EFTA02710571.pdf

TRANSITION TO ONLINE BANKING GOAL: Implement structured internal control process over banking function that improves operational efficiencies. Online banking system provides framework for control environment where every banking transaction, regardless of type or level, is pre-defined and controlled by system administrators. Specific achievements to be gained: • Segregation of duties • Rigorous internal controls [fraud reduction) • Consistent error-proof process • Improved transaction processing and reporting I. Seoreoatlon of Duties Current: overlap between approval and payment functions Proposed: clear delineation of responsibilities of various personnel 1. Approval and payment process are two distinct functions that should be performed by separate persons. 2. Individuals responsible for approval have no (or limited) involvement with payment function. 3. Individuals making investment decisions are not involved in payment process. 4. Within online platform, restriction on permission for transaction creation and processing ensures that payment function cannot be performed by same individual. 5. With permissions implicit in banking platform, the payment/ fund release function is limited to certain individuals with different levels of approval, e.g. require two individuals to approve release large sums. 6. Levels match skillsets and job responsibilities; e.g. template creation and wire preparation are performed by bookkeeping (vs C-level person). II. Internal Controls Current: limited control environment in place fraud risk via e-mail communication to bank, eg spoofing or leaving computer on (unauthorized use of email account) authorizations/ approvals not enforced by banking personnel Proposed: controls at user, account, transaction levels 1. System access is highly customizable with restrictions/ permissions available at various levels - user, account, payee, and transaction type and dollar amount. 2. Users can be customized with transaction creation and authorization permissions at account and/ or entity level. 3. Access to online platform and user permissions are governed by dual system administrators. 4. All payment related processes require involvement of two persons, each of whom are pre- authorized for respective function. Specific transaction types or amounts can require additional persons; dual approvals for large dollar amounts. 5. No transaction can be initiated and completed with payment by a single person. 6. Payments can only be made to pre-approved vendors. The set-up of payees is governed by permissions granted by system administrators. 7. Transaction approval required before banking function can be initiated. EFTA_R1_02122759 EFTA02710571  8. Secure system payment platform — access to platform requires individual token password entry; code changes every 15 seconds. Robust platform protected by banking security protocols. 9. Account authorizations will be updated so that online approvals are consistent throughout bank documentation. 10. Authorizations are consistent across banking institutions. 11. Banking platform provides automated reporting to end users to provide control over transactions, change in permissions, new user set-up, new account set-up, etc. III. Consistent Process Current: payment process highly variable (i.e., e-mail, excel template) via multiple offices and various personnel Proposed: centralized transaction processing which adhere to strictly defined process 1. All pre-approved payments are directed to and processed by Accounting group 2. Creation of vendor templates which provide for consistent transaction processing 3. Transaction approval document is embedded into banking transaction template for verification purposes prior to payment/ release of funds 4. Transactions requiring special/additional approvals are pre-defined 5. Execution process and persons are consistent for all transactions across banking institutions and entities. IV. Reporting Current: limited access to real-time data on all accounts; report gathering is manual process Proposed: real-time access to all accounts rather than isolated subset; automated data integration with office accounting system automated user reporting directly from bank 1. Real-time access to funds receipt or payment. 2. Implement automatic notifications of transaction or account activity to specific users. 3. Ability to view all DDA accounts in a single location. 4. Banking activity can be exported directly to accounting system. 