for heads of units at Arab banks and financial institutions. It includes the conference details, date, location, and topic "The Many Faces of Compliance Risk". It also includes a biography of Mohammad Fheili, who will be speaking at the conference and has over 30 years of banking experience, including roles at various banks and economic advising organizations in Lebanon.
This document provides an overview of anti-money laundering (AML) practices. It discusses the stages of money laundering, including placement, layering, and integration. It covers key AML concepts like know-your-customer procedures, suspicious activity reporting, and the role of regulatory bodies like the Financial Action Task Force in establishing international AML standards. The document is intended to help participants understand AML definitions, pillars, risks, and compliance responsibilities.
This document provides indicators of human trafficking across various industries and roles to help with identification and detection. It summarizes red flags for hotels/motels, property management, automotive dealerships, financial services, transportation, and behaviors of traffickers, victims, and buyers. The goal is to educate and increase awareness of human trafficking signs to support identification and prevention efforts.
The document discusses fraud risk and consumer fraud management. It defines fraud and outlines the main categories. It provides data on fraud incidents and losses from regulatory reports. It then details common types of fraud like identity theft, credit card fraud, and phishing. The document outlines challenges in fraud management and provides examples of fraud attempts in Pakistan. It concludes with recommendations for financial institutions to strengthen anti-fraud culture, define clear roles and responsibilities, invest in fraud detection systems, and leverage fraud data and training to enhance consumer fraud management.
The document discusses money laundering and the obligations of reporting institutions under Malaysia's Anti-Money Laundering and Anti-Terrorism Financing Act 2001 (AMLATFA). It defines money laundering as disguising illegally obtained cash or property to make it appear legitimate. It outlines risks like reputational damage for institutions that don't comply with AMLATFA. Key obligations include conducting customer due diligence, identifying suspicious transactions, and reporting them to the authorities. Failure to comply can result in fines or imprisonment.
With a zero tolerance level in Money Laundering and associated large regulatory penalties for non compliance, Banks and other Financial Institutes are spending immense time, effort and money to achieve compliance. Needless to say, it is still not enough. The Black Swan can enter into any Financial Institute’s Branch on any given day and sting the Bank by surprise.
The implementation of a formal and a structured AML Mitigation and oversight system and processes that effectively identify, assess, and manage such risk within acceptable levels is a challenge. Therefore, awareness about the menace of money laundering and thorough understanding of the antimony laundering process and its current trends at all levels of staff of a bank/FI are ever growing necessities.
Awaiting your valuable nominations/enquiries to make the programs mutually beneficial and successful. Please email manoj.jain@riskpro.in or contact at 98337 67114 for more details.
Program Highlights
Let the experts guide you on the best practices in Anti Money Laundering
Perspective from RBI, FIU- IND, Income Tax and more
Global regulations around AML/KYC
Indian regulations and latest reforms
How to avoid any kind of surprises
Linking AML compliance to Reputation Risk, Social Media Risk
Dodd Frank Act, US Patriot Act
What it takes to say “NO” to profitable and abundant business
Speakers and Panelist
Guest speakers from Regulatory Authorities
Risk Management and Banking Experts
Manoj Jain, Director and Co Founder, Riskpro India
Hemant Seigell, Director, Riskpro India
R Muralidharan, ex DGM - Risk Management, Bank of Maharashtra
Hemlatha Mohan, ex Country Head ORM, ING Vysya Bank
Prasanna Rath, ex Head of Risk, TAIB Bank, Bahrain
Prominent AML experts as panelist
This document provides an overview of anti-money laundering practices and suspicious transactions. It discusses the key stages of money laundering: placement, layering, and integration. It also outlines the elements of an effective AML program, including board approval, training, internal controls, and independent audits. Several typologies of money laundering are described, such as the use of shell companies and cash couriers. Guidelines for identifying and reporting suspicious transactions and clients are provided. Specific scenarios involving suspicious activities like structuring are reviewed.
This document provides information about an upcoming conference on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) for heads of units at Arab banks and financial institutions. It includes the conference details, date, location, and topic "The Many Faces of Compliance Risk". It also includes a biography of Mohammad Fheili, who will be speaking at the conference and has over 30 years of banking experience, including roles at various banks and economic advising organizations in Lebanon.
This document provides an overview of anti-money laundering (AML) practices. It discusses the stages of money laundering, including placement, layering, and integration. It covers key AML concepts like know-your-customer procedures, suspicious activity reporting, and the role of regulatory bodies like the Financial Action Task Force in establishing international AML standards. The document is intended to help participants understand AML definitions, pillars, risks, and compliance responsibilities.
This document provides indicators of human trafficking across various industries and roles to help with identification and detection. It summarizes red flags for hotels/motels, property management, automotive dealerships, financial services, transportation, and behaviors of traffickers, victims, and buyers. The goal is to educate and increase awareness of human trafficking signs to support identification and prevention efforts.
The document discusses fraud risk and consumer fraud management. It defines fraud and outlines the main categories. It provides data on fraud incidents and losses from regulatory reports. It then details common types of fraud like identity theft, credit card fraud, and phishing. The document outlines challenges in fraud management and provides examples of fraud attempts in Pakistan. It concludes with recommendations for financial institutions to strengthen anti-fraud culture, define clear roles and responsibilities, invest in fraud detection systems, and leverage fraud data and training to enhance consumer fraud management.
The document discusses money laundering and the obligations of reporting institutions under Malaysia's Anti-Money Laundering and Anti-Terrorism Financing Act 2001 (AMLATFA). It defines money laundering as disguising illegally obtained cash or property to make it appear legitimate. It outlines risks like reputational damage for institutions that don't comply with AMLATFA. Key obligations include conducting customer due diligence, identifying suspicious transactions, and reporting them to the authorities. Failure to comply can result in fines or imprisonment.
Forensic accounting vs fraud examinationKolluru N Rao
This document discusses the key differences between forensic accounting and fraud examination. Forensic accounting refers to the application of accounting skills and techniques to legal matters and investigations, while fraud examination focuses specifically on fraud detection, prevention, and deterrence. Some key differences include forensic accountants helping enforce regulatory requirements and investigate economic crimes, while fraud examiners coordinate with management, law enforcement, and lawyers. Both fields require an understanding of relevant industries, data analysis skills, and knowledge of legal standards and privacy laws. Examples are given of major fraud cases that were uncovered through forensic accounting or fraud examination techniques.
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15Ken Givens
The document discusses EMV chip technology for credit and debit cards. It explains that EMV was developed in the 1990s by Europay, Mastercard, and Visa to provide global interoperability standards for chip-based payments. EMV chip cards contain secure microprocessors that reduce fraud from counterfeiting, lost, and stolen cards compared to magnetic stripe cards. The U.S. is behind in adopting EMV, but liability shifts taking effect in October 2015 will motivate merchants and banks to upgrade terminals and cards to the more secure EMV standard to avoid fraud-related costs.
Prevent banking frauds through identity managementGARL
What is the difference between private and retail banking in fraud management? Significant use of mobile devices (tablet, smartphone,...) and the growing number of fraud due to human factor are changing private banking management.
GARL presentation at Forum Banca 2013 describes fraud risks for private banking and how to manage them in a prevention plan.
The presentation was made as a collaboration with Banca Esperia (Mediobanca group).
This document summarizes the Prevention of Money Laundering Act of 2002 in India. It defines money laundering and outlines the key stages of money laundering. It also discusses how money laundering methods have evolved over time from bank-centered techniques to using new payment systems and non-profit organizations. The Act established obligations for banks, financial institutions, and intermediaries to maintain records and report suspicious transactions to combat money laundering. It requires reporting entities to appoint a Principal Officer and verify customer identity.
Ali AlMeshal - The need for a secure & trusted payment - ArmIGF 2015Arm Igf
This document discusses security issues with card not present transactions in e-commerce. It notes that as security has improved for card present transactions, fraud has shifted to card not present channels like online shopping and mobile commerce. Common types of e-commerce fraud are discussed like counterfeiting cards, account number generation, and data breaches. The document also examines factors that influence trust in e-commerce like perceived security and control mechanisms. It concludes that cooperation across commerce partners is needed to address fraud challenges through consistent guidelines and security tools.
This document summarizes a presentation on current trends in fraud prevention. It discusses common types of payment fraud like check, credit card, and wire transfer fraud. It also discusses challenges posed by holder in due course claims for check fraud. The presentation recommends implementing a fraud prevention matrix that combines procedural controls, check protection, transaction screening, and fraud protection services. It provides examples of specific fraud prevention tools and services offered by banks and third parties.
