1 / 26

Contingency Plan, General Security and Internal Control

Microenterprise Access to Banking Services Program. Contingency Plan, General Security and Internal Control. Accreditation and Implementation Training On Mobile Phone Banking Services. Objective. At the end of the presentation, participants will be able to

hermione-christensen
Download Presentation

Contingency Plan, General Security and Internal Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microenterprise Access to Banking Services Program Contingency Plan, General Security and Internal Control Accreditation and Implementation Training On Mobile Phone Banking Services

  2. Objective • At the end of the presentation, participants will be able to • Identify the security features of mobile phone banking • Discuss the security & internal control requirements • Determine contingency, disaster recovery and business continuity plans

  3. General Security Features Ç√ MPIN Registration Ç√ MPB Service Enrollment Form Downloadable GCash Menu Enrollment at the bank for MPB Service Options Send G-Cash Balance Last Txn Register Others Two-Factor Authentican KYC MPIN

  4. Multi-level Security

  5. Multi-level of Security

  6. Anti-Money Laundering Compliance • GCash is BSP and AMLA compliant and it is recognized as an electronic payment platform under Monetary Board Resolution 116 • Customer Verification procedures are in place for all GCash accredited partner establishments • All GCash accredited partner establishments are required to report covered and suspicious transactions to Anti-Money Laundering (AML) council on a monthly basis

  7. Anti-Money Laundering Compliance • Globe/GXI also tracks and reports any covered or suspicious transactions to the AML council • The GCash wallet is automatically limited to 40,000 pesos per and monthly transactions are automatically limited to 40,000 and 100,000 respectively. These limits are within the ranges set for ATMs transactions • All GCash Cash-in/Cash-out transactions require a valid ID to be presented

  8. Security and Internal Control Requirements(Bank Level) • Client information are verified. • The custodian of the mobile phone must be an officer of the bank (Cashier/Manager/Designated Officer of the Bank) • M-PIN (Mobile Personal ID No.) and security code of the mobile phone must be secured and should not be known to anyone other than the designated custodian of the mobile phone. • It is required that GCash Menu-Driven Interface must be used. • All mobile banking transactions (incoming/outgoing) must be checked and approved by officers of the bank

  9. Security and Internal Control Requirements(Bank Level) • Withdrawal (Text-A-Withdrawal) must be drawn against Cleared/Withdrawable Balance • Phone-to-Phone (P2P) Fund Transfer transactions must be supported by receipts and recordings in the Logsheet and GCash Journals • The bank’s mobile phone must be used only for purely GCash/MPBS related activities. • Mobile Phone is kept at the Vault at the end of the day. • Branch’s Mobile Phone Phonebook/SIM must contain Head Office’s mobile phone number

  10. Security and Internal Control Requirements(Bank Level) • Internal documentary and procedural requirements are followed to ensure appropriate Dual Control for all transactions in terms of Making and Approving authorities • Bank In-charge must explain to the client the terms and conditions of the mobile phone banking service during client’s enrollment including security and risk involved • Follow enrollment procedure and requirements if enrollment is required for a particular mobile phone banking service • Any internal/security control violations should not be tolerated and must be reported immediately for proper action (Please see information security policy manual).

  11. Security and Internal Control Requirements(Client Level) 1) Complete KYC (Know-your-customer) procedure must be followed in all clients availing of mobile phone banking services - Valid ID is required upon opening an account and/or enrolling to the service - Background/Credit checking is performed when necessary - References must be asked and checked when necessary 2) Clients must be oriented/briefed in each mobile phone banking service he/she is availing including security and risk involved. 3) Ensure that client understands the terms and conditions of the service and client must agree and sign to the service enrollment form if enrollment is required.

  12. Client’s Perspective Bank’s Perspective Continuity of the business Disaster Recovery Scenarios and Problem Management

  13. Mobile Phone Banking Need: CONTINGENCY PLAN

  14. CLIENT’S PERSPECTIVE 2882 You have sent 1,500 of GCASH and sent message to ABC Rural Bank, Inc. on 03/14/10 09:21AM. Your new balance is 992.00. Ref. no. 123412.

  15. CLIENT’S PERSPECTIVE

  16. CLIENT’S PERSPECTIVE

  17. CLIENT’S PERSPECTIVE • The client can use any globe or TM phone to call 2882 for customer service • Metro Manila landline: • (02) 739-2882 • Toll-free from any globe landline: • 1800-8-2882882

  18. CLIENT’S PERSPECTIVE

  19. BANK’S PERSPECTIVE

  20. BANK’S PERSPECTIVE

  21. BANK’S PERSPECTIVE

  22. BANK’S PERSPECTIVE

  23. BANK’S PERSPECTIVE

  24. NO Globe signal, NO GCASH transaction Bank will follow manual collection mode and over-the-counter transactions until the Telecom’s network connection problem is resolved. What if there are disruptions in the service?

  25. BSP requires each bank to have a General Business Continuity Plan to contain most of the disaster and recovery procedures. These procedures include, among others, having on-site and off-site backup, saving priority files and records, etc. Concerning electronic transaction records, in the event of disaster or even minor data loss, the telecom companies have electronic copies of the transactions that authorized bank officers (listed in the secretary’s certificate submitted to GXI) can request copies of. What if natural or man-made disasters happen?

  26. End of Presentation

More Related