Cybercrime in Treasury - How Treasury Departments can · PDF fileGross margins slightly ahead...

Royston Da Costa Group Assistant Treasurer

Treasury Systems and Development

Cybercrime in Treasury -

How Treasury Departments

can prepare

Contents

2

My role and Group

Overview Introduction

Financial Losses

Reputation Losses

Staff Morale

Contents

3

Cyber Fraud

Examples

Preventative Actions

Cyber Fraud

Response Conclusion

Ferguson Policies,

Processes and

Controls

4 4

My role and experience

• Over 25 years experience in Treasury including managing Treasury Operations

• I previously worked at Sky, Gillette, and Vivendi Universal

• I joined Wolseley in April 2002 as Group Assistant Treasurer and was responsible for managing the varied daily debt and cash requirements of a large international group.

• I am currently responsible for developing the Group’s Treasury Systems strategy

• Team of 6 in Treasury

• I am also responsible for supporting the Group on a number of Treasury related ad-hoc projects.

About Wolseley

5

Wolseley is the world’s largest trade

distributor of plumbing and heating

products and a leading supplier of

building materials.

In 85% of our markets, we are

No 1 or No 2

8,337 708 1,987 1,863 405 £m Revenue

£m Revenue

£m Revenue

£m Revenue

£m Revenue

As at 31 July 2015 £13,300m

£857m

28.0% £3,728m

Group revenue (10.1%) Trading profit (+11.4%)

Gross margin Gross profit

USA UK Nordic region Central Europe

Canada

Revenue Trading profit

Year

USA Profile

Key Brands

Leading distributor of plumbing and heating products in North America

Strong business model with large scale distribution centre network and national branch and showroom network

Strong financial performance achieving a record trading margin of 8.2%

Market outperformance in the year with market share gains achieved

Strong customer service and employee engagement scores

Thirteen bolt-on acquisitions completed in the year

5-year Performance £m

Revenue by Business Unit % of ongoing 2015 revenue

Blended Branches 62%

Waterworks 16%

HVAC 7%

Industrial 8%

Other 2%

6 All figures are for the ongoing business for the year ended 31 July 2015

2011 2012 2013 2014 2015

5,500 6,168

6,757 7,045

8,337

314 389 490 542

683

B2C 5%

UK Profile

Key Brands

UK portfolio focused on strongest businesses capable of market leadership

Continued focus on broadening the product range

Strong growth in the Utilities business

Two bolt-on acquisition completed in the year


Plumbing and Heating 72%

Pipe and Climate Center 14%

Utilities (Burdens) 14%



Year

2011 2012 2013 2014 2015

1,651 1,667 1,769

1,853 1,987

88

93 95 96

90


Nordic Profile

The largest distributor of building materials in the Nordic region with number one market positions in Denmark and Sweden

Major business units maintained their market leading positions

One bolt-on acquisitions completed in the year

Key Brands


Stark Denmark (building materials) 36%

Beijer Sweden (building materials) 23%

Stark Finland (building materials) 25%

Silvan Denmark (DIY) 9%

Neumann Norway (building materials) 7%



Year

2011 2012 2013 2014 2015

1,983 1,981 1,864 1,892 1,863

112 93 89 80 72


Canada Profile

Key Brands

A wholesale distributor of plumbing, heating, industrial and ventilation equipment

National distribution centre in Ontario and branches located in all 10 provinces across Canada

Held market share in tough markets

Gross margins slightly ahead of last year


Blended Branches 76%

Waterworks 15%

Industrial 9%



Year

2011 2012 2013 2014 2015

811

850

814

736

708

39 49 48 43

34


2013

Central Europe Profile

Leading distributor of heating, plumbing and bathroom products in Switzerland

Strong performance in the Netherlands as markets improve

Tough market conditions

Tight cost control to protect profitability

Key Brands


Switzerland 60%

Netherlands 40%



Year 2011 2012 2014 2015

438 428 424 426

27

405

31 27 26

21


Group Treasury Scope

De-centralised model

Treasury Specialists

locally

Shared Service Centres –

commercial payments

Group Treasury provide

advisory role

11

Cash Pool

overlay

FX traded

centrally

Regulatory reporting

centralised

Some light relief first......

12

Introduction

Definition of Cyber Fraud

= “the use of the internet to get money, goods, etc. from people

illegally by deceiving them” (Cambridge Dictionaries online).

“CEO email scam is wake-up call for boards”

(FT headline March 16, 2016)

Improve awareness

Review processes

Communication

13

Financial Losses

Level of loss determined mainly by:

How alert the victim is

Amount of money or material the victim

is responsible for

Time taken until the fraud is detected

Other factors:

Investigation and resolution of the incident interrupting or worse

preventing normal business operations

Training staff on new procedures

Negative reaction by some customers and business partners

14

15

Financial Losses Chart

Courtesy of Basware (this slide can be found in their full presentation at http://www.basware.co.uk/knowledge-center/financial-supply-chain-

masterclass-4)

Reputation Losses

16

Staff Morale

No one wants to be a victim of Fraud!

Try and avoid a witch hunt

Impact on the Team

Victim’s Health

Check the process

17

Common Cyber Fraud Risks and Scams

Phishing

Vishing

Spoofing

Invoice scam (part 1)

Invoice scam (part 2)

Cheque overpayment scam

Malware

Ransomware

Reputation attacks

E-Commerce

Internal Fraud

18

Preventative action: Treasury policy, processes, and

controls

Treasury policy

• Clear internal Treasury policy

Treasury processes

• Formalised and communicated to all personnel

• Have a robust Joiners, Movers and Leavers process

• Segregation of roles to require two or more people to complete a transaction

• Know Your Employees

• Create a culture that makes it easy to report suspicions of fraud

Treasury Controls

• Regular review of your processes throughout the group

• Implement checks that ensure your controls are being complied with – internal

and external

19

Preventative action: Password security

Educate your staff on password security

You should not use the same password on different external sites

You should not use your internal password on external sites.

They should be familiar with the password policy

Remember to treat your password(s) like underwear i.e.

Change them often

Do not leave them where other people can see them

Do not lend them to others

20

Preventative action: Specialist advice, communication,

external banks

Specialist Advice

• Keep updated and subscribe

• Contact your local IT support team

• Refer to the Get Safe Online team

Communication

• Do not neglect communications and interactions with your banks and third

parties

• Scams generally rely on the lack of communication between parties e.g.

banks will never telephone you and request your user id and password

External Banks

• Check with all your banks that the processes they apply meet your Company’s

requirements e.g. France

21

Preventative action: IT Systems

• Ensure that you plan for the possibility of a Cyber Fraud incident

• Understand your Data Backup and Disaster Recovery plans in place

• Have a Business Continuity plan that documents how business as

usual will look like

22

Preventative action: Insurance Cost

• Safe guard shareholder value

• Identify how big a risk this is for your company

• Identify the top risks to your company and insure against them

• Some examples of the top risks are:

Loss, damage or distortion of own data

Forensic costs

Technical support to restore systems & data

• Be transparent with your Insurers

• Make sure the process between your insurer and their underwriter is fully understood

• Ensure you cover not only the consequences of a risk event, but also the causes

• Educate your colleagues on what’s covered in the insurance policy

• This is not just to protect financial risk but also to protect against reputational risk

• This is best practice for most companies today

• Have a crisis plan in place

• Ensure you are up to date with the latest regulation and legal Acts

23

Preventative action: Crisis Response Plan

• Have a crisis response plan

• Should include scenarios for different types of events

• Define who is responsible for each step of the plan

• An effective crisis response plan

• The Treasury team should have representation on a crisis team

24

Response to Cyber Fraud

• Notify the Company Crisis Team immediately

• Recognise that fraud is being perpetrated and intervene quickly

• Contact your local IT support team immediately

• Be alert

• Let the Crisis Team handle all communications to the public,

customers, employees, and business partners

25

Conclusion

• This is not a definitive guide to Cyber Fraud as (a) I am not an IT expert and (b) there are

IT experts that are much better qualified than I am on this subject

• Highlight the areas in Treasury that I am aware have been the target of various scams

• Increase awareness amongst treasury colleagues and peers

• Conduct a full review of your key treasury processes including payments

• Technology is the main vehicle for Cyber Fraud!

• Technology also plays a key role in combating Cyber Fraud!

• The weakest link and strongest asset is you!

• Contributors:

• Lloyds Bank (https://www.lloydsbank.com/business/security.asp),

• Get Safe Online (https://www.getsafeonline.org/), Action Fraud, Wolseley IT

26

Contact details

• Royston Da Costa, Group Assistant Treasurer

• Treasury Systems and Development

• Wolseley Group (Services) Limited

• Email : [email protected]

• Mobile: +44 (0) 7734 743256

27

Cybercrime in Treasury - How Treasury Departments can · PDF fileGross margins slightly ahead...

Documents

Transcript of Cybercrime in Treasury - How Treasury Departments can · PDF fileGross margins slightly ahead...