1

Contingency Plan, General Security and

Internal Control

Microenterprise Access to Banking Services Program

Accreditation and Implementation TrainingOn

Mobile Phone Banking Services

Objective

At the end of the presentation, participants will be able to

Identify the security features of mobile phone banking

Discuss the security & internal control requirements

Determine contingency, disaster recovery and business continuity plans

2

3RegistrationRegistrationRegistrationRegistration

Ç√Ç√

Ç√Ç√Options

Send G-CashBalanceLast TxnRegisterOthers

MPB ServiceEnrollment

Form

MPIN

4

5

GCash is BSP and AMLA compliant and it is recognized as an electronic payment platform under Monetary Board Resolution 116

Customer Verification procedures are in place for all

GCash accredited partner establishments All GCash accredited partner establishments are

required to report covered and suspicious transactions to Anti-Money Laundering (AML) council on a monthly basis

6

Globe/GXI also tracks and reports any covered or suspicious transactions to the AML council

The GCash wallet is automatically limited to 40,000

pesos per and monthly transactions are automatically limited to 40,000 and 100,000 respectively. These limits are within the ranges set for ATMs transactions

All GCash Cash-in/Cash-out transactions require a

valid ID to be presented

7

1) Client information are verified.

2) The custodian of the mobile phone must be an officer of the bank (Cashier/Manager/Designated Officer of the Bank)

3) M-PIN (Mobile Personal ID No.) and security code of the mobile phone must be secured and should not be known to anyone other than the designated custodian of the mobile phone.

4) It is required that GCash Menu-Driven Interface must be used.

5) All mobile banking transactions (incoming/outgoing) must be checked and approved by officers of the bank

8

6) Withdrawal (Text-A-Withdrawal) must be drawn against Cleared/Withdrawable Balance

7) Phone-to-Phone (P2P) Fund Transfer transactions must be supported by receipts and recordings in the Logsheet and GCash Journals

8) The bank’s mobile phone must be used only for purely GCash/MPBS related activities.

9) Mobile Phone is kept at the Vault at the end of the day.

10) Branch’s Mobile Phone Phonebook/SIM must contain Head Office’s mobile phone number

9

11) Internal documentary and procedural requirements are followed to ensure appropriate Dual Control for all transactions in terms of Making and Approving authorities

12) Bank In-charge must explain to the client the terms and conditions of the mobile phone banking service during client’s enrollment including security and risk involved

13) Follow enrollment procedure and requirements if enrollment is required for a particular mobile phone banking service

14) Any internal/security control violations should not be tolerated and must be reported immediately for proper action (Please see information security policy manual).

10

1) Complete KYC (Know-your-customer) procedure must be followed in all clients availing of mobile phone banking services- Valid ID is required upon opening an account and/or enrolling to the service- Background/Credit checking is performed when necessary- References must be asked and checked when necessary

2) Clients must be oriented/briefed in each mobile phone banking service he/she is availing including security and risk involved.

3) Ensure that client understands the terms and conditions of the service and client must agree and sign to the service enrollment form if enrollment is required.

11

12

Client’s Perspective

Bank’s Perspective

Continuity of the business

Disaster Recovery

13

Benefits Challenges

- Cost effective- Efficient - Can increase fee- - based income.

Potential risks on- banking information- customer relationship, - bank operations

Need: CONTINGENCY PLAN

Problem Action/ Response

No Confirmation message on MPB transaction

1. The Client should inquire the last performed GCASH transaction

2. Take note of the Date and Time from the last transaction inquiry

3. If found to be completed, Client should report the incident to the account officer (AO) or call the bank in-charge to check whether the bank has received a confirmation message of a particular GCASH transaction.

2882You have sent 1,500 of GCASH and sent message to ABC Rural Bank, Inc. on 03/14/10 09:21AM. Your new balance is 992.00. Ref. no. 123412.

