What you should really know about Bank Connectivity

What you really need to know about
Bank Connectivity
Bob Stark
Vice President, Strategy
Kyriba

© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 2
Agenda
Today’s Discussion
 Introduction to Connectivity for
– Bank Reporting
– Payments
 What is the best way to connect to your
banks?
 Securing bank connectivity
 Questions (and answers)

Treasury
Management
System
PD
Encrypted messages and files
sent directly to TMS
Prior day and
current day
reporting
•BAI2
•MT940
•XML CAMT
•Regional
formats
Bank Connectivity – for Bank Reporting
CD
PD
CD
PD
CD

Approved payments
sent to Banks
Encrypted payments
sent from HUB to
SWIFT Network
1
2
3
Ack Levels
transmitted
to HUB
Ack/Nack
notification
provided to
TMS/ERP
Bank Connectivity – for Payments
4
1
4
1
4
Treasury
Management
System
Encrypted messages and files
sent from TMS
Authentications received into
TMS from bank

Making Sense of Bank Connectivity
Communication Protocol Formats
FTX
FTP
Security
How we connect Message Content How we keep it private
Zengin

Bank Connectivity Choices
1
2
3
Host to Host Connections
Domestic/Regional Networks
MT Concentrator Service
SWIFT Alliance Lite 2
SWIFT via Service Bureau
4
5

Bank Connectivity Choices
Connectivity Choice Description Best Scenario
Host to Host (e.g. FTP) Direct connection
to the bank
Any North American bank
Domestic Network (e.g. EBICS,
Zengin protocols)
Network to
connect banks in
that country
Multiple banks or high volumes in a
particular country (e.g. France,
Germany, Japan)
MT Concentrator “Borrow” your
vendor’s BIC
Low number of accounts per bank
(e.g. 20 accounts at 10 banks)
SWIFT Alliance Lite2 Hosted by SWIFT Willingness to self-manage some of
SWIFT connectivity AND
Low payment volumes
SWIFT Service Bureau Managed by
Service Bureau
Global, and medium to high volume
transactions

How Do I Choose?

Bank Connectivity: Choosing Well
If done right…
• 100% of cash balances will be known
• All payments can be transmitted automatically w/out
manual steps
• Solution will be cost-effective; you won’t have overpaid
• Complete bank independence and flexibility to
grow/change banking relationships
• No IT Support will be required to maintain connectivity
or changes in bank formats

Securing your bank connectivity

Fraud Prevention: What we thought about in 2015
Fraud
Detection
Payments
Access to
Treasury
Technology
Supplier
Account
Verification
Investments
& Trading
Bank
Account
Mgmt
Do I have visibility into every payment?
Are my controls consistent for every
bank, every region, every person?
Do I review my ACKs?
How many bids before a trade?
Can Settlement Instructions
be modified?
How many layers of
protection exist after
your password
Are there controls to prevent
unauthorized change to
supplier payment info?
Do I know my account signers?
Who can change them?
Does my bank have the same list?
Do I use payment watchlists?
Do I have a control center to
view all transactions and
modifications?
Fraud &
Cybercrime
in Treasury

Fraud Prevention: What we think about now
Fraud
Detection
Payments
Access to
Treasury
Technology
Supplier
Account
Verification
Investments
& Trading
Bank
Account
Mgmt
Do I have visibility into every payment?
Are my controls consistent for every
bank, every region, every person?
Do I review my ACKs?
How many bids before a trade?
Can Settlement Instructions
be modified?
How many layers of
protection exist after
your password
Are there controls to prevent
unauthorized change to
supplier payment info?
Do I know my account signers?
Who can change them?
Does my bank have the same list?
Do I use payment watchlists?
Do I have a control center to
view all transactions and
modifications?
Connectivity
Can connectivity be
compromised?
Fraud &
Cybercrime
in Treasury

Can my connectivity be compromised?
Yes, connectivity workflows can be hacked
 Steps can be taken to minimize likelihood of
attack
 What we learned from Bangladesh Bank and
similar hacks:
1) Separation of duties critical
2) UserID and Password insufficient
3) Preventing fraud is more than just protecting
initiation/transmission

 Securing access to the connectivity channel means:
1) If multiple systems used (e.g. TMS, ERP, SWIFT) then files must be
encrypted when traveling in between systems
2) Implement good authentication protocols to ensure authorized
access to any/all systems within the workflow
3) Where available, apply digital signatures (e.g. SWIFT 3SKey) to
authenticate exported payment files
4) Ensure treasury’s choice aligns with your organization’s
information security policies
Securing Bank Connectivity

Feature Description
Workflow Bank balances/transactions reporting -> Cash Position & Accounting
Payments Dashboard & Approval workflow
Control Center (to check files and workflow changes)
Security Application Security – e.g. multi-factor authentication, IP Filtering
Data Security – e.g. encryption at rest
Payment Authentication – e.g. Digital Signatures, Encryption keys
Connectivity Multiple choices to optimize cost!
• SWIFT Concentrator (Shared BIC)
• SWIFTNet – Alliance Lite2 and Service Bureau options
• Regional protocols (e.g. EBICS, Zengin, Editran, etc.)
• Host-to-host (e.g. FTP)
Format Transformation Automated format translation
Bank format library(there are 1000s of formats, even for “standard formats”)
Bank Connectivity Checklist

 Kyriba Connectivity fact sheet
 Kyriba Qualcomm case study
Further reading

Questions?
Email: bstark@kyriba.com
Twitter: @treasurybob
Blog: kyriba.com/blog/bob-stark

Thanks for attending
facebook.com/kyribacorp
twitter.com/kyribacorp
linkedin.com/company/kyriba-corporation
youtube.com/kyribacorp
slideshare.com/kyriba
kyriba.com/blog

What you should really know about Bank Connectivity

Recomendados

Recomendados

Más contenido relacionado

Destacado

Destacado (9)

Más de Elena Oliveira

Más de Elena Oliveira (7)

Último

Último (20)

What you should really know about Bank Connectivity