January 2016

Lead consultant contact:+65 8138 7340

coo@temaswiss.com

Integrated Key Risk Controls, Reporting & AutomationSample(s) for this presentation:CB-XBO.01 Commercial Banking KYC, Fraud Mitigation & AML Monitoring (incl. Sanctions)

Who We Are

DigiScape provides bespoke multi-level risk management solutions arm for the financial services industry. TEMASWISS is, since August 2015,

the bespoke consulting and training arm of DigiScape.

Temaswiss’ consulting, training and analytics arms is at its core, a think-tank of veteran bankers, risk managers and financial crime risk specialists with a combined experience exceeding seventy years.

In its consulting value proposition, it focuses solely on expertise in Operational Risks, Regulatory Compliance, Sales Governance, AML & Transactions Monitoring and Conduct Risks for Commercial and Private Banking.

Unparalleled point-in-time insights from C-level Legal, Compliance and Operational Risk banking industry practitioners, MAS Singapore and other ASEAN & South Asian Regulators on: audit results, regulatory guidance, practical implementation challenges.

Each of our holistic engagements are led, throughout its life-cycle, by a senior consultant with detailed expertise and hands-on experience on banking processes, regulatory requirements, industry best practices and pragmatic solutions for specifically the risks to be mitigated and processes to be revamped.

Quality being foremost, we operate by engaging the regionally best-in-class expertise from a large pool of outreach specialist consultants and we have no more than 3 major engagements underway at any given time.

Focus is upon process advisory and mapping between the strategic initiatives and comprehensive integrated risk-mitigation programmes of banks and the service provision of solution providers.

As a sit-beside organization, we provide un-conflicted support to our financial services client to vet and to select controls automation, interface, data tool and technology provider that best fulfills the requirements.

Unique Insights - Cumulative Learning To Your Benefit

Root cause analysis of fraud incident was incomplete and detection scenarios were not adapted accordingly.

AML and Fraud detections scenarios are standardized and not satisfactorily tweaked in variation to relevant banking segments,products and geographic variations.

Excessive redundant data and alerts are being produced from the transactions monitoring systems due to inadequate fine-tuning of alerts generated.

Relationship bankers and/or middle-office and/or transactions monitoring staff are inadequately trained on the latest trends.

The regulatory reporting does not capture the data for XX products and/or XX transactions that do not follow the usual channels.

Due to the grandfathering of pre-existing customer KYC data, the detection scenarios for AML/ fraud are no longer effective.

Due to process inadequacies the alerts were not timely escalated to AML/ Regulatory Compliance.

Although Politically Exposed Persons were detected in the ownership structure, the accounts were not subjected to Enhanced Due-Diligence.

Range of Regulator’s Long-Form Audit & External Audit Issues Raised

Common Pitfalls (What Do We Help You Avoid)

Excessive “False-Hits” due to Inadequate Rules Engine

Customisation

The bank data realities do not

match tool capabilities

Literal ‘reading’ of Regulatory

expectations without Risk Mitigation

Focus

Cost & Effort exceeds budget and the Bank’s risk appetite

“Off-the-Shelf” solutions that are

NOT optimal

Inadequate 3P(Process, People,

Procedures) Parametrisation

Support

End-to-End Engagement and Beyond

Present-StateEvaluation & Concurrence on Risk Mitigations

Advisory & Consultation on:

Gaps, Risks, Best-practice controls,

Control functional alignment and

process placement

Enhancements:Immediate or Interim

Manual Controls, Implementation of

controls, operating manuals, Reporting,Training & MI.

Strategic Engagement:Controls SMARTS

assessment, automationSWOT analysis, stake-

holders engagement,project management

infrastructure, RFQ

Off-The-Shelf*:Research and

proposition of Best-suited

solution andprovider

White-Labelled*:Alignment of

additional requirements,

interface processdesign

Greenfield Development*:

Identification &Evaluation of Data

sources & inter-facing required,

Ops processes

End-to-End ProgrammeManagement:

- Data current-stateEvaluation.

- Tool development(only for greenfield)- Project resources

- Vendor management- Project Business Info

Security & Tech Info Security competencies

- Dashboards, MI & Stakeholders reporting

- operational process alignment

- UAT design andconduct

-assurance design

Fine Tuning:- Multi-months

Helpdesk services- UAT residual remediation

- Source-code and knowledge securing-Audit preparedness

Training:- Training material

- Primary Users - Assurance Users

- MI & Dashboardsdesign & production

-Lag avoidance measures

Maintenance:- System Patch Alerts

- Regulatory & Industry Best Practices Advisory

- Periodic Enhancements- Periodic Data quality

and effectiveness assurance reviews

End-to-end process audit by us, Controls function corroborative engagement or desktop review. Or combinations thereof.

Holistic reporting encompassing review of established controls and reliability of situational and contextual risk mitigants. Disclosure of fragmented, missing or ineffective controls, regulatory point-in-time expectations, peer audit results, industry best practices. Complete with advisory on proposed baseline controls.

Stakeholder engagement, proposal, buy-in and implementation of where either existing controls could be enhanced or immediate/ interim control placed at low effort and costs to materially mitigate risks or audit adverse results. Aligned to management risk appetite and acceptance.

ASSESSMENT LOW –HANGING FRUITS STRATEGY FORMULATION SUSTAINABLE DEVELOPMENTS

* Technology vendor proposal always at arms-length versus vendor.

! Express Compliance to

new entrant / new jurisdiction / enhanced regulations. e.g. MAS 626

CB-XBO.01 Commercial Banking KYC, Fraud Mitigation & AML Monitoring

Design Example

Other Key Risk Controls Integration & Automations Available Currently

CB-XBO.01 Commercial Banking KYC, Fraud Mitigation & AML Monitoring

PB-XBO.02 Cross-Border High Value Lending & Assets Securing (PB bespoke transactions)

CB-TGC.001 Commercial Banking Treasury Team Sales Governance (including MAS Compliance)

PB-ENC.002 Private Banking Ethics & Conduct Risk Controls (In-business & Neutral Assurance)

CB-ENC.001 Commercial Banking Ethics & Conduct Risks Controls (incl. Control Room Assurance and MSI Unit Communications Monitoring)

OP-INS.002 Operational Risk Incident Management, Escalation, Investigations, Reputational Risk Containment Measures

PB-KYC.001 Private Banking Client On-Boarding, Periodic Reviews, Trigger Events – Building CDD Team, Controls & Processes

PB-AML.004 Private Banking AML Transactions Monitoring – Rules Engine & Trigger Events Build

CB-KYC.001 Commercial Banking Client On-Boarding, On-Boarding, Periodic Reviews, Trigger Events – Building CDD Team, Controls & Processes

CB-AML.002 Commercial Banking AML Transactions Monitoring – Rules Engine & Trigger Events Build

PB-SGO.001 Private Banking Customer Suitability and Sales Governance Controls

CB-SGO.001 Commercial Banking Sales Governance Controls

CB-AML.003 Commercial Banking – Cross-Border Trade-Based AML Controls

PB/CB-SGO.005 Private or Commercial Banking – Banc assurance & Insurance-Wrapped Product Sales Controls

PB-SGO.006 Private Banking TCF & RM Balanced Scorecard Design & Controls

CB-SGO.006 Commercial Banking TCF & RM Balanced Scorecard Design & Controls

CB-GSC.001 Commercial Banking – Vendor Management, Outsourcing, Offshoring & Right-shoring Controls