cybercrime in treasury - how treasury departments can · pdf filegross margins slightly ahead...
Post on 15-Mar-2018
222 Views
Preview:
TRANSCRIPT
Royston Da Costa Group Assistant Treasurer
Treasury Systems and Development
Cybercrime in Treasury -
How Treasury Departments
can prepare
Contents
3
Cyber Fraud
Examples
Preventative Actions
Cyber Fraud
Response Conclusion
Ferguson Policies,
Processes and
Controls
4 4
My role and experience
• Over 25 years experience in Treasury including managing Treasury Operations
• I previously worked at Sky, Gillette, and Vivendi Universal
• I joined Wolseley in April 2002 as Group Assistant Treasurer and was responsible for managing the varied daily debt and cash requirements of a large international group.
• I am currently responsible for developing the Group’s Treasury Systems strategy
• Team of 6 in Treasury
• I am also responsible for supporting the Group on a number of Treasury related ad-hoc projects.
About Wolseley
5
Wolseley is the world’s largest trade
distributor of plumbing and heating
products and a leading supplier of
building materials.
In 85% of our markets, we are
No 1 or No 2
8,337 708 1,987 1,863 405 £m Revenue
£m Revenue
£m Revenue
£m Revenue
£m Revenue
As at 31 July 2015 £13,300m
£857m
28.0% £3,728m
Group revenue (10.1%) Trading profit (+11.4%)
Gross margin Gross profit
USA UK Nordic region Central Europe
Canada
Revenue Trading profit
Year
USA Profile
Key Brands
Leading distributor of plumbing and heating products in North America
Strong business model with large scale distribution centre network and national branch and showroom network
Strong financial performance achieving a record trading margin of 8.2%
Market outperformance in the year with market share gains achieved
Strong customer service and employee engagement scores
Thirteen bolt-on acquisitions completed in the year
5-year Performance £m
Revenue by Business Unit % of ongoing 2015 revenue
Blended Branches 62%
Waterworks 16%
HVAC 7%
Industrial 8%
Other 2%
6 All figures are for the ongoing business for the year ended 31 July 2015
2011 2012 2013 2014 2015
5,500 6,168
6,757 7,045
8,337
314 389 490 542
683
B2C 5%
UK Profile
Key Brands
UK portfolio focused on strongest businesses capable of market leadership
Continued focus on broadening the product range
Strong growth in the Utilities business
Two bolt-on acquisition completed in the year
5-year Performance £m
Plumbing and Heating 72%
Pipe and Climate Center 14%
Utilities (Burdens) 14%
7 All figures are for the ongoing business for the year ended 31 July 2015
Revenue Trading profit
Year
2011 2012 2013 2014 2015
1,651 1,667 1,769
1,853 1,987
88
93 95 96
90
Revenue by Business Unit % of ongoing 2015 revenue
Nordic Profile
The largest distributor of building materials in the Nordic region with number one market positions in Denmark and Sweden
Major business units maintained their market leading positions
One bolt-on acquisitions completed in the year
Key Brands
5-year Performance £m
Stark Denmark (building materials) 36%
Beijer Sweden (building materials) 23%
Stark Finland (building materials) 25%
Silvan Denmark (DIY) 9%
Neumann Norway (building materials) 7%
8 All figures are for the ongoing business for the year ended 31 July 2015
Revenue Trading profit
Year
2011 2012 2013 2014 2015
1,983 1,981 1,864 1,892 1,863
112 93 89 80 72
Revenue by Business Unit % of ongoing 2015 revenue
Canada Profile
Key Brands
A wholesale distributor of plumbing, heating, industrial and ventilation equipment
National distribution centre in Ontario and branches located in all 10 provinces across Canada
Held market share in tough markets
Gross margins slightly ahead of last year
5-year Performance £m
Blended Branches 76%
Waterworks 15%
Industrial 9%
9 All figures are for the ongoing business for the year ended 31 July 2015
Revenue Trading profit
Year
2011 2012 2013 2014 2015
811
850
814
736
708
39 49 48 43
34
Revenue by Business Unit % of ongoing 2015 revenue
2013
Central Europe Profile
Leading distributor of heating, plumbing and bathroom products in Switzerland
Strong performance in the Netherlands as markets improve
Tough market conditions
Tight cost control to protect profitability
Key Brands
5-year Performance £m
Switzerland 60%
Netherlands 40%
10 All figures are for the ongoing business for the year ended 31 July 2015
Revenue Trading profit
Year 2011 2012 2014 2015
438 428 424 426
27
405
31 27 26
21
Revenue by Business Unit % of ongoing 2015 revenue
Group Treasury Scope
De-centralised model
Treasury Specialists
locally
Shared Service Centres –
commercial payments
Group Treasury provide
advisory role
11
Cash Pool
overlay
FX traded
centrally
Regulatory reporting
centralised
Introduction
Definition of Cyber Fraud
= “the use of the internet to get money, goods, etc. from people
illegally by deceiving them” (Cambridge Dictionaries online).
