© nyse blue. all rights reserved. nyse blue security concerns for offset registries july 26, 2011
TRANSCRIPT
© NYSE Blue. All Rights Reserved.
NYSE Blue Security Concerns for Offset Registries
July 26, 2011
Security Framework for an Offset Program
Registry Technology
Know Your Client Procedures
Program Legal & Operational Rules
Training on User Best Practices
Registry Technology
Encrypted connection (HTTPS)
Disable user ID upon 3 incorrect logins
Ongoing vulnerability testing for registry
Later this year, introduction of two-factor authentication
Know Your Client Procedures
Identify clients and ascertain relevant information about their businesses
• Request copies of documents confirming identity of legal entity organization documents, memorandum of incorporation, bank accounts, utility bills
• Become familiar with the principals and ask for identification documents such as drivers license, passports, and birth certificates
• Review marketing materials and business plan
Perform OFAC / AML checks to ensure entities not found on Terrorist Watch lists.
Monitor activity to ensure it matches the company profile
Program Legal & Operational Rules
• Omnibus accounts– Only a regulated entity can maintain an omnibus account (and these regulated
entities must show proof of proper KYC procedures)– Certain unregulated entities can be given the ability to maintain omnibus
accounts
• Retirement of credits in omnibus accounts– Retirement of greater than 99 credits on behalf of a client must be done in an
specific client sub-account– Retirement of greater than 99k credits on behalf of a client must be made public
Registry User Best Practices
Use latest anti-virus protection programs
Update contact information for users/logins to their account
Users should not access The Reserve from public locations where others could capture their confidential information.
Diligent monitoring of account activity
Perform weekly/monthly account reviews to ensure data is correct
Users should pay close attention to the registry notifications for transfer confirmations.