Beruflich Dokumente
Kultur Dokumente
Risk Description Risk resulting from Agents low number of staff and/or lack of knowledge on the Bank's products and standards required to provide service at an acceptable level.
Credit/Financial Agent unable to honor Risk of loss resulting from agent being unable to re-fund obligations to the bank his/her overdrawn account.
Operational
Inadequate physical Risk of loss resulting from robbery and/or inadequate or no security and/or insurance insurance covers by the agents. covers.
Operational
Agent may not have all or some of the equipments that are crucial to running bank Agency activities
Operational
Agent may not have all or some of the equipments that are crucial to running bank Agency activities
Operational
Dishonest staff at the Agent may allocate dishonest staff to perform banking Agent. services and/or Agent may not have required capacity to timely identify fraudulent transaction/activies.
Operational
Operational 7
Point of sale devices may be used to commit fraudulent transactions i.e. may be connected to the Bank's network before Agent's signing off receipt or Bank have not signed off receipt of malfunctioning POS from the Agent.
Operational
Abuse of Data
Agents may abuse the Bank's data or defraud the Bank if they can have full access to the computer system/network.
Compliance 9
Claims/penalty/Law suits Customer suing the bank due to Agents violation of duty of secrecy
Compliance
with Agent may not comply with KYC requirements for AML.
10
Operational
Inadequate accounting, Risk of loss resulting from inadequate accounting, Reconciliation and wrong reconciliation and cards being delivered to wrong recipient and delivery of Bank cards same used to defraud the Bank.
11
Operational
Channel failure
Loss of reputation resulting from frequent system failures and/or slowness as a result of increase in traffic caused by multiple people accessing the Bank's network at time and/or increase in transactions.
12
Operational 13
Agent/CRDB Link
Data, as it travels between the two points, is subject to illegal tapping (unauthorized access).
Operational 14
Agent/CRDB Link
Data is subject to interception in which data maybe diverted away and unwanted data injected into the stream.
Operational 15
Agent/CRDB Link
It is also possible to spoof source addresses and cause denial of service attacks.
Operational 15
Agent/CRDB Link
It is also possible to spoof source addresses and cause denial of service attacks.
16 Operational
Difficult to identify macro level problems, and failure to have Absence of Central bank reference guide in case of disputes with the Agents or regulation customers
Risk impact Reputation loss Financial losses due to errors/ Data entry errors Customer complains and claims due to delays
Priority
High
Mitigation Owner > Contract to specify Minimum level of manpower needed, skills, and financial ability of the Agent. DCA > Bank to impart product and DRB process knowledge to agent's staff DMRCS through training and other written materials describing the bank's product features and or benefits. > Agents to trade on their own funds and Bank to implement a system driven control to restrict agent accounts to allow any debit transaction when the account balance reaches TZS 100K or preset credit threshold. This to be captured in the contract as well.
High
> Debit limit to be set for those agents qualifying for credit facilities after conducting an end to end review of the Agent's business by Credit Department, Debit limits shall be supported by adequate collaterals. Interest rate on ODs to be negotiated depending on the market. > Bank to prescribe minimum Agent selection and business granting criteria on which location and security to be one of the aspects to be considered. > Contract to clearly indicate the requirement for the Agent to insure his/her business and Bank to monitor cash levels at the agent (monitoring approach to be both offsite and onsite).
DRB DF DC
High
DRB
> Bank/Contract to specify Minimum level of facilities/equipment needed, and financial ability of the Agent. > Bank to provide the key equipment(s) to the agent to facilitate smooth operations and online transactions at the Agent business (e.g. Point of sale devices)
High
DRB DICT
> Bank/Contract to specify Minimum level of facilities/equipment needed, and financial ability of the Agent. > Bank to provide the key equipment(s) to the agent to facilitate smooth operations and online transactions at the Agent business (e.g. Point of sale devices)
High
DRB DICT
High
Bank to prescribe minimum preventive and detective controls at the Agent. In addition, Bank shall monitor the Agent operations using both offsite and onsite reviews of activities and controls effectiveness.
DRB
Medium
Contract to specify Minimum level of Equipment needed, and financial ability of the Agent. In addition, the Bank shall repair and/or replace DRB malfunctioning point of sale devices DICT with new ones.
A procedure prescribing the process of handling POS from and to the Bank should be developed - Also the DRB contract to specify the DICT responsibilities of both parties with regards to handling these devices. Agents shall not be given full access to the Bank's data/computer system. Agents shall only be given right to access their account(s) only, and this is to be done through special devices DICT provided by the Bank.
High
Bank to provide routine training to Agent staff/ Periodic review of Agent activities.
DRB
Reputation loss
of
license
and High
> With regard to account opening the Bank Shall provide the standard KYC templates to be used to collect key information when establishing new relationship. > Information process flow to be developed by the Bank on how the KYC forms/information shall reach the bank or same to be retained by DRB the agent provided that it is covered in the contract and the Agent can retain the documents for a period of at least five years as required by the Law. If this option is selected Bank must have a mechanism to update the collected information in its database.
High
Bank to develop a process on how the accounts will be opened at both i.e. in the Bank and at the Agent, how the cards will be linked to the accounts, how the cards and PINs will be handled and/or delivered to the agents and how the reconciliations if any will be performed and by who, when and how.
DRB DF
Reputation loss resulting from unavailability of services to the entire bank customers
High
Bank shall ensure that it has enough communication infrastructures to accommodate the forecasted growth in transactions (this should be in the form of communication lines i.e. bandwidth, servers, back up links etc).
DICT
Fraud/Theft High
DICT
DICT
High
DRB DCA
When
launch