what you should really know about bank connectivity

What you really need to know about Bank Connectivity

Bob StarkVice President, StrategyKyriba

© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 2

Agenda

Today’s Discussion

Introduction to Connectivity for– Bank Reporting– Payments

What is the best way to connect to your banks?

Securing bank connectivity

Questions (and answers)


Treasury Management

System

PD

Encrypted messages and files sent directly to TMS

Prior day and current day reporting•BAI2•MT940•XML CAMT•Regional formats

Bank Connectivity – for Bank Reporting

CD

PD

CD

PD

CD


Approved payments sent to Banks

Encrypted payments sent from HUB to SWIFT Network

1

2

3

Ack Levels transmitted to HUB

Ack/Nacknotification provided to TMS/ERP

Bank Connectivity – for Payments

4

1

4

1

4

Treasury Management

System

Encrypted messages and files sent from TMS

Authentications received into TMS from bank

Bank Connectivity…explained


Making Sense of Bank Connectivity

Communication Protocol Formats

FTX

FTP

Security

How we connect Message Content How we keep it private

Zengin


Bank Connectivity Choices

1

2

3

Host to Host Connections

Domestic/Regional Networks

MT Concentrator Service

SWIFT Alliance Lite 2

SWIFT via Service Bureau

4

5


Bank Connectivity Choices

Connectivity Choice Description Best Scenario

Host to Host (e.g. FTP) Direct connection to the bank

Any North American bank

Domestic Network (e.g. EBICS, Zengin protocols)

Network to connect banks in

that country

Multiple banks or high volumes in a particular country (e.g. France,

Germany, Japan)

MT Concentrator “Borrow” yourvendor’s BIC

Low number of accounts per bank (e.g. 20 accounts at 10 banks)

SWIFT Alliance Lite2 Hosted by SWIFT Willingness to self-manage some of SWIFT connectivity AND Low payment volumes

SWIFT Service Bureau Managed by Service Bureau

Global, and medium to high volume transactions


How Do I Choose?


Bank Connectivity: Choosing Well

10

If done right…

• 100% of cash balances will be known

• All payments can be transmitted automatically w/out manual steps

• Solution will be cost-effective; you won’t have overpaid

• Complete bank independence and flexibility to grow/change banking relationships

• No IT Support will be required to maintain connectivity or changes in bank formats

Securing your bank connectivity


Fraud Prevention: What we thought about in 2015

Fraud

Detection

Payments

Access to

Treasury

Technology

Supplier

Account

Verification

Investments

& Trading

Bank

Account

Mgmt

Do I have visibility into every payment?

Are my controls consistent for every

bank, every region, every person?

Do I review my ACKs?

How many bids before a trade?

Can Settlement Instructions

be modified?

How many layers of

protection exist after

your password

Are there controls to prevent

unauthorized change to

supplier payment info?

Do I know my account signers?

Who can change them?

Does my bank have the same list?

Do I use payment watchlists?

Do I have a control center to

view all transactions and

modifications?

Fraud & Cybercrime in Treasury


Fraud Prevention: What we think about now

Fraud

Detection

Payments

Access to

Treasury

Technology

Supplier

Account

Verification

Investments

& Trading

Bank

Account

Mgmt

Do I have visibility into every payment?

Are my controls consistent for every

bank, every region, every person?

Do I review my ACKs?

How many bids before a trade?

Can Settlement Instructions

be modified?

How many layers of

protection exist after

your password

Are there controls to prevent

unauthorized change to

supplier payment info?

Do I know my account signers?

Who can change them?

Does my bank have the same list?

Do I use payment watchlists?

Do I have a control center to

view all transactions and

modifications?

Connectivity

Can connectivity be

compromised?

Fraud & Cybercrime in Treasury


Can my connectivity be compromised?

Yes, connectivity workflows can be hacked

Steps can be taken to minimize likelihood of attack

What we learned from Bangladesh Bank and similar hacks:

1) Separation of duties critical

2) UserID and Password insufficient

3) Preventing fraud is more than just protecting initiation/transmission


Securing access to the connectivity channel means:

1) If multiple systems used (e.g. TMS, ERP, SWIFT) then files must be encrypted when traveling in between systems

2) Implement good authentication protocols to ensure authorized access to any/all systems within the workflow

3) Where available, apply digital signatures (e.g. SWIFT 3SKey) to authenticate exported payment files

4) Ensure treasury’s choice aligns with your organization’s information security policies

Securing Bank Connectivity

In summary


Feature Description

Workflow Bank balances/transactions reporting -> Cash Position & AccountingPayments Dashboard & Approval workflowControl Center (to check files and workflow changes)

Security Application Security – e.g. multi-factor authentication, IP FilteringData Security – e.g. encryption at restPayment Authentication – e.g. Digital Signatures, Encryption keys

Connectivity Multiple choices to optimize cost!• SWIFT Concentrator (Shared BIC)• SWIFTNet – Alliance Lite2 and Service Bureau options• Regional protocols (e.g. EBICS, Zengin, Editran, etc.)• Host-to-host (e.g. FTP)

Format Transformation Automated format translation Bank format library(there are 1000s of formats, even for “standard formats”)

Bank Connectivity Checklist


Kyriba Connectivity fact sheet

Kyriba Qualcomm case study

Further reading

http://www.kyriba.com/sites/default/files/content/kyribafactsheet-connectivity.pdf

http://www.kyriba.com/sites/default/files/qualcomm_casestudydl.pdf

Questions?

Email: [email protected]

Twitter: @treasurybob

Blog: kyriba.com/blog/bob-stark


Thanks for attending

facebook.com/kyribacorp

twitter.com/kyribacorp

linkedin.com/company/kyriba-corporation

youtube.com/kyribacorp

slideshare.com/kyriba

kyriba.com/blog

what you should really know about bank connectivity

Economy & Finance