Скачать презентацию Key Trends in Treasury Management Matt Ribbens CTP Скачать презентацию Key Trends in Treasury Management Matt Ribbens CTP

5191e6f4fb187bbf2ae7cadffdc83bf6.ppt

  • Количество слайдов: 32

Key Trends in Treasury Management Matt Ribbens, CTP Mc. Kinsey & Company, Global Concepts Key Trends in Treasury Management Matt Ribbens, CTP Mc. Kinsey & Company, Global Concepts Office September 23, 2010 CONFIDENTIAL AND PROPRIETARY Any use of this material without specific permission of Mc. Kinsey & Company is strictly prohibited

GCI-AAA 123 -20100303 -MHR 2010 The US payments landscape ▪ Working Draft - Last GCI-AAA 123 -20100303 -MHR 2010 The US payments landscape ▪ Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ Key trends in treasury management Printed 7/21/2010 9: 41: 25 AM Mc. Kinsey & Company | 1

GCI-AAA 123 -20100303 -MHR 2010 Commercial DDA revenue accounts for 12% of total industry GCI-AAA 123 -20100303 -MHR 2010 Commercial DDA revenue accounts for 12% of total industry revenues US payments industry revenues: 2008 1 100% = $277 billion Commercial DDA ▪ ▪ ▪ 12% $33 16% of industry profits $18 billion in cash management fee-equivalent income $10 billion in NII Top 5 cash management banks 2 Money services - Bank of America Merchant acquiring Printed 7/21/2010 9: 41: 25 AM Commercial creditcard issuing ▪ 12% of industry revenues Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Consumer creditcard issuing Consumer DDA Quick facts - Citigroup - JPMorgan Chase - Wells Fargo/Wachovia Other - Bank of New York Mellon 1 Cash management services are counted on a fee-equivalent basis; ECR expense has therefore been backed out of NII 2 2008; in alphabetical order; based upon an analysis of ACH and wire origination and lockbox volumes SOURCE: Mc. Kinsey US Payments Map, 2008 -2013, release Q 4 -09 Mc. Kinsey & Company | 2

GCI-AAA 123 -20100303 -MHR 2010 The distribution of transactions and dollar flows are very GCI-AAA 123 -20100303 -MHR 2010 The distribution of transactions and dollar flows are very different; most transactions are cash, but most spending is by check and ACH 2008 dollar flows $96, 865 billion 84% C 2 B 139 Cash B 2 B $2, 355 Debit Card 72% Working Draft - Last Modified 9/22/2010 9: 48: 09 PM 2008 transactions 248 billion 1 $1, 277 $40, 533 Check 2 $2, 116 $36, 089 ACH Other 3 Printed 7/21/2010 9: 41: 25 AM Credit Card $14, 496 1 Our model excludes the vast majority of wire transfer dollars in an effort to approximate customer payments activity rather than financial institution settlement transactions (e. g. , broker-dealer settlement). Flows through Fedwire alone ($518. 5 trillion in 2005) are more than seven times greater than all other instruments combined. 2 Reflects checks paid, not checks written. Checks converted to ACH are counted in ACH. This convention is used throughout 3 Includes wire transfer, book entry transfer, and electronic money transfer (EMT) via Money. Gram, Western Union, etc. SOURCE: Mc. Kinsey US Payments Map, 2008 -2013, release Q 4 -09 Mc. Kinsey & Company | 3

GCI-AAA 123 -20100303 -MHR 2010 Contents The US payments landscape ▪ Working Draft - GCI-AAA 123 -20100303 -MHR 2010 Contents The US payments landscape ▪ Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ Key trends in treasury management Printed 7/21/2010 9: 41: 25 AM – Growth is slow (but returning) – Banks are refocusing on client experience – Security/Fraud Prevention is paramount Mc. Kinsey & Company | 4