5. Reports, either standard or customized, can be set up for automatic distribution to specified recipients, e.g. trustee report with trust-only cash balances. EFTA_R1_02122760 EFTA02710572 Screenshots of various system controls: CashPro Online — Administration controls ran imnouatufs ..TICICL/V1T311/1r rvr 15CIIITIV up (at] VT 1,..,IZT1n-ry 47,51WITI112-529111r5SCITTU1 Administrators also manage user access by actryabng deactivating. deleting, resetting passworc Training Center users. Administration is designed to promote ennanced security and fraud prevention for your coi Training Webinars transactions Frequently Asked Questions New Admonertratoes Guide Hew Users Guide Riesources For AdtnInletrattOn training documentation review to following now to Videos • Administration User Manuat Activate Your Token • Administration Reporting Lisp( Manual Create en Inbound Wire Alert Install YOUR' Digital Certificate Log In to Caliber° Online If you desire training on this seintico. contact Client Education at 866 355 9388 o Manage Your Dashboard gcsclienteducation@bankcifamencacorrt. Navigate CashDro Online Reset Your Pitasoord =1511111 e Bank of ATT,IinCS eai Codes ▪ Creating Users Managing User Access Sank of Ammo& EITRS Coder • 8 Entitling Users to Reporting Services CashPro Requieweents Currency Codes by Country Ea Entitling Users to liquidity Services Data Reteebon ▪ Entitling Users to Payments Services Data Transmmsion Download Software e Entitling Users to Receipts Services File Formats Ea Entitling Users to Trade IRAN Yalfdator Payment Cutoff TimeS e Entitling Users to Notifications Security Features Worldmd• sank Calendar e Entitling Users to Service Center Contact Us 8 [flirting.; Users to Other Services 8 Copying Entitlements Eit Approving Requests e Generating Administrative Reports e Managing Tokens and Certificates e Using Cashpro Mobile with Administration El Managing Company Settings e Additional Resources EFTA_R1_02122761 EFTA02710573  CashPro Online — Global Payments USER controls Account level rBaTrkof America --;# 1;asliPro Online Merrill Lynch REPORTING PAYMENTS RECEIPTS NOTIFICATIONS SERVICECENTER ADMEN SUPPORT Utmost° (21Accounts end* unsigned) Filter by Category hfloobor :norn 21 Avail. H L>eyv A4counl Parmeat Lion ly 24 3141.4* Aitrt;riteaitaii, sar „ Categoom rM 1st LIT VS 0 6 ..,, a 41:Z3)!:(ai, 14 110 .24“1A. , 4 11f&."2!c\f"Of:124-• VeVe. 1.4faZfT4Z.C, 11 van„>. • S. ;:2c.94/42P16. decua. Lee or.n1 C•ons n:coot ICBK0181302‹ 1234S6, 894I234567129 O ELI.: leleit a+ a. gord CUE CcaTurY 12SeCO(.24 CON 1492.00 0 AKA/ Usef Dubois Cusxm Payment Categants(ielstt intent on): Urgent (\Wel Leo Vane (AC)) We're Trensie• AderereAratte Dere. arliailcil ANSfrO10)121-511.4 Lunn Freon:a Templets Peron NFreeform Template Per Gay Derwsc Gate 100 000 .104 WingWert 1% n El nsdar OSA Assigned ACNE Nemo Dienien 60FAIMIx t45tt55SI 11 • limit a users "create" amount by template or freeform • limit an approvers amount by template or freeform • set daily cumulative limits EFTA_R1_02122762 EFTA02710574  CashPro Online — Global Payments USER controls Access LtVCI ! Fut ' zits' : 0 Activties (15 Acrivain currently assignee) General CreateeApprove Paymar ts 8 'emplstes Restricted Template Acreage Create Diemen•s C reate/Pla ntain import Profiret Create FX Payments Maintain Renehemy ft Om:maim Table Import Premen•s Inrorn ng Payment Sammarytemil Peports Approve Datiments Outgoing Payment SainrnsryDeby Reports Approve FX Payments 7amplite FummaryiNitail Pepions Reject Paj moots Croatollaiotain Tomplotos Apprcvo Templar's Reject Tomplate • Control a users capabilities with the Payments application • restrict users to "creation only" or "approve only" • user can be restricted to creation by template, freeform or both EFTA_R1_02122763 EFTA02710575  CashPro Online — Global Payments approval requ Token requirement Bank of Anierkae Merrill Lynch CashPro` Online REPORTING PAYMENTS I RECEIPTS NOTIFICATIONS SERVICE CENTER IN SW want Payments Approvais Payment rxt rrort:AC Repot Template Marilee? Fie Itravt Activate Your SafePass® Token peeve outer Me ioraIN4mbar from .our token and deck next RI for to de exernekte to no rght Ind no Duel nurebor Your Senal Number- klutti-key SafePass Token Cancel • Global Payments requires a token response to release payments • a minimum of 1approval is required for all payments • token response can be for individual payments or a batch Card Serenest Token EFTA_R1_02122764 EFTA02710576