EFTA01356664.pdf

Toxic combination : A Toxic Combination is a conflict of system access permissions which could allow a user to perform unauthorized activities that should otherwise be prohibited, to avoid a maker/checker situation within a transactional input & approval workflow process. WM set up - The WM profiles are split into groups. 1 Input(Front Office), 2 approvals groups(TAG) and 3 processing (Banking & COB team). A systemic check will only allow a user to have 1 of the 3 profiles. The approval group can neither create nor amend payment messages. Only approval is possible. If a payment change is needed it can only be done by someone from the inputter group. It then needs to be sent to the approver group. GTB-FMS Metavante- Payments System DB Force- DB Force- Metavante- Accounting DBDI- DBDI- (Operations does Team Case Approver Static set up entries in Creator Approver not have access to Creator client account GTB Payment System) Front Office Yes TAG No Yes No No No No No Banking No No No Yes Yes hlo Profile 1 Banking No No No Yes No Yes No Profile 2 Client On No No Yes No Boarding To further elaborate the toxic combination with DBOI as these processes are directly linked: For internal use only CONFIDENTIAL - PURSUANT TO FED. R. GRIM. P. 6(e) DB-SDNY-0042637 CONFIDENTIAL SDNY_GM_00188821 EFTA01356664