GCI-AAA 123 -20100303 -MHR 2010 Mixed signals about the economy continues to create uncertainty GCI-AAA 123 -20100303 -MHR 2010 Mixed signals about the economy continues to create uncertainty for both corporates and bankers News from the same week… Printed 7/21/2010 9: 41: 25 AM SOURCE: Digital. Transactions Newsletter, CNN, Sept 20, 2010. Working Draft - Last Modified 9/22/2010 9: 48: 09 PM $1. 84 Trillion in Cash: A Rational Response to Challenging Economic Circumstances CHICAGO--(BUSINESS WIRE)-The Federal Reserve today reported corporate cash is still hovering at record high levels of $1. 84 trillion – almost identical to last quarter. However, cash remains 29% higher than it was just 18 months ago. Mc. Kinsey & Company | 5

GCI-AAA 123 -20100303 -MHR 2010 As with corporates and banks, the biggest challenge continues GCI-AAA 123 -20100303 -MHR 2010 As with corporates and banks, the biggest challenge continues to be topline revenue growth Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Printed 7/21/2010 9: 41: 25 AM SOURCE: Mc. Kinsey Quarterly Economic Conditions Snapshot, September 2010, BEA, 2010. Mc. Kinsey & Company | 6

GCI-AAA 123 -20100303 -MHR 2010 Commercial customers are focused on safety of principal and GCI-AAA 123 -20100303 -MHR 2010 Commercial customers are focused on safety of principal and the need for liquidity to fund operations Most important cash investment policy objective Percentage of organizations prioritizing each Profile of organizations’ short-term investments Percentage of total invested in each product 37. 2 +37% 27. 1 Safety of principal 61% +384% 2007 2009 Return 2 2007 0 2008 2009 “It was all about saftey and liquidity this past year. Those investment vehicles that were perceived as safe and liquid were not as safe and liquid as we thought”- Assistant Treasurer of a manufacturing and distribution corporation 2007 2009 Money Bank market deposits mutual funds Printed 7/21/2010 9: 41: 25 AM Liquidity 2007 2009 Treasury bills “. . if you want to go for ultimate security you go for treasuries…. (t)hey have virtually no return but you are not trying to get that last basis point of interest. ”- VP Global Treasurer of a major retailer SOURCE: AFP Liquidity Surveys, 2007, 2008 and 2009; AFP Exchange, November 2009 Mc. Kinsey & Company Working Draft - Last Modified 9/22/2010 9: 48: 09 PM +3% 30. 9 31. 8 | 7

GCI-AAA 123 -20100303 -MHR 2010 Cash management has weathered the banking crisis well and GCI-AAA 123 -20100303 -MHR 2010 Cash management has weathered the banking crisis well and is poised for ESTIMATES several years of steady growth Commercial card (fees) Cash management fees Commercial card (NII) Commercial DDA (NII) CAGR (’ 10 -’ 14) Percent US cash management revenue 1 $ Billions 75 70 65 59 16 15 16 60 19 17 3 4 3 22 8. 3 3 -7 ` 21 3 Printed 7/21/2010 9: 41: 25 AM 2 56 58 Working Draft - Last Modified 9/22/2010 9: 48: 09 PM +7% p. a. 3. 1 12. 4 2008 2009 2010 F 2011 F 2012 F 2013 F 2014 F 1 Cash management includes all commercial payment and DDA revenues for large corporate, mid-market, SME and public sector entities. Does not include private label cards and excludes merchant services SOURCE: Mc. Kinsey US Payments Map, 2009 -2014, Q 2 -10 Release Mc. Kinsey & Company | 8

GCI-AAA 123 -20100303 -MHR 2010 Commercial use of ACH has increased steadily over the GCI-AAA 123 -20100303 -MHR 2010 Commercial use of ACH has increased steadily over the past five years, and US firms plan to continue increasing their use of ACH’s share of Bus/Gov payments Percent US firms’ plans to adopt ACH credit use CAGR, 2008 -10 Working Draft - Last Modified 9/22/2010 9: 48: 09 PM 45% $ flows 40 Payroll 6% 35 transactions 25 0 2005 2% Printed 7/21/2010 9: 41: 25 AM Tax Payments 30 B 2 B Payments 06 07 08 12% 09 SOURCE: Mc. Kinsey US Payments Map, 2008 -13 Scenario 2, release Q 4 -09; Mc. Kinsey 2008 Corporate Treasury Needs Study Mc. Kinsey & Company | 9

