Assessing'the'exposure'to'risk'and' - - PowerPoint PPT Presentation

assessing the exposure to risk and techniques to
SMART_READER_LITE
LIVE PREVIEW

Assessing'the'exposure'to'risk'and' - - PowerPoint PPT Presentation

Feb 02, 2023 260 likes •375 views

Assessing'the'exposure'to'risk'and' techniques'to'continually'identify' and'manage'new'risk Kevin&Lindsay Deputy&Head&of&Financial&Crime&Group

slide-1
SLIDE 1

www.smbcgroup.com Authorised2by2the2Prudential2Regulation2Authority2and2regulated2by2the2Financial2Conduct2Authority2and2the2Prudential2Regulation Authority

Assessing'the'exposure'to'risk'and' techniques'to'continually'identify' and'manage'new'risk

Kevin&Lindsay Deputy&Head&of&Financial&Crime&Group

slide-2
SLIDE 2

www.smbcgroup.com

2

Background

SMBCE&was&established&in&March&2003&and&is&a&wholly9

  • wned&subsidiary&of&SMBC.&The&bank&focuses&on&

corporate&activities&carrying&out&the&majority&of&its& activities&in&Europe,&the&Middle&East&and&Africa.

Ownership SMBC0100%0(UK0incorporated0subsidiary0of0SMBC) Head4office 990Queen0Victoria0Street,0London,0EC4V04EH,0United0 Kingdom Number4of4employees 990 Network 60branches:0Paris,0Milan,0Amsterdam,0Dublin,0Prague0 and0Madrid0

SMBC&is&a&top9tier&Japanese&bank,&which&maintains&relationships& with&over&103,000&companies&in&Japan. The&history&of&the&Sumitomo&and&Mitsui&companies&date&back more&than&four&centuries,&and&both&were&founded&as&banks&in&the nineteenth&century. SMBC’s&predecessor&banks,&Mitsui&Bank&was&founded&in&July&1876& in&Tokyo,&and&Sumitomo&Bank&in&1895&in&Osaka. SMBC&was&established&in&2001&following&the&merger&of&the&two leading&banks:&Sakura,&formerly&Mitsui&Taiyo&Kobe;&and&Sumitomo.

Head4office 1O2,0Marunouchi01Ochome,0ChiyodaOku,0Tokyo,0Japan Number4of4employees 29,283 Network 4400domestic0branches0(Japan)0(excluding0subObranches0and0agencies)0 180overseas0branches0(excluding0subObranches0and0representative0offices)

slide-3
SLIDE 3

www.smbcgroup.com

3

Documenting,&,Demonstrating,Controls,that,Mitigate,Risk

Firstly1we1need1to1identify1and1categorise1where1our1fraud1risks1lie: External,Fraud, External1fraud1is1unauthorised1activity1by1a1Third1Party1from1outside1of1the1Bank.1Without1effective1systems1and1 controls,1the1Bank1can1be1unknowingly1used1as1a1conduit1for1fraudulent1activity1and/or1become1a1victim. Examples1of1external1fraud1include,1but1are1not1limited1to: ! Fraudulent1or1misrepresented1documents1are1supplied1by1a1Customer1or1Third1PartyD ! Online1systems1are1compromised1by1hacking,1phishing1or1malwareD ! Abuse1of1Bank1products1or1property1by1Customer1or1Third1PartyD ! Customer1is1impersonated1by1a1Third1Party1to1access1funds1or1informationD ! Impersonation1of1the1Bank1to1dupe1Customers1or1Third1PartiesD ! Customer1is1targeted1by1fraudsters1and1instructs1the1Bank1to1pay1away1fundsD1and ! Tax1evasion1and1facilitation1of1tax1evasion. Internal,Fraud, Internal1fraud,1or1fraud1committed1by1Employees1of1the1Bank,1can1have1a1serious1impact1on1both1financial1 standing1and1reputation.1The1types1of1internal1fraud1include,1but1are1not1limited1to: ! Falsifying1expense1claimsD ! Concealment1of1adverse1informationD ! Alteration1or1forging1of1documents1and/or1instructionsD ! Misuse1of1confidential1information1(including1insider1trading)D ! Relationships1with1third1parties1that1are1not1open1and1transparentD ! Theft1(of1cash,1assets1or1information)D1and ! Tax1evasion1and1facilitation1of1tax1evasion.

slide-4
SLIDE 4

www.smbcgroup.com

4

Understanding,Where,Risk,Lies,in,a,Dynamic,Environment

  • Undertake4Risk4Assessments4across4ALL4areas4of4your4organisation.
  • Understand4delivery4channels44and4risk4of4any4further4channel4development.
  • Product4development4designing4out4fraud.
  • Monitoring4transaction4matching4rules4v4activity4– are4the4rules4in4line4with4what4you4are4doing4

have4you4changes44business4strategy4and4has4your4system4kept4up.

  • Developing4a4IT4security4strategy,4where4are4your4weaknesses?44Threat4analysis.
  • Conduct4fraud4could4lead4to4fraud,4what4MI4can4be4produced4in4relation4to4staff4behaviours.
  • Learning4from4others4– fraud4prevention4generally4is4not4a4competitive4issue4and4sharing4best4

practise4and4experiences4to4protect4the4banks4and4the4financial44markets4in4which4we4

  • perate.
  • We4do4not4know4everything44I Use4of4external4experts4to4design4out4fraud.
slide-5
SLIDE 5

www.smbcgroup.com

The$Risk$Drivers$behind$Risk$Factors

5

For-example-if-we-are-looking-at-the-fraud-risk-for-each-customer-– where-would-we-focus-our- attention?

slide-6
SLIDE 6

www.smbcgroup.com

6

Mitigating(the(Risk(Factors(

How-do-we-mitigate-the-risk-factors-in-a-corporate-relationship? Undertaking-appropriate-due-diligence-that-allows-us-to-focus-on-areas-of-concern-and-identify- potential-“red-flags” Due-diligence-must-add-value-to-our-knowledge-of-the-customer-and-be-of-use-during-the- customer-lifecycle:

  • Understand-how-the-customer-will-want-to-use-the-products-being-made-available
  • Understand-the-transactional-activity-to-be-undertaken
  • What-is-the-jurisdictional-footprint-of-the-customer
  • Who-are-the-customers-customers
slide-7
SLIDE 7

www.smbcgroup.com

The$Risk$Drivers$behind$Risk$Factors

7

If.we.were.to.change.our.focus.from.our.customers.to.the.risks.posed.from.an.IT.perspective,. what.key.concerns.may.we.identify:

  • Phishing.emails.– both.internally.to.our.organisations.and.secondly.to.our.customers
  • The.ability.to.embed.malware.onto.computers.again.both.internally.to.our.organisations.and.

secondly.to.our.customers

  • The.quality.of.security.security.surrounding.onAline.banking.platforms.

But.once.identified.we.can.take.action.to.mitigate.the.risks:

  • Training.of.staff.surrounding.the.risks.posed.by.opening.external.emails
  • What.security.points.to.look.for.when.assessing.unusual.email.addresses./.attachments
  • Embedding.security.screening.to.identify.computers.that.may.be.infected.by.malware.and.

more.importantly.ensuring.any.external.computers.cannot.access.our.systems

  • OnAline.platforms.to.have.multiple.security.features.for.“loggingAon”.combination.of.ID,.

Password,.fingerprint.etc.

slide-8
SLIDE 8

www.smbcgroup.com

8

Importance,of,and,enterprise,wide,risk,assessment

  • Document1the1risks1that1you1are1exposed1to1internal1and1externally
  • Understand1your1areas1of1weakness
  • Assess1your1controls1objectively
  • Identify1where1you1have1weak1controls1or1gaps

!

prioritise1your1areas1of1remediation

!

it1is1highly1unlikely1that1you1will1ever1be11in1a1position1that1all1weaknesses1will1be1closed

  • Response1to1change1in1the1risk1framework1and1environment
  • Make1use1of1MI1to1identify1changes1in1risk1profile1

!

fraud1losses1/1number1trending1from1one1product1to1another

!

An1increase1in1internal1fraud1in1one1particular1department

  • Risk1assessments1are1not1a1once1a1year1event1
slide-9
SLIDE 9

www.smbcgroup.com

9

Interplay+of+the+First+and+Second+Line

  • First0line0includes0operations,0front0office0and0HR0– all0pay0a0part
  • First0line0have0a0key0responsibility0for0the0defence0of0the0risk,0for0example

!

Undertaking0key0checks0when0recruiting

!

4Beyes0controls0within0processing0activities

!

Collating0due0diligence0that0supports0the0ongoing0oversight0of0each0customer0 relationship0

  • Second0line0advise0on0the0risk0and0mitigation0and0assess0the0controls0first0line0put0in0place.
  • Early0engagement0by0the0front0office

!

Suspicious0activity

!

New0product0/0technology0development

  • Training0provided0by0the0second0line
  • Assisting0the0first0line0to0educate0the0customer0on0the0threats0they0may0face.
slide-10
SLIDE 10

www.smbcgroup.com Authorised2by2the2Prudential2Regulation2Authority2and2regulated2by2the2Financial2Conduct2Authority2and2the2Prudential2Regulation Authority

Questions