Cash Handling & Cyber Security
Asset managers routinely engage in the transfer of large sums of money in their daily business activities and as such are attractive targets for a spectrum of cyber-frauds. The regularity of these transfers (either within a fund structure or to external vendors) can result in decreased awareness of the risks surrounding these transfers increasing the vulnerability to cyber-attacks.
Historically, controls asset managers have put in place for these transfers have focused on preventing internal fraud, but many of these controls do not provide adequate protection from cyber-attacks and external frauds.
This memo covers the following topics:
- An overview of the threat environment including the spectrum of incidents in asset management,
- Common types of cyber-fraud including fraudulent invoice requests, fraudulent payment requests, and change of payee details,
- Common cyber-fraud techniques including business email compromise and email spoofing or impersonation, and
- Controls to mitigate the risk including both technological and process controls