14

15

Problem Action/ Response

No Confirmation message on MPB transaction

4. If the bank receives the confirmation message, the client should take note of the trace number/reference from the bank

5. If the bank did not receive the confirmation message,• The client should call 2882 from his/her mobile

phone (-free 1800-8-2882882) and inquire where the payment was made.

• Please provide CSR with date, time and amount. If found to be completed, Client should report the incident to the account officer (AO) or call the bank in-charge to check whether the bank has received a confirmation message

16

Problem Action/ Response

No signal on the client’s location.

1. The client should notify the bank.

2. The Client must follow the manual payment method by visiting the bank-branch or ask for a collector to collect for loan payment

3. The Client must follow over-the-counter procedures for deposit and withdrawal account related transactions

Problem Action/ Response

•Discrepancies on GCASH balance

Refer to Globe when discrepancies were noted: •The client can use any globe or

TM phone to call 2882 for customer service

•Metro Manila landline: (02) 739-2882

•Toll-free from any globe landline: 1800-8-2882882

17

18

Problem Action/ ResponseClient’s mobile phone was stolen.

•Call GCASH Hotline to suspend service (this will prevent other from accessing and using the client’s GCash account):

• The client can use any Globe or TM mobile phone to call 2882

• Metro Manila landline 739-2882 • Toll-free from any globe line: 1800-8-

2882882

•Register new sim to GCASH

•The client must call customer service again for the transfer of Gcash balance to the new SIM

19

Problem Action/ ResponseBalance on the Globe GCash Daily Transaction Report does not match with the Bank’s Daily Transaction Reports.

Verify the discrepancies and identify which clients were affected.

Determine whether the discrepancy was in-house or with Globe.

Report to Globe (through customer service) if the discrepancy was on the side of Globe otherwise, initiate adjustments to the Bank’s internal ledgers and records to rectify the discrepancies.

20

Problem Action/ ResponseThe HO/Branch did not receive the confirmation message for GCash Fund Transfer from branch/HO

1)The branch should perform the Last Transaction Inquiry to verify if the transaction has been successfully completed:

•Go to Globe Services (Globe Svcs+)•Go to >G-Cash> Last Txn

2) If the transaction is completed, call GCASH Hotline:

Bank to call 2882Metro Manila landline 739-2882 Toll-free from any globe line: 1800-8-2882882

Please provide CSR with date, time and amount.

3) Accomplish Incident Report

21

Problem Action/ ResponseNo signal at bank’s location

Call Globe Customer Service (211) to report the problem and inquire as to when the signal shall be restored.

Bank shall take note the date and time of the downtime for easy reconciliation with transactions received during period of no signal.

The bank should refer to the transaction report from Globe on the following day to reconcile with transactions received not recorded by the bank.

22

Problem Action/ ResponseThe bank’s authorized mobile phone for G-Cash is defective

Provide a temporary service unit

Keep the security protocol intact (Officers to keep MPIN secrecy)

For defective SIM, the bank should immediately notify Globe and request for a new SIM.

23

Problem Action/ Response

Bank’s mobile phone for GCash was stolen

Call GCASH hotline to suspend service (this will prevent other from accessing and using the bank’s GCash account):

Use any Globe or TM phone to call 2882Metro Manila landline: (02) 739-2882 Toll-free from any globe line: 1800-8-2882882

The bank must send a written request to GXI (signed by the authorized bank officers) stating the following:

Description of the incidentRequest for a Replacement of New SIMRequest for a transfer of G-Cash Balance to the

new SIM

24

NO Globe signal, NO GCASH transaction

Bank will follow manual collection mode and over-the-counter transactions until the Telecom’s network connection problem is resolved.

25

BSP requires each bank to have a General Business Continuity Plan to contain most of the disaster and recovery procedures. These procedures include, among others, having on-site and off-site backup, saving priority files and records, etc. Concerning electronic transaction records, in the event of disaster or even minor data loss, the telecom companies have electronic copies of the transactions that authorized bank officers (listed in the secretary’s certificate submitted to GXI) can request copies of.

26