“CEO email scam is wake-up call for boards”
(FT headline March 16, 2016)
Improve awareness
Review processes
Communication
13
Financial Losses
Level of loss determined mainly by:
How alert the victim is
Amount of money or material the victim
is responsible for
Time taken until the fraud is detected
Other factors:
Investigation and resolution of the incident interrupting or worse
preventing normal business operations
Training staff on new procedures
Negative reaction by some customers and business partners
14
15
Financial Losses Chart
Courtesy of Basware (this slide can be found in their full presentation at http://www.basware.co.uk/knowledge-center/financial-supply-chain-
masterclass-4)
Staff Morale
No one wants to be a victim of Fraud!
Try and avoid a witch hunt
Impact on the Team
Victim’s Health
Check the process
17
Common Cyber Fraud Risks and Scams
Phishing
Vishing
Spoofing
Invoice scam (part 1)
Invoice scam (part 2)
Cheque overpayment scam
Malware
Ransomware
Reputation attacks
E-Commerce
Internal Fraud
18
Preventative action: Treasury policy, processes, and
controls
Treasury policy
• Clear internal Treasury policy
Treasury processes
• Formalised and communicated to all personnel
• Have a robust Joiners, Movers and Leavers process
• Segregation of roles to require two or more people to complete a transaction
• Know Your Employees
• Create a culture that makes it easy to report suspicions of fraud
Treasury Controls
• Regular review of your processes throughout the group
• Implement checks that ensure your controls are being complied with – internal
and external
19
Preventative action: Password security
Educate your staff on password security
You should not use the same password on different external sites
You should not use your internal password on external sites.
They should be familiar with the password policy
Remember to treat your password(s) like underwear i.e.
Change them often
Do not leave them where other people can see them
Do not lend them to others
20
Preventative action: Specialist advice, communication,
external banks
Specialist Advice
• Keep updated and subscribe
• Contact your local IT support team
• Refer to the Get Safe Online team
Communication
• Do not neglect communications and interactions with your banks and third
parties
• Scams generally rely on the lack of communication between parties e.g.
banks will never telephone you and request your user id and password
External Banks
• Check with all your banks that the processes they apply meet your Company’s
requirements e.g. France
21
Preventative action: IT Systems
• Ensure that you plan for the possibility of a Cyber Fraud incident
• Understand your Data Backup and Disaster Recovery plans in place
• Have a Business Continuity plan that documents how business as
usual will look like
22
Preventative action: Insurance Cost
• Safe guard shareholder value
• Identify how big a risk this is for your company
• Identify the top risks to your company and insure against them
• Some examples of the top risks are:
Loss, damage or distortion of own data
Forensic costs
Technical support to restore systems & data
• Be transparent with your Insurers
• Make sure the process between your insurer and their underwriter is fully understood
• Ensure you cover not only the consequences of a risk event, but also the causes
• Educate your colleagues on what’s covered in the insurance policy
• This is not just to protect financial risk but also to protect against reputational risk
• This is best practice for most companies today
• Have a crisis plan in place
• Ensure you are up to date with the latest regulation and legal Acts
23
Preventative action: Crisis Response Plan
• Have a crisis response plan
• Should include scenarios for different types of events
• Define who is responsible for each step of the plan
• An effective crisis response plan
• The Treasury team should have representation on a crisis team
24
Response to Cyber Fraud
• Notify the Company Crisis Team immediately
• Recognise that fraud is being perpetrated and intervene quickly
• Contact your local IT support team immediately
• Be alert
• Let the Crisis Team handle all communications to the public,
customers, employees, and business partners
25
Conclusion
• This is not a definitive guide to Cyber Fraud as (a) I am not an IT expert and (b) there are
IT experts that are much better qualified than I am on this subject
• Highlight the areas in Treasury that I am aware have been the target of various scams
• Increase awareness amongst treasury colleagues and peers
• Conduct a full review of your key treasury processes including payments
• Technology is the main vehicle for Cyber Fraud!
• Technology also plays a key role in combating Cyber Fraud!
• The weakest link and strongest asset is you!
• Contributors:
• Lloyds Bank (https://www.lloydsbank.com/business/security.asp),
• Get Safe Online (https://www.getsafeonline.org/), Action Fraud, Wolseley IT
26
top related