GCI-AAA 123 -20100303 -MHR 2010 Commercial card use declined significantly during the recession, but GCI-AAA 123 -20100303 -MHR 2010 Commercial card use declined significantly during the recession, but growth will return in 2010 and beyond Commercial card spend Billions USD Commercial spending slows: Share growth in commercial card spending has been insufficient to offset broad slowdown in B 2 B spending; commercial card spending dropped 10% 2008 -09. ▪ T&E expenses evaporate: Easy targets for cost reductions travel budgets were slashed during the recession, dramatically reducing commercial card spend. 800 600 400 2003 04 05 06 07 08 09 10 11 12 2013 Future outlook Post-recession, commercial spending and access to credit will improve. Cards will continue to displace spend from other instruments. We forecast double-digit growth in commercial card spend 2010 -13. SOURCE: Mc. Kinsey US Payments Map, 2008 -13 Scenario 2, release Q 4 -09; Nilson; Team analysis Mc. Kinsey & Company | 10 Printed 7/21/2010 9: 41: 25 AM ▪ $* Working Draft - Last Modified 9/22/2010 9: 48: 09 PM 2008 -10: Commercial card trends

GCI-AAA 123 -20100303 -MHR 2010 Commercial card solutions are moving up the AP spectrum GCI-AAA 123 -20100303 -MHR 2010 Commercial card solutions are moving up the AP spectrum to become more easily leveraged by companies for B 2 B payments Straight Through Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Card Payments Traditional SPEND PER SUPPLIER Ghost Card Programs Printed 7/21/2010 9: 41: 25 AM TRANSACTION SIZE & AP Automation PCard Programs TRANSACTION FREQUENCY SOURCE: Global Concepts Cash Management Forum, 2010. Mc. Kinsey & Company | 11

GCI-AAA 123 -20100303 -MHR 2010 In March, Global Concepts found that a majority of GCI-AAA 123 -20100303 -MHR 2010 In March, Global Concepts found that a majority of bankers thought that Reg Q repeal was unlikely to happen in 2010 The reforming of a rule that does not allow banks to pay interest on commercial checking accounts does not seem to have much chance of being repealed in 2010; however, more banks see the liklihood “creeping up” in 2011. How likely do think it will be that Reg Q will be repealed in 2011? Responses Working Draft - Last Modified 9/22/2010 9: 48: 09 PM How likely do think it will be that Reg Q will be repealed in 2010? Responses Printed 7/21/2010 9: 41: 25 AM 1 Won’t Happen 2 3 4 5 7 1 Will Happen Won’t Happen 6 SOURCE: Cash Management Forum Research, March 2010. 2 3 4 5 6 7 Will Happen Mc. Kinsey & Company | 12

GCI-AAA 123 -20100303 -MHR 2010 In July, the passage of the financial reform included GCI-AAA 123 -20100303 -MHR 2010 In July, the passage of the financial reform included the repeal of Reg Q which will impact corporate investment policies and commercial DDAs The Dodd-Frank Wall Street Reform and Consumer Protection Act Key Provisions affecting cash management: ▪ ▪ TITLE III—TRANSFER OF POWERS TO THE COMPTROLLER OF THE CURRENCY, THE CORPORATION, AND THE BOARD OF GOVERNORS SEC. 335. PERMANENT INCREASE IN DEPOSIT AND SHARE INSURANCE. – Permanently increases coverage on demand deposit accounts to $250 K Printed 7/21/2010 9: 41: 25 AM ▪ Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ TITLE VI—IMPROVEMENTS TO REGULATION OF BANK AND SAVINGS ASSOCIATION HOLDING COMPANIES AND DEPOSITORY INSTITUTIONS SEC. 627. INTEREST-BEARING TRANSACTION ACCOUNTS AUTHORIZED. – Interest can now be paid on commercial DDA accounts (fully repealing Reg Q) SOURCE: Mc. Kinsey/Global Concepts, 2010. Mc. Kinsey & Company | 13

