GSS professionals understand that an unscheduled halt to a banking or finance infrastructure caused by a security breach could have significant negative effects on customer relations and the bottom line.
Some considerations for the banking and finance industry in Cambodia, including a recommendation to contact GSS for surveillance and security systems and guard services, including our remote monitoring service and armed Rapid Response Force as a backup to your onsite CCTV monitors and guards.
Additional other tips to consider:
To prevent loss of data and/or resources, we are focused on helping improve security for our clients within the Banking and Finance Industry by implementing security protocols to match the value of the associated assets and risk. A combination of traditional manned guarding, security systems (CCTV cameras, alarms, motion detectors, bio-scanners, barriers, vault monitoring, etc.), and regular assessments and reviews can help reduce risk and even serve to prevent crime, including employee theft, ATM fraud/identity theft, physical robberies, and more. These measures will increase security for customers and a bank’s facilities. GSS provides comprehensive, customized solutions that go beyond traditional security for BANKING AND FINANCIAL INSTITUTION SECURITY In Cambodia.
"Cambodia is increasingly integrating with the region’s financial services sectors and has enjoyed a decade of macroeconomic stability and growth, led by the garment, construction and agriculture sectors. However, many challenges prevail and remain for the banking sector in order for it to elevate its international standing and further encourage significant levels of foreign direct investment."
Even with the best security guards and surveillance systems in place, our clients have other risks and considerations; we hope the following ideas and tips will be helpful as you consider your business and risk:
Risks to Any Financial Services Sector:
Money Laundering (incl. Counter Terrorism Financing)
Bribery & Corruption
The global Financial Services sector was one of the first to be targeted by cyber crime, not surprisingly, as there have always been significant potential financial gains to be had from subverting computerized processes and corporate controls in banks. There is a severe disconnect in the perception of cyber-crime risk within Financial Services institutions. Banks conducting internal audit, compliance and risk functions feel it is more likely, than unlikely that their organization will experience cyber crime, whilst the opposite is generally true for finance and banking executive management
What can Financial Institutions do to combat Cybercrime?
Educate employees at all levels (from executives to junior management) about cyber threats – cyber crime is not just the domain of the IT/ network security functions. There are different types of cyber crime, from hacking to data theft, which affect different functions of the bank in varying ways. Understand the potential culprits and their motivations to engage in a cyber attack on the organization. Ensure that key fundamental safeguards for effective cyber security are in place, including on-going monitoring, up-to-date personal or sensitive data inventories, a back-up policy and business continuity plans.Continue to engage with regulators to understand what other peer organizations are doing to counter cyber crime and adopt ‘best in class’ practices. By working together, banks can learn from others experiences.
ANTI-MONEY LAUNDERING (“AML”)
Financial Institutions do not suffer direct financial loss through money laundering – instead, the effects are felt through a loss of reputation (in the eyes of both the public and the regulator), and increasingly compounded by significant and heavy regulatory fines and possible blacklisting.
However, as recent international examples show, money laundering can involve both internal and external parties. In such instances when banks corporate reputations become exposed they become the focus of adverse press coverage regarding their Anti-Money Laundering (“AML”) breaches. This in turn reflects of customer confidence and a bank’s standing amongst its peers and within industry in general.
These are a suite of activities a financial institution can put in place to address, monitor and minimize risks, such as internal audits, fraud risk management, penetration testing, rotation of personnel and physical and IT security procedures.
The Financial Action Task Force [“FATF”] (the inter-governmental body which sets AML standards) has recently indicated that its focus is shifting away from whether Financial Services institutions can demonstrate compliance with AML requirements, to whether the AML arrangements in place are actually effective.
This will denote whether a Financial Institution is placed on a “watch-list” (Grey List/Black List) due to a lack of compliance, or whether additional controls and measures require further monitoring in order to receive full compliance approvals from FATF. Many banks continue to struggle with AML remediation due to the size and complexity of their operations and customer base. Regulatory authorities continue to push for greater accountability, increasing future challenges.
What can Financial Institutions do?
Carry out risk assessments for fraud, bribery and corruption in order to identify ways of improving the effectiveness of fraud detection mechanisms as well as to mitigate the risk of regulatory breaches when operating in a territory with heightened corruption risk. Ensure that the bank’s staff are constantly updated on AML regulations and receive annual training highlighting the latest measures for detecting & mitigating AML risk.Implement comprehensive due diligence programmes on third parties, which will help to highlight potential “red flags” indicating vulnerability to bribery or corruption. These red flags may include issues such as engagement with Politically Exposed Persons (“PEP’s”), negative references in the media, international investment exposure or involvement in litigation.Ensure that ‘Know Your Customer’ (“KYC”) procedures and Anti-Money Laundering processes are operating effectively across a ‘single customer view’ making sure all relevant systems and records are joined up for consistency of data.
Financial Services institutions are prime targets for external fraud given the amount of money fraudsters could potentially obtain and also the importance and sensitivity of data held by these organisations (e.g. credit card and personal identity details).
Regulators continue to take a strict view on money laundering, bribery and corruption – focusing on the corporate as well as the individual. In the UK, the Bribery Act emphasises personal liability of board members, while the 2013 Financial Services Act places the burden of proof on the individual (to demonstrate that reasonable steps have been taken to avoid bribery and corruption).
CREDIT CARD FRAUD
Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment such as accredit card or debit card, as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.
Identity theft occurs when someone uses another’s personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. Banks must have 24/7 manned hotlines to allow customers to cancel a lost or stolen card.
Skimming is the illegal collection of data from the magnetic stripe of a credit, debit or ATM card. The information is copied onto another blank card’s magnetic stripe, and is then used by the identity thief to make purchases or withdraw cash in the name of the actual account holder.
Skimming has become widespread throughout Asia with the use of devices (card scanners and/or micro-cameras) targeting ATMs to obtain customers details e.g. PIN numbers, Account details, etc. Discrete CCTV monitoring of ATM’s can capture a user’s time & date stamped photograph in the event of a suspicious transaction.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. For example in Japan, phishing scams have targeted bank customers’ personal computers via virus, using fake pop-up windows or e-mails masquerading as legitimate Internet banking interfaces to trick customers into inputting their personal information.
Electronic communications to bank customers must emphasise that “at no time will the bank request personal details or PIN numbers” via email, unless the customer is logged into the bank’s website.
Perceived risks in the Cambodian Financial Services sector
US Dollar and Chinese Yuan Note Authenticity Lack of legal framework (to enforce commercial contracts) Customer’s lack of knowledge, trust & education about financial services Shortage of qualified human resources in banks with proper training & experience Risk from nations such as North Korea accessing the formal financial sector, circumventing sanctions to fund such things as its nuclear and missile programs CAFIU (by its own admission) is under staffed and not able to continually examine all banks FATF is not convinced enough enforcement is being done, despite Cambodia appearing technically compliant.
Casino and Gaming Sector
Gambling industry is a major risk for banks in Cambodia (increasing money laundering concerns) Cambodia’s casinos appear to operate in a comparatively low-regulation environment Majority of casino customers are foreigners allowing for outflow of funds from Cambodia Casinos are being used to move money across borders (geographic locations – close to borders) Casinos must – Know their Customers (KYC) and exercise proper vetting procedures Fraud & Lottery schemes present a major risk to Cambodia’s banking system Failure by Casinos to report suspicious transactions (suspicious transactions go unreported) Possible lax or selective enforcement of the laws regarding casinos on reporting suspicious transactions Cambodians have historically not been allowed to gamble openly
What can Financial Institutions do to improve security?
Conduct customer seminars and open forums to educate customers
Strengthen enforcement of regulations and reporting requirements
Promote the benefits of involvement in the financial services sector
Comply fully with international financial services regulations & standards
Create firewalls to prevent widespread access to data within the institution
Ensure the institution maintains constant vigilance of its IT security, maintaining IT backups to prevent loss of data & critical information – consider outsourcing data centers
Engage professional CCTV & electronic security monitoring at the banks premises and ATMs, reducing manpower, real estate, equipment and overhead costs
Continual improvement of Human Resource training & development at all levels
Hiring of qualified and experienced staff (all staff must receive annual training)
The establishment of an AML/Fraud division (for large financial institutions)
Customer service quality improvements & reviews of account details
Network reporting improvements across the bank and its branches
Enforcement of compliance and constant upgrading of regulatory directives * While this information is meant to be helpful, GSS highly recommends you conduct your own due diligence and is not liable for any ideas (expressed or not) posted or not posted in this blog.
When it comes to your surveillance and security systems and guards, call us, so we can chat and plan for your specific needs. Contact the team at GSS today on 023 992 156.