what you should really know about bank connectivity
TRANSCRIPT
What you really need to know about Bank Connectivity
Bob StarkVice President, StrategyKyriba
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 2
Agenda
Today’s Discussion
Introduction to Connectivity for– Bank Reporting– Payments
What is the best way to connect to your banks?
Securing bank connectivity
Questions (and answers)
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 3
Treasury Management
System
PD
Encrypted messages and files sent directly to TMS
Prior day and current day reporting•BAI2•MT940•XML CAMT•Regional formats
Bank Connectivity – for Bank Reporting
CD
PD
CD
PD
CD
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 4
Approved payments sent to Banks
Encrypted payments sent from HUB to SWIFT Network
1
2
3
Ack Levels transmitted to HUB
Ack/Nacknotification provided to TMS/ERP
Bank Connectivity – for Payments
4
1
4
1
4
Treasury Management
System
Encrypted messages and files sent from TMS
Authentications received into TMS from bank
Bank Connectivity…explained
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 6
Making Sense of Bank Connectivity
Communication Protocol Formats
FTX
FTP
Security
How we connect Message Content How we keep it private
Zengin
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 7
Bank Connectivity Choices
1
2
3
Host to Host Connections
Domestic/Regional Networks
MT Concentrator Service
SWIFT Alliance Lite 2
SWIFT via Service Bureau
4
5
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 8
Bank Connectivity Choices
Connectivity Choice Description Best Scenario
Host to Host (e.g. FTP) Direct connection to the bank
Any North American bank
Domestic Network (e.g. EBICS, Zengin protocols)
Network to connect banks in
that country
Multiple banks or high volumes in a particular country (e.g. France,
Germany, Japan)
MT Concentrator “Borrow” yourvendor’s BIC
Low number of accounts per bank (e.g. 20 accounts at 10 banks)
SWIFT Alliance Lite2 Hosted by SWIFT Willingness to self-manage some of SWIFT connectivity AND Low payment volumes
SWIFT Service Bureau Managed by Service Bureau
Global, and medium to high volume transactions
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 9
How Do I Choose?
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 10
Bank Connectivity: Choosing Well
10
If done right…
• 100% of cash balances will be known
• All payments can be transmitted automatically w/out manual steps
• Solution will be cost-effective; you won’t have overpaid
• Complete bank independence and flexibility to grow/change banking relationships
• No IT Support will be required to maintain connectivity or changes in bank formats
Securing your bank connectivity
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 12
Fraud Prevention: What we thought about in 2015
Fraud
Detection
Payments
Access to
Treasury
Technology
Supplier
Account
Verification
Investments
& Trading
Bank
Account
Mgmt
Do I have visibility into every payment?
Are my controls consistent for every
bank, every region, every person?
Do I review my ACKs?
How many bids before a trade?
Can Settlement Instructions
be modified?
How many layers of
protection exist after
your password
Are there controls to prevent
unauthorized change to
supplier payment info?
Do I know my account signers?
Who can change them?
Does my bank have the same list?
Do I use payment watchlists?
Do I have a control center to
view all transactions and
modifications?
Fraud & Cybercrime in Treasury
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 13
Fraud Prevention: What we think about now
Fraud
Detection
Payments
Access to
Treasury
Technology
Supplier
Account
Verification
Investments
& Trading
Bank
Account
Mgmt
Do I have visibility into every payment?
Are my controls consistent for every
bank, every region, every person?
Do I review my ACKs?
How many bids before a trade?
Can Settlement Instructions
be modified?
How many layers of
protection exist after
your password
Are there controls to prevent
unauthorized change to
supplier payment info?
Do I know my account signers?
Who can change them?
Does my bank have the same list?
Do I use payment watchlists?
Do I have a control center to
view all transactions and
modifications?
Connectivity
Can connectivity be
compromised?
Fraud & Cybercrime in Treasury
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 14
Can my connectivity be compromised?
Yes, connectivity workflows can be hacked
Steps can be taken to minimize likelihood of attack
What we learned from Bangladesh Bank and similar hacks:
1) Separation of duties critical
2) UserID and Password insufficient
3) Preventing fraud is more than just protecting initiation/transmission
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 15
Securing access to the connectivity channel means:
1) If multiple systems used (e.g. TMS, ERP, SWIFT) then files must be encrypted when traveling in between systems
2) Implement good authentication protocols to ensure authorized access to any/all systems within the workflow
3) Where available, apply digital signatures (e.g. SWIFT 3SKey) to authenticate exported payment files
4) Ensure treasury’s choice aligns with your organization’s information security policies
Securing Bank Connectivity
In summary
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 17
Feature Description
Workflow Bank balances/transactions reporting -> Cash Position & AccountingPayments Dashboard & Approval workflowControl Center (to check files and workflow changes)
Security Application Security – e.g. multi-factor authentication, IP FilteringData Security – e.g. encryption at restPayment Authentication – e.g. Digital Signatures, Encryption keys
Connectivity Multiple choices to optimize cost!• SWIFT Concentrator (Shared BIC)• SWIFTNet – Alliance Lite2 and Service Bureau options• Regional protocols (e.g. EBICS, Zengin, Editran, etc.)• Host-to-host (e.g. FTP)
Format Transformation Automated format translation Bank format library(there are 1000s of formats, even for “standard formats”)
Bank Connectivity Checklist
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 18
Kyriba Connectivity fact sheet
Kyriba Qualcomm case study
Further reading
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 20
Thanks for attending
facebook.com/kyribacorp
twitter.com/kyribacorp
linkedin.com/company/kyriba-corporation
youtube.com/kyribacorp
slideshare.com/kyriba
kyriba.com/blog