GCI-AAA 123 -20100303 -MHR 2010 Due to a long-standing and now repealed prohibition on GCI-AAA 123 -20100303 -MHR 2010 Due to a long-standing and now repealed prohibition on DDA interest, the US commercial DDA market has evolved differently than others History & impact of Regulation Q Unlike most other countries, the US does not allow interest payments on commercial demand deposits ▪ The payment of interest is forbidden by the Federal Reserve’s Regulation Q, enacted in 1933 ▪ However the Dodd act will enable banks to pay interest for commercial deposits ▪ Commercial DDA revenue by source % of total; 2008 Due to not paying interest on demand deposits: Fees Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ NII 100% Printed 7/21/2010 9: 41: 25 AM – The opportunity cost of keeping excess cash in deposits is relatively high and corporate liquidity has been more likely to leave the US banking sector for secondary markets USA – US banks developed a complex suite of cash management products and account types designed reduce the funds held in DDAs (e. g. , sweeps, ZBAs, Repo’s) Canada EU Asia/P acific Due in part to Reg. Q, US banks have tended to derive more revenue from fee income as corporate customers sweep balances into money markets and higher yielding time deposits SOURCE: Mc. Kinsey US Payments Map, Mc. Kinsey Global Payments Map, Global Concepts Mc. Kinsey & Company | 14

GCI-AAA 123 -20100303 -MHR 2010 The repeal of Reg Q will lead to three GCI-AAA 123 -20100303 -MHR 2010 The repeal of Reg Q will lead to three potential different scenarios based on the strength of the economic recovery Most likely scenarios in next 24 months More likely scenarios in 2012 and later Moderate SME shift – attacker funding demand remains moderate; incumbents willing to bleed off deposits vs. raising rates Low Demand for funds Deposit boom – strong economic recovery; wholesale funding markets fail to rebound driving strong competition for deposit funding DDA innovation – expanding credit demand drives broader competition for DDA pool beyond small business; funding keeps pace with demand, moderating interest rates Status quo – commercial banks w/ deposits stockpiles; low demand for credit and risk averse lenders Low Moderate High With moderate recovery, the large un-deployed funding base among deposit rich institutions should meet credit demand; deposit rich banks are likely to bleed off excess deposits rather than raise interest rates in response to attackers. ▪ Strong economic recovery and growth in credit demand will increase demand for funding; if wholesale funding markets fail to rebound, strong demand for funding could push deposit interest rates up. ▪ SME shift is less contingent the state of capital markets and could happen with only a moderate recovery. ▪ DDA innovation and Deposit boom scenarios are both contingent upon the external environment and speed of recovery in capital markets. Printed 7/21/2010 9: 41: 25 AM ▪ Working Draft - Last Modified 9/22/2010 9: 48: 09 PM High Industry’s relative supply / demand for funding Supply of funds SOURCE: Mc. Kinsey Global Concepts Mc. Kinsey & Company | 15

GCI-AAA 123 -20100303 -MHR 2010 In July, the majority of bankers polled anticipate paying GCI-AAA 123 -20100303 -MHR 2010 In July, the majority of bankers polled anticipate paying DDA interest due to the repeal of Reg Q but are uncertain of the post regulatory product mix Do you anticipate paying interest on demand deposit accounts for business customers? What will be your default commercial DDA offering? % of responses Hybrid (ECR & Interest) No Undecided 4 Interest-only DDA Undecided Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Traditional DDA w/ ECR 11 0 41 33 Yes Existing customers New customers % of responses Printed 7/21/2010 9: 41: 25 AM How do you plan to value deposit balances on interest bearing demand deposit accounts? Do you plan to offer all three account types? % of responses No Traditional Methods 8 TBD Yes SOURCE: Cash Management Forum Research, July 2010. Mc. Kinsey & Company | 16

GCI-AAA 123 -20100303 -MHR 2010 Other regulations will also impact banks (as well as GCI-AAA 123 -20100303 -MHR 2010 Other regulations will also impact banks (as well as corporates) FDIC Insurance 2 a-7 Money Fund Change ▪ Proposal to increase capital requirements for counterparty credit risk ▪ ▪ ▪ Internal models to calculate counterparty credit risk (CCR) exposures do not take into account sufficiently the potential volatility and illiquidity of markets Unlimited insurance (TAG) on non-interest bearing transaction accounts MMF must disclose the shadow net asset value (NAV) --basically mark-to -market value--of the fund ▪ Permanent coverage of $250 K for all accounts ▪ ▪ Assessments of FDIC premiums will be assessed more heavily based on Assets. Potential headline risk for a fund even after 60 days when the shadow NAV is released Affects ▪ Regulated banks, brokers/dealers, and insurance companies with assets of at least $25 B Value of commercial deposits much higher in terms of stability than other sources of market funding SOURCE: Mc. Kinsey Global Concepts Affects ▪ Operational costs of banks for gathering deposits ▪ MMF Funds and corporate investment policies ▪ Banks are able to pass along a portion of fees assessed by the FDIC for insurance (typically through account analysis) ▪ Releasing the shadow NAV on a 60 day lag basis willhave an impact on organizations investment decisions Mc. Kinsey & Company Printed 7/21/2010 9: 41: 25 AM ▪ Affects Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Basel III | 17

GCI-AAA 123 -20100303 -MHR 2010 Contents The US payments landscape ▪ Working Draft - GCI-AAA 123 -20100303 -MHR 2010 Contents The US payments landscape ▪ Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ Key trends in treasury management Printed 7/21/2010 9: 41: 25 AM – Growth is slow (but returning) – Banks are refocusing on client experience – Security/Fraud Prevention is paramount Mc. Kinsey & Company | 18

GCI-AAA 123 -20100303 -MHR 2010 The most highly demanded product improvements for all market GCI-AAA 123 -20100303 -MHR 2010 The most highly demanded product improvements for all market segments are related to online delivery systems In which of the following areas would you value improvements the most? % responding high or very high Overall Breakdown by revenue segments Online access Bottom 50% areas $25– 100 m $100 -500 m 84 90 87 Reporting capabilities 86 82 88 89 Intuitive, easy to use products and services 84 84 86 84 System availability and reliability 84 83 86 82 Data integration and ability to interact with your systems 76 74 80 75 Receivables 64 57 65 71 Liquidity and Concentration 60 49 67 67 Payables 58 53 62 60 International and F/X 41 30 42 51 Providers need to be aware of: ▪ The difference between must-haves vs. nice-tofeatures ▪ How this varies by targeted segment ▪ How to prioritize investments Mc. Kinsey & Company | 19 Printed 7/21/2010 9: 41: 25 AM 86 SOURCE: Mc. Kinsey Cash Management Survey Second 25% areas Working Draft - Last Modified 9/22/2010 9: 48: 09 PM $5– 25 m Top 25% areas

GCI-AAA 123 -20100303 -MHR 2010 Improving the onboarding/account maintenance process with self-service and more GCI-AAA 123 -20100303 -MHR 2010 Improving the onboarding/account maintenance process with self-service and more recently e. BAM Today Paper Account management is slow and inefficient Fax Corporates are demanding a better service • Corporates are demanding service level agreements (SLAs) for account management activities. Already 57% of corporates have negotiated such SLAs Working Draft - Last Modified 9/22/2010 9: 48: 09 PM • Can take several weeks, sometimes months, depending on the number of banks, legal entities, branches & countries in the process • Slow • Low integration • Expensive • Low satisfaction • Expecting on-demand & in real-time information Tomorrow Printed 7/21/2010 9: 41: 25 AM e. BAM automation and standardization is challenging • Banks typically require the same types of information, however notification forms, data requirements & formats all differ from bank to bank. • 60% of corporate respondents : “legal differences and lack of standardization are the biggest challenges in streamlining the processes around bank account management” Internet Bank Portal ISO Std. XML messages & Supporting documents • Security/Digital Signing • Efficient Workflows Corporates will benefit, but banks will also see a ROI SOURCE: Cash Management Forum (Identrust & Bank of America), 2010. • Automate/STP • Visibility & Control Mc. Kinsey & Company | 20

GCI-AAA 123 -20100303 -MHR 2010 By the end of 2012, most banks intend to GCI-AAA 123 -20100303 -MHR 2010 By the end of 2012, most banks intend to adopt new electronic products and channels Products Banks “Plan” to Adopt by 2012 Profiled Banks 60% Mobile Phone Payment Initiation/Approval 60% Web-based Cash Forecasting 53% Payables Automation/Integrated Payables 50% Invoice Origination from online banking Positive Pay with Payee Line Detail Remote Currency Management Solution SOURCE: Mc. Kinsey/Global Concepts, 2010 Cash Management Forum TM Study. 38% Printed 7/21/2010 9: 41: 25 AM Healthcare Lockbox Services/EOB administration 47% 33% 32% Mc. Kinsey & Company Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Mobile Phone Banking | 21

GCI-AAA 123 -20100303 -MHR 2010 Corporate treasurers are showing a great interest in same-day GCI-AAA 123 -20100303 -MHR 2010 Corporate treasurers are showing a great interest in same-day ACH (debit origination), with over 2 x the demand growth of any other product Adoption timeline: Top 5 growth products: All firms % of firms adopting in next 24 months 13 -24 Months 82% 54 ACH - converted checks 53 47 Mobile - Approve payments 46 54 24 Remote deposit 47 53 24 28 83 17 66 ACH - same-day debit Purchase to pay automation 57 43 28 Web cash forecasting ACH - converted checks 53 47 27 Mobile - View balances Remote deposit 51 49 26 Mobile - Approve payments ACH debit filters 55 45 25 Mobile alerts SOURCE: Global Concepts Corporate Treasury Needs 2010 82 52 36 54 45 48 64 46 55 18 Printed 7/21/2010 9: 41: 25 AM Top 5 growth products: $500 MM - 1. 5 B % of firms adopting in next 24 months Top 5 growth products: $100 - 499 MM % of firms adopting in next 24 months; ACH - same-day debit $500 MM - 1. 5 B: “Next generation” treasury products dominate, including web cash forecasting and a variety of mobile services 66 24 46 $100 - 499 MM: In addition to same-day ACH debit, payables and receivables electronification products comprise the top-5 Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Purchase to pay automation 18 ▪ ▪ 0 -12 Months ACH - same-day debit Top-5 products differ by size segment: 62 35 34 33 29 Mc. Kinsey & Company | 22

GCI-AAA 123 -20100303 -MHR 2010 Contents The US payments landscape ▪ Working Draft - GCI-AAA 123 -20100303 -MHR 2010 Contents The US payments landscape ▪ Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ Key trends in treasury management Printed 7/21/2010 9: 41: 25 AM – Growth is slow (but returning) – Banks are refocusing on client experience – Security/Fraud Prevention is paramount Mc. Kinsey & Company | 23

GCI-AAA 123 -20100303 -MHR 2010 A multiplicity of threats requires a comprehensive approach to GCI-AAA 123 -20100303 -MHR 2010 A multiplicity of threats requires a comprehensive approach to risk management Mc. Kinsey & Company Printed 7/21/2010 9: 41: 25 AM SOURCE: Global Concepts analysis Working Draft - Last Modified 9/22/2010 9: 48: 09 PM ▪ Online fraud – Phishing, spear phishing and malware – Account takeover – Man in the middle attacks ▪ Check fraud – Check alteration – Hybrid attacks – The positive pay imperative ▪ Multi-channel risk – Remote deposit, ACH origination, wire and merchant limits – AML/OFAC screening | 24

GCI-AAA 123 -20100303 -MHR 2010 Spear Phising Attack: BBB Working Draft - Last Modified GCI-AAA 123 -20100303 -MHR 2010 Spear Phising Attack: BBB Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Printed 7/21/2010 9: 41: 25 AM SOURCE: Global Concepts, Cash Management Forum 2010. Mc. Kinsey & Company | 25

GCI-AAA 123 -20100303 -MHR 2010 Spear Phishing and Money Mules 1. Fraudsters target and GCI-AAA 123 -20100303 -MHR 2010 Spear Phishing and Money Mules 1. Fraudsters target and research your bank, your banking platform and your customers (FDIC, IRS, Bank emails) Printed 7/21/2010 9: 41: 25 AM • Look for peak balance • Evaluate account privileges • Account processes Customer 3 Infected email Se hi ssi ja on ck in g 4. Account Reconnaissance Customer Account 6. Mules instantly wire money out Keystroke logging ote Customer 2 Rem ss e acc Customer 1 Banking Platform 3. Account Access – Defeat Strong Authentication Have your credentials Can use customer machine/sessions 5. ACH Batch Multiple <$10 K payments to many mules across multiple financial institutions Mule banks SOURCE: Global Concepts, Cash Management Forum 2010. Mc. Kinsey & Company Working Draft - Last Modified 9/22/2010 9: 48: 09 PM 2. Spear Phishing Attacks to executives | 26

