Faced with increasing security concerns and risks of internal fraud, corporates and banks are looking for ways to extend controls on their banking communications.
SWIFT has released a paper that looks at how banks are responding to such needs with advanced user identity and mandate management services, traditionally limited to their online banking channels, now also available on their direct connectivity channels.
SWIFT consulted with the community on today’s practices in implementing effective controls with banking channels to further reduce the risk of fraud and to keep record of the authorised corporate signatories and their entitlements.
Today there are significant variances with individual authorisations between online web banking services and the direct file channels. Additionally, the use of a physical authentication device is standard market practice for strong user access management on all online banking communications. In many markets, strong authentication is essential to meet new regulatory recommendations.
“We wanted our banks to identify who is signing the file and who is signing the payment. We consider this is a responsibility for the banks,” said John Colleemallay, senior director – group treasury & financing, Dassault Systemes. In response to customer demand, banks are adding functionality and controls to enhance and differentiate their services. “Corporate customers can now monitor user entitlements online by using HSBCnet. We can check any amount against these user entitlements on any type of connectivity,” added, Charles Dubarry, head of global direct channels and integration, HSBC.
The information paper identifies how banks offer identity and mandate management services on a scale of five levels of practice starting with authentication at entity level and moving towards authentication at individual level. Advanced mandate management services also include the verification of entitlements and thresholds of signatories and the centralisation of account and entitlement management via eBAM.