Welcome » IT Booklets » Wholesale Payment Systems » Wholesale Payment Systems Risk Management » Operational (Transaction) Risk » Information Security
A financial institution's information security program should
include an effective risk assessment methodology that includes an
evaluation of risks relating to performing high-risk activities
such as funds transfer and other payment-related activities.
Management should use risk assessments based on a periodic
review of high-risk activities to develop effective standards for
adequate separation of duties, physical security, and logical
access controls based on the concept of "least possible privilege."
Refer to the IT Handbook's Information Security Booklet for
Management should establish logical access controls on the funds
transfer application that assign appropriate access levels to staff
members working in the wire room or funds transfer operation.
Inappropriate access levels provide the opportunity to create
and transmit unauthorized funds transfer messages. The risk
is greater without adequate separation of duties. Management
should ensure no employees have access to more than one assigned
user code unless the code is under dual control. Management
should configure message verification rights to ensure adequate
separation of duties between employees initiating and employees
verifying and sending funds transfer messages.