GCI-AAA 123 -20100303 -MHR 2010 FBI, NACHA, FS-ISAC recommendations to prevent online fraud for GCI-AAA 123 -20100303 -MHR 2010 FBI, NACHA, FS-ISAC recommendations to prevent online fraud for corporate users § Initiate ACH and wire transfer payments under dual control activities from a dedicated, stand-alone, and completely locked down computer system from where email and web browsing are not possible. § Limiting administrative rights on users’ workstations to prevent inadvertent downloading of malware Printed 7/21/2010 9: 41: 25 AM § Reconcile all banking transactions on a daily basis. § Financial institutions should also implement an awareness communications program to advise customers of current threats and fraud activities SOURCE: Global Concepts, Cash Management Forum 2010. Mc. Kinsey & Company Working Draft - Last Modified 9/22/2010 9: 48: 09 PM § Online commercial banking customers execute all online banking | 27

GCI-AAA 123 -20100303 -MHR 2010 FBI, NACHA, FS-ISAC recommendations to prevent online fraud for GCI-AAA 123 -20100303 -MHR 2010 FBI, NACHA, FS-ISAC recommendations to prevent online fraud for financial institutions § FIs implement appropriate fraud detection and mitigation best practices including particularly transaction risk profiling. systems in concert with fraud detection systems. § Such OOB solutions many include manual client callback or automated Working Draft - Last Modified 9/22/2010 9: 48: 09 PM § FIs consider using manual or automated Out-Of-Band authentication solutions SMS text messaging, Interactive Voice Response system callback to a known phone number with a PIN code and similar solutions. Printed 7/21/2010 9: 41: 25 AM SOURCE: Global Concepts, Cash Management Forum 2010. Mc. Kinsey & Company | 28

GCI-AAA 123 -20100303 -MHR 2010 Transaction Risk Monitoring Predictive Behavioral Analysis for Each Account GCI-AAA 123 -20100303 -MHR 2010 Transaction Risk Monitoring Predictive Behavioral Analysis for Each Account • Learns unique behavior of each individual • Raises alert when something unusual for that individual occurs Fast and Intelligent Forensics • Detailed behavioral history • Fraud matching across accounts Printed 7/21/2010 9: 41: 25 AM Low maintenance • No rules • No change to client experience • Don’t need to know fraud patterns SOURCE: Global Concepts, Cash Management Forum 2009. Mc. Kinsey & Company Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Maximum detection, minimal alerts • Only get alerts when risk factors combine to create high risk score • Looking at all attributes and activities – catch account reconnaissance | 29

GCI-AAA 123 -20100303 -MHR 2010 Out of Band Authentication An Out of Band, Multi-Factor GCI-AAA 123 -20100303 -MHR 2010 Out of Band Authentication An Out of Band, Multi-Factor form of authentication that allows you to use your office, home or cell phone as the second factor of authentication. When accessing on-line banking business customers receive a phone call asking the user to enter a security code or PIN into the phone that is displayed on the computer screen. Entering a code into the phone makes OOBA a completely out of band authentication § Provides strong two-key authentication by requiring the use of two different networks to gain access; Internet & phone § Companies don’t have to spend time coordinating the issuing, mailing, and servicing a token or device § Instant attack detection § If account is comprised access can be immediately blocked and notify banks security department SOURCE: Global Concepts, Cash Management Forum 2010. Mc. Kinsey & Company Printed 7/21/2010 9: 41: 25 AM § Working Draft - Last Modified 9/22/2010 9: 48: 09 PM § | 30

GCI-AAA 123 -20100303 -MHR 2010 Questions Working Draft - Last Modified 9/22/2010 9: 48: GCI-AAA 123 -20100303 -MHR 2010 Questions Working Draft - Last Modified 9/22/2010 9: 48: 09 PM Matt Ribbens, CTP Expert +1 (678) 221 -2339 [email protected] Kinsey. com Printed 7/21/2010 9: 41: 25 AM Mc. Kinsey & Company | 31