Anti-Money Laundering and Counter Financing of TerrorismPuni Hariaratnam
Money laundering involves disguising illegally obtained money to make it appear legitimate. It became a major issue in the 1920s and laws were passed in the 1980s to address it. Malaysia passed its Anti-Money Laundering and Anti-Terrorism Financing Act in 2001, placing reporting obligations on banks and requiring customer due diligence, record keeping, and compliance programs. Failure to comply can result in significant penalties from regulators and damage to a bank's reputation. However, many banks still fail to provide adequate anti-money laundering training to their staff.
Fraud continues to proliferate across financial institutions, through multiple lines of business and banking channels. Increasingly sophisticated criminal tactics and the proliferation of organized crime rings make detecting fraud difficult and preventing it nearly impossible. Adding to the complexity is increased globalization and growth through mergers and acquisition, which make it harder to effectively monitor multiple portfolios and business lines. The presentation discussus best practices and ideas around the prevention, investigation, and detection of possible fraudulent activities across multiple industries.
This document discusses anti-money laundering regulations and obligations for solicitors and credit unions. It provides an overview of key legislation, requirements for customer due diligence, identifying beneficial owners, reporting suspicious transactions, record keeping, and training staff. It notes the penalties for non-compliance and examples of suspicious activities and red flags that could trigger reporting obligations.
Money laundering involves disguising illegally obtained money to make it appear legitimate. Key aspects of preventing money laundering include complying with know-your-customer (KYC) norms, identifying suspicious transactions, and reporting cash and suspicious transactions to authorities on time. Banks must implement anti-money laundering measures like monitoring high-risk accounts, appointing compliance officers, and training staff to detect and deter money laundering activities.
The document outlines guidelines for anti-money laundering programs for insurers in India. It defines money laundering and its three stages: placement, layering, and integration. It discusses Know Your Customer (KYC) policies, including documentation requirements. It also covers risk profiling customers, suspicious transactions, reporting requirements, and penalties for money laundering. The overall summary is that the document provides an overview of India's regulations for insurers to establish anti-money laundering programs and procedures to combat financial crimes.
The document discusses money laundering, including defining it, describing the process, and providing case studies. Money laundering is defined as disguising illegally obtained money to make it appear legitimate. The process typically involves three stages: placement, layering, and integration. Placement involves putting dirty money into the financial system. Layering involves separating the money from its source through transactions. Integration makes the money appear clean. Case studies show how professionals like lawyers and accountants can be used to launder money through techniques like shell companies and structured transactions. Estimates suggest $600 billion to $2 trillion may be laundered annually, impacting economies and banking systems.
Vskills certification in KYC (Know Your Customer) and Anti Money Laundering Operation, is one of the first certifications in this area of banking sector. A Vskills Certified AML/KYC Officer finds employment in banking and banking ancillary firms, security and audit firms, and other small and medium enterprises.
http://www.vskills.in/certification/Certified-AML-KYC-Compliance-Officer
This document discusses combating money laundering in India. It provides an overview of the framework for combating money laundering, including the roles and responsibilities of banks and financial institutions. Key aspects covered are customer acceptance policies, know-your-customer procedures, monitoring suspicious transactions, and performance of the Financial Intelligence Unit. Examples of money laundering activities in India like import remittance scams, property deals, hawala transactions, and corporate frauds are also summarized as case studies.
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...Jitske de Bruijne
Financial Institutions continue to face heightened fines and regulatory scrutiny over their AML/CFT Programs. This e-book helps you to manage AML/CFT Programs.
This document provides an introduction to financial fraud, defining it as fraud involving a financial account or transaction. It focuses on retail payment card and deposit account fraud committed against innocent consumers (third party fraud) or by account holders themselves (first party fraud). Financial fraud is a serious and costly problem due to its negative economic impacts, with direct costs to victims and institutions as well as indirect costs like reduced consumer trust. Efforts are needed across multiple stakeholders to effectively prevent, detect and prosecute this evolving threat.
Money Laundering and Its Fall-out - ROLE OF INFORMATION TECHNOLOGY IN ANTI M...Resurgent India
In an effort to detect potential money laundering schemes, financial institutions have deployed anti-money laundering (AML) detection solutions and enterprise-wide procedural programs.
Cybercrime poses a significant threat to financial institutions, as criminals use phishing, pharming, and malware to gain sensitive customer information and commit fraud. For consumer accounts, financial institutions are generally liable for losses from unauthorized transactions, unless they had reasonable authentication methods in place. For business accounts, liability depends on whether the bank's security procedures were commercially reasonable and used in good faith. Courts have found banks liable for losses where they failed to properly monitor for suspicious transactions or implement recommended security features declined by customers. Financial institutions can help mitigate risks by using multiple authentication factors and keeping customers informed of security best practices.
Indonesia's Measures to prevent FinTech from abusing ML and TFClare O'Hare
Indonesia has implemented regulations to prevent fintech from being abused for money laundering and terrorism financing. Bank Indonesia and the Financial Services Authority (OJK) regulate fintech entities and require them to comply with anti-money laundering and countering the financing of terrorism (AML/CFT) laws. This includes customer due diligence, record keeping, identifying politically exposed persons, assessing new technologies, and internal controls. The Indonesian Financial Transaction Reports and Analysis Centre (PPATK) provides guidance to fintech firms on preventive measures and allows some flexibility for technologies like e-KYC, online customer identification, and regulatory sandboxes for new technologies. However, regulators remain cautious of vulnerabilities in fintech like cyberattacks
The document discusses the basics of anti-money laundering (AML) and know-your-customer (KYC) practices. It defines money laundering and the typical process involving placement, layering and integration of illegally obtained funds. It outlines AML and KYC policies, procedures, controls, and compliance measures financial institutions must implement including customer due diligence, transaction monitoring, and reporting of suspicious transactions. The role of cash in money laundering and obligations of bank officers to exercise vigilance and maintain their institution's reputation are also summarized.
Forensic accounting vs fraud examinationKolluru N Rao
This document discusses the key differences between forensic accounting and fraud examination. Forensic accounting refers to the application of accounting skills and techniques to legal matters and investigations, while fraud examination focuses specifically on fraud detection, prevention, and deterrence. Some key differences include forensic accountants helping enforce regulatory requirements and investigate economic crimes, while fraud examiners coordinate with management, law enforcement, and lawyers. Both fields require an understanding of relevant industries, data analysis skills, and knowledge of legal standards and privacy laws. Examples are given of major fraud cases that were uncovered through forensic accounting or fraud examination techniques.
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15Ken Givens
The document discusses EMV chip technology for credit and debit cards. It explains that EMV was developed in the 1990s by Europay, Mastercard, and Visa to provide global interoperability standards for chip-based payments. EMV chip cards contain secure microprocessors that reduce fraud from counterfeiting, lost, and stolen cards compared to magnetic stripe cards. The U.S. is behind in adopting EMV, but liability shifts taking effect in October 2015 will motivate merchants and banks to upgrade terminals and cards to the more secure EMV standard to avoid fraud-related costs.
Prevent banking frauds through identity managementGARL
What is the difference between private and retail banking in fraud management? Significant use of mobile devices (tablet, smartphone,...) and the growing number of fraud due to human factor are changing private banking management.
GARL presentation at Forum Banca 2013 describes fraud risks for private banking and how to manage them in a prevention plan.
The presentation was made as a collaboration with Banca Esperia (Mediobanca group).
This document summarizes the Prevention of Money Laundering Act of 2002 in India. It defines money laundering and outlines the key stages of money laundering. It also discusses how money laundering methods have evolved over time from bank-centered techniques to using new payment systems and non-profit organizations. The Act established obligations for banks, financial institutions, and intermediaries to maintain records and report suspicious transactions to combat money laundering. It requires reporting entities to appoint a Principal Officer and verify customer identity.
Ali AlMeshal - The need for a secure & trusted payment - ArmIGF 2015Arm Igf
This document discusses security issues with card not present transactions in e-commerce. It notes that as security has improved for card present transactions, fraud has shifted to card not present channels like online shopping and mobile commerce. Common types of e-commerce fraud are discussed like counterfeiting cards, account number generation, and data breaches. The document also examines factors that influence trust in e-commerce like perceived security and control mechanisms. It concludes that cooperation across commerce partners is needed to address fraud challenges through consistent guidelines and security tools.
This document summarizes a presentation on current trends in fraud prevention. It discusses common types of payment fraud like check, credit card, and wire transfer fraud. It also discusses challenges posed by holder in due course claims for check fraud. The presentation recommends implementing a fraud prevention matrix that combines procedural controls, check protection, transaction screening, and fraud protection services. It provides examples of specific fraud prevention tools and services offered by banks and third parties.
Anti-Money Laundering and Counter Financing of TerrorismPuni Hariaratnam
Money laundering involves disguising illegally obtained money to make it appear legitimate. It became a major issue in the 1920s and laws were passed in the 1980s to address it. Malaysia passed its Anti-Money Laundering and Anti-Terrorism Financing Act in 2001, placing reporting obligations on banks and requiring customer due diligence, record keeping, and compliance programs. Failure to comply can result in significant penalties from regulators and damage to a bank's reputation. However, many banks still fail to provide adequate anti-money laundering training to their staff.
Fraud continues to proliferate across financial institutions, through multiple lines of business and banking channels. Increasingly sophisticated criminal tactics and the proliferation of organized crime rings make detecting fraud difficult and preventing it nearly impossible. Adding to the complexity is increased globalization and growth through mergers and acquisition, which make it harder to effectively monitor multiple portfolios and business lines. The presentation discussus best practices and ideas around the prevention, investigation, and detection of possible fraudulent activities across multiple industries.
This document discusses anti-money laundering regulations and obligations for solicitors and credit unions. It provides an overview of key legislation, requirements for customer due diligence, identifying beneficial owners, reporting suspicious transactions, record keeping, and training staff. It notes the penalties for non-compliance and examples of suspicious activities and red flags that could trigger reporting obligations.
Money laundering involves disguising illegally obtained money to make it appear legitimate. Key aspects of preventing money laundering include complying with know-your-customer (KYC) norms, identifying suspicious transactions, and reporting cash and suspicious transactions to authorities on time. Banks must implement anti-money laundering measures like monitoring high-risk accounts, appointing compliance officers, and training staff to detect and deter money laundering activities.
The document outlines guidelines for anti-money laundering programs for insurers in India. It defines money laundering and its three stages: placement, layering, and integration. It discusses Know Your Customer (KYC) policies, including documentation requirements. It also covers risk profiling customers, suspicious transactions, reporting requirements, and penalties for money laundering. The overall summary is that the document provides an overview of India's regulations for insurers to establish anti-money laundering programs and procedures to combat financial crimes.
The document discusses money laundering, including defining it, describing the process, and providing case studies. Money laundering is defined as disguising illegally obtained money to make it appear legitimate. The process typically involves three stages: placement, layering, and integration. Placement involves putting dirty money into the financial system. Layering involves separating the money from its source through transactions. Integration makes the money appear clean. Case studies show how professionals like lawyers and accountants can be used to launder money through techniques like shell companies and structured transactions. Estimates suggest $600 billion to $2 trillion may be laundered annually, impacting economies and banking systems.
Vskills certification in KYC (Know Your Customer) and Anti Money Laundering Operation, is one of the first certifications in this area of banking sector. A Vskills Certified AML/KYC Officer finds employment in banking and banking ancillary firms, security and audit firms, and other small and medium enterprises.
http://www.vskills.in/certification/Certified-AML-KYC-Compliance-Officer
This document discusses combating money laundering in India. It provides an overview of the framework for combating money laundering, including the roles and responsibilities of banks and financial institutions. Key aspects covered are customer acceptance policies, know-your-customer procedures, monitoring suspicious transactions, and performance of the Financial Intelligence Unit. Examples of money laundering activities in India like import remittance scams, property deals, hawala transactions, and corporate frauds are also summarized as case studies.
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...Jitske de Bruijne
Financial Institutions continue to face heightened fines and regulatory scrutiny over their AML/CFT Programs. This e-book helps you to manage AML/CFT Programs.
This document provides an introduction to financial fraud, defining it as fraud involving a financial account or transaction. It focuses on retail payment card and deposit account fraud committed against innocent consumers (third party fraud) or by account holders themselves (first party fraud). Financial fraud is a serious and costly problem due to its negative economic impacts, with direct costs to victims and institutions as well as indirect costs like reduced consumer trust. Efforts are needed across multiple stakeholders to effectively prevent, detect and prosecute this evolving threat.
Money Laundering and Its Fall-out - ROLE OF INFORMATION TECHNOLOGY IN ANTI M...Resurgent India
In an effort to detect potential money laundering schemes, financial institutions have deployed anti-money laundering (AML) detection solutions and enterprise-wide procedural programs.
Cybercrime poses a significant threat to financial institutions, as criminals use phishing, pharming, and malware to gain sensitive customer information and commit fraud. For consumer accounts, financial institutions are generally liable for losses from unauthorized transactions, unless they had reasonable authentication methods in place. For business accounts, liability depends on whether the bank's security procedures were commercially reasonable and used in good faith. Courts have found banks liable for losses where they failed to properly monitor for suspicious transactions or implement recommended security features declined by customers. Financial institutions can help mitigate risks by using multiple authentication factors and keeping customers informed of security best practices.
Indonesia's Measures to prevent FinTech from abusing ML and TFClare O'Hare
Indonesia has implemented regulations to prevent fintech from being abused for money laundering and terrorism financing. Bank Indonesia and the Financial Services Authority (OJK) regulate fintech entities and require them to comply with anti-money laundering and countering the financing of terrorism (AML/CFT) laws. This includes customer due diligence, record keeping, identifying politically exposed persons, assessing new technologies, and internal controls. The Indonesian Financial Transaction Reports and Analysis Centre (PPATK) provides guidance to fintech firms on preventive measures and allows some flexibility for technologies like e-KYC, online customer identification, and regulatory sandboxes for new technologies. However, regulators remain cautious of vulnerabilities in fintech like cyberattacks
The document discusses the basics of anti-money laundering (AML) and know-your-customer (KYC) practices. It defines money laundering and the typical process involving placement, layering and integration of illegally obtained funds. It outlines AML and KYC policies, procedures, controls, and compliance measures financial institutions must implement including customer due diligence, transaction monitoring, and reporting of suspicious transactions. The role of cash in money laundering and obligations of bank officers to exercise vigilance and maintain their institution's reputation are also summarized.
The document discusses the evolving landscape of card and identity fraud, noting that:
1) Today's fraud is more sophisticated, complex, and organized than historical fraud, with criminal groups acquiring large volumes of consumer data from multiple sources and using it for various fraud schemes.
2) A key development is the targeting of PIN data, allowing criminals to withdraw cash directly from ATMs or make PIN debit purchases.
3) "Phishing" scams, where consumers are tricked into providing sensitive details, have become a major data acquisition method for criminals. Financial institutions are the most common phishing targets.
Webcast - how can banks defend against fraud?Uniphore
The Annual Global Fraud Survey, commissioned by Kroll and carried out by the Economist Intelligence Unit, reports that businesses lose nearly 1.6% of their revenue to fraud. While global banks are utilizing IT solutions to safeguard themselves from cyber and online phishing attacks, our webcast helps you understand an innovative and cutting edge technology which can help you to:
* Stop revenue loss on fraud/identity thefts
* Prevent customers from cyber attacks
* Ensure 100% fail-proof customer authentication
* Provide confidence to customers and improve CSAT
* Protect banking information and customer data breach
Timur AITOV NPC Kaliningrad ENGLISH VERSIONTimur AITOV
This document discusses security as a key factor for the successful development of remote payments in Russia. It outlines new fraud schemes and targeted cyber attacks as threats. The document emphasizes that convenience must be balanced with security, as lack of security undermines other benefits. It proposes strengthened security technologies, organizational practices, and laws to protect consumers while not overcomplicating payments. Reliable protection of new payment technologies is seen as crucial to building customer trust and loyalty.
This research paper analyzes ATM fraud, including cash withdrawal fraud, fund transfer fraud, password hacking, and pin misplacement. The paper proposes combining biometric identification like thumbprint scans with PINs to authenticate ATM users and reduce fraud. Currently, fraudsters can use stolen card information and PINs obtained through phishing emails to commit ATM fraud. The paper suggests designing ATMs with integrated biometric scanners without slowing down transaction speeds to strengthen security.
The document discusses commercial banks in India. It defines commercial banks as financial institutions that raise funds through deposits and make loans. It outlines the different types of commercial banks in India, including public sector banks, foreign banks, and private sector banks. It describes the key functions of commercial banks such as accepting deposits, lending money, transferring funds, and acting as trustees. It also discusses the sources of funds for commercial banks, technological reforms in the banking sector, and the regulatory role of the Reserve Bank of India over commercial banks. In the end, it notes some weaknesses faced by commercial banks and their future plans to improve services and expand business.
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...Pairat Srivilairit
Combating Fraud : Putting in Place an Effective Audit System to Detect and Prevent Fraud
The 9th - Cyber Defense Initiative Conference 2009 - (CDIC 2009)
10th-11th November 2009 Queen Sirikit National Convention Center
By Pairat Srivilairit, CIA, CISA, CBA, CCSA, CFSA, CISSP, CFE
Tuesday, 10 November 2009 15:15-16:00 hrs
Combating Fraud: Putting in Place an Effective Audit System to Detect and Prevent Fraud (45 min)
Key Indicators of Fraud
Types of Fraud in Activities Reviewed
Prevention Aids by Internal Auditors
Detection and Investigation Techniques
Summary
Combating Fraud: Putting in Place an Effective Audit System to Detect and Prevent Fraud discusses implementing effective fraud detection and prevention measures. It outlines key indicators of fraud, common types of occupational fraud seen in various industries and activities, techniques used by internal auditors to detect and investigate fraud, and methods to limit fraud losses such as surprise audits and job rotation. The speaker is an experienced auditor who provides expertise on implementing anti-fraud controls and detecting insider threats in the banking sector.
This document summarizes current trends on KYC regulations:
1. It discusses risk-based and tiered customer identification systems that categorize customers as low, normal, or high risk and require different levels of due diligence.
2. International wire transfers and ensuring KYC is properly performed through documentation are also covered.
3. Enforcement actions taken by regulators are mentioned as well to ensure compliance with KYC regulations.
Payment fraud is a persistent threat in today's digital world. Even some of these fraud events were found connected with the best credit card payment companies to top credit card payment processing. Visit us at: https://webpays.com/best-credit-card-payment-companies.html
We had another great webinar presented by Dave Hammarberg (Director of IT and Consulting Senior Manager) and Jim Shellenberger (Senior Manager) with McKonly & Asbury! Thank you to everyone that attended and received CPE credit.
We discussed what skimming is and went into a discussion of several examples and how to detect and prevent your organization from becoming a victim of skimming.
Check out our Upcoming Events page for news and updates on our future seminars and webinars.
For more information on this topic or to submit a question for Dave or Jim, use our contact page at www.macpas.com/contact.
www.macpas.com/webinar-recap-skimming-what-the-auditors-miss
Money Laundering in the Art, Collectibles, and Luxury Goods IndustryBrandonRuse1
Money laundering and fraud cases in the rare art and luxury goods industry are increasing as the gap between resources and budgets is being widened by COVID-19.
Skillwise Know your Customer & Money LaunderingSkillwise Group
This document discusses money laundering and prevention measures for bankers. It defines money laundering and the process of placement, layering and integration. It emphasizes the importance of customer due diligence, compliance with laws, and identifying irregular or suspicious transactions to observe rules for bankers and prevent money laundering.
The document discusses the relationship between banks and their customers. It notes that there is a general relationship where banks accept deposits and provide loans, making the bank a debtor and customer a creditor or vice versa. It also describes special relationships where banks provide additional services, taking on roles like trustee, bailee, lessor, and custodian. The rest of the document covers topics like the importance and benefits of customer relationship management (CRM) in banking, strategies adopted in the banking sector using CRM, types of e-banking services provided, challenges of e-banking, the role of financial technology, tax havens, know your customer (KYC) norms, and anti-money laundering measures.
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_A Risk-Based A...spirecorporate
Regulators should take a risk-based approach to mobile financial services regulation. While services may be provided by telcos or banks, all involve both entities at some level. Financial regulators are appropriate to oversee issues involving safeguarding of money. Key risks include fraud, technical failures, money laundering, and lack of consumer protection; common controls address transaction limits, KYC, agent management, and more. Examples show tiered KYC and deposit limits based on risk.
The document discusses internet banking or e-banking. It provides a history of e-banking starting in the 1980s and defines e-banking as conducting financial transactions through a secure bank website. It describes the types of e-banking services available and provides statistics on its popularity in India. It also discusses how banks currently use the internet, examples of e-banking products/services, online banking frauds and risks, and recommendations to improve online banking.
The document discusses Malta's new regulatory framework for virtual financial assets (VFAs) established by the Virtual Financial Assets Act. It provides an overview of the key aspects of the Act, including defining VFAs, regulating initial VFA offerings, VFA service providers, and VFA agents. It also discusses the financial instrument test and transitional provisions. The overall aim of the framework is to support innovation while ensuring investor protection, market integrity, and financial stability.
Similar to Is security perspectives from banking industry - aguma mpairwe (20)
Easily Verify Compliance and Security with Binance KYCAny kyc Account
Use our simple KYC verification guide to make sure your Binance account is safe and compliant. Discover the fundamentals, appreciate the significance of KYC, and trade on one of the biggest cryptocurrency exchanges with confidence.
Digital Marketing with a Focus on Sustainabilitysssourabhsharma
Digital Marketing best practices including influencer marketing, content creators, and omnichannel marketing for Sustainable Brands at the Sustainable Cosmetics Summit 2024 in New York
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Stone Art Hub
Stone Art Hub offers the best competitive Marble Pricing in Dubai, ensuring affordability without compromising quality. With a wide range of exquisite marble options to choose from, you can enhance your spaces with elegance and sophistication. For inquiries or orders, contact us at ☎ 9928909666. Experience luxury at unbeatable prices.
Understanding User Needs and Satisfying ThemAggregage
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
• Introduce a taxonomy for user goals with real world examples
• Present the Onion Diagram, a tool for contextualizing task-level goals
• Illustrate how customer journey maps capture activity-level and task-level goals
• Demonstrate the best approach to selection and prioritization of user-goals to address
• Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
𝐔𝐧𝐯𝐞𝐢𝐥 𝐭𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐄𝐧𝐞𝐫𝐠𝐲 𝐄𝐟𝐟𝐢𝐜𝐢𝐞𝐧𝐜𝐲 𝐰𝐢𝐭𝐡 𝐍𝐄𝐖𝐍𝐓𝐈𝐃𝐄’𝐬 𝐋𝐚𝐭𝐞𝐬𝐭 𝐎𝐟𝐟𝐞𝐫𝐢𝐧𝐠𝐬
Explore the details in our newly released product manual, which showcases NEWNTIDE's advanced heat pump technologies. Delve into our energy-efficient and eco-friendly solutions tailored for diverse global markets.
The Genesis of BriansClub.cm Famous Dark WEb PlatformSabaaSudozai
BriansClub.cm, a famous platform on the dark web, has become one of the most infamous carding marketplaces, specializing in the sale of stolen credit card data.
How to Implement a Real Estate CRM SoftwareSalesTown
To implement a CRM for real estate, set clear goals, choose a CRM with key real estate features, and customize it to your needs. Migrate your data, train your team, and use automation to save time. Monitor performance, ensure data security, and use the CRM to enhance marketing. Regularly check its effectiveness to improve your business.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
3 Simple Steps To Buy Verified Payoneer Account In 2024SEOSMMEARTH
Buy Verified Payoneer Account: Quick and Secure Way to Receive Payments
Buy Verified Payoneer Account With 100% secure documents, [ USA, UK, CA ]. Are you looking for a reliable and safe way to receive payments online? Then you need buy verified Payoneer account ! Payoneer is a global payment platform that allows businesses and individuals to send and receive money in over 200 countries.
If You Want To More Information just Contact Now:
Skype: SEOSMMEARTH
Telegram: @seosmmearth
Gmail: seosmmearth@gmail.com
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This PowerPoint compilation offers a comprehensive overview of 20 leading innovation management frameworks and methodologies, selected for their broad applicability across various industries and organizational contexts. These frameworks are valuable resources for a wide range of users, including business professionals, educators, and consultants.
Each framework is presented with visually engaging diagrams and templates, ensuring the content is both informative and appealing. While this compilation is thorough, please note that the slides are intended as supplementary resources and may not be sufficient for standalone instructional purposes.
This compilation is ideal for anyone looking to enhance their understanding of innovation management and drive meaningful change within their organization. Whether you aim to improve product development processes, enhance customer experiences, or drive digital transformation, these frameworks offer valuable insights and tools to help you achieve your goals.
INCLUDED FRAMEWORKS/MODELS:
1. Stanford’s Design Thinking
2. IDEO’s Human-Centered Design
3. Strategyzer’s Business Model Innovation
4. Lean Startup Methodology
5. Agile Innovation Framework
6. Doblin’s Ten Types of Innovation
7. McKinsey’s Three Horizons of Growth
8. Customer Journey Map
9. Christensen’s Disruptive Innovation Theory
10. Blue Ocean Strategy
11. Strategyn’s Jobs-To-Be-Done (JTBD) Framework with Job Map
12. Design Sprint Framework
13. The Double Diamond
14. Lean Six Sigma DMAIC
15. TRIZ Problem-Solving Framework
16. Edward de Bono’s Six Thinking Hats
17. Stage-Gate Model
18. Toyota’s Six Steps of Kaizen
19. Microsoft’s Digital Transformation Framework
20. Design for Six Sigma (DFSS)
To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations
2. DEFINITIONS
INFORMATION SECURITY - ‘THE PROCESS BY
WHICH AN ORGANISATION PROTECTS AND
SECURES ITS SYSTEMS, MEDIA AND
FACILITIES THAT PROCESS AND MAINTAIN
INFORMATION VITAL TO ITS OPERATIONS’ –
FFIEC
BANKING – ‘THE BUSINESS ACTIVITY OF
ACCEPTING AND SAFEGUARDING THE
MONEY OWNED BY OTHER INDIVIDUALS AND
ENTITIES THEN LENDING OUT THIS MONEY IN
ORDER TO EARN A PROFIT’ - INVESTORWORDS
3. IT SECURITY AND AUDIT BEST
PRACTICES - BANKS
FEDERAL FINANCIAL INSTITUTIONS
EXAMINATIONS COUNCIL (FFIEC).
FFIEC IT EXAMINATION BOOKLETS
FFIEC – US BASED ORGANISATION THAT
BRINGS TOGETHER ALL REGULATORS OF
THE US FINANCIAL SYSTEM
4. BANKING ACTIVITIES - GENERAL
RECEIPT OF DEPOSITS (CASH,CHEQUE OR
ELECTRONIC)
SAFEGUARDING OF DEPOSITS
LENDING OF DEPOSITS TO OTHER PARTIES
INVESTMENT AND TREASURY ACTIVITIES – PLACEMENT
OF FUNDS, FOREX TRADING, DERIVATIVES TRADING
AVAILING FUNDS TO THOSE THAT WISH TO WITHDRAW
THEM
GENERAL MANAGEMENT, ACCOUNTING AND
ADMINISTRATION
ALL THE ABOVE WILL INVOLVE THE USE OF SOME
FORM OF IT SYSTEM OR OTHER
ALL THE PROCESSES ABOVE PRESENT RISKS THAT
CAN BE EXPLOITED FOR PURPOSES OF FRAUD
IT SECURITY IS PARAMOUNT
5. BANKING ACTIVITIES
BANKS IN THE ‘TRUST’ BUSINESS
LEGAL, PROFESSIONAL AND ETHICAL
OBLIGATION TO KEEP CUSTOMER INFORMATION
AND AFFAIRS CONFIDENTIAL –
‘A FINANCIAL INSTITUTION’S EARNINGS, AND
CAPITAL CAN BE ADVERSELY AFFECTED IF
INFORMATION BECOMES KNOWN TO
UNAUTHORISED PARTIES, IS ALTERED, OR IS NOT
AVAILABLE WHEN IT IS NEEDED’ – FFIEC
ADVERSE PUBLICITY CAN LEAD TO
REPUTATIONAL RISK AND IN THE WORST CASE A
RUN ON A BANK.
THE ‘C.I.A’ - CONFIDENTIALITY, INTEGRITY AND
AVAILABILITY OF INFORMATION PARAMOUNT
7. CHANGING BANK FRAUD AND
FRAUSTER PROFILE -
UGANDA
IN THE EARLY 2000’s AND BEFORE
KEY FRAUDS WERE
CHEQUE FRAUD, FORGED, ALTERED,
COUNTERFEIT.
DEPOSIT SLIP FRAUD
TYPICAL FRAUDSTER – MALE, 35 YEAR
OLD, LIMITED EDUCATION.
8. CHANGING BANK FRAUD AND
FRAUSTER PROFILE -
UGANDA
MID- 2005 TO DATE
ELECTRONIC FRAUD
ATM FRAUD
IN HOUSE BANK FRAUD – BY BANK EMPLOYEES
EITHER ALONE OR IN COLLUSION WITH
OUTSIDERS
TYPICAL FRAUDSTER – MALE OR FEMALE,
BANK EMPLOYEE, TRUSTED INSIDER,
EDUCATED, UNIVERSITY GRADUATE, IT
LITERATE (NOT NECESSARILY EXPERT!),
9. ONLINE FRAUD -
IMPLICATIONS
71% MORE CAUTIOUS WHEN SHOPPING
ONLINE
67% MORE ATTENTIVE WHEN PROVIDING
FINANCIAL AND PERSONAL INFORMATION TO
WEBSITES
28% ABANDON A PURCHANSE IF RE-
DIRECTED TO ANOTHER SITE TO PROVIDE
PAYMENT INFORMATION
15% STOPPED SHOPPING ALTOGETHER AS A
RESULT OF ONLINE FRAUD CONCERNS –
USA SURVEY
10. INFORMATION WEBSITES
POTENTIAL LIABILITY AND CONSUMER VIOLATIONS
FOR INACCURATE OR INCOMPLETE INFORMATION
ABOUT PRODUCTS, SERVICES, AND PRICING
PRESENTED ON THE WEBSITE;
POTENTIAL ACCESS TO CONFIDENTIAL FINANCIAL
INSTITUTION OR CUSTOMER INFORMATION IF THE
WEBSITE IS NOT PROPERLY ISOLATED FROM THE
FINANCIAL INSTITUTION'S INTERNAL NETWORK;
POTENTIAL LIABILITY FOR SPREADING VIRUSES AND
OTHER MALICIOUS CODE TO COMPUTERS
COMMUNICATING WITH THE INSTITUTION'S WEBSITE;
AND
NEGATIVE PUBLIC PERCEPTION IF THE INSTITUTION'S
ON-LINE SERVICES ARE DISRUPTED OR IF ITS WEBSITE
IS DEFACED OR OTHERWISE PRESENTS
INAPPROPRIATE OR OFFENSIVE MATERIAL. -FFIEC
11. TRANSACTIONAL WEBSITES
SECURITY CONTROLS FOR SAFEGUARDING
CUSTOMER INFORMATION;
AUTHENTICATION PROCESSES -VERIFY THE
IDENTITY OF NEW CUSTOMERS AND AUTHENTICATE
EXISTING CUSTOMERS WHO ACCESS E-BANKING
SERVICES;
LIABILITY FOR UNAUTHORIZED TRANSACTIONS;
LOSSES FROM FRAUD IF THE INSTITUTION FAILS TO
VERIFY THE IDENTITY OF INDIVIDUALS OR
BUSINESSES APPLYING FOR NEW ACCOUNTS OR
CREDIT ON-LINE - FFIEC
12. .
RETAIL SERVICES WHOLESALE SERVICES
ACCOUNT MANAGEMENT ACCOUNT MANAGEMENT
BILL PAYMENT AND
PRESENTMENT
CASH MANAGEMENT
NEW ACCOUNT OPENING SMALL BUSINESS LOAN
APPLICATIONS, APPROVALS, OR
ADVANCES
CONSUMER WIRE
TRANSFERS
INVESTMENT/BROKERAGE
SERVICES
COMMERCIAL WIRE TRANSFERS
LOAN APPLICATION AND
APPROVAL
BUSINESS-TO-BUSINESS PAYMENTS
ACCOUNT AGGREGATION
EMPLOYEE BENEFITS/PENSION
ADMINISTRATION
13. TRANSACTIONAL WEBSITES
POSSIBLE VIOLATIONS OF LAWS OR
REGULATIONS PERTAINING TO CONSUMER
PRIVACY, ANTI-MONEY LAUNDERING, ANTI-
TERRORISM, OR THE CONTENT, TIMING, OR
DELIVERY OF REQUIRED CONSUMER
DISCLOSURES; AND
NEGATIVE PUBLIC PERCEPTION, CUSTOMER
DISSATISFACTION, AND POTENTIAL LIABILITY
RESULTING FROM FAILURE TO PROCESS THIRD-
PARTY PAYMENTS AS DIRECTED OR WITHIN
SPECIFIED TIME FRAMES, LACK OF AVAILABILITY
OF ON-LINE SERVICES, OR UNAUTHORIZED
ACCESS TO CONFIDENTIAL CUSTOMER
INFORMATION DURING TRANSMISSION OR
STORAGE. - FFIEC
15. ATM/CARD- FRAUD
WHO PICKS UP THE COST IF YOUR CARD
IS MISUSED, YOU OR YOUR BANK?
SOUTH AFRICA - TOTAL VALUE OF ONLINE
TRANSACTIONS – USD $285 MILLION
SOUTH AFRICA - 2009 TOTAL LOSSES TO
BANKING INDUSTRY DUE TO LOST AND
STOLEN CARDS – USD 13MILLION –
PERSONAL FINANCE
16. ATM/DEBIT/CREDIT CARD –
RISKS
CARD INFORMATION HELD IN MAGNETIC STRIPE
INCLUDING PRIMARY ACCOUNT NUMBER, EXPIRY
DATE,
CARD CAN BE CLONED, IF DETAILS ON MAGNETIC
STRIPE CAN BE COPIED USING SKIMMING
DEVICES
CARD CAN BE STOLEN/LOST
USED FOR ‘CARDHOLDER NOT PRESENT’
TRANSACTIONS – OVER PHONE OR ONLINE
PIN CAN BE OBTAINED USING HIDDEN CAMERAS
IN ATM LOCATION OR CCTV CAMERAS IN VIEW OF
THE KEYPAD!
17. CARD SKIMMING
INVOLVES THE USE OF DEVICES THAT READ CARD
DETAILS CONTAINED IN THE MAGNETIC STRIP OF
THE CARD
CAB BE PLACED IN THE ATM CARD SLOT
OR CAN BE HAND HELD (POCKET)
RESTAURANTS HIGH RISK!
BEGAN TO OBSERVE COMPLAINTS IN UGANDA
DISCUSSION AT BANKERS ASSOSCIATION FRAUD
AND FORGERIES SUB-COMMITTEE
CASES OF FRAUD REPORTED BY MEMBER BANKS
CUSTOMERS USUALLY HAD TRAVELLED ABROAD AT
SOME POINT IN TIME
SOUTH AFRICA – MENTIONED AS A DESINATION
VISITED IN SOME CASES
18. CARD SKIMMING
ABSA 177 ARRESTS, 26 SKIMMING
DEVICES CAPTURED IN 2011 - PERSONAL
FINANCE
COST TO THE US - $60 MILLION PER
YEAR! – CSO ONLINE
19. ATM RISK MITIGANTS
CHIP AND PIN BASED CARDS.
AWARENESS TRAINING FOR CUSTOMERS!!
PHYSICAL SECURITY
CAUTION AT ATM SITES – WATCH OUT FOR
CAMERA’S, SKIMMING DEVICES
SHIELD ENTRY OF PIN AT ATM WITH
HAND/WALLET
REGULAR CHECKING OF CARD BALANCES
MERCHANT TRAINING
20. INTERNAL ACCOUNT
TRANSFERS
INCRESINGLY COMMON FRAUD IN INDUSTRY
INVOLVES UNAUTHORISED ‘CREATION’ OF
DEPOSITS
DEBIT ‘OVERCROWDED’ ACCOUNT WITH
SEVERAL ITEMS DIFFICULT TO TRACE E.G
SUSPENSE ACCOUNT
CREDIT IS MADE TO CUSTOMER ACCOUNT
FUNDS ARE WITHDRAWN!
21. POSSIBLE SOLUTIONS
COMBINATION OF ROLE BASED ACCESS AND
LEAST PRIVILEDGE RESTRICTIONS CAN BE
ENFORCED
RESTRICT TELLER OR OPERATIONS STAFF
ABILITY TO POST TRANSACTIONS TO
ADMINISTRATIVE ACCOUNTS E.G FIXED ASSET
ACCCOUNTS
RESTRIC FINANCE DEPARTMENT STAFF
ABILITY TO POST TRANSACTIONS DIRECTLY
TO CUSTOMER ACCOUNTS
G.L AUDIT REVIEW –PERIODIC
CLEAR TIMELINES FOR CLEARING OFF ITEMS
IN SUSPENSE, TRANSIT AND CLEARING
ACCOUNTS
22. IT PROJECT MANAGEMENT
RISKS
INADEQUATE SECURITY FEATURES ENFORCED
DURING IMPLEMENTATION OF IT APPLICATION
SYSTEMS
OBSERVED IN BANKING INDUSTRY IN THE PAST
MUST PROVIDE FOR:
GENERAL ACCESS CONTROLS
IDENTIFICATION AND AUTHENTICATION CONTROLS
AUDIT TRAIL
COMMUNICATION CONTROLS – KELLY KIM 2008
DATA MIGRATION CONTROLS – IMPORTANT
TAKE ACCOUNT OF FACT THAT BANK SYSTEMS MAY
NEED TO BE ONLINE 24/7/365
23. PROJECT MANAGEMENT
PROJECT MANAGEMENT –
BASELINE CONTROLS IMPLEMENTED
IS AUDIT INVOLVEMENT
POST IMPLEMENTATION REVIEW
REGULATORY CERTIFICATION PRE -
IMPLEMENTATION
24. TREASURY
HIGH RISK AREA
BANK IS INVESTING OR TRADING
MONEY MARKET PRODUCTS
FOREIGN CURRENCY (FX)
DERIVATIVES
TRANSACTION SIZES MAY BE VERY LARGE
POTENTIAL FOR PROFIT/LOSSES MAY BE
VERY LARGE DEPENDING ON MARKET
CONDITIONS
25. TREASURY RISK
APPROVAL TO COMMIT THE BANK GIVEN TO
TRADERS BEFORE TRANSACTION THROUGH THE
USE OF VARIOUS LIMITS
MONITORING OF COMPLIANCE WITH LIMITS IS
CRITICAL TO RISK MANAGEMENT IN TRASURY
SEGREGATION OF DUTIES IS ALSO CRITICAL (
FRONT OFFICE, MIDDLE OFFICE, BACK OFFICE)
TRADERS MUST NO HAVE ACCESS TO RATE
REVALUATION SYSTEMS – COULD HIDE LOSSES
TRADERS SHOULD NOT HAVE ACCESS TO
CONFIRMATION AND SETTLEMENT SYSTEMS –
COULD HIDE TRADES AND LOSSES
IT SECURITY DESIGN IMPORTANT TO DEAL WITH
THESE ISSUES
26. TREASURY –KEY BANK
LOSSES/FRAUDS
2002 TRADER JOHN RUSNACK - £485 MILLION
LOSS TO ALLIED IRISH BANK – TAMPERED WITH
REUTERS RATES FEED
2008 TRADER JEROME KERVIEL – $ 7 BILLION
LOSS – HAD PREVIOUSLY WORKED IN BACK
OFFICE, HID TRANSACTIONS (TRADES),
FALSIFIED E-MAIL, - FVTER
1995 – trader NICK LEESON – HID £865M LOSSES,
BROUGHT DOWN BARINGS BANK…..INTEGRATED IT
SYSTEMS COULD HAVE PREVENTED BANK
COLLAPSE - COMPUTERWEEKLY
28. IT GOVERNANCE
‘FINANCIAL INSTITUTIONS SHOULD
IMPLEMENT AN ONGOING SECURITY
PROCESS AND INSTITUTE APPROPRIATE
GOVERNANCE FOR THE SECURITY
FUNCTION, ASSIGNING CLEAR AND
APPROPRIATE ROLES AND
RESPONSIBILITIES TO THE BOARD OF
DIRECTORS, MANAGEMENT AND
EMPLOYEES’ - FFIEC
29. IS SECURITY STRATEGY
FINANCIAL INSTITUTIONS SHOULD DEVELOP A
STRATEGY THAT DEFINES CONTROL OBJECTIVES
AND ESTABLISHES AN IMPLEMENTATION PLAN.
THE SECURITY STRATEGY SHOULD INCLUDE
APPROPRIATE CONSIDERATION OF PREVENTION,
DETECTION, AND RESPONSE MECHANISMS,
IMPLEMENTATION OF THE LEAST PERMISSIONS
AND LEAST PRIVILEGES CONCEPTS,
LAYERED CONTROLS THAT ESTABLISH MULTIPLE
CONTROL POINTS BETWEEN THREATS AND
ORGANIZATION ASSETS, AND
POLICIES THAT GUIDE OFFICERS AND
EMPLOYEES IN IMPLEMENTING THE SECURITY
PROGRAM. -FFIEC
30. IT RISK ASSESSMENT
GATHERS DATA REGARDING THE INFORMATION AND
TECHNOLOGY ASSETS OF THE ORGANIZATION,
THREATS TO THOSE ASSETS, VULNERABILITIES,
EXISTING SECURITY CONTROLS AND PROCESSES,
AND THE CURRENT SECURITY STANDARDS AND
REQUIREMENTS;
ANALYZES THE PROBABILITY AND IMPACT
ASSOCIATED WITH THE KNOWN THREATS AND
VULNERABILITIES TO THEIR ASSETS; AND
PRIORITIZES THE RISKS PRESENT DUE TO THREATS
AND VULNERABILITIES TO DETERMINE THE
APPROPRIATE LEVEL OF TRAINING, CONTROLS, AND
ASSURANCE NECESSARY FOR EFFECTIVE
MITIGATION. - FFIEC
31. IT RISK ASSESSMENT
BOTH TECHNICAL AND NON-TECHNICAL
INFORMATION SHOULD BE GATHERED.
TECHNICAL INFORMATION –
NETWORK MAPS DETAILING INTERNAL AND
EXTERNAL CONNECTIVITY;
HARDWARE AND SOFTWARE INVENTORIES;
DATABASES AND FILES THAT CONTAIN CRITICAL
AND/OR CONFIDENTIAL INFORMATION;
PROCESSING ARRANGEMENTS AND INTERFACES
WITH EXTERNAL ENTITIES;
HARDWARE AND SOFTWARE CONFIGURATIONS;
POLICIES, STANDARDS, AND PROCEDURES FOR THE
OPERATION, MAINTENANCE, UPGRADING, AND
MONITORING OF TECHNICAL SYSTEMS.- FFIEC
32. IT RISK ASSESSMENT
NON-TECHNICAL INFORMATION
POLICIES, STANDARDS, AND PROCEDURES ADDRESSING
PHYSICAL SECURITY (INCLUDING FACILITIES AS WELL AS
INFORMATION ASSETS THAT INCLUDE LOAN
DOCUMENTATION, DEPOSIT RECORDS AND SIGNATURE
CARDS, AND KEY AND ACCESS CODE LISTS),
PERSONNEL SECURITY (INCLUDING HIRING BACKGROUND
CHECKS AND BEHAVIOUR MONITORING),
VENDOR CONTRACTS, PERSONNEL SECURITY TRAINING
AND EXPERTISE, AND
INSURANCE COVERAGE.
ADDITIONALLY, INFORMATION REGARDING CONTROL
EFFECTIVENESS SHOULD BE GATHERED. TYPICALLY, THAT
INFORMATION COMES FROM SECURITY MONITORING,
INCLUDING SELF-ASSESSMENTS, METRICS, AND
INDEPENDENT TESTS.
FFIEC
33. IT SYSTEMS ASSESSMENT
‘SOME SYSTEMS AND DATA STORES MAY
NOT BE READILY APPARENT. FOR
EXAMPLE, BACKUP TAPES, PORTABLE
COMPUTERS, PERSONAL DIGITAL
ASSISTANTS, MEDIA SUCH AS COMPACT
DISKS, MICRO DRIVES, AND DISKETTES,
AND MEDIA USED IN SOFTWARE
DEVELOPMENT AND TESTING SHOULD
BE CONSIDERED’. - FFIEC
34. IT THREATS AND
VULNERABILITIES
THREATS -EVENTS THAT COULD CAUSE HARM TO
THE CONFIDENTIALITY, INTEGRITY, OR
AVAILABILITY OF INFORMATION OR INFORMATION
SYSTEMS.
EXPLOITING A VULNERABILITY TO CAUSE HARM
THROUGH THE UNAUTHORIZED DISCLOSURE,
MISUSE, ALTERATION, OR DESTRUCTION OF
INFORMATION OR INFORMATION SYSTEMS.
INTERNAL (MALICIOUS OR INCOMPETENT
EMPLOYEES, CONTRACTORS, SERVICE
PROVIDERS, AND FORMER INSIDERS)
EXTERNAL (CRIMINALS, RECREATIONAL
HACKERS, COMPETITORS, AND TERRORISTS). -
FFIEC
35. IT THREATS AND
VULNERABILITIES
VULNERABILITIES - WEAKNESSES IN A SYSTEM,
OR CONTROL GAPS THAT, IF EXPLOITED, COULD
RESULT IN THE UNAUTHORIZED DISCLOSURE,
MISUSE, ALTERATION, OR DESTRUCTION OF
INFORMATION OR INFORMATION SYSTEMS.
VULNERABILITIES ARE GENERALLY GROUPED
INTO TWO TYPES: KNOWN AND EXPECTED. - FFIEC
36. VULNERABILITIES
KNOWN VULNERABILITIES - DISCOVERED BY TESTING
OR OTHER REVIEWS OF THE ENVIRONMENT,
KNOWLEDGE OF POLICY WEAKNESSES, KNOWLEDGE
OF INADEQUATE IMPLEMENTATIONS, AND KNOWLEDGE
OF PERSONNEL ISSUES. .
EXPECTED VULNERABILITIES - THOSE THAT CAN
REASONABLY BE ANTICIPATED TO ARISE IN THE
FUTURE. EXAMPLES
UNPATCHED SOFTWARE,
NEW AND UNIQUE ATTACK METHODOLOGIES THAT
BYPASS CURRENT CONTROLS,
EMPLOYEE AND CONTRACTOR FAILURES TO PERFORM
SECURITY DUTIES SATISFACTORILY,
PERSONNEL TURNOVER - FFIEC
37. IT SECURITY POLICY
KEY ACTIONS THAT CONTRIBUTE TO THE SUCCESS OF
A SECURITY POLICY ARE
IMPLEMENTING THROUGH ORDINARY MEANS, SUCH AS
SYSTEM ADMINISTRATION PROCEDURES AND
ACCEPTABLE-USE POLICIES;
ENFORCING POLICY THROUGH SECURITY TOOLS AND
SANCTIONS;
DELINEATING THE AREAS OF RESPONSIBILITY FOR
USERS, ADMINISTRATORS, AND MANAGERS;
COMMUNICATING IN A CLEAR, UNDERSTANDABLE
MANNER TO ALL CONCERNED;
OBTAINING EMPLOYEE CERTIFICATION THAT THEY
HAVE READ AND UNDERSTOOD THE POLICY;
PROVIDING FLEXIBILITY TO ADDRESS CHANGES IN THE
ENVIRONMENT; AND
CONDUCTING ANNUALLY A REVIEW AND APPROVAL BY
THE BOARD OF DIRECTORS. - FFIEC
38. SECURITY DOMAINS
A SECURITY DOMAIN IS A PART OF THE SYSTEM WITH ITS
OWN POLICIES AND CONTROL MECHANISMS.
SECURITY DOMAINS FOR A NETWORK ARE TYPICALLY
CONSTRUCTED FROM ROUTING CONTROLS AND
DIRECTORIES.
DOMAINS CONSTRUCTED FROM ROUTING CONTROLS MAY
BE BOUNDED BY NETWORK PERIMETERS WITH PERIMETER
CONTROLS.
THE PERIMETERS SEPARATE WHAT IS NOT TRUSTED FROM
WHAT MAY BE TRUSTWORTHY. THE PERIMETERS SERVE
AS WELL-DEFINED TRANSITION POINTS BETWEEN TRUST
AREAS WHERE POLICY ENFORCEMENT AND MONITORING
TAKES PLACE.
AN EXAMPLE OF SUCH A DOMAIN IS A DEMILITARIZED ZONE
(DMZ), BOUNDED BY A PERIMETER THAT CONTROLS
ACCESS FROM OUTSIDE AND INSIDE THE INSTITUTION.
DOMAINS CONSTRUCTED FROM DIRECTORIES MAY LIMIT
ACCESS TO NETWORK RESOURCES AND APPLICATIONS
BASED ON ROLE OR FUNCTION. - FFIEC
39. DEFENSE IN DEPTH
FINANCIAL INSTITUTIONS SHOULD DESIGN MULTIPLE LAYERS
OF SECURITY CONTROLS
ESTABLISH SEVERAL LINES OF DEFENSE BETWEEN THE
ATTACKER AND THE ASSET BEING ATTACKED.
AN INTERNET SECURITY - A PACKET FILTERING ROUTER WITH
STRICT ACCESS CONTROL RULES, IN FRONT OF
AN APPLICATION LEVEL FIREWALL, IN FRONT OF
WEB SERVERS, IN FRONT OF
A TRANSACTIONAL SERVER, IN FRONT OF
A DATABASE SERVER, WITH INTRUSION DETECTION SYSTEMS
LOCATED AT VARIOUS POINTS BETWEEN THE SERVERS AND
ON CERTAIN HOSTS.
THE LAYERS SHOULD BE AT MULTIPLE CONTROL POINTS
THROUGHOUT THE COMMUNICATION AND TRANSACTIONAL
FLOW AND SHOULD INCLUDE BOTH SYSTEMS AND MANUAL
PROCESSES. TO SUCCESSFULLY ATTACK AN ASSET, EACH
LAYER MUST BE PENETRATED. WITH EACH PENETRATION,
THE PROBABILITY OF DETECTING THE ATTACKER INCREASES.
- FFIEC
40. NETWORK SECURITY
FINANCIAL INSTITUTIONS SHOULD SECURE ACCESS TO
THEIR COMPUTER NETWORKS THROUGH MULTIPLE
LAYERS OF ACCESS CONTROLS TO PROTECT AGAINST
UNAUTHORIZED ACCESS. INSTITUTIONS SHOULD
GROUP NETWORK SERVERS, APPLICATIONS, DATA,
AND USERS INTO SECURITY DOMAINS (E.G.,
UNTRUSTED EXTERNAL NETWORKS, EXTERNAL
SERVICE PROVIDERS, OR VARIOUS INTERNAL USER
SYSTEMS);
ESTABLISH APPROPRIATE ACCESS REQUIREMENTS
WITHIN AND BETWEEN EACH SECURITY DOMAIN;
IMPLEMENT APPROPRIATE TECHNOLOGICAL
CONTROLS TO MEET THOSE ACCESS REQUIREMENTS
CONSISTENTLY; AND
MONITOR CROSS-DOMAIN ACCESS FOR SECURITY
POLICY VIOLATIONS AND ANOMALOUS ACTIVITY. -
FFIEC
41. OPERATING SYSTEM
SECURITY
FINANCIAL INSTITUTIONS SHOULD SECURE ACCESS TO
THE OPERATING SYSTEMS OF ALL SYSTEM
COMPONENTS BY
SECURING ACCESS TO SYSTEM UTILITIES,
RESTRICTING AND MONITORING PRIVILEGED ACCESS,
LOGGING AND MONITORING USER OR PROGRAM ACCESS
TO SENSITIVE RESOURCES AND ALERTING ON SECURITY
EVENTS,
UPDATING THE OPERATING SYSTEMS WITH SECURITY
PATCHES, AND
SECURING THE DEVICES THAT CAN ACCESS THE
OPERATING SYSTEM THROUGH PHYSICAL AND LOGICAL
MEANS. -FFIEC
42. APPLICATION SECURITY
FINANCIAL INSTITUTIONS SHOULD CONTROL
ACCESS TO APPLICATIONS BY
USING AUTHENTICATION AND AUTHORIZATION
CONTROLS APPROPRIATELY ROBUST FOR THE
RISK OF THE APPLICATION,
MONITORING ACCESS RIGHTS TO ENSURE THEY
ARE THE MINIMUM REQUIRED FOR THE USER'S
CURRENT BUSINESS NEEDS,
USING TIME-OF-DAY LIMITATIONS ON ACCESS AS
APPROPRIATE,
LOGGING ACCESS AND SECURITY EVENTS, AND
USING SOFTWARE THAT ENABLES RAPID
ANALYSIS OF USER ACTIVITIES. - FFIEC
43. REMOTE ACCESS -CONTROLS
FINANCIAL INSTITUTIONS SHOULD SECURE REMOTE
ACCESS TO AND FROM THEIR SYSTEMS BY
DISABLING REMOTE COMMUNICATIONS IF NO BUSINESS
NEED EXISTS,
TIGHTLY CONTROLLING ACCESS THROUGH MANAGEMENT
APPROVALS AND SUBSEQUENT AUDITS,
IMPLEMENTING ROBUST CONTROLS OVER
CONFIGURATIONS AT BOTH ENDS OF THE REMOTE
CONNECTION TO PREVENT POTENTIAL MALICIOUS USE,
LOGGING AND MONITORING ALL REMOTE ACCESS
COMMUNICATIONS,
SECURING REMOTE ACCESS DEVICES, AND
USING STRONG AUTHENTICATION AND ENCRYPTION TO
SECURE COMMUNICATIONS - FFIEC
44. PHYSICAL ACCESS -
CONTROLS
FINANCIAL INSTITUTIONS SHOULD DEFINE
PHYSICAL SECURITY ZONES AND IMPLEMENT
APPROPRIATE PREVENTATIVE AND DETECTIVE
CONTROLS IN EACH ZONE TO PROTECT AGAINST
THE RISKS OF
PHYSICAL PENETRATION BY MALICIOUS OR
UNAUTHORIZED PEOPLE,
DAMAGE FROM ENVIRONMENTAL
CONTAMINANTS, AND
ELECTRONIC PENETRATION THROUGH ACTIVE
OR PASSIVE ELECTRONIC EMISSIONS. - FFIEC
45. ENCRYPTION CONTROLS
FINANCIAL INSTITUTIONS SHOULD EMPLOY
ENCRYPTION TO MITIGATE THE RISK OF
DISCLOSURE OR ALTERATION OF SENSITIVE
INFORMATION IN STORAGE AND TRANSIT.
ENCRYPTION IMPLEMENTATIONS SHOULD
INCLUDE ENCRYPTION STRENGTH SUFFICIENT
TO PROTECT THE INFORMATION FROM
DISCLOSURE UNTIL SUCH TIME AS DISCLOSURE
POSES NO MATERIAL RISK,
EFFECTIVE KEY MANAGEMENT PRACTICES,
ROBUST RELIABILITY, AND
APPROPRIATE PROTECTION OF THE ENCRYPTED
COMMUNICATION'S ENDPOINTS - FFIEC
46. ENCRYPTION KEY
MANAGEMENT
GENERATING KEYS FOR DIFFERENT CRYPTOGRAPHIC
SYSTEMS AND DIFFERENT APPLICATIONS;
GENERATING AND OBTAINING PUBLIC KEYS;
DISTRIBUTING KEYS TO INTENDED USERS, INCLUDING HOW
KEYS SHOULD BE ACTIVATED WHEN RECEIVED;
STORING KEYS, INCLUDING HOW AUTHORIZED USERS OBTAIN
ACCESS TO KEYS;
CHANGING OR UPDATING KEYS, INCLUDING RULES ON WHEN
KEYS SHOULD BE CHANGED AND HOW THIS WILL BE DONE;
DEALING WITH COMPROMISED KEYS;
REVOKING KEYS AND SPECIFYING HOW KEYS SHOULD BE
WITHDRAWN OR DEACTIVATED;
RECOVERING KEYS THAT ARE LOST OR CORRUPTED AS PART
OF BUSINESS CONTINUITY MANAGEMENT;
ARCHIVING KEYS;
DESTROYING KEYS -FFIEC
47. MONITORING
MONITORING NETWORK AND HOST ACTIVITY TO IDENTIFY
POLICY VIOLATIONS AND ANOMALOUS BEHAVIOR;
MONITORING HOST AND NETWORK CONDITION TO
IDENTIFY UNAUTHORIZED CONFIGURATION AND OTHER
CONDITIONS WHICH INCREASE THE RISK OF INTRUSION
OR OTHER SECURITY EVENTS;
ANALYZING THE RESULTS OF MONITORING TO
ACCURATELY AND QUICKLY IDENTIFY, CLASSIFY,
ESCALATE, REPORT, AND GUIDE RESPONSES TO
SECURITY EVENTS; AND
RESPONDING TO INTRUSIONS AND OTHER SECURITY
EVENTS AND WEAKNESSES TO APPROPRIATELY MITIGATE
THE RISK TO THE INSTITUTION AND ITS CUSTOMERS, AND
TO RESTORE THE INSTITUTION'S SYSTEMS.
MONITORING SHOULD, COMMENSURATE WITH THE RISK,
IDENTIFY CONTROL FAILURES BEFORE A SECURITY
INCIDENT OCCURS, DETECT AN INTRUSION IN SUFFICIENT
TIME TO ENABLE AN EFFECTIVE AND TIMELY RESPONSE,
SUPPORT POST-EVENT FORENSICS ACTIVITIES. - FFIEC
48. FUTURE TRENDS/THREATS
DEPEND ON TECHNOLOGY TRENDS
TELECOMS AND BANKING CONVERGENCE
RISKS IN MOBILE MONEY INDUSTRY
CLOUD COMPUTING
MOBILE COMPUTING AND WIRELESS
COMPUTING THREATS
EASE OF ACCESS TO INTERNET AND TOOLS TO
COMMIT FRAUD
FASTER SPEEDS FOR INTERNET ACCESS IN
EAST AFRICA
GREATER OUTSOURCING?
NEW IT SAVVY GENERATION?
49. SOLUTIONS
IT AWARENESS
USER AND CUSTOMER TRAINING
STAFF SCREEENING
ETHICAL EMPHASIS
EMBEDDING STRONG CONTROL AND RISK
CULTURE IN BANKS
SYSTEMS CERTIFICATION BY REGULATORS
BEFORE DEPLOYMENT
STRENGHTEN IT CONTROL, SECURITY, AUDIT
PROFESSION AND TRAIN MORE PROFESSIONALS
INCREASE CEO AND BOARD AWARENESS
50. OTHER BEST PRACTICES
ISO 17799 : CODE OF PRACTIVE FOR
INFORMATION SECURITY MANAGEMENT
BS 7799: SPECIFICATION FOR
INFORMATION SECURITY MANAGEMENT
SYSTEMS
COBIT