Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wissam Maroun- CAMS Head Of Compliance- BBAC S.A.L

Published byDouglas Alfred O’Neal’ Modified over 5 years ago

Similar presentations

Presentation on theme: "Wissam Maroun- CAMS Head Of Compliance- BBAC S.A.L"— Presentation transcript:

1 Wissam Maroun- CAMS Head Of Compliance- BBAC S.A.L

2 Setting an effective control framework
Definition of BEC. Awareness as a Key factor for an effective control environment. Identify critical products/Services and set the necessary control measures. Lessons learned.

3 Business E-mail Compromise (BEC)
BEC schemes target financial institutions’ commercial customers. Criminals seek to: Typology Type Impersonate a Financial Institution’s commercial customer to instruct fraudulent transactions from the FI. Bank Compromise (BEC1). Impersonate a Financial Institution’s Executive to instruct fraudulent transactions from the FI’s branches/departments. Bank Compromise (BEC2). Impersonate a Financial Institution’s Executive in order to request personal or account information from the Financial Institution’s commercial customer . Bank Compromise (BEC3). Impersonate a supplier to instruct fraudulent transactions from the FI’s commercial customer . Company Compromise (CEC1). Impersonate a Financial Institution’s commercial customer to instruct fraudulent transactions from their clients. Company Compromise (CEC2). Impersonate an Executive of the Financial Institution’s commercial customer to instruct fraudulent transactions from the FI’s branches/departments. Company Compromise (CEC3).

4 Awareness Program Employees. Customers.

5 Staff Awareness Recruitment policy.
Maintaining an effective Code of Conduct: Banking secrecy. Fighting financial crimes (not to facilitate, not to be involved, report). Access rights and unauthorized access. Transparency (customers, colleagues, third parties) Data privacy and confidentiality. Whistleblowing. Incident reporting. Disciplinary measures.

6 Staff Awareness Establishing an effective training program:
New employees Vs. Key Personnel. Evolving risks. Red flags (Cybercrimes prevention guide for the financial sector). Staff Rotation.

7 Staff Awareness Red flags:
Customer/Senior manager sending instructions by/limiting communication to s. Online banking/ instructions to process transfers from savings/dormant accounts. ed transaction instructions direct payment to a known beneficiary; however, the beneficiary’s account information is different from what was previously used (ex: different IBAN, country, etc…). ed transaction instructions are delivered in a way that give the FI limited time or opportunity to confirm the authenticity of the requested transaction or that include markings, assertions, or language designating the transaction request as “Urgent”, “Secret”, or “confidential”. Customer requesting by , online banking or by phone to change his phone number or to cancel the SMS service. Customer refraining from answering the security questions during the identity validation call. Customer requesting a sudden change to the name/account number of the beneficiary party of an outgoing transfer. Transfer request (by or online banking) ,where neither the purpose of the transaction nor the relationship with the beneficiary party is clear. A wire transfer received for credit into an account however, the wire transfer names a beneficiary that is not the account holder of record. ed transaction instructions direct wire transfers to a foreign bank account that has been documented in customer complaints as the destination of fraudulent transactions.

8 Customers Awareness Customer’s rights and Obligations:
Critical products and services and related risks. Red flags (Cybercrimes prevention guide for the non-financial sector). Reporting.

9 Control Procedures: Preventive Measures.
Process Implemented control On-Boarding Properly communicate risks to the customer. Implement prior EDD on the customer’s main expected activities (transactions with major customers, suppliers, other third parties). Maintain an electronic database on the collected information. On-going Ensure transactions are in compliance with the implemented EDD. Update EDD measures when necessary. Online banking Pre-approved transfers list. Prior EDD. Transaction Validation. instructions Refrain from accepting transaction requests or providing financial information. Refer customer to Online banking. Forward and don’t reply. Validate the request. Phone validation Always ask the Identity validation question. Ask the customer to restate the request instead of confirming it. Ensure calls are recorded. Review calls. Credit cards Implement Visa/MC guidelines. Wire transfers Include alerts in the transfer request. Maintain an updated blacklist for suspicious names (banks, customers, IBAN) on the swift screening tool. Request the customer to validate the transaction with the beneficiary party prior to execution. Enable the SMS service, acquire a signed confirmation on the transaction.

10 Transfer request: alert questions
Ask the customer to confirm: 1- If he had previously performed any transaction with the related beneficiary party? 2- Whether the previous transactions performed with the same beneficiary party was done on the same IBAN number? 3- In case the answer on any of the above questions was no, did he validate the transaction with the beneficiary party through methods other than the ?

11 Lesson Learned Incident reporting. Revisiting our controls.
Communication and Training.

12 Thank you!

Download ppt "Wissam Maroun- CAMS Head Of Compliance- BBAC S.A.L"

Similar presentations

Presented by The Office of International Programs.

Presented by The Office of International Programs.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
Confidentiality and HIPAA

Confidentiality and HIPAA
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
1 Compliance Requirements November 27, 2012. Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.

1 Compliance Requirements November 27, Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
Anti-Money Laundering (AML)

Anti-Money Laundering (AML)
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Copyright © 2004 by Nelson, a division of Thomson Canada Limited. 25-1 CANADIAN BUSINESS AND THE LAW Second Edition by Dorothy Duplessis Steven Enman Shannon.

Copyright © 2004 by Nelson, a division of Thomson Canada Limited CANADIAN BUSINESS AND THE LAW Second Edition by Dorothy Duplessis Steven Enman Shannon.
FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.

FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.
Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.

Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.
2015 ANNUAL TRAINING By: Denise Goff

2015 ANNUAL TRAINING By: Denise Goff
Portfolio Committee on the Department of Police Auditor’s General perspective 2 March 2010.

Portfolio Committee on the Department of Police Auditor’s General perspective 2 March 2010.
2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

Similar presentations